CVE-2012-0009
published 2012-01-10CVE-2012-0009: Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
20.56%
97.2th percentile
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-27p8-g8h7-jj37: Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local
ghsa_unreviewed·2022-05-04
CVE-2012-0009 [HIGH] GHSA-27p8-g8h7-jj37: Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local
Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
VMware
VMware Workstation, Player, ESXi and ESX patches address critical security issues
vendor_vmware·2012-05-03·CVSS 9.9
CVE-2012-1516 [CRITICAL] VMware Workstation, Player, ESXi and ESX patches address critical security issues
VMSA-2012-0009: VMware Workstation, Player, ESXi and ESX patches address critical security issues
a. VMware host memory overwrite vulnerability (data pointers) Due to a flaw in the handler function for RPC commands, it is possible to manipulate data pointers within the VMX process. This vulnerability may allow a guest user to crash the VMX process or potentially execute code on the host.
CVEs: CVE-2012-1516, CVE-2012-1517, CVE-2012-2448, CVE-2012-2449, CVE-2012-2450
Affected products: ESXi, VMware Fusion, VMware Tools, VMware Workstation
No detection rules found.
http://secunia.com/advisories/45189http://www.securityfocus.com/bid/51297http://www.securitytracker.com/id?1026494http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-002https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14393http://secunia.com/advisories/45189http://www.securityfocus.com/bid/51297http://www.securitytracker.com/id?1026494http://www.us-cert.gov/cas/techalerts/TA12-010A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-002https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14393
2012-01-10
Published