Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA12-045A | First vendor Publication | 2012-02-14 |
Vendor | US-CERT | Last vendor Modification | 2012-02-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software. Microsoft has released updates to address these vulnerabilities. I. Description The Microsoft Security Bulletin Summary for February 2012 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities. II. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. III. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA12-045A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
17 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
17 % | CWE-20 | Improper Input Validation |
6 % | CWE-665 | Improper Initialization |
6 % | CWE-399 | Resource Management Errors |
6 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13972 | |||
Oval ID: | oval:org.mitre.oval:def:13972 | ||
Title: | .NET Framework Unmanaged Objects Vulnerability | ||
Description: | Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0014 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4 Microsoft Silverlight 4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14310 | |||
Oval ID: | oval:org.mitre.oval:def:14310 | ||
Title: | HTML Layout Remote Code Execution Vulnerability | ||
Description: | Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0011 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14347 | |||
Oval ID: | oval:org.mitre.oval:def:14347 | ||
Title: | VSD File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0019 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visio Viewer 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14386 | |||
Oval ID: | oval:org.mitre.oval:def:14386 | ||
Title: | XSS in themeweb.aspx Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0144 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14446 | |||
Oval ID: | oval:org.mitre.oval:def:14446 | ||
Title: | Color Control Panel Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-5082 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14513 | |||
Oval ID: | oval:org.mitre.oval:def:14513 | ||
Title: | .NET Framework Heap Corruption Vulnerability | ||
Description: | Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0015 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14602 | |||
Oval ID: | oval:org.mitre.oval:def:14602 | ||
Title: | VSD File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0137 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visio Viewer 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14603 | |||
Oval ID: | oval:org.mitre.oval:def:14603 | ||
Title: | GDI Access Violation Vulnerability | ||
Description: | The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-5046 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14631 | |||
Oval ID: | oval:org.mitre.oval:def:14631 | ||
Title: | Msvcrt.dll Buffer Overflow Vulnerability | ||
Description: | Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0150 | Version: | 3 |
Platform(s): | Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14637 | |||
Oval ID: | oval:org.mitre.oval:def:14637 | ||
Title: | XSS in inplview.aspx Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0017 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14781 | |||
Oval ID: | oval:org.mitre.oval:def:14781 | ||
Title: | VML Remote Code Execution Vulnerability | ||
Description: | Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0155 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14811 | |||
Oval ID: | oval:org.mitre.oval:def:14811 | ||
Title: | VSD File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0138 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visio Viewer 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14826 | |||
Oval ID: | oval:org.mitre.oval:def:14826 | ||
Title: | XSS in wizardlist.aspx Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0145 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft SharePoint Server 2010 Microsoft SharePoint Foundation 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14852 | |||
Oval ID: | oval:org.mitre.oval:def:14852 | ||
Title: | AfdPoll Elevation of Privilege Vulnerability | ||
Description: | afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0148 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14870 | |||
Oval ID: | oval:org.mitre.oval:def:14870 | ||
Title: | Null Byte Information Disclosure Vulnerability | ||
Description: | Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0012 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14924 | |||
Oval ID: | oval:org.mitre.oval:def:14924 | ||
Title: | VSD File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0136 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visio Viewer 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14928 | |||
Oval ID: | oval:org.mitre.oval:def:14928 | ||
Title: | Keyboard Layout Use After Free Vulnerability | ||
Description: | Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0154 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14958 | |||
Oval ID: | oval:org.mitre.oval:def:14958 | ||
Title: | Ancillary Function Driver Elevation of Privilege Vulnerability | ||
Description: | afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0149 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:14965 | |||
Oval ID: | oval:org.mitre.oval:def:14965 | ||
Title: | VSD File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0020 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visio Viewer 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7132 | |||
Oval ID: | oval:org.mitre.oval:def:7132 | ||
Title: | Indeo Codec Insecure Library Loading Vulnerability | ||
Description: | Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3138 | Version: | 7 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-28 | Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841) File : nvt/secpod_ms12-011.nasl |
2012-02-15 | Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465) File : nvt/secpod_ms12-008.nasl |
2012-02-15 | Name : MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (264... File : nvt/secpod_ms12-009.nasl |
2012-02-15 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (2647516) File : nvt/secpod_ms12-010.nasl |
2012-02-15 | Name : MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719) File : nvt/secpod_ms12-012.nasl |
2012-02-15 | Name : MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428) File : nvt/secpod_ms12-013.nasl |
2012-02-15 | Name : MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637) File : nvt/secpod_ms12-014.nasl |
2012-02-15 | Name : Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510) File : nvt/secpod_ms12-015.nasl |
