Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA09-314A First vendor Publication 2009-11-10
Vendor US-CERT Last vendor Modification 2009-11-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Windows Server and Office Word and Excel.

I. Description

Microsoft has released multiple security bulletins for critical vulnerabilities in Microsoft Windows and Windows Server and Office Word and Excel. These bulletins are described in the Microsoft Security Bulletin Summary for November 2009.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2009. The security bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA09-314A.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-2 Inducing Account Lockout
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

CWE : Common Weakness Enumeration

% Id Name
56 % CWE-94 Failure to Control Generation of Code ('Code Injection')
12 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
12 % CWE-20 Improper Input Validation
6 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
6 % CWE-399 Resource Management Errors
6 % CWE-125 Out-of-bounds Read

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5588
 
Oval ID: oval:org.mitre.oval:def:5588
Title: Win32k NULL Pointer Dereferencing Vulnerability
Description: win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1127
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5878
 
Oval ID: oval:org.mitre.oval:def:5878
Title: Excel Field Sanitization Vulnerability
Description: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3134
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5890
 
Oval ID: oval:org.mitre.oval:def:5890
Title: LSASS Recursive Stack Overflow Vulnerability
Description: Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2; Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2; and Active Directory Lightweight Directory Service (AD LDS) on Windows Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via a malformed (1) LDAP or (2) LDAPS request, aka "LSASS Recursive Stack Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1928
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6079
 
Oval ID: oval:org.mitre.oval:def:6079
Title: Web Services on Devices API Memory Corruption Vulnerability
Description: The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka "Web Services on Devices API Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2512
Version: 1
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): SMBv2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6137
 
Oval ID: oval:org.mitre.oval:def:6137
Title: Excel Document Parsing Heap Overflow Vulnerability
Description: Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3130
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6146
 
Oval ID: oval:org.mitre.oval:def:6146
Title: Excel Cache Memory Corruption Vulnerability
Description: Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3127
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office Excel Viewer 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6265
 
Oval ID: oval:org.mitre.oval:def:6265
Title: Excel Document Parsing Memory Corruption Vulnerability
Description: Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3133
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6277
 
Oval ID: oval:org.mitre.oval:def:6277
Title: Win32k Insufficient Data Validation Vulnerability
Description: The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2513
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6300
 
Oval ID: oval:org.mitre.oval:def:6300
Title: License Logging Server Heap Overflow Vulnerability
Description: The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2523
Version: 1
Platform(s): Microsoft Windows 2000
Product(s): SMBv2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6406
 
Oval ID: oval:org.mitre.oval:def:6406
Title: Win32k EOT Parsing Vulnerability
Description: win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2514
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6474
 
Oval ID: oval:org.mitre.oval:def:6474
Title: Excel SxView Memory Corruption Vulnerability
Description: Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3128
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office Excel Viewer 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6518
 
Oval ID: oval:org.mitre.oval:def:6518
Title: Excel Formula Parsing Memory Corruption Vulnerability
Description: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet with a crafted formula embedded in a cell, aka "Excel Formula Parsing Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3131
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6521
 
Oval ID: oval:org.mitre.oval:def:6521
Title: Excel Featheader Record Memory Corruption Vulnerability
Description: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3129
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6526
 
Oval ID: oval:org.mitre.oval:def:6526
Title: Excel Index Parsing Vulnerability
Description: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed formula, related to a "pointer corruption" issue, aka "Excel Index Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3132
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6555
 
Oval ID: oval:org.mitre.oval:def:6555
Title: Microsoft Office Word File Information Memory Corruption Vulnerability
Description: Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3135
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Microsoft Word 2002
Microsoft Word 2003
Microsoft Office Word Viewer 2003
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 4
Application 3
Application 2
Application 2
Application 2
Application 1
Os 1
Os 3
Os 8
Os 6
Os 3

ExploitDB Exploits

id Description
2010-08-21 MS Excel Malformed FEATHEADER Record Exploit (MS09-067)

OpenVAS Exploits

Date Description
2010-11-25 Name : Microsoft Web Services on Devices API Remote Code Execution Vulnerability (97...
File : nvt/gb_ms09-063.nasl
2009-11-12 Name : Microsoft Windows Active Directory Denial of Service Vulnerability (973309)
File : nvt/secpod_ms09-066.nasl
2009-11-11 Name : MS Windows License Logging Server Remote Code Execution Vulnerability (974783)
File : nvt/secpod_ms09-064.nasl
2009-11-11 Name : Microsoft Windows Kernel-Mode Drivers Multiple Vulnerabilities (969947)
File : nvt/secpod_ms09-065.nasl
2009-11-11 Name : Microsoft Office Excel Multiple Vulnerabilities (972652)
File : nvt/secpod_ms09-067.nasl
2009-11-11 Name : Microsoft Office Word Remote Code Execution Vulnerability (976307)
File : nvt/secpod_ms09-068.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
59869 Microsoft Windows Win32k Table of Directory Entry Building Font Code Parsing ...

59868 Microsoft Windows Win32k GDI Kernel Component Unspecified Local Privilege Esc...

59867 Microsoft Windows Win32k Unspecified Kernel System Call Local Privilege Escal...

59866 Microsoft Office Excel Document Record Parsing Memory Corruption

59865 Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handlin...

