9.3 - TA12-255A

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	TA12-255A	First vendor Publication	2012-09-11
Vendor	US-CERT	Last vendor Modification	2012-09-11
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for September 2012
describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for September 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA12-255A.html

CWE : Common Weakness Enumeration

%	Id	Name
67 %	CWE-399	Resource Management Errors
33 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15449

Oval ID:	oval:org.mitre.oval:def:15449
Title:	Layout Use After Free Vulnerability - MS12-063
Description:	Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Layout Use After Free Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2548	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
Microsoft Internet Explorer 9 is installed Vista/2K8/Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 is installed LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16450 OR Check for LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20557

Definition Id: oval:org.mitre.oval:def:15652

Oval ID:	oval:org.mitre.oval:def:15652
Title:	Event Listener Use After Free Vulnerability - MS12-063
Description:	Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Event Listener Use After Free Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2546	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
Microsoft Internet Explorer 9 is installed Vista/2K8/Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 is installed LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16450 OR Check for LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20557

Definition Id: oval:org.mitre.oval:def:15729

Oval ID:	oval:org.mitre.oval:def:15729
Title:	execCommand Use After Free Vulnerability - MS12-063
Description:	Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-4969	Version:	5
Platform(s):	Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
IE6 + vulnerable (OS + file versions) Microsoft Internet Explorer 6 is installed AND Vulnerable OS's and their file versions XP + vulnerable file Microsoft Windows XP (32-bit) is installed AND Check if the version of mshtml.dll is less than 6.0.2900.6287 OR 2k3/XP X64 and vulnerable file 2k3/XP x64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Check if the version of mshtml.dll is less than 6.0.3790.5060 OR IE7 + vulnerable (OS + file versions) Microsoft Internet Explorer 7 is installed AND Vulnerable OS's and their file versions XP/2k3 and vulnerable files XP/2k3 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND LDR/GDR Check if the version of mshtml.dll is less than 7.0.6000.17114 OR Check for LDR Mshtml.dll version is greater than or equal to 7.0.6000.20000 AND Check if the version of mshtml.dll is less than 7.0.6000.21316 OR Vista/2K8 and vulnerable files Vista/2k8 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND LDR/GDR Check if the version of mshtml.dll is less than 7.0.6002.18686 OR Check LDR Mshtml.dll version is greater than or equal to 7.0.6002.22000 AND Check if the version of mshtml.dll is less than 7.0.6002.22920 OR IE8 + vulnerable (OS + file versions) Microsoft Internet Explorer 8 is installed AND Vulnerable OS's and their file versions XP/2k3/Vista/2k8 and vulnerable files XP/2k3/Vista/2k8 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19328 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23415 OR Win7/R2 and vulnerable files Win7/R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.7600.17115 OR Check for LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Check if the version of mshtml.dll is less than 8.0.7600.21313 OR Win7/R2 and vulnerable files Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.7601.17940 OR Check for LDR Mshtml.dll version is greater than or equal to 8.0.7601.21000 AND Check if the version of mshtml.dll is less than 8.0.7601.22099 OR IE9 + vulnerable (OS + file versions) Microsoft Internet Explorer 9 is installed AND Vista/2K8/Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 is installed AND LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16450 OR Check for LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20557

Definition Id: oval:org.mitre.oval:def:15745

Oval ID:	oval:org.mitre.oval:def:15745
Title:	cloneNode Use After Free Vulnerability - MS12-063
Description:	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "cloneNode Use After Free Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2557	Version:	5
Platform(s):	Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8
Definition Synopsis:
IE6 + vulnerable (OS + file versions) Microsoft Internet Explorer 6 is installed AND Vulnerable OS's and their file versions XP + vulnerable file Microsoft Windows XP (32-bit) is installed AND Check if the version of mshtml.dll is less than 6.0.2900.6287 OR 2k3/XP X64 and vulnerable file 2k3/XP x64 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Check if the version of mshtml.dll is less than 6.0.3790.5060 OR IE7 + vulnerable (OS + file versions) Microsoft Internet Explorer 7 is installed AND Vulnerable OS's and their file versions XP/2k3 and vulnerable files XP/2k3 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND LDR/GDR Check if the version of mshtml.dll is less than 7.0.6000.17114 OR Check for LDR Mshtml.dll version is greater than or equal to 7.0.6000.20000 AND Check if the version of mshtml.dll is less than 7.0.6000.21316 OR Vista/2K8 and vulnerable files Vista/2k8 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND LDR/GDR Check if the version of mshtml.dll is less than 7.0.6002.18686 OR Check LDR Mshtml.dll version is greater than or equal to 7.0.6002.22000 AND Check if the version of mshtml.dll is less than 7.0.6002.22920 OR IE8 + vulnerable (OS + file versions) Microsoft Internet Explorer 8 is installed AND Vulnerable OS's and their file versions XP/2k3/Vista/2k8 and vulnerable files XP/2k3/Vista/2k8 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19328 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23415 OR Win7/R2 and vulnerable files Win7/R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.7600.17115 OR Check for LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Check if the version of mshtml.dll is less than 8.0.7600.21313 OR Win7/R2 and vulnerable files Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.7601.17940 OR Check for LDR Mshtml.dll version is greater than or equal to 8.0.7601.21000 AND Check if the version of mshtml.dll is less than 8.0.7601.22099

