Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA12-045A First vendor Publication 2012-02-14
Vendor US-CERT Last vendor Modification 2012-02-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

There are multiple vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft .NET Framework, Silverlight, Office, and Microsoft Server Software. Microsoft has released updates to address these vulnerabilities.

I. Description

The Microsoft Security Bulletin Summary for February 2012 describes multiple vulnerabilities in Microsoft Windows. Microsoft has released updates to address the vulnerabilities.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA12-045A.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-94 Failure to Control Generation of Code ('Code Injection')
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 % CWE-20 Improper Input Validation
6 % CWE-665 Improper Initialization
6 % CWE-399 Resource Management Errors
6 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13972
 
Oval ID: oval:org.mitre.oval:def:13972
Title: .NET Framework Unmanaged Objects Vulnerability
Description: Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0014
Version: 9
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Microsoft Silverlight 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14310
 
Oval ID: oval:org.mitre.oval:def:14310
Title: HTML Layout Remote Code Execution Vulnerability
Description: Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0011
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14347
 
Oval ID: oval:org.mitre.oval:def:14347
Title: VSD File Format Memory Corruption Vulnerability
Description: Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0019
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Visio Viewer 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14386
 
Oval ID: oval:org.mitre.oval:def:14386
Title: XSS in themeweb.aspx Vulnerability
Description: Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0144
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14446
 
Oval ID: oval:org.mitre.oval:def:14446
Title: Color Control Panel Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-5082
Version: 4
Platform(s): Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14513
 
Oval ID: oval:org.mitre.oval:def:14513
Title: .NET Framework Heap Corruption Vulnerability
Description: Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0015
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14602
 
Oval ID: oval:org.mitre.oval:def:14602
Title: VSD File Format Memory Corruption Vulnerability
Description: Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0137
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Visio Viewer 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14603
 
Oval ID: oval:org.mitre.oval:def:14603
Title: GDI Access Violation Vulnerability
Description: The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2011-5046
Version: 7
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14631
 
Oval ID: oval:org.mitre.oval:def:14631
Title: Msvcrt.dll Buffer Overflow Vulnerability
Description: Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0150
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14637
 
Oval ID: oval:org.mitre.oval:def:14637
Title: XSS in inplview.aspx Vulnerability
Description: Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0017
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14781
 
Oval ID: oval:org.mitre.oval:def:14781
Title: VML Remote Code Execution Vulnerability
Description: Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "VML Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0155
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14811
 
Oval ID: oval:org.mitre.oval:def:14811
Title: VSD File Format Memory Corruption Vulnerability
Description: Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0138
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Visio Viewer 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14826
 
Oval ID: oval:org.mitre.oval:def:14826
Title: XSS in wizardlist.aspx Vulnerability
Description: Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0145
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft SharePoint Server 2010
Microsoft SharePoint Foundation 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14852
 
Oval ID: oval:org.mitre.oval:def:14852
Title: AfdPoll Elevation of Privilege Vulnerability
Description: afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0148
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14870
 
Oval ID: oval:org.mitre.oval:def:14870
Title: Null Byte Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 9 does not properly handle the creation and initialization of string objects, which allows remote attackers to read data from arbitrary process-memory locations via a crafted web site, aka "Null Byte Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0012
Version: 6
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s): Microsoft Internet Explorer 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14924
 
Oval ID: oval:org.mitre.oval:def:14924
Title: VSD File Format Memory Corruption Vulnerability
Description: Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0136
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Visio Viewer 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14928
 
Oval ID: oval:org.mitre.oval:def:14928
Title: Keyboard Layout Use After Free Vulnerability
Description: Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0154
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14958
 
Oval ID: oval:org.mitre.oval:def:14958
Title: Ancillary Function Driver Elevation of Privilege Vulnerability
Description: afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2012-0149
Version: 3
Platform(s): Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14965
 
