9.3 - TA12-192A

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	TA12-192A	First vendor Publication	2012-07-10
Vendor	US-CERT	Last vendor Modification	2012-07-10
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for July 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for July 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA12-192A.html

CWE : Common Weakness Enumeration

%	Id	Name
23 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
23 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
15 %	CWE-200	Information Exposure
15 %	CWE-20	Improper Input Validation
8 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
8 %	CWE-264	Permissions, Privileges, and Access Controls
8 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:14783

Oval ID:	oval:org.mitre.oval:def:14783
Title:	ADO Cachesize Heap Overflow RCE Vulnerability - MS12-045
Description:	Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1891	Version:	11
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Data Access Components
Definition Synopsis:
Microsoft Data Access Components is installed Win XP and vulnerable version of MDAC Check if the version of msado15.dll is less than 2.81.3014.0 AND Microsoft Windows XP (32-bit) is installed OR Win XP X64/ 2K3 and vuln version of MDAC Win XP X64/2K3 Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed AND Microsoft Windows Server 2003 (x64) is installed AND Check if the version of Msado15.dll is less than 2.82.5011.0 OR Vista /2K8 and vulnerable version of WDAC Win 2k8 / Vista Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable version of WDAC Check if the version of Msado15.dll is less than 6.0.6002.18644 OR Check for LDR Check if the version of Msado15.dll is less than 6.0.6002.22869 AND the version of msado15.dll is greater than or equal 6.0.6002.22000 OR Win 7 / 2k8 R2 and vulnerable WDAC version Win 7 / 2K8 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of Msado15.dll is less than 6.1.7600.17036 OR Check for LDR Check if the version of Msado15.dll is less than 6.1.7600.21227 AND the version of msado15.dll is greater than or equal 6.1.7600.20000 OR Win 7 / 2K8 R2 and vulnerable WDAC version Win 7 / Win 2k8 R2 Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Check for vulnerable WDAC version Check if the version of Msado15.dll is less than 6.1.7601.17857 OR Check for LDR Check if the version of Msado15.dll is greater than or equal to 6.1.7601.21000 AND Check if the version of Msado15.dll is less than 6.1.7601.22012

Definition Id: oval:org.mitre.oval:def:14897

Oval ID:	oval:org.mitre.oval:def:14897
Title:	Command Injection Vulnerability - MS12-048
Description:	The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-0175	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):
Definition Synopsis:
Vulnerable Windows XP SP3 Microsoft Windows XP (x86) SP3 is installed AND Check if version of Shell32.dll is less than 6.0.2900.6242 OR Vulnerable Windows XP x64 SP2/server 2003 Check for Windows XP x64 SP2/server 2003 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Check if version of Shell32.dll is less than 6.0.3790.5018 OR Vulnerable Vista SP2, Server 2008 SP2 Check for Vista SP2, Server 2008 SP2 Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Check for GDR/LDR Check if version of Shell32.dll is less than 6.0.6002.18646 OR Check for LDR the version of shell32.dll is greater than or equal to 6.0.6002.22000 AND Check if version of Shell32.dll is less than 6.0.6002.22874 OR Vulnerable Windows 7/Server 2008 R2 x64/ia64 Check for Windows 7/Server 2008 R2 x64/ia64 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for GDR/LDR Check if version of Shell32.dll is less than 6.1.7600.17038 OR Check for LDR the version of shell32.dll is greater than or equal to 6.1.7600.20000 AND Check if version of Shell32.dll is less than 6.1.7600.21230 OR Vulnerable Windows 7 SP1/Server 2008 R2 x64/ia64 SP1 Check for Windows 7 SP1/Server 2008 R2 x64/ia64 SP1 Microsoft Windows 7 (32-bit) Service Pack 1 is installed AND Microsoft Windows 7 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND Check for GDR/LDR Check if version of Shell32.dll is less than 6.1.7601.17859 OR Check for LDR Check if version of Shell32.dll is greater than or equal to 6.1.7601.21000 AND Check if version of Shell32.dll is less than 6.1.7601.22015