Definition Id: oval:org.mitre.oval:def:15779

Oval ID:	oval:org.mitre.oval:def:15779
Title:	XSS Vulnerability - MS12-061
Description:	Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1892	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista	Product(s):	Microsoft Visual Studio Team Foundation Server 2010
Definition Synopsis:
Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installed AND Check if the version of Microsoft.TeamFoundation.WebAccess.dll is less than 10.0.40219.417

Definition Id: oval:org.mitre.oval:def:15781

Oval ID:	oval:org.mitre.oval:def:15781
Title:	Reflected XSS Vulnerability - MS12-062
Description:	Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-2536	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista	Product(s):	Microsoft System Center Configuration Manager 2007 Microsoft System Center Configuration Manager 2007 R2 Microsoft System Center Configuration Manager 2007 R3 Microsoft Systems Management Server 2003
Definition Synopsis:
Check for vulnerable SMS 2003/file version Microsoft Systems Management Server 2003 SP3 is installed AND Check if version of ReportingInstall.exe (SMS 2003) is less than 2.50.4253.3129 OR Check for vulnerable SCCM 2007/file version Check if version of ReportingInstall.exe (SCCM 2007) is less than 4.0.6487.2216 AND Either applications Microsoft System Center Configuration Manager 2007 SP2 is installed AND Microsoft System Center Configuration Manager 2007 R2 is installed AND Microsoft System Center Configuration Manager 2007 R3 is installed

Definition Id: oval:org.mitre.oval:def:15852

Oval ID:	oval:org.mitre.oval:def:15852
Title:	OnMove Use After Free Vulnerability - MS12-063
Description:	Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "OnMove Use After Free Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1529	Version:	5
Platform(s):	Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 8 Microsoft Internet Explorer 9
Definition Synopsis:
IE8 + vulnerable (OS + file versions) Microsoft Internet Explorer 8 is installed AND Vulnerable OS's and their file versions XP/2k3/Vista/2k8 and vulnerable files XP/2k3/Vista/2k8 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19328 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23415 OR Win7/R2 and vulnerable files Win7/R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.7600.17115 OR Check for LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Check if the version of mshtml.dll is less than 8.0.7600.21313 OR Win7/R2 and vulnerable files Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND LDR/GDR Check if the version of mshtml.dll is less than 8.0.7601.17940 OR Check for LDR Mshtml.dll version is greater than or equal to 8.0.7601.21000 AND Check if the version of mshtml.dll is less than 8.0.7601.22099 OR IE9 + vulnerable (OS + file versions) Microsoft Internet Explorer 9 is installed AND Vista/2K8/Win7/R2 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 is installed AND LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16450 OR Check for LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20557

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:9:::::::* cpe:2.3:a:microsoft:internet_explorer:9:beta1:::::: cpe:2.3:a:microsoft:internet_explorer:9:rc1:::::: cpe:2.3:a:microsoft:internet_explorer:8:::::::* cpe:2.3:a:microsoft:internet_explorer:8:beta2:::::: cpe:2.3:a:microsoft:internet_explorer:8:beta1:::::: cpe:2.3:a:microsoft:internet_explorer:8:rc1:::::: cpe:2.3:a:microsoft:internet_explorer:7:::::::* cpe:2.3:a:microsoft:internet_explorer:7:beta2:::::: cpe:2.3:a:microsoft:internet_explorer:7:beta3:::::: cpe:2.3:a:microsoft:internet_explorer:7:beta1:::::: cpe:2.3:a:microsoft:internet_explorer:7:rc1:::::: cpe:2.3:a:microsoft:internet_explorer:6:::::::* cpe:2.3:a:microsoft:internet_explorer:6:beta1:::::: cpe:2.3:a:microsoft:internet_explorer:6:sp3:::::: cpe:2.3:a:microsoft:internet_explorer:6:sp2:::::: cpe:2.3:a:microsoft:internet_explorer:6:sp1::::::	17
Application	Microsoft System Center Configuration Manager cpe:2.3:a:microsoft:system_center_configuration_manager:2007:sp2::::::	1
Application	Microsoft Systems Management Server cpe:2.3:a:microsoft:systems_management_server:2003:sp2::::::	1
Application	Microsoft Visual Studio Team Foundation Server cpe:2.3:a:microsoft:visual_studio_team_foundation_server:2010:sp1::::::	1

SAINT Exploits

Description	Link
Internet Explorer CMshtmlEd execCommand Use After Free	More info here