Oval ID: oval:org.mitre.oval:def:14965
Title: VSD File Format Memory Corruption Vulnerability
Description: Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
Family: windows Class: vulnerability
Reference(s): CVE-2012-0020
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Product(s): Microsoft Visio Viewer 2010
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7132
 
Oval ID: oval:org.mitre.oval:def:7132
Title: Indeo Codec Insecure Library Loading Vulnerability
Description: Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3138
Version: 7
Platform(s): Microsoft Windows XP
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 3
Application 2
Application 2
Application 10
Application 2
Application 1
Os 5
Os 1
Os 9
Os 1
Os 3

OpenVAS Exploits

Date Description
2012-06-28 Name : Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)
File : nvt/secpod_ms12-011.nasl
2012-02-15 Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465)
File : nvt/secpod_ms12-008.nasl
2012-02-15 Name : MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (264...
File : nvt/secpod_ms12-009.nasl
2012-02-15 Name : Microsoft Internet Explorer Multiple Vulnerabilities (2647516)
File : nvt/secpod_ms12-010.nasl
2012-02-15 Name : MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719)
File : nvt/secpod_ms12-012.nasl
2012-02-15 Name : MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428)
File : nvt/secpod_ms12-013.nasl
2012-02-15 Name : MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637)
File : nvt/secpod_ms12-014.nasl
2012-02-15 Name : Microsoft Office Visio Viewer Remote Code Execution Vulnerabilities (2663510)
File : nvt/secpod_ms12-015.nasl
2012-02-15 Name : Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vuln...
File : nvt/secpod_ms12-016.nasl
2012-01-19 Name : Microsoft Windows Color Control Panel Privilege Escalation Vulnerability
File : nvt/gb_ms_win_color_control_panel_priv_escalation.nasl
0000-00-00 Name : Microsoft Windows Kernel 'win32k.sys' Memory Corruption Vulnerability
File : nvt/gb_ms_win_kernel_win32k_sys_mem_corruption_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77908 Microsoft Windows win32k.sys Safari IFRAME Height Attribute Handling Remote M...

A memory corruption flaw exists in Microsoft Windows. win32k.sys fails to sanitize user-supplied input when using Apple Safari resulting in memory corruption. With a specially crafted web page containing a height attribute in an IFRAME, a context-dependent attacker can cause a denial of service and potentially execute arbitrary code.
67588 Microsoft Windows Indeo Filter Path Subversion Arbitrary DLL Injection Code E...

Microsoft Windows Indeo Filter (iac25_32.ax) is prone to a flaw in the way it loads dynamic-link libraries (e.g. iacenc.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a AVI file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

Information Assurance Vulnerability Management (IAVM)

Date Description
2012-02-16 IAVM : 2012-A-0026 - Microsoft Windows C Run-Time Library Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0031348
2012-02-16 IAVM : 2012-B-0017 - Multiple Elevation of Privilege Vulnerabilities in Microsoft SharePoint
Severity : Category II - VMSKEY : V0031349
2012-02-16 IAVM : 2012-B-0019 - Microsoft Indeo Codec Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0031353
2012-02-16 IAVM : 2012-B-0020 - Microsoft Color Control Panel Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0031354
2012-02-16 IAVM : 2012-B-0021 - Microsoft Windows Ancillary Function Driver Privilege Escalation Vulnerabilities
Severity : Category II - VMSKEY : V0031355