Definition Id: oval:org.mitre.oval:def:14950

Oval ID:	oval:org.mitre.oval:def:14950
Title:	Visual Basic for Applications Insecure Library Loading Vulnerability - MS12-046
Description:	Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1854	Version:	3
Platform(s):	Microsoft Windows 7 Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Microsoft Visual Basic for Applications
Definition Synopsis:
Office 2k3 / Office 2k7 and VBA vulnerable version Office 2k7 / Office 2K3 / VBA Microsoft Office 2003 SP3 is installed AND Microsoft Office 2007 SP2 is installed AND Microsoft Office 2007 SP3 is installed AND Microsoft Visual Basic 6.0 is installed AND Check if the version of vbe6.dll is less than 6.5.10.54 OR Office 2k10 and vulnerable VBA version Microsoft Office 2010 is installed AND Check if both patches are applied Check if the version of vbe7.dll is less than 7.00.16.27 AND Check if the version of Acees.dll is less than 14.0.6015.1000

Definition Id: oval:org.mitre.oval:def:15195

Oval ID:	oval:org.mitre.oval:def:15195
Title:	MSXML Uninitialized Memory Corruption Vulnerability - MS12-043
Description:	Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses uninitialized memory locations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1889	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012	Product(s):	Microsoft Office 2003 Microsoft Office 2007 Microsoft Office Compatibility Pack Microsoft Word Viewer Microsoft Expression Web Microsoft XML Core Services 3.0 Microsoft XML Core Services 4.0 Microsoft XML Core Services 5.0 Microsoft XML Core Services 6.0
Definition Synopsis:
Check for XML 5.0 fix Check for vulnerable application Microsoft Office 2007 SP2 is installed AND Microsoft Office 2007 SP3 is installed AND Microsoft Expression Web SP1 is installed AND Microsoft Expression Web 2 is installed AND Microsoft Office Compatibility Pack SP2 is installed AND Microsoft Office Compatibility Pack SP3 is installed AND Microsoft Word Viewer is installed AND Microsoft XML Core Services 5 is installed AND Check if version of Msxml5.dll is less than 5.20.1096.0 OR Check for vulnerable MS-XML Check for MS-XML Microsoft XML Core Services 3 is installed AND Microsoft XML Core Services 4 is installed AND Microsoft XML Core Services 6 is installed AND Check for vulnerable winxp/msxml file version Check for winxp Check for vulnerable msxml file version Check if version of Msxml3.dll is less than 8.100.1053.0 AND Check if version of Msxml4.dll is less than 4.30.2114.0 AND Check if version of Msxml6.dll is less than 6.20.2501.0 AND Microsoft Windows XP (32-bit) is installed OR Check for vulnerable winxp/server/msxml file version Check for vulnerable msxml file version Check if version of Msxml4.dll is less than 4.30.2114.0 AND Check if version of Msxml6.dll is less than 6.20.2012.0 AND msxml3.dll version is less than 8.100.1052.0 AND Check for winxp/server Microsoft Windows XP x64 is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows Server 2003 (ia64) Gold is installed OR Check for vulnerable vista/2008/msxml file version Check for vulnerable vista/2008 Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 (ia-64) is installed AND Check for vulnerable msxml file version Check if version of Msxml3.dll is less than 8.100.5005.0 AND Check if version of Msxml4.dll is less than 4.30.2114.0 AND Check if version of Msxml6.dll is less than 6.20.5005.0 OR Check for vulnerable win 7/2008 R2/msxml file version Check for vulnerable win 7/2008 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable msxml file version Check if version of Msxml3.dll is less than 8.110.7600.17036 OR Check for LDR Check if version of Msxml3.dll is less than 8.110.7600.21227 AND msxml3.dll version is greater than or equal to 8.110.7600.20000 AND Check if version of Msxml4.dll is less than 4.30.2114.0 AND Check if version of Msxml6.dll is less than 6.30.7600.17036 OR Check for LDR Check if version of Msxml6.dll is greater than or equal to 6.30.7600.20000 AND Check if version of Msxml6.dll is less than 6.30.7600.21227 OR Check for vulnerable win 7/2008 R2 SP1/msxml file version Check for vulnerable win 7/2008 R2 SP1 Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable msxml file version Check if version of Msxml3.dll is less than 8.110.7601.17857 OR Check for LDR Check if version of Msxml3.dll is greater than or equal to 8.110.7601.22000 AND Check if version of Msxml3.dll is less than 8.110.7601.22012 AND Check if version of Msxml4.dll is less than 4.30.2114.0 AND Check if version of Msxml6.dll is less than 6.30.7601.17857 OR Check for LDR Check if version of Msxml6.dll is greater than or equal to 6.30.7601.22000 AND Check if version of Msxml6.dll is less than 6.30.7601.22012 OR Check for vulnerable win 8/2012/file version Check for vulnerable win 8/2012 Microsoft Windows 8 is installed AND Microsoft Windows Server 2012 is installed AND Check if version of Msxml4.dll is less than 4.30.2114.0

