This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:microsoft:forefront_client_security:1.0 |
| Detail | |||
|---|---|---|---|
| Vendor | Microsoft | First view | 2008-09-10 |
| Product | Forefront Client Security | Last view | 2009-10-14 |
| Version | 1.0 | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:microsoft:forefront_client_security | ||
Activity : Overall
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 9.3 | 2009-10-14 | CVE-2009-3126 | Network | Medium | None Requ... | |
| 9.3 | 2009-10-14 | CVE-2009-2528 | Network | Medium | None Requ... | |
| 9.3 | 2009-10-14 | CVE-2009-2518 | Network | Medium | None Requ... | |
| 9.3 | 2009-10-14 | CVE-2009-2504 | Network | Medium | None Requ... | |
| 9.3 | 2009-10-14 | CVE-2009-2503 | Network | Medium | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 9.3 | 2009-10-14 | CVE-2009-2502 | Network | Medium | None Requ... | |
| 9.3 | 2009-10-14 | CVE-2009-2501 | Network | Medium | None Requ... | |
| 9.3 | 2009-10-14 | CVE-2009-2500 | Network | Medium | None Requ... | |
| 9.3 | 2008-09-10 | CVE-2008-3015 | Network | Medium | None Requ... | |
| 9.3 | 2008-09-10 | CVE-2008-3014 | Network | Medium | None Requ... | |
| 9.3 | 2008-09-10 | CVE-2008-3013 | Network | Medium | None Requ... | |
| 9.3 | 2008-09-10 | CVE-2008-3012 | Network | Medium | None Requ... | |
| 9.3 | 2008-09-10 | CVE-2007-5348 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 46% (6) | CWE-189 | Numeric Errors |
| 30% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 15% (2) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 7% (1) | CWE-399 | Resource Management Errors |
Oval Markup Language : Definitions
| OvalID | Name |
|---|---|
| oval:org.mitre.oval:def:6055 | GDI+ VML Buffer Overrun Vulnerability |
| oval:org.mitre.oval:def:6040 | GDI+ EMF Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:5986 | GDI+ GIF Parsing Vulnerability |
| oval:org.mitre.oval:def:6004 | GDI+ WMF Buffer Overrun Vulnerability |
| oval:org.mitre.oval:def:5881 | GDI+ BMP Integer Overflow Vulnerability |
| id | Name |
|---|---|
| oval:org.mitre.oval:def:5967 | GDI+ WMF Integer Overflow Vulnerability |
| oval:org.mitre.oval:def:5800 | GDI+ PNG Heap Overflow Vulnerability |
| oval:org.mitre.oval:def:5898 | GDI+ TIFF Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:6491 | GDI+ TIFF Buffer Overflow Vulnerability |
| oval:org.mitre.oval:def:6282 | GDI+ .NET API Vulnerability |
| oval:org.mitre.oval:def:6430 | Office BMP Integer Overflow Vulnerability |
| oval:org.mitre.oval:def:6426 | Memory Corruption Vulnerability |
| oval:org.mitre.oval:def:6134 | GDI+ PNG Integer Overflow Vulnerability |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 58870 | Microsoft Office BMP Image Color Processing Overflow |
| 58869 | Microsoft Office Malformed Object Handling Memory Corruption Arbitrary Code E... |
| 58868 | Microsoft Multiple Products GDI+ PNG Image Handling Integer Overflow |
| 58867 | Microsoft Multiple Products GDI+ .NET API Code Execution Privilege Escalation |
| 58866 | Microsoft Multiple Products GDI+ TIFF Image Handling Memory Corruption Arbitr... |
| id | Description |
|---|---|
| 58865 | Microsoft Multiple Products GDI+ TIFF Image Handling Overflow |
| 58864 | Microsoft Multiple Products GDI+ PNG Image Handling Heap Overflow |
| 58863 | Microsoft Multiple Products GDI+ WMF Image Handling Overflow |
| 47969 | Microsoft Multiple Products GDI+ BMP Integer Calculation Overflow |
| 47968 | Microsoft Multiple Products GDI+ WMF Image Handling Overflow |
| 47967 | Microsoft Multiple Products GDI+ GIF Image Handling Arbitrary Code Execution |
| 47966 | Microsoft Multiple Products GDI+ EMF File Handling Memory Corruption |
| 47965 | Microsoft Multiple Products GDI+ VML Gradient Size Handling Overflow |
Milw0rm Exploits
| id | Description |
|---|---|
| 2008-10-09 | MS Windows GDI+ Proof of Concept (MS08-052) #2 |
| 2008-09-28 | MS Internet Explorer GDI+ Proof of Concept (MS08-052) |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-01-18 | Name : Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593) File : nvt/gb_ms08-052.nasl |
