====================================================================

                                CERT-Renater

                      Note d'Information No. 2012/VULN121
____________________________________________________________________

DATE                : 14/03/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Windows running
                       Microsoft Expression Design version 1, 2, 3, 4.

======================================================================
KB2651018
http://technet.microsoft.com/en-us/security/bulletin/ms12-022
_______________________________________________________________________

Microsoft Security Bulletin MS12-022 - Important Vulnerability in
Expression Design Could Allow Remote Code Execution (2651018)

   Published: Tuesday, March 13, 2012

   Version: 1.0

General Information

Executive Summary

   This security update resolves one privately reported vulnerability in
   Microsoft Expression Design. The vulnerability could allow remote code
   execution if a user opens a legitimate file (such as an .xpr or .DESIGN
   file) that is located in the same network directory as a specially
   crafted dynamic link library (DLL) file. Then, while opening the
   legitimate file, Microsoft Expression Design could attempt to load the
   DLL file and execute any code it contained. For an attack to be
   successful, a user must visit an untrusted remote file system location
   or WebDAV share and open a legitimate file (such as an .xpr or .DESIGN
   file) from this location that is then loaded by a vulnerable
   application.

   This security update is rated Important for all supported releases of
   Microsoft Expression Design. For more information, see the subsection,
   Affected, in this section.

Affected Software
   Microsoft Expression Design
   Microsoft Expression Design Service Pack 1
   Microsoft Expression Design 2
   Microsoft Expression Design 3
   Microsoft Expression Design 4

Vulnerability Information

Expression Design Insecure Library Loading Vulnerability - CVE-2012-0016

   A remote code execution vulnerability exists in the way that Microsoft
   Expression Design handles the loading of DLL files. An attacker who
   successfully exploited this vulnerability could take complete control
   of an affected system. An attacker could then install programs; view,
   change, or delete data; or create new accounts with full user rights.
   Users whose accounts are configured to have fewer user rights on the
   system could be less impacted than users who operate with
   administrative user rights.



======================================================================

=========================================================
Les serveurs de référence du CERT-Renater
http://www.cru.fr/securite
http://www.renater.fr
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================