Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA11-347A First vendor Publication 2011-12-13
Vendor US-CERT Last vendor Modification 2011-12-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

There are multiple vulnerabilities in Microsoft Windows, Office, and Internet Explorer. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for December 2011 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities. Additional details for MS11-091 can be found in US-CERT vulnerability note VU#361441.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for December 2011. That bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA11-347A.html

CWE : Common Weakness Enumeration

% Id Name
39 % CWE-94 Failure to Control Generation of Code ('Code Injection')
28 % CWE-264 Permissions, Privileges, and Access Controls
11 % CWE-399 Resource Management Errors
6 % CWE-426 Untrusted Search Path
6 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
6 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
6 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13884
 
Oval ID: oval:org.mitre.oval:def:13884
Title: Internet Explorer Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2019
 Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13998
 
Oval ID: oval:org.mitre.oval:def:13998
Title: Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege
Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3402
 Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14037
 
Oval ID: oval:org.mitre.oval:def:14037
Title: Active Directory Buffer Overflow Vulnerability
Description: Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3406
 Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14281
 
Oval ID: oval:org.mitre.oval:def:14281
Title: Windows Media Player DVR-MS Memory Corruption Vulnerability
Description: ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3401
 Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14346
 
Oval ID: oval:org.mitre.oval:def:14346
Title: Publisher Invalid Pointer Vulnerability
Description: Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3411
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Office Publisher 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14363
 
Oval ID: oval:org.mitre.oval:def:14363
Title: ASP.Net Forms Authentication Bypass Vulnerability
Description: The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3416
 Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14558
 
Oval ID: oval:org.mitre.oval:def:14558
Title: TrueType Font Parsing Vulnerability
Description: Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1983
 Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft Office 2007
Microsoft Office 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14581
 
Oval ID: oval:org.mitre.oval:def:14581
Title: OfficeArt Shape RCE Vulnerability
Description: Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3413
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Office PowerPoint 2007
Microsoft Office Compatibility Pack
Microsoft Office PowerPoint Viewer 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14588
 
Oval ID: oval:org.mitre.oval:def:14588
Title: Collisions in HashTable May Cause DoS Vulnerability
Description: The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3414
 Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14598
 
Oval ID: oval:org.mitre.oval:def:14598
Title: CSRSS Local Privilege Elevation Vulnerability
Description: Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3408
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14625
 
Oval ID: oval:org.mitre.oval:def:14625
Title: ASP.NET Forms Authentication Ticket Caching Vulnerability
Description: The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3417
 Version: 11
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14635
 
Oval ID: oval:org.mitre.oval:def:14635
Title: Windows Kernel Exception Handler Vulnerability
Description: The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-2018
 Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14665
 
Oval ID: oval:org.mitre.oval:def:14665
Title: PowerPoint Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3396
 Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Office PowerPoint 2007
Microsoft Office PowerPoint 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14668
 
Oval ID: oval:org.mitre.oval:def:14668
Title: OLE Property Vulnerability
Description: Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3400
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14702
 
Oval ID: oval:org.mitre.oval:def:14702
Title: Record Memory Corruption Vulnerability
Description: Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3403
 Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
 Product(s): Microsoft Excel 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14735
 
Oval ID: oval:org.mitre.oval:def:14735
Title: Microsoft Time Remote Code Execution Vulnerability
Description: The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3397
 Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14745
 
Oval ID: oval:org.mitre.oval:def:14745
Title: XSS Filter Information Disclosure Vulnerability
Description: The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-1992
 Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14750
 
Oval ID: oval:org.mitre.oval:def:14750
Title: Publisher Out-of-bounds Array Index Vulnerablility
Description: Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3410
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Office Publisher 2003
Microsoft Office Publisher 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14808
 
Oval ID: oval:org.mitre.oval:def:14808
Title: Publisher Memory Corruption Vulnerability
Description: Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3412
 Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
 Product(s): Microsoft Office Publisher 2003
Microsoft Office Publisher 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15290
 
