Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA12-129A | First vendor Publication | 2012-05-08 |
Vendor | US-CERT | Last vendor Modification | 2012-05-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for May 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for May 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA12-129A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
35 % | CWE-264 | Permissions, Privileges, and Access Controls |
35 % | CWE-20 | Improper Input Validation |
20 % | CWE-399 | Resource Management Errors |
10 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13998 | |||
Oval ID: | oval:org.mitre.oval:def:13998 | ||
Title: | Vulnerability in TrueType Font Parsing Could Allow Elevation of Privilege | ||
Description: | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3402 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14655 | |||
Oval ID: | oval:org.mitre.oval:def:14655 | ||
Title: | .NET Framework Buffer Allocation Vulnerability | ||
Description: | Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0162 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft .NET Framework 4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14738 | |||
Oval ID: | oval:org.mitre.oval:def:14738 | ||
Title: | Excel MergeCells Record Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0185 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14789 | |||
Oval ID: | oval:org.mitre.oval:def:14789 | ||
Title: | Excel SXLI Record Memory Corruption Vulnerability | ||
Description: | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0184 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14908 | |||
Oval ID: | oval:org.mitre.oval:def:14908 | ||
Title: | TCP/IP Double Free Vulnerability | ||
Description: | Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0179 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14951 | |||
Oval ID: | oval:org.mitre.oval:def:14951 | ||
Title: | .NET Framework Serialization Vulnerability (CVE-2012-0161) | ||
Description: | Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0161 | Version: | 7 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft .NET Framework 1.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15064 | |||
Oval ID: | oval:org.mitre.oval:def:15064 | ||
Title: | Excel Memory Corruption Using Various Modified Bytes Vulnerability | ||
Description: | Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0143 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Excel 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15152 | |||
Oval ID: | oval:org.mitre.oval:def:15152 | ||
Title: | Excel File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0141 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15160 | |||
Oval ID: | oval:org.mitre.oval:def:15160 | ||
Title: | Windows Firewall Bypass Vulnerability | ||
Description: | Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0174 | Version: | 3 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15229 | |||
Oval ID: | oval:org.mitre.oval:def:15229 | ||
Title: | Plug and Play (PnP) Configuration Manager Vulnerability | ||
Description: | Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0178 | Version: | 3 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15290 | |||
Oval ID: | oval:org.mitre.oval:def:15290 | ||
Title: | TrueType Font Parsing Vulnerability (CVE-2011-3402) | ||
Description: | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3402 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Lync 2010 Microsoft Lync 2010 Attendee |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15327 | |||
Oval ID: | oval:org.mitre.oval:def:15327 | ||
Title: | RTF Mismatch Vulnerability | ||
Description: | Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0183 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Microsoft Word 2003 Microsoft Word 2007 Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15355 | |||
Oval ID: | oval:org.mitre.oval:def:15355 | ||
Title: | Keyboard Layout File Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0181 | Version: | 19 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15388 | |||
Oval ID: | oval:org.mitre.oval:def:15388 | ||
Title: | TrueType Font Parsing Vulnerability (CVE-2012-0159) | ||
Description: | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0159 | Version: | 30 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Silverlight 4 Microsoft Silverlight 5 Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15466 | |||
Oval ID: | oval:org.mitre.oval:def:15466 | ||
Title: | Windows and Messages Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0180 | Version: | 19 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15543 | |||
Oval ID: | oval:org.mitre.oval:def:15543 | ||
Title: | Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability | ||
Description: | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0142 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15555 | |||
Oval ID: | oval:org.mitre.oval:def:15555 | ||
Title: | Scrollbar Calculation Vulnerability | ||
Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1848 | Version: | 19 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15574 | |||
Oval ID: | oval:org.mitre.oval:def:15574 | ||
Title: | Silverlight Double-Free Vulnerability | ||
Description: | Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0176 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Silverlight 4 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15575 | |||
Oval ID: | oval:org.mitre.oval:def:15575 | ||
Title: | Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability | ||
Description: | Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-1847 | Version: | 9 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Excel 2010 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15606 | |||
Oval ID: | oval:org.mitre.oval:def:15606 | ||
Title: | VSD File Format Memory Corruption Vulnerability | ||
Description: | Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0018 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Visio Viewer 2010 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:15621 | |||
Oval ID: | oval:org.mitre.oval:def:15621 | ||
Title: | GDI+ Record Type Vulnerability | ||
Description: | GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0165 | Version: | 21 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15628 | |||
Oval ID: | oval:org.mitre.oval:def:15628 | ||
Title: | GDI+ Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0167 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Office 2003 Microsoft Office 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15645 | |||
Oval ID: | oval:org.mitre.oval:def:15645 | ||
Title: | TrueType Font Parsing Vulnerability (CVE-2011-3402) | ||