Definition Id: oval:org.mitre.oval:def:15416

Oval ID:	oval:org.mitre.oval:def:15416
Title:	Keyboard Layout Vulnerability - MS12-047
Description:	win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1890	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):
Definition Synopsis:
Windows XP X86 and vuln file version Check if the version of Win32k.sys is less than 5.1.2600.6244 AND Microsoft Windows XP (x86) SP3 is installed OR Win XP X64 / 2K3 vulnerable file version Win XP X64 / 2k3 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Check if the version of Win32k.sys is less than 5.2.3790.5019 OR Vista/2k8 and vulnerable file version Vista/2K8 Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Check for vulnerable file version Check if the version of Win32k.sys is less than 6.0.6002.18647 OR Check for LDR Check if the version of Win32k.sys is less than 6.0.6002.22876 AND the version of win32k.sys is greater than or equal to 6.0.6002.22000 OR Win 7 and 2K8R2 and vulnerable file version Win 7 / 2k8 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of Win32K.sys is less than 6.1.7600.17039 OR Check for LDR Check if the version of Win32K.sys is less than 6.1.7600.21231 AND the version of win32k.sys is greater than or equal to 6.1.7600.20000 OR Win 7 / 2K8 R2 SP1 and vulnerable file version Win 7 SP1 / 2k8 R2 SP1 Microsoft Windows 7 (32-bit) Service Pack 1 is installed AND Microsoft Windows 7 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND Check for vulnerable version Check if the version of Win32K.sys is less than 6.1.7601.17860 OR Check for LDR Check if the version of Win32k.sys is less than 6.1.7601.22016 AND the version of win32k.sys is greater than or equal to 6.1.7601.21000

Definition Id: oval:org.mitre.oval:def:15464

Oval ID:	oval:org.mitre.oval:def:15464
Title:	Cached Object Remote Code Execution Vulnerability - MS12-044
Description:	Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1522	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 9
Definition Synopsis:
Vulnerable OS Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows 7 is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed Check for vulnerable version Check if the version of mshtml.dll is less than 9.0.8112.16447 OR Check for LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20553 AND Microsoft Internet Explorer 9 is installed