Oval ID: oval:org.mitre.oval:def:15290
Title: TrueType Font Parsing Vulnerability (CVE-2011-3402)
Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3402
 Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
 Product(s): Microsoft Lync 2010
Microsoft Lync 2010 Attendee
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15645
 
Oval ID: oval:org.mitre.oval:def:15645
Title: TrueType Font Parsing Vulnerability (CVE-2011-3402)
Description: Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-3402
 Version: 30
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 8
Microsoft Windows Server 2012
Microsoft Windows 8.1
Microsoft Windows Server 2012 R2
 Product(s): Microsoft Silverlight 4
Microsoft Silverlight 5
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2010
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 2
Application 9
Application 1
Application 2
Application 2
Application 2
Application 3
Application 1
Application 3
Os 3
Os 1
Os 10
Os 2
Os 6

SAINT Exploits

Description Link
Microsoft OLE Object File Handling vulnerability More info here

ExploitDB Exploits

id Description
2012-06-06 Microsoft Windows OLE Object File Handling Remote Code Execution

OpenVAS Exploits

Date Description
2012-06-13 Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956)
File : nvt/secpod_ms12-039.nasl
2012-05-14 Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
File : nvt/secpod_ms12-034_macosx.nasl
2012-05-09 Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268...
File : nvt/secpod_ms12-034.nasl
2011-12-30 Name : Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)
File : nvt/secpod_ms11-100.nasl
2011-12-14 Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)
File : nvt/secpod_ms11-087.nasl
2011-12-14 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2618444)
File : nvt/secpod_ms11-099.nasl
2011-12-14 Name : Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2...
File : nvt/secpod_ms11-097.nasl
2011-12-14 Name : Microsoft Office Excel Remote Code Execution Vulnerability (2640241)
File : nvt/secpod_ms11-096.nasl
2011-12-14 Name : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2639142)
File : nvt/secpod_ms11-094.nasl
2011-12-14 Name : Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)
File : nvt/secpod_ms11-093.nasl
2011-12-14 Name : Microsoft Windows Media Remote Code Execution Vulnerability (2648048)
File : nvt/secpod_ms11-092.nasl
2011-12-14 Name : Microsoft Publisher Remote Code Execution Vulnerabilities (2607702)
File : nvt/secpod_ms11-091.nasl
2011-12-14 Name : Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)
File : nvt/secpod_ms11-090.nasl
2011-12-14 Name : Microsoft Office Remote Code Execution Vulnerability (2590602)
File : nvt/secpod_ms11-089.nasl
2011-12-14 Name : Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)
File : nvt/secpod_ms11-088.nasl
2011-12-13 Name : MS Windows Active Directory Remote Code Execution Vulnerability (2640045)
File : nvt/secpod_ms11-095.nasl
2011-12-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)
File : nvt/secpod_ms11-098.nasl
2011-11-07 Name : Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
File : nvt/gb_ms_truetype_font_privilege_elevation_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
78057 Microsoft .NET Framework ASP.NET Hash Collision Web Form Post Parsing Remote DoS
78056 Microsoft .NET Framework Forms Authentication Sliding Expiry Cached Content P...
78055 Microsoft .NET Framework ASP.NET Username Parsing Authentication Bypass
77674 Microsoft IE Path Subversion Arbitrary DLL Injection Code Execution

Microsoft IE is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
77673 Microsoft IE XSS Filter Event Parsing Cross-Domain Remote Information Disclosure
77672 Microsoft Office Publisher Unspecified Publisher File Handling Remote Memory ...
77671 Microsoft Office Publisher Invalid Pointer Publisher File Handling Remote Mem...
77670 Microsoft Office Publisher Array Indexing Publisher File Handling Remote Memo...
77669 Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Opt...
77668 Microsoft Office PowerPoint Path Subversion Arbitrary DLL Injection Code Exec...