Description: | Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3402 | Version: | 30 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Silverlight 4 Microsoft Silverlight 5 Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15667 | |||
Oval ID: | oval:org.mitre.oval:def:15667 | ||
Title: | TrueType Font Parsing Vulnerability (CVE-2012-0159) | ||
Description: | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0159 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Lync 2010 Microsoft Lync 2010 Attendee |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2012-05-18 | Windows XP Keyboard Layouts Pool Corruption LPE 0day PoC (post-MS12-034) |
OpenVAS Exploits
Date | Description |
---|---|
2012-06-13 | Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl |
2012-05-14 | Name : Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X) File : nvt/secpod_ms12-034_macosx.nasl |
2012-05-09 | Name : Microsoft Office Word Remote Code Execution Vulnerability (2680352) File : nvt/secpod_ms12-029.nasl |
2012-05-09 | Name : Microsoft Office Word Remote Code Execution Vulnerability-2680352 (Mac OS X) File : nvt/secpod_ms12-029_macosx.nasl |
2012-05-09 | Name : Microsoft Office Remote Code Execution Vulnerabilities (2663830) File : nvt/secpod_ms12-030.nasl |
2012-05-09 | Name : Microsoft Office Remote Code Execution Vulnerabilities-2663830 (Mac OS X) File : nvt/secpod_ms12-030_macosx.nasl |
2012-05-09 | Name : Microsoft Office Visio Viewer Remote Code Execution Vulnerability (2597981) File : nvt/secpod_ms12-031.nasl |
2012-05-09 | Name : Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338) File : nvt/secpod_ms12-032.nasl |
2012-05-09 | Name : Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533) File : nvt/secpod_ms12-033.nasl |
2012-05-09 | Name : MS Security Update For Microsoft Office, .NET Framework, and Silverlight (268... File : nvt/secpod_ms12-034.nasl |
2012-05-09 | Name : Microsoft .NET Framework Remote Code Execution Vulnerability (2693777) File : nvt/secpod_ms12-035.nasl |
2011-12-14 | Name : Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053) File : nvt/secpod_ms11-087.nasl |
2011-11-07 | Name : Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability File : nvt/gb_ms_truetype_font_privilege_elevation_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
76843 | Microsoft Windows Win32k TrueType Font Handling Privilege Escalation Microsoft Windows contains a flaw related to the Win32k TrueType font parsing engine that may allow a context-dependent attacker to execute arbitrary code via malicious font data contained in a Word document. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2012-05-10 | IAVM : 2012-A-0079 - Combined Security Update for Microsoft Office Windows .NET Framework and Silv... Severity : Category I - VMSKEY : V0032304 |
2012-05-10 | IAVM : 2012-A-0080 - Multiple Remote Code Execution Vulnerabilities in Microsoft .NET Framework Severity : Category I - VMSKEY : V0032305 |
2012-05-10 | IAVM : 2012-B-0052 - Microsoft Windows Partition Manager Privilege Escalation Vulnerability Severity : Category II - VMSKEY : V0032311 |
2012-05-10 | IAVM : 2012-A-0083 - Microsoft Office Word Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0032316 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-10-23 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 51568 - Revision : 1 - Type : FILE-OFFICE |
2019-10-23 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 51567 - Revision : 1 - Type : FILE-OFFICE |
2019-10-23 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 51566 - Revision : 1 - Type : FILE-OFFICE |
2019-10-23 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 51565 - Revision : 1 - Type : FILE-OFFICE |
2019-08-31 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ... RuleID : 50849 - Revision : 1 - Type : FILE-OTHER |
2019-08-31 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap obfuscated ... RuleID : 50848 - Revision : 1 - Type : FILE-OTHER |
2019-04-13 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 49423 - Revision : 2 - Type : FILE-OTHER |
2019-04-13 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 49422 - Revision : 2 - Type : FILE-OTHER |
2019-04-13 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 49421 - Revision : 2 - Type : FILE-OTHER |
2018-10-25 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 47890 - Revision : 2 - Type : FILE-OFFICE |
2018-10-25 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 47889 - Revision : 2 - Type : FILE-OFFICE |
2017-03-30 | Microsoft Office Excel SXLI record integer overrun attempt RuleID : 41731 - Revision : 2 - Type : FILE-OFFICE |
2017-03-30 | Microsoft Office Excel SXLI record integer overrun attempt RuleID : 41730 - Revision : 2 - Type : FILE-OFFICE |
2017-03-30 | Microsoft Office Excel SXLI record integer overrun attempt RuleID : 41729 - Revision : 2 - Type : FILE-OFFICE |
2017-03-30 | Microsoft Office Excel SXLI record integer overrun attempt RuleID : 41728 - Revision : 2 - Type : FILE-OFFICE |
2014-02-13 | Microsoft Office Excel SERIES record sdtX memory corruption attempt RuleID : 29329 - Revision : 2 - Type : FILE-OFFICE |
2014-02-13 | Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt RuleID : 29328 - Revision : 3 - Type : FILE-OFFICE |
2014-02-13 | Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt RuleID : 29327 - Revision : 3 - Type : FILE-OFFICE |
2014-02-13 | Microsoft Office Excel SERIES record sdtY memory corruption attempt RuleID : 29326 - Revision : 3 - Type : FILE-OFFICE |
2014-02-08 | Microsoft Office Excel SERIES record sdtX memory corruption attempt RuleID : 29264 - Revision : 2 - Type : FILE-OFFICE |
2014-01-18 | multi-hop iframe campaign client-side exploit attempt RuleID : 29025 - Revision : 2 - Type : MALWARE-OTHER |
2014-01-18 | multi-hop iframe campaign client-side exploit attempt RuleID : 29024 - Revision : 2 - Type : MALWARE-OTHER |
2014-01-18 | multi-hop iframe campaign client-side exploit attempt RuleID : 29023 - Revision : 2 - Type : MALWARE-OTHER |
2014-01-18 | DNS request for known malware domain kjyg.com RuleID : 29022 - Revision : 2 - Type : BLACKLIST |
2014-01-18 | DNS request for known malware domain apfi.biz RuleID : 29021 - Revision : 2 - Type : BLACKLIST |
2014-01-18 | DNS request for known malware domain 4pu.com RuleID : 29020 - Revision : 2 - Type : BLACKLIST |
