Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA11-067A | First vendor Publication | 2011-03-08 |
Vendor | US-CERT | Last vendor Modification | 2011-03-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
There are multiple vulnerabilities in Microsoft Windows and Microsoft Office. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for March 2011 describes multiple vulnerabilities in Microsoft Windows and Microsoft Office. II. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for March 2011. That bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA11-067A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11910 | |||
Oval ID: | oval:org.mitre.oval:def:11910 | ||
Title: | DEPRECATED: Untrusted search path vulnerability in Microsoft Office Groove 2007 | ||
Description: | Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3146 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office Groove 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12281 | |||
Oval ID: | oval:org.mitre.oval:def:12281 | ||
Title: | DVR-MS Vulnerability | ||
Description: | SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0042 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12480 | |||
Oval ID: | oval:org.mitre.oval:def:12480 | ||
Title: | Remote Desktop Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in the client in Microsoft Remote Desktop Connection 5.2, 6.0, 6.1, and 7.0 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .rdp file, aka "Remote Desktop Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0029 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12506 | |||
Oval ID: | oval:org.mitre.oval:def:12506 | ||
Title: | DirectShow Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-0032 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12632 | |||
Oval ID: | oval:org.mitre.oval:def:12632 | ||
Title: | Microsoft Groove Insecure Library Loading Vulnerability | ||
Description: | Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3146 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Office Groove 2007 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft Office Groove Insecure Library Loading | More info here |
Microsoft Windows Media Player DVR-MS File Code Execution | More info here |
Microsoft Remote Desktop Connection Insecure Library Injection | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2011-03-09 | Name : Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030) File : nvt/secpod_ms11-015.nasl |
2011-03-09 | Name : Microsoft Groove Remote Code Execution Vulnerability (2494047) File : nvt/secpod_ms11-016.nasl |
2011-03-09 | Name : Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062) File : nvt/secpod_ms11-017.nasl |
2010-09-29 | Name : Microsoft Office Products Insecure Library Loading Vulnerability File : nvt/secpod_ms_office_prdts_insecure_lib_load_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
71016 | Microsoft Windows Media Player / Center .dvr-ms File Handling Arbitrary Code ... Microsoft Windows Media Player and Center contain a flaw related to the Stream Buffer Engine (SBE.dll) not properly parsing Microsoft Digital Video Recording (.dvr-ms) media files that may allow an attacker to execute arbitrary code. No further details have been provided. |
71015 | Microsoft Windows DirectShow Path Subversion Arbitrary DLL Injection Code Exe... Microsoft Windows DirectShow is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .wtv, .drv-ms or .mpg file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
71014 | Microsoft Windows Remote Desktop Client Path Subversion Arbitrary DLL Injecti... Microsoft Windows is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a Remote Desktop configuration (.rdp) file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
67484 | Microsoft Office Groove Path Subversion Arbitrary DLL Injection Code Execution Microsoft Groove is prone to a flaw in the way it loads dynamic-link libraries (e.g. GroovePerfmon.dll and mso.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a VCG or GTA file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-03-10 | IAVM : 2011-A-0031 - Multiple Vulnerabilities in Microsoft Windows Media Severity : Category II - VMSKEY : V0026088 |
2011-03-10 | IAVM : 2011-B-0033 - Microsoft Remote Desktop Connection Client Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0026091 |
2011-03-10 | IAVM : 2011-B-0034 - Microsoft Groove Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0026092 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft product fputlsat.dll dll-load exploit attempt RuleID : 21310 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | Microsoft product request for fputlsat.dll over SMB attempt RuleID : 21309 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Groove GroovePerfmon.dll dll-load exploit attempt RuleID : 19315 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Groove GroovePerfmon.dll dll-load exploit attempt RuleID : 19314 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Groove mso.dll dll-load exploit attempt RuleID : 18500 - Revision : 19 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Groove mso.dll dll-load exploit attempt RuleID : 18499 - Revision : 17 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Media Player dvr-ms file parsing remote code execution attempt RuleID : 18498 - Revision : 16 - Type : FILE-OTHER |
2014-01-10 | Microsoft Windows Media Player and shell extension request for ehtrace.dll ov... RuleID : 18497 - Revision : 17 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows Media Player and shell extension ehtrace.dll dll-load explo... RuleID : 18496 - Revision : 15 - Type : OS-WINDOWS |
2014-01-10 | Microsoft product .dll dll-load exploit attempt RuleID : 18495 - Revision : 21 - Type : OS-WINDOWS |
2014-01-10 | Microsoft product .dll dll-load exploit attempt RuleID : 18494 - Revision : 25 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-03-08 | Name : The version of Windows Media installed on the remote host has multiple code e... File : smb_nt_ms11-015.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms11-016.nasl - Type : ACT_GATHER_INFO |
2011-03-08 | Name : It is possible to execute arbitrary code on the remote host through the Remot... File : smb_nt_ms11-017.nasl - Type : ACT_GATHER_INFO |