Definition Id: oval:org.mitre.oval:def:15530

Oval ID:	oval:org.mitre.oval:def:15530
Title:	HTML Sanitization Vulnerability - MS12-050
Description:	The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1858	Version:	13
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft Communicator 2007 R2 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Groove Server 2010 Microsoft InfoPath 2007 Microsoft InfoPath 2010 Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Server 2010 Microsoft SharePoint Services 3.0
Definition Synopsis:
IE8 and XP/2K3 Microsoft Internet Explorer 8 is installed AND Win Vista / 2K8 Microsoft Windows XP (32-bit) is installed AND Microsoft Windows Server 2003 (32-bit) is installed AND Microsoft Windows Server 2003 (x64) is installed AND Microsoft Windows XP x64 is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19258 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23345 OR IE8 and vista/2k8 Microsoft Internet Explorer 8 is installed AND Vista/2K8 Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.6001.19272 OR Check for LDR Check for mshtml.dll version greater than or equal to 8.0.6001.23000 AND Check if the version of mshtml.dll is less than 8.0.6001.23359 OR IE9 and Vista/2K8/Win7/2008 R2 Vista/2K8/Win7/R2 Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 9.0.8112.16446 OR Check for LDR Check for mshtml.dll version greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20551 AND Microsoft Internet Explorer 9 is installed OR IE 8 and Win7 / Win 2k8 R2 Microsoft Internet Explorer 8 is installed AND Win 7 / 2K8 R2 IE8 and Win 7/2K8 R2 Win 7 / Win 2K8 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.7600.17006 OR Check for LDR Mshtml.dll version is greater than or equal 8.0.7600.20000 AND Check if the version of mshtml.dll is less than 8.0.7600.21198 OR Win 7 / 2K8 R2 and IE8 Win 7 / Win 2K8 R2 Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Check for LDR/GDR Check if the version of mshtml.dll is less than 8.0.7601.17824 OR Check for LDR Mshtml.dll version is greater than or equal to 8.0.7601.21000 AND Check if the version of mshtml.dll is less than 8.0.7601.21976 OR Check for vulnerable communicator 2007 r2 Microsoft Communicator 2007 R2 is installed AND Check if version of Communicator.exe (Communicator 2007 R2) is less than 3.5.6907.253 OR Check for vulnerable lync 2010 Microsoft Lync 2010 is installed AND Check if version of Communicator.exe (Lync 2010) is less than 4.0.7577.4098 OR Check for vulnerable lync 2010 attendee (admin) Microsoft Lync 2010 Attendee (user level install) is installed AND Check if version of ogl.dll (Lync 2010 Attendee for admin) is less than 4.0.7577.4098 OR Check for vulnerable lync 2010 attendee (user) Microsoft Lync 2010 Attendee (admin level install) is installed AND Check if version of ogl.dll (Lync 2010 Attendee for user) is less than 4.0.7577.4098 OR infopath 2007/2010 infopath 2010/2007 sp2/sp3 Microsoft InfoPath 2007 Service Pack 2 is installed AND Microsoft InfoPath 2007 Service Pack 3 is installed AND infopath.exe or ipeditor.dll Check if the version of infopath.exe is less than 12.0.6661.5000 AND Check if the version of Ipeditor.dll is less than 12.0.6661.5000 OR sharepoint server 2007 sp2/sp3 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed AND Microsoft Office SharePoint Server 2007 SP3 is installed AND Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 OR sharepoint foundation 2010 sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed. AND Check if the version of Onfda.dll is less than 14.0.6106.5000 OR groove server 2010 groove server/sp1 Microsoft Groove Server 2010 Service Pack 1 is installed AND Microsoft Groove Server 2010 is installed AND Check if the version of svrsetup.dll is less than 14.0.6120.5000 OR sharepoint server 2010 sharepoint server 2010/sp1 Microsoft SharePoint Server 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed. AND Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 OR infopath 2010 Microsoft InfoPath 2010 is installed AND infopath.exe or ipeditor.dll Check if the version of infopath.exe is less than 14.0.6120.5000 AND Check if the version of Ipeditor.dll is less than 14.0.6120.5000 OR sharepoint services 3.0 Check if the version of Onetutil.dll is less than 12.0.6661.5000 AND Microsoft Windows SharePoint Services 3.0 SP2 is installed

Definition Id: oval:org.mitre.oval:def:15544

Oval ID:	oval:org.mitre.oval:def:15544
Title:	SharePoint Script in Username Vulnerability - MS12-050
Description:	Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1861	Version:	6
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2010
Definition Synopsis:
sharepoint server 2010 Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 AND sharepoint server 2010/sp1 Microsoft SharePoint Server 2010 Service Pack 1 is installed AND Microsoft Office SharePoint Server 2010 is installed. OR sharepoint foundation 2010 Check if the version of Onfda.dll is less than 14.0.6106.5000 AND sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed AND Microsoft SharePoint Foundation 2010 is installed

Definition Id: oval:org.mitre.oval:def:15589

Oval ID:	oval:org.mitre.oval:def:15589
Title:	XSS scriptresx.ashx Vulnerability - MS12-050
Description:	Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1859	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2	Product(s):	Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2010
Definition Synopsis:
sharepoint server 2010 Check if the version of Microsoft.office.server.native.dll is less than 14.0.6108.5000 AND shrepoint server 2010/sp1 Microsoft Office SharePoint Server 2010 is installed. AND Microsoft SharePoint Server 2010 Service Pack 1 is installed OR sharepoint foundation 2010 Check if the version of Onfda.dll is less than 14.0.6106.5000 AND sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 is installed AND Microsoft SharePoint Foundation 2010 Service Pack 1 is installed