| 2009-10-21 | Name : Microsoft Products GDI Plus Code Execution Vulnerabilities (957488) File : nvt/secpod_ms09-062.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2009-A-0099 | Multiple Vulnerabilities in Microsoft GDI+ Severity : Category I - VMSKEY : V0021759 |
| 2008-T-0053 | WinZip gdiplus.dll Microsoft Module Unspecified Security Vulnerability Severity : Category II - VMSKEY : V0017532 |
Snort® IPS/IDS
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 6700 - Type : FILE-IMAGE - Revision : 19 |
| 2014-01-10 | Microsoft Windows Bitmap width integer overflow multipacket attempt RuleID : 3634 - Type : WEB-CLIENT - Revision : 9 |
| 2014-01-10 | Microsoft Windows Bitmap width integer overflow attempt RuleID : 3632 - Type : FILE-IMAGE - Revision : 19 |
| 2014-03-27 | Microsoft Multiple Products potentially malicious PNG detected - large or inv... RuleID : 29945 - Type : EXPLOIT - Revision : 2 |
| 2014-03-27 | Microsoft Multiple Products potentially malicious PNG detected - large or inv... RuleID : 29944 - Type : EXPLOIT - Revision : 2 |
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Multiple Products malformed PNG detected tEXt overflow attempt RuleID : 26865 - Type : FILE-IMAGE - Revision : 3 |
| 2014-01-10 | Microsoft GDI EMF malformed file buffer overflow attempt RuleID : 25502 - Type : FILE-MULTIMEDIA - Revision : 3 |
| 2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 23590 - Type : FILE-IMAGE - Revision : 4 |
| 2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 23589 - Type : FILE-IMAGE - Revision : 5 |
| 2014-01-10 | Microsoft Office Excel GDI+ Office Art Property Table remote code execution a... RuleID : 23541 - Type : FILE-OFFICE - Revision : 3 |
| 2014-01-10 | Microsoft Office Word GDI+ Office Art Property Table remote code execution at... RuleID : 23540 - Type : FILE-OFFICE - Revision : 3 |
| 2014-01-10 | Microsoft Office BMP header biClrUsed integer overflow attempt RuleID : 23525 - Type : FILE-OFFICE - Revision : 3 |
| 2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 21160 - Type : FILE-IMAGE - Revision : 6 |
| 2014-01-10 | Microsoft Office BMP header biClrUsed integer overflow attempt RuleID : 16361 - Type : FILE-OFFICE - Revision : 9 |
| 2014-01-10 | Microsoft Windows GDI+ TIFF RLE compressed data buffer overflow attempt RuleID : 16327 - Type : OS-WINDOWS - Revision : 7 |
| 2014-01-10 | Microsoft Windows GDI+ interlaced PNG file parsing heap overflow attempt RuleID : 16186 - Type : FILE-IMAGE - Revision : 11 |
| 2014-01-10 | Microsoft Windows GDI+ compressed TIFF file parsing remote code execution att... RuleID : 16185 - Type : OS-WINDOWS - Revision : 7 |
| 2014-01-10 | Microsoft Windows GDI+ TIFF file parsing heap overflow attempt RuleID : 16184 - Type : FILE-IMAGE - Revision : 13 |
| 2014-01-10 | Microsoft Office Excel GDI+ Office Art Property Table remote code execution a... RuleID : 16178 - Type : FILE-OFFICE - Revision : 11 |
| 2014-01-10 | Microsoft Office Word GDI+ Office Art Property Table remote code execution at... RuleID : 16177 - Type : FILE-OFFICE - Revision : 11 |
| 2014-01-10 | GDI+ .NET image property parsing memory corruption RuleID : 16154 - Type : WEB-CLIENT - Revision : 6 |
| 2014-01-10 | Microsoft Windows malformed WMF meta escape record memory corruption RuleID : 16153 - Type : FILE-IMAGE - Revision : 11 |
| 2014-01-10 | Microsoft RSClientPrint ActiveX clsid unicode access RuleID : 14636 - Type : WEB-ACTIVEX - Revision : 7 |
| 2014-01-10 | Microsoft RSClientPrint ActiveX clsid access RuleID : 14635 - Type : BROWSER-PLUGINS - Revision : 12 |
| 2014-01-10 | Microsoft Windows GDI VML gradient size heap overflow attempt RuleID : 14261 - Type : OS-WINDOWS - Revision : 13 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-03-10 | Name : Arbitrary code can be executed on the remote host through the Microsoft GDI r... File : smb_kb957488.nasl - Type : ACT_GATHER_INFO |
| 2009-10-15 | Name : Arbitrary code can be executed on the remote host through the Microsoft GDI r... File : smb_nt_ms09-062.nasl - Type : ACT_GATHER_INFO |
| 2008-09-10 | Name : Arbitrary code can be executed on the remote host through the Microsoft GDI r... File : smb_nt_ms08-052.nasl - Type : ACT_GATHER_INFO |