Microsoft Office PowerPoint is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a PowerPoint file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
77667 Microsoft Windows Active Directory Query Parsing Remote Overflow
77666 Microsoft Windows Kernel Exception Handler Local Privilege Escalation
77665 Microsoft Time ActiveX (DATIME.DLL) Unspecified IE Web Page Handling Remote C...
77664 Microsoft Office PowerPoint OfficeArt Shape Record PowerPoint File Handling R...
77663 Microsoft Windows Object Linking and Embedding (OLE) Object File Handling Rem...
77662 Microsoft Windows CSRSS Device Event Message Parsing Local Privilege Escalation
77661 Microsoft Office Excel Record Parsing Object Handling Remote Memory Corruption
77660 Microsoft Windows Media Player / Center DVR-MS File Handling Remote Memory Co...
77659 Microsoft Office Use-after-free Border Property Word Document Handling Remote...
76843 Microsoft Windows Win32k TrueType Font Handling Privilege Escalation

Microsoft Windows contains a flaw related to the Win32k TrueType font parsing engine that may allow a context-dependent attacker to execute arbitrary code via malicious font data contained in a Word document.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-05-10 IAVM : 2012-A-0079 - Combined Security Update for Microsoft Office Windows .NET Framework and Silv...
Severity : Category I - VMSKEY : V0032304
2012-01-05 IAVM : 2012-A-0001 - Multiple Vulnerabilities in Microsoft .NET Framework
Severity : Category I - VMSKEY : V0030927
2011-12-15 IAVM : 2011-B-0146 - Microsoft Office Input Method Editor (IME) Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0030822
2011-12-15 IAVM : 2011-A-0171 - Microsoft Windows Media Memory Corruption Vulnerability
Severity : Category II - VMSKEY : V0030826
2011-12-15 IAVM : 2011-A-0167 - Microsoft Cumulative Security Update of ActiveX Kill Bits
Severity : Category II - VMSKEY : V0030830
2011-12-15 IAVM : 2011-A-0166 - Multiple Remote Code Execution Vulnerabilities in Microsoft Office PowerPoint
Severity : Category II - VMSKEY : V0030831
2011-12-15 IAVM : 2011-A-0163 - Microsoft Office Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0030834
2011-12-15 IAVM : 2011-A-0162 - Microsoft Windows Client/Server Run-time Subsystem Elevation of Privilege Vul...
Severity : Category II - VMSKEY : V0030835