OpenVAS Exploits

Date	Description
2012-09-18	Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (2757760) File : nvt/gb_ms_ie_code_exec_vuln_vuln.nasl
2012-09-12	Name : MS Visual Studio Team Foundation Server Privilege Elevation Vulnerability (27... File : nvt/secpod_ms12-061.nasl
2012-09-12	Name : Microsoft System Center Configuration Manager XSS Vulnerability (2741528) File : nvt/secpod_ms12-062.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2012-09-13	IAVM : 2012-B-0089 - Microsoft System Center Configuration Manager Cross Site Scripting Vulnerability Severity : Category II - VMSKEY : V0033786
2012-09-13	IAVM : 2012-B-0090 - Microsoft Visual Studio Team Foundation Server Cross Site Scripting Vulnerabi... Severity : Category II - VMSKEY : V0033787

Snort® IPS/IDS

Date	Description
2014-11-16	Microsoft Internet Explorer EventListener use after free attempt RuleID : 31624 - Revision : 4 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer EventListener use after free attempt RuleID : 31623 - Revision : 4 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer meter element use-after-free attempt RuleID : 31618 - Revision : 2 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer meter element use-after-free attempt RuleID : 31617 - Revision : 2 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer cloneNode for loop remote code execution attempt RuleID : 31611 - Revision : 4 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer cloneNode for loop remote code execution attempt RuleID : 31610 - Revision : 5 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer cloneNode for loop remote code execution attempt RuleID : 31609 - Revision : 3 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer cloneNode for loop remote code execution attempt RuleID : 31608 - Revision : 4 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer OnMove Use After Free exploit attempt RuleID : 31583 - Revision : 4 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer OnMove Use After Free exploit attempt RuleID : 31582 - Revision : 4 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer OnMove Use After Free exploit attempt RuleID : 31581 - Revision : 3 - Type : BROWSER-IE
2014-11-16	Microsoft Internet Explorer OnMove Use After Free exploit attempt RuleID : 31580 - Revision : 3 - Type : BROWSER-IE
2014-02-21	Styx exploit kit eot outbound connection RuleID : 29453 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit landing page request RuleID : 29452 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit outbound jar request RuleID : 29451 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit outbound connection attempt RuleID : 29450 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit landing page RuleID : 29449 - Revision : 3 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit landing page RuleID : 29448 - Revision : 2 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit jar outbound connection RuleID : 29446 - Revision : 9 - Type : EXPLOIT-KIT
2014-02-21	Styx exploit kit fonts download page RuleID : 29445 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page request RuleID : 28478 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit outbound pdf request RuleID : 28477 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit malicious redirection attempt RuleID : 27815 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page request RuleID : 27814 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page with payload RuleID : 27813 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Nailed exploit kit Internet Explorer exploit download - autopwn RuleID : 27081 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jovf RuleID : 27042-community - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jovf RuleID : 27042 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jlnp RuleID : 27041-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jlnp RuleID : 27041 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jorg RuleID : 27040-community - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection jorg RuleID : 27040 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit redirection page RuleID : 26297 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page RuleID : 26296 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit landing page RuleID : 26090 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit portable executable download request RuleID : 25140 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit eot outbound connection RuleID : 25139 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit pdf outbound connection RuleID : 25138 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit jar outbound connection RuleID : 25137 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Styx exploit kit plugin detection connection RuleID : 25136 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Styx Exploit Kit outbound connection RuleID : 25135 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Oracle JavaScript heap exploitation library usage attempt RuleID : 25006 - Revision : 8 - Type : FILE-JAVA
2014-01-10	Microsoft Internet Explorer execCommand use embedded within javascript tags RuleID : 24252 - Revision : 6 - Type : BROWSER-IE
2014-01-10	Microsoft Internet Explorer execCommand use-after-free attempt RuleID : 24212 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24137 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24136 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24135 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24134 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24133 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24132 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Visual Studio Team Web Access console cross site scripting attempt RuleID : 24131 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Microsoft SCCM ReportChart xss attempt RuleID : 24128 - Revision : 9 - Type : OS-WINDOWS
2014-01-10	Oracle JavaScript heap exploitation library usage attempt RuleID : 23614 - Revision : 12 - Type : FILE-JAVA

Nessus® Vulnerability Scanner

Date	Description
2012-09-21	Name : The remote host is affected by code execution vulnerabilities. File : smb_nt_ms12-063.nasl - Type : ACT_GATHER_INFO
2012-09-11	Name : The remote host has an application installed that is affected by a cross-site... File : smb_nt_ms12-061.nasl - Type : ACT_GATHER_INFO
2012-09-11	Name : The remote Windows host has a system management application installed that is... File : smb_nt_ms12-062.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-03-07 13:21:06	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	6
Oval ID(s)	7
CPE ID(s)	20
Saint Exploit(s)	1
Openvas Exploit(s)	3
IAVM(s)	2
Snort® Rule(s)	60
Nessus® Exploit(s)	3

	Related
9.3	CVE-2012-4969
9.3	CVE-2012-2557
9.3	CVE-2012-2548
9.3	CVE-2012-2546
9.3	CVE-2012-1529
4.3	CVE-2012-2536
4.3	CVE-2012-1892
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 7 more Alert(s)