Definition Id: oval:org.mitre.oval:def:15595

Oval ID:	oval:org.mitre.oval:def:15595
Title:	Attribute Remove Remote Code Execution Vulnerability - MS12-044
Description:	Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Attribute Remove Remote Code Execution Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1524	Version:	5
Platform(s):	Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):	Microsoft Internet Explorer 9
Definition Synopsis:
Vulnerable OS Microsoft Windows Vista (32-bit) is installed AND Microsoft Windows Vista x64 Edition is installed AND Microsoft Windows Server 2008 (32-bit) is installed AND Microsoft Windows Server 2008 (64-bit) is installed AND Microsoft Windows 7 is installed AND Microsoft Windows 7 (32-bit) is installed AND Microsoft Windows 7 x64 Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed Check for vulnerable version Check if the version of mshtml.dll is less than 9.0.8112.16447 OR Check for LDR Mshtml.dll version is greater than or equal to 9.0.8112.20000 AND Check if the version of mshtml.dll is less than 9.0.8112.20553 AND Microsoft Internet Explorer 9 is installed

Definition Id: oval:org.mitre.oval:def:15602

Oval ID:	oval:org.mitre.oval:def:15602
Title:	MS Office 2011 for Mac Improper Folder Permissions Vulnerability - MS12-051
Description:	Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
Family:	macos	Class:	vulnerability
Reference(s):	CVE-2012-1894	Version:	3
Platform(s):	Apple Mac OS X	Product(s):	Microsoft Office 2011 for Mac
Definition Synopsis:
Microsoft Office 2011 for Mac is installed AND Check if the version of MS Office 2011 for Mac is less than 14.2.3

Definition Id: oval:org.mitre.oval:def:15644

Oval ID:	oval:org.mitre.oval:def:15644
Title:	TLS Protocol Vulnerability - MS12-049
Description:	The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1870	Version:	5
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):
Definition Synopsis:
Win XP Microsoft Windows XP (x86) SP3 is installed AND Check if the version of schannel.dll is less than 5.1.2600.6239 OR Win XP/Server 2003 Win XP/Server 2003 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Check if the version of schannel.dll is less than 5.2.3790.5014 OR Vista/Server 2008 Vista/Server 2008 Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND GDR/LDR Check if the version of schannel.dll is less than 6.0.6002.18643 OR LDR range Check if the version of schannel.dll is less than 6.0.6002.22869 AND the version of schannel.dll is greater than or equal to 6.0.6002.22000 OR Win 7/Server 2008 R2 Win 7/Server 2008 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND GDR/LDR Check if the version of schannel.dll is less than 6.1.7600.17035 OR LDR range the version of schannel.dll is greater than or equal to 6.1.7600.20000 AND Check if the version of schannel.dll is less than 6.1.7600.21225 OR Win 7/Server 2008 R2 sp1 Win 7/Server 2008 R2 sp1 Microsoft Windows 7 (32-bit) Service Pack 1 is installed AND Microsoft Windows 7 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed AND GDR/LDR Check if the version of schannel.dll is less than 6.1.7601.17856 OR LDR range Check if the version of schannel.dll is less than 6.1.7601.22010 AND the version of schannel.dll is greater than or equal to 6.1.7601.21000

Definition Id: oval:org.mitre.oval:def:15654

Oval ID:	oval:org.mitre.oval:def:15654
Title:	Win32k Incorrect Type Handling Vulnerability - MS12-047
Description:	win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1893	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7	Product(s):
Definition Synopsis:
Windows XP X86 and vuln file version Check if the version of Win32k.sys is less than 5.1.2600.6244 AND Microsoft Windows XP (x86) SP3 is installed OR Win XP X64 / 2K3 vulnerable file version Win XP X64 / 2k3 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed AND Check if the version of Win32k.sys is less than 5.2.3790.5019 OR Vista/2k8 and vulnerable file version Vista/2K8 Microsoft Windows Vista (32-bit) Service Pack 2 is installed AND Microsoft Windows Vista x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed AND Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed AND Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed AND Check for vulnerable file version Check if the version of Win32k.sys is less than 6.0.6002.18647 OR Check for LDR Check if