Snort® IPS/IDS

Date Description
2019-08-31 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ...
RuleID : 50849 - Revision : 1 - Type : FILE-OTHER
2019-08-31 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ...
RuleID : 50848 - Revision : 1 - Type : FILE-OTHER
2019-04-13 Microsoft Office Publisher 2003 EscherStm memory corruption attempt
RuleID : 49432 - Revision : 1 - Type : FILE-OFFICE
2019-04-13 Microsoft Office Publisher 2003 EscherStm memory corruption attempt
RuleID : 49431 - Revision : 2 - Type : FILE-OFFICE
2019-04-13 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o...
RuleID : 49423 - Revision : 2 - Type : FILE-OTHER
2019-04-13 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o...
RuleID : 49422 - Revision : 2 - Type : FILE-OTHER
2019-04-13 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o...
RuleID : 49421 - Revision : 2 - Type : FILE-OTHER
2019-04-02 Microsoft Office Excel Lel record memory corruption attempt
RuleID : 49324 - Revision : 1 - Type : FILE-OFFICE
2019-04-02 Microsoft Office Excel Lel record memory corruption attempt
RuleID : 49323 - Revision : 1 - Type : FILE-OFFICE
2019-03-14 Microsoft Office Publisher Opltc memory corruption attempt
RuleID : 49183 - Revision : 2 - Type : FILE-OFFICE
2019-03-14 Microsoft Office Publisher Opltc memory corruption attempt
RuleID : 49182 - Revision : 2 - Type : FILE-OFFICE
2017-08-23 HP Photo Creative ActiveX clsid access attempt
RuleID : 43607 - Revision : 2 - Type : BROWSER-PLUGINS
2015-09-03 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 35443 - Revision : 3 - Type : FILE-OFFICE
2015-09-03 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 35442 - Revision : 3 - Type : FILE-OFFICE
2015-09-03 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 35441 - Revision : 3 - Type : FILE-OFFICE
2015-09-03 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 35440 - Revision : 3 - Type : FILE-OFFICE
2015-03-27 Microsoft Office Word border use-after-free attempt
RuleID : 33568 - Revision : 2 - Type : FILE-OFFICE
2015-03-27 Microsoft Office Word border use-after-free attempt
RuleID : 33567 - Revision : 2 - Type : FILE-OFFICE
2015-03-17 Microsoft Office OLESS stream object name corruption attempt
RuleID : 33442 - Revision : 4 - Type : FILE-OFFICE
2015-03-17 Microsoft Office OLESS stream object name corruption attempt
RuleID : 33441 - Revision : 4 - Type : FILE-OFFICE
2015-02-05 Microsoft Office Publisher 2003 EscherStm memory corruption attempt
RuleID : 32961 - Revision : 4 - Type : FILE-OFFICE
2015-02-05 Microsoft Office Publisher 2003 EscherStm memory corruption attempt
RuleID : 32960 - Revision : 3 - Type : FILE-OFFICE
2014-01-18 multi-hop iframe campaign client-side exploit attempt
RuleID : 29025 - Revision : 2 - Type : MALWARE-OTHER
2014-01-18 multi-hop iframe campaign client-side exploit attempt
RuleID : 29024 - Revision : 2 - Type : MALWARE-OTHER
2014-01-18 multi-hop iframe campaign client-side exploit attempt
RuleID : 29023 - Revision : 2 - Type : MALWARE-OTHER
2014-01-18 DNS request for known malware domain kjyg.com
RuleID : 29022 - Revision : 2 - Type : BLACKLIST
2014-01-18 DNS request for known malware domain apfi.biz
RuleID : 29021 - Revision : 2 - Type : BLACKLIST
2014-01-18 DNS request for known malware domain 4pu.com
RuleID : 29020 - Revision : 2 - Type : BLACKLIST
2014-01-10 Blackholev2 exploit kit JNLP request
RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit successful redirection - jnlp bypass
RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java payload detection
RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit redirection structure
RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf payload detection
RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit java payload detection
RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page - specific structure
RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit jar file redirection
RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar download
RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit MyApplet class retrieval
RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection structure
RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit former location - has been removed
RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Java exploit download
RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool Exploit Kit SWF file download
RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Cool Exploit Kit SWF file download
RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Cool Exploit Kit SWF file download
RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Cool Exploit Kit SWF file download
RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf exploit retrieval
RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf exploit retrieval
RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 25355 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 25354 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 25353 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf exploit retrieval
RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf exploit retrieval
RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page detected
RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Windows IIS .NET null character username truncation attempt
RuleID : 25251 - Revision : 5 - Type : SERVER-IIS
2014-01-10 Microsoft Windows IIS .NET null character username truncation attempt
RuleID : 25250 - Revision : 6 - Type : SERVER-IIS
2014-01-10 Cool exploit kit 32-bit font file download
RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit 64-bit font file download
RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit requesting payload
RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit 64-bit font file download
RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit 32-bit font file download
RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit outbound request
RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit outbound request
RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit - PDF Exploit
RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit - PDF Exploit
RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page - Title
RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Office Publisher Opltc memory corruption attempt
RuleID : 21423 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel Lel record memory corruption attempt
RuleID : 21422 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Publisher 2003 EscherStm memory corruption attempt
RuleID : 21243 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office OLESS stream object name corruption attempt
RuleID : 21170 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Bennet-Tec TList saveData arbitrary file creation ActiveX function call access