2014-01-10 | Microsoft Office Excel rtMergeCells heap overflow attempt RuleID : 27948 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel rtMergeCells heap overflow attempt RuleID : 27947 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt RuleID : 27945 - Revision : 6 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows True Type Font maxComponentPoints overflow attempt RuleID : 27576 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 27249 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 26091 - Revision : 3 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25598 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25597 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25596 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25595 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25594 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25593 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25576 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25575 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25574 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool Exploit Kit SWF file download RuleID : 25573 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25510 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25509 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25508 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25507 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25506 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25505 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 25367 - Revision : 11 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 25366 - Revision : 11 - Type : FILE-OFFICE |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25328 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25327 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit java exploit retrieval RuleID : 25326 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit pdf exploit retrieval RuleID : 25325 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page detected RuleID : 25324 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25323 - Revision : 10 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit EOT file download RuleID : 25322 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 25056 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 25055 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit requesting payload RuleID : 25045 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 64-bit font file download RuleID : 24784 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit 32-bit font file download RuleID : 24783 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit outbound request RuleID : 24782 - Revision : 7 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit outbound request RuleID : 24781 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24780 - Revision : 9 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit - PDF Exploit RuleID : 24779 - Revision : 8 - Type : EXPLOIT-KIT |
2014-01-10 | Cool exploit kit landing page - Title RuleID : 24778 - Revision : 6 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Office EMF image EMFPlusPointF record memory corruption attempt RuleID : 23992 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office EMF image EMFPlusPointF record memory corruption attempt RuleID : 23989 - Revision : 7 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel rtMergeCells heap overflow attempt RuleID : 23227 - Revision : 8 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel SXLI record integer overrun attempt RuleID : 23009 - Revision : 9 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel SERIES record SerAuxErrBar sdtX memory corruption attempt RuleID : 22094 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel SERIES record SerAuxTrend sdtX memory corruption attempt RuleID : 22093 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel SERIES record sdtY memory corruption attempt RuleID : 22092 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel SXLI record integer overrun attempt RuleID : 22091 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft .NET framework malicious XBAP attempt RuleID : 22090 - Revision : 6 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows True Type Font maxComponentPoints overflow attempt RuleID : 22087 - Revision : 9 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt RuleID : 22086 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office GDI+ incorrect index validation of malformed EMF image attempt RuleID : 22085 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel rtMergeCells heap overflow attempt RuleID : 22081 - Revision : 7 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer xbap custom ISeralizable object exception attempt RuleID : 22080 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft .NET framework EvidenceBase class remote code execution attempt RuleID : 22079 - Revision : 7 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 22078 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel ObjectLink invalid wLinkVar2 value attempt RuleID : 22077 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel invalid Window2 BIFF record value attempt RuleID : 22076 - Revision : 11 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Visio IndexDirectorySize greater than ChildrenSize memory ac... RuleID : 22075 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows TrueType font parsing engine sfac_GetSbitBitmap elevation o... RuleID : 20735 - Revision : 12 - Type : FILE-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-06-13 | Name : Arbitrary code can be executed on the remote host through Microsoft Lync. File : smb_nt_ms12-039.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : A multimedia application framework installed on the remote Mac OS X host is a... File : macosx_ms12-034.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_may2012.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : A Microsoft Office component installed on the remote host has a memory corrup... File : smb_nt_ms12-029.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : Arbitrary code can be executed on the remote host through Microsoft Office. File : smb_nt_ms12-030.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : Arbitrary code can be executed on the remote host through Microsoft Visio Vie... File : smb_nt_ms12-031.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : The remote Windows host has multiple elevation of privilege vulnerabilities. File : smb_nt_ms12-032.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : The remote Windows host has an elevation of privilege vulnerability. File : smb_nt_ms12-033.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : The remote Windows host is affected by multiple vulnerabilities. File : smb_nt_ms12-034.nasl - Type : ACT_GATHER_INFO |
2012-05-09 | Name : The .NET Framework install on the remote Windows host could allow arbitrary c... File : smb_nt_ms12-035.nasl - Type : ACT_GATHER_INFO |
2011-12-13 | Name : The remote Windows kernel is affected by a remote code execution vulnerability. File : smb_nt_ms11-087.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:53:56 |
|
2013-01-30 13:27:26 |
|