Executive Summary
Summary | |
---|---|
Title | Vulnerabilities in Microsoft Exchange Server WebReady Document Viewing Could Allow Remote Code Execution (2740358) |
Informations | |||
---|---|---|---|
Name | MS12-058 | First vendor Publication | 2012-08-14 |
Vendor | Microsoft | Last vendor Modification | 2012-11-20 |
Severity (Vendor) | Critical | Revision | 2.2 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V2.2 (November 20, 2012): Corrected the update package names, registry verification keys, and log file names for the KB2756497 and KB2756496 updates where incorrect in this bulletin. These are informational changes only. The download pages and associated Knowledge Base articles already contained the correct information. |
Original Source
Url : http://technet.microsoft.com/en-us/security/bulletin/ms12-058 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14834 | |||
Oval ID: | oval:org.mitre.oval:def:14834 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3109 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14882 | |||
Oval ID: | oval:org.mitre.oval:def:14882 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - V | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1770 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15275 | |||
Oval ID: | oval:org.mitre.oval:def:15275 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - III | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1768 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15323 | |||
Oval ID: | oval:org.mitre.oval:def:15323 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1772 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15568 | |||
Oval ID: | oval:org.mitre.oval:def:15568 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VIII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1773 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15608 | |||
Oval ID: | oval:org.mitre.oval:def:15608 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - IX | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3106 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15648 | |||
Oval ID: | oval:org.mitre.oval:def:15648 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - X | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3107 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15668 | |||
Oval ID: | oval:org.mitre.oval:def:15668 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - VI | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1771 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15721 | |||
Oval ID: | oval:org.mitre.oval:def:15721 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - IV | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1769 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15724 | |||
Oval ID: | oval:org.mitre.oval:def:15724 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - I | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1766 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15747 | |||
Oval ID: | oval:org.mitre.oval:def:15747 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XIII | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3110 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15804 | |||
Oval ID: | oval:org.mitre.oval:def:15804 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - XI | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3108 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15812 | |||
Oval ID: | oval:org.mitre.oval:def:15812 | ||
Title: | Oracle Outside In contains multiple exploitable vulnerabilities - II | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1767 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 4 |
OpenVAS Exploits
Date | Description |
---|---|
2012-10-10 | Name : Microsoft FAST Search Server 2010 for SharePoint RCE Vulnerabilities (2742321) File : nvt/secpod_ms12-067.nasl |
2012-08-15 | Name : MS Exchange Server WebReady Document Viewing Remote Code Execution Vulnerabil... File : nvt/secpod_ms12-058.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-15 | Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt RuleID : 43560 - Revision : 1 - Type : FILE-OTHER |
2014-01-10 | Oracle Outside-In JPEG2000 QCD segment processing heap buffer overflow attempt RuleID : 23806 - Revision : 10 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-10-10 | Name : The remote Windows host is affected by multiple code execution vulnerabilities. File : smb_nt_ms12-067.nasl - Type : ACT_GATHER_INFO |
2012-10-09 | Name : An archiving application installed on the remote host has multiple vulnerabil... File : symantec_enterprise_vault_sym12-015.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Windows host has an application that is affected by a buffer overf... File : groupwise_ia_803_hp1.nasl - Type : ACT_GATHER_INFO |
2012-08-15 | Name : The remote mail server has multiple code execution vulnerabilities. File : smb_nt_ms12-058.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:47:25 |
|
2013-07-09 13:22:09 |
|
2012-12-28 13:19:25 |
|
2012-11-21 00:20:30 |
|
2012-11-21 00:17:04 |
|