59864 Microsoft Office Excel Malformed Record Object Sanitization Failure Arbitrary...

59863 Microsoft Office Excel Formula Handling Pointer Corruption Arbitrary Code Exe...

59862 Microsoft Office Excel Cell Embeded Formula Parsing Memory Corruption

59861 Microsoft Office Excel BIFF Record Parsing Overflow

59860 Microsoft Office Excel BIFF File FEATHEADER cbHdrData Size Element Handling M...

Excel contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered by a specially crafted Excel document that contains a malformed FEATHEADER object.
59859 Microsoft Office Excel SxView Record Handling Memory Corruption

59858 Microsoft Office Excel Malformed PivotCache Stream Handling Memory Corruption

59857 Microsoft Office Word Document Malformed File Information Block (FIB) Parsing...

59856 Microsoft Windows Active Directory Malformed LDAP Request Stack Exhaustion Re...

59855 Microsoft Windows License Logging Server (llssrv.exe) RPC LlsrLicenseRequestW...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-11-12 IAVM : 2009-A-0120 - Microsoft Office Word Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0021933
2009-11-12 IAVM : 2009-A-0116 - Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerab...
Severity : Category I - VMSKEY : V0021937
2009-11-12 IAVM : 2009-A-0115 - Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerabi...
Severity : Category I - VMSKEY : V0021938

Snort® IPS/IDS

Date Description
2014-01-10 DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
RuleID : 5485 - Revision : 15 - Type : OS-WINDOWS
2019-12-03 Microsoft Office Excel row record buffer overflow attempt
RuleID : 52066 - Revision : 1 - Type : FILE-OFFICE
2019-12-03 Microsoft Office Excel row record buffer overflow attempt
RuleID : 52065 - Revision : 1 - Type : FILE-OFFICE
2015-01-06 Web Service on Devices API WSDAPI URL processing buffer corruption attempt
RuleID : 32673 - Revision : 2 - Type : SERVER-OTHER
2014-11-16 Microsoft Office Excel SXDB record memory corruption attempt
RuleID : 31436 - Revision : 2 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel SXDB record memory corruption attempt
RuleID : 31435 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel SXDB memory corruption attempt
RuleID : 26177 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel SXDB memory corruption attempt
RuleID : 26176 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word Document remote code execution attempt
RuleID : 25631 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word Document remote code execution attempt
RuleID : 25630 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt
RuleID : 24487 - Revision : 9 - Type : FILE-PDF
2014-01-10 Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt
RuleID : 24486 - Revision : 8 - Type : FILE-PDF
2014-01-10 Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt
RuleID : 24485 - Revision : 8 - Type : FILE-PDF
2014-01-10 Microsoft Office Excel file SxView record exploit attempt
RuleID : 23543 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel integer field in row record improper validation remote...
RuleID : 23542 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt
RuleID : 23508 - Revision : 5 - Type : FILE-PDF
2014-01-10 Microsoft Office Excel SXDB memory corruption
RuleID : 21503 - Revision : 10 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word Document remote code execution attempt
RuleID : 16586 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel ptg index parsing code execution attempt
RuleID : 16553 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel FeatHdr BIFF record remote code execution attempt
RuleID : 16241 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel file Window/Pane record exploit attempt
RuleID : 16240 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 DCERPC NCADG-IP-UDP llsrpc2 LlsrLicenseRequestW overflow attempt
RuleID : 16239 - Revision : 9 - Type : OS-WINDOWS
2014-01-10 DCERPC NCACN-IP-TCP llsrpc2 LlsrLicenseRequestW overflow attempt
RuleID : 16238 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Microsoft Active Directory NTDSA stack space exhaustion attempt
RuleID : 16237 - Revision : 8 - Type : SERVER-OTHER
2014-01-10 Microsoft Office Excel file SxView record exploit attempt
RuleID : 16236 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel file SXDB record exploit attempt
RuleID : 16235 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word Document remote code execution attempt
RuleID : 16234 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel oversized ptgFuncVar cparams value buffer overflow att...
RuleID : 16233 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows EOT font parsing integer overflow attempt
RuleID : 16232 - Revision : 9 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows kernel-mode drivers core font parsing integer overflow attempt
RuleID : 16231 - Revision : 22 - Type : FILE-PDF
2014-01-10 Microsoft Excel oversized ib memory corruption attempt
RuleID : 16230 - Revision : 9 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel oversized ib memory corruption attempt
RuleID : 16229 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel malformed StartObject record arbitrary code execution ...
RuleID : 16228 - Revision : 9 - Type : FILE-OFFICE
2014-01-10 Web Service on Devices API WSDAPI URL processing buffer corruption attempt
RuleID : 16227 - Revision : 9 - Type : SERVER-OTHER
2014-01-10 Microsoft Office Excel integer field in row record improper validation remote...
RuleID : 16226 - Revision : 11 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_nov2009.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : Arbitrary code can be executed on the remote host.
File : smb_kb974783.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : Arbitrary code can be executed on the remote host through the Web Services fo...
File : smb_nt_ms09-063.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : Arbitrary code can be executed on the remote host.
File : smb_nt_ms09-064.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : The remote Windows kernel is affected by remote privilege escalation vulnerab...
File : smb_nt_ms09-065.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : The installed version of Active Directory is affected by a denial of service ...
File : smb_nt_ms09-066.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : Arbitrary code can be executed on the remote host through opening a Microsoft...
File : smb_nt_ms09-067.nasl - Type : ACT_GATHER_INFO
2009-11-10 Name : Arbitrary code can be executed on the remote host through Microsoft Word.
File : smb_nt_ms09-068.nasl - Type : ACT_GATHER_INFO