Snort® IPS/IDS

Date Description
2014-11-16 Microsoft Windows C Run-Time Library remote code execution attempt
RuleID : 31427 - Revision : 3 - Type : FILE-OTHER
2014-03-15 Microsoft Internet Explorer style.position use-after-free memory corruption a...
RuleID : 29754 - Revision : 5 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer style.position use-after-free memory corruption a...
RuleID : 28447 - Revision : 5 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer 9 null character in string information disclosure...
RuleID : 28112 - Revision : 5 - Type : BROWSER-IE
2014-01-10 Microsoft Office Visio TAG_xxxSect code execution attempt
RuleID : 26973 - Revision : 8 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQ...
RuleID : 25253 - Revision : 8 - Type : FILE-EXECUTABLE
2014-01-10 Microsoft Windows .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQ...
RuleID : 25252 - Revision : 9 - Type : FILE-EXECUTABLE
2014-01-10 Microsoft Internet Explorer style.position use-after-free memory corruption a...
RuleID : 23060 - Revision : 10 - Type : BROWSER-IE
2014-01-10 Microsoft Office Visio TAG_xxxSect code execution attempt
RuleID : 23059 - Revision : 9 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows C Run-Time Library remote code execution attempt
RuleID : 21308 - Revision : 11 - Type : FILE-OTHER
2014-01-10 Microsoft Office Visio TAG_xxxSheet code execution attempt
RuleID : 21307 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft .NET Framework System.Uri.ReCreateParts System.Uri.PathAndQuery ove...
RuleID : 21305 - Revision : 10 - Type : FILE-EXECUTABLE
2014-01-10 Microsoft Office Visio TAG_OLEChunk code execution attempt
RuleID : 21302 - Revision : 12 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Visio TAG_xxxSect code execution attempt
RuleID : 21301 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer 9 null character in string information disclosure...
RuleID : 21300 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Silverlight privilege escalation attempt
RuleID : 21299 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft SharePoint chart webpart XSS attempt
RuleID : 21298 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 Microsoft Office SharePoint themeweb.aspx XSS attempt
RuleID : 21297 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10 Microsoft Office Visio corrupted compressed data memory corruption attempt
RuleID : 21293 - Revision : 8 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer style.position use-after-free memory corruption a...
RuleID : 21292 - Revision : 12 - Type : BROWSER-IE
2014-01-10 Microsoft Office Visio invalid row option attempt
RuleID : 21291 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 Microsoft Color Control Panel STI.dll dll-load exploit attempt
RuleID : 21290 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Microsoft Color Control Panel STI.dll dll-load exploit attempt
RuleID : 21289 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows 7 x64 Apple Safari abnormally long iframe exploit attempt
RuleID : 20999 - Revision : 15 - Type : BROWSER-WEBKIT
2014-01-10 Microsoft generic javascript handler in URI XSS attempt
RuleID : 20258 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Multiple Vendors request for iacenc.dll over SMB attempt
RuleID : 18532 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Multiple Vendors iacenc.dll dll-load exploit attempt
RuleID : 18531 - Revision : 10 - Type : SERVER-OTHER

Nessus® Vulnerability Scanner

Date Description
2012-02-22 Name : A multimedia application framework installed on the remote Mac OS X host is a...
File : macosx_ms12-016.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Windows kernel is affected by multiple remote code execution vulne...
File : smb_nt_ms12-008.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote Windows host contains a driver that allows privilege escalation.
File : smb_nt_ms12-009.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote host is affected by code execution and information disclosure vuln...
File : smb_nt_ms12-010.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The remote host is affected by multiple privilege escalation and information ...
File : smb_nt_ms12-011.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : Arbitrary code can be executed on the remote Windows host through Windows Col...
File : smb_nt_ms12-012.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : Arbitrary code can be executed on the remote host through Microsoft's C run-t...
File : smb_nt_ms12-013.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : Arbitrary code can be executed on the remote Windows host through the Indeo c...
File : smb_nt_ms12-014.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : Arbitrary code can be executed on the remote host through Microsoft Visio Vie...
File : smb_nt_ms12-015.nasl - Type : ACT_GATHER_INFO
2012-02-14 Name : The .NET Framework install on the remote Windows host could allow arbitrary c...
File : smb_nt_ms12-016.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2013-07-20 13:22:29
  • Multiple Updates
2013-07-19 21:21:43
  • Multiple Updates