2012-02-15 | Name : Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vuln... File : nvt/secpod_ms12-016.nasl |
2012-01-19 | Name : Microsoft Windows Color Control Panel Privilege Escalation Vulnerability File : nvt/gb_ms_win_color_control_panel_priv_escalation.nasl |
0000-00-00 | Name : Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability File : nvt/gb_ms_win_kernel_win32k_sys_mem_corruption_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77908 | Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M... A memory corruption flaw exists in Microsoft Windows. win32k.sys fails to sanitize user-supplied input when using Apple Safari resulting in memory corruption. With a specially crafted web page containing a height attribute in an IFRAME, a context-dependent attacker can cause a denial of service and potentially execute arbitrary code. |
67588 | Microsoft Windows Indeo Filter Path Subversion Arbitrary DLL Injection Code E... Microsoft Windows Indeo Filter (iac25_32.ax) is prone to a flaw in the way it loads dynamic-link libraries (e.g. iacenc.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a AVI file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-02-16 | IAVM : 2012-A-0026 - Microsoft Windows C Run-Time Library Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031348 |
2012-02-16 | IAVM : 2012-B-0017 - Multiple Elevation of Privilege Vulnerabilities in Microsoft SharePoint Severity : Category II - VMSKEY : V0031349 |
2012-02-16 | IAVM : 2012-B-0019 - Microsoft Indeo Codec Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031353 |
2012-02-16 | IAVM : 2012-B-0020 - Microsoft Color Control Panel Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0031354 |
2012-02-16 | IAVM : 2012-B-0021 - Microsoft Windows Ancillary Function Driver Privilege Escalation Vulnerabilities Severity : Category II - VMSKEY : V0031355 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-11-16 | Microsoft Windows C Run-Time Library remote code execution attempt RuleID : 31427 - Revision : 3 - Type : FILE-OTHER |
2014-03-15 | Microsoft Internet Explorer style.position use-after-free memory corruption a... RuleID : 29754 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer style.position use-after-free memory corruption a... RuleID : 28447 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 null character in string information disclosure... RuleID : 28112 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio TAG_xxxSect code execution attempt RuleID : 26973 - Revision : 8 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQ... RuleID : 25253 - Revision : 8 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQ... RuleID : 25252 - Revision : 9 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Internet Explorer style.position use-after-free memory corruption a... RuleID : 23060 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio TAG_xxxSect code execution attempt RuleID : 23059 - Revision : 9 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows C Run-Time Library remote code execution attempt RuleID : 21308 - Revision : 11 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Visio TAG_xxxSheet code execution attempt RuleID : 21307 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery ove... RuleID : 21305 - Revision : 10 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Office Visio TAG_OLEChunk code execution attempt RuleID : 21302 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Visio TAG_xxxSect code execution attempt RuleID : 21301 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer 9 null character in string information disclosure... RuleID : 21300 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Silverlight privilege escalation attempt RuleID : 21299 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft SharePoint chart webpart XSS attempt RuleID : 21298 - Revision : 5 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Office SharePoint themeweb.aspx XSS attempt RuleID : 21297 - Revision : 6 - Type : SERVER-WEBAPP |
2014-01-10 | Microsoft Office Visio corrupted compressed data memory corruption attempt RuleID : 21293 - Revision : 8 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer style.position use-after-free memory corruption a... RuleID : 21292 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio invalid row option attempt RuleID : 21291 - Revision : 7 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Color Control Panel STI.dll dll-load exploit attempt RuleID : 21290 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Color Control Panel STI.dll dll-load exploit attempt RuleID : 21289 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt RuleID : 20999 - Revision : 15 - Type : BROWSER-WEBKIT |
2014-01-10 | Microsoft generic javascript handler in URI XSS attempt RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Multiple Vendors request for iacenc.dll over SMB attempt RuleID : 18532 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Multiple Vendors iacenc.dll dll-load exploit attempt RuleID : 18531 - Revision : 10 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-02-22 | Name : A multimedia application framework installed on the remote Mac OS X host is a... File : macosx_ms12-016.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Windows kernel is affected by multiple remote code execution vulne... File : smb_nt_ms12-008.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote Windows host contains a driver that allows privilege escalation. File : smb_nt_ms12-009.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote host is affected by code execution and information disclosure vuln... File : smb_nt_ms12-010.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The remote host is affected by multiple privilege escalation and information ... File : smb_nt_ms12-011.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : Arbitrary code can be executed on the remote Windows host through Windows Col... File : smb_nt_ms12-012.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : Arbitrary code can be executed on the remote host through Microsoft's C run-t... File : smb_nt_ms12-013.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : Arbitrary code can be executed on the remote Windows host through the Indeo c... File : smb_nt_ms12-014.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : Arbitrary code can be executed on the remote host through Microsoft Visio Vie... File : smb_nt_ms12-015.nasl - Type : ACT_GATHER_INFO |
2012-02-14 | Name : The .NET Framework install on the remote Windows host could allow arbitrary c... File : smb_nt_ms12-016.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-07-20 13:22:29 |
|
2013-07-19 21:21:43 |
|