RuleID : 21034 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Bennet-Tec TList saveData arbitrary file creation ActiveX clsid access
RuleID : 21033 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Bennet-Tec TList saveData arbitrary file creation ActiveX function call access
RuleID : 21032 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Bennet-Tec TList saveData arbitrary file creation ActiveX clsid access
RuleID : 21031 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Bennet-Tec TList saveData arbitrary file creation ActiveX function call access
RuleID : 21030 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Bennet-Tec TList saveData arbitrary file creation ActiveX clsid access
RuleID : 21029 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Office Word border use-after-free attempt
RuleID : 21002 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows IIS .NET null character username truncation attempt
RuleID : 20829 - Revision : 9 - Type : SERVER-IIS
2014-01-10 generic web server hashing collision attack
RuleID : 20825 - Revision : 11 - Type : SERVER-WEBAPP
2014-01-10 generic web server hashing collision attack
RuleID : 20824 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 generic web server hashing collision attack
RuleID : 20823 - Revision : 4 - Type : DOS
2014-01-10 Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o...
RuleID : 20735 - Revision : 12 - Type : FILE-OTHER
2014-01-10 Microsoft Windows Media Player digital video recording buffer overflow attempt
RuleID : 20734 - Revision : 16 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Office Word border use-after-free attempt
RuleID : 20724 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint invalid OfficeArtSpContainer subrecord type confu...
RuleID : 20722 - Revision : 21 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Publisher PLC object memory corruption attempt
RuleID : 20721 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Publisher 2003 EscherStm memory corruption attempt
RuleID : 20720 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Publisher Opltc memory corruption attempt
RuleID : 20719 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel Lel record memory corruption attempt
RuleID : 20718 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows OLE versioned stream missing data stream
RuleID : 20717 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Yahoo! CD Player ActiveX clsid access
RuleID : 20716 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20715 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20714 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20713 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20712 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20711 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20710 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 HP Photo Creative ActiveX clsid access
RuleID : 20709 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 HP Easy Printer Care Software ActiveX clsid access
RuleID : 20708 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 Dell IT Assistant ActiveX clsid access
RuleID : 20707 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access
RuleID : 20706 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access
RuleID : 20705 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer defaulttime behavior attack attempt
RuleID : 20704 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt
RuleID : 20703 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt
RuleID : 20702 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint pp4x322.dll dll-load exploit attempt
RuleID : 20701 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint pp7x32.dll dll-load exploit attempt
RuleID : 20700 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer XSRF timing attack against XSS filter
RuleID : 20699 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Windows wininet peerdist.dll dll-load exploit attempt
RuleID : 18209 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows wininet peerdist.dll dll-load exploit attempt
RuleID : 18208 - Revision : 14 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2012-07-17 Name : The remote device has a denial of service vulnerability.
File : juniper_psn-2012-07-650.nasl - Type : ACT_GATHER_INFO
2012-06-13 Name : Arbitrary code can be executed on the remote host through Microsoft Lync.
File : smb_nt_ms12-039.nasl - Type : ACT_GATHER_INFO
2012-05-09 Name : A multimedia application framework installed on the remote Mac OS X host is a...
File : macosx_ms12-034.nasl - Type : ACT_GATHER_INFO
2012-05-09 Name : The remote Windows host is affected by multiple vulnerabilities.
File : smb_nt_ms12-034.nasl - Type : ACT_GATHER_INFO
2011-12-29 Name : The version of ASP.NET Framework installed on the remote host is affected by ...
File : smb_nt_ms11-100.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The version of Microsoft Office installed on the remote Windows host has a pr...
File : smb_nt_ms11-088.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-089.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote Windows host is missing an update that disables selected ActiveX c...
File : smb_nt_ms11-090.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The version of Microsoft Office installed on the remote host has multiple vul...
File : smb_nt_ms11-091.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The version of Windows Media installed on the remote host has a memory corrup...
File : smb_nt_ms11-092.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote Windows host contains a component that is susceptible to a remote ...
File : smb_nt_ms11-093.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint.
File : smb_nt_ms11-094.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The installed version of Active Directory is affected by a vulnerability that...
File : smb_nt_ms11-095.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms11-096.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote Windows host has a privilege escalation vulnerability.
File : smb_nt_ms11-097.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The Windows kernel is affected by a vulnerability that could result in privil...
File : smb_nt_ms11-098.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms11-099.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : The remote Windows kernel is affected by a remote code execution vulnerability.
File : smb_nt_ms11-087.nasl - Type : ACT_GATHER_INFO
2011-12-13 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_dec2011.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-01-30 13:27:25
  • Multiple Updates