Windows Object Packager Insecure Execution

Added: 01/24/2012
CVE: CVE-2012-0009
BID: 51297
OSVDB: 78212


Windows Object Packager is a tool that can be used to create a package that can be inserted into a file.


A vulnerability exists in the way the Windows Object Packager registers and implements packages stored on network shares, WebDAV locations, and UNCs. An attacker may exploit this by uploading both a seemingly innocent document that references a malicious object and the malicious object to a file share and tricking a user into opening the document.


Apply the patch provided by Microsoft Security Bulletin MS12-002.



This exploit has been tested against Microsoft Office Publisher 2007 SP3 on Windows XP SP3 English (DEP OptIn)

An SMB share which is readable by the target computer, and a user name and password with write access to that share, must be specified. The program smbclient must be available on the SAINT host.

Exploit requires creation of a custom e-mail message specifying an exploit download path '\\smb_server\smb_share\'.



Back to exploit index