Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
BID:53349
Info
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
| Bugtraq ID: | 53349 |
| Class: | Unknown |
| CVE: |
CVE-2012-0179 |
| Remote: | No |
| Local: | Yes |
| Published: | May 08 2012 12:00AM |
| Updated: | May 28 2012 07:40PM |
| Credit: | Anatoliy Glagolev of Genesys Telecommunications |
| Vulnerable: |
Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 0 Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium 0 Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems 0 Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems 0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard |
| Not Vulnerable: | |
Discussion
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the TCP/IP stack component ('tcpip.sys').
An attacker can exploit this issue to gain elevated privileges by executing arbitrary code in the context of another process. Failed exploit attempts may cause a denial-of-service condition.
Microsoft Windows is prone to a local privilege-escalation vulnerability that affects the TCP/IP stack component ('tcpip.sys').
An attacker can exploit this issue to gain elevated privileges by executing arbitrary code in the context of another process. Failed exploit attempts may cause a denial-of-service condition.
Exploit / POC
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
Solution:
The vendor released an advisory and updates. Please see the references for details.
Microsoft Windows 7 for x64-based Systems 0
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 7 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Solution:
The vendor released an advisory and updates. Please see the references for details.
Microsoft Windows 7 for x64-based Systems 0
-
Microsoft Security Update for Windows 7 for x64-based Systems (KB2688338)
http://www.microsoft.com/downloads/details.aspx?familyid=e89fb3f1-44cb -4fc0-bbc2-8e94d6933322
Microsoft Windows 7 for 32-bit Systems SP1
-
Microsoft Security Update for Windows 7 (KB2688338)
http://www.microsoft.com/downloads/details.aspx?familyid=46b8749e-3d8f -472f-a1ea-419f44c6bc00
Microsoft Windows 7 for 32-bit Systems 0
-
Microsoft Security Update for Windows 7 (KB2688338)
http://www.microsoft.com/downloads/details.aspx?familyid=46b8749e-3d8f -472f-a1ea-419f44c6bc00
Microsoft Windows 7 for x64-based Systems SP1
-
Microsoft Security Update for Windows 7 for x64-based Systems (KB2688338)
http://www.microsoft.com/downloads/details.aspx?familyid=e89fb3f1-44cb -4fc0-bbc2-8e94d6933322
References
Microsoft Windows TCP/IP CVE-2012-0179 Local Privilege Escalation Vulnerability
References:
References:
- Microsoft Homepage (Microsoft)
- Microsoft Security Bulletin MS12-032 (Microsoft)
- MS12-032 Vulnerability in TCP/IP Could Allow Elevation of Privilege (2688338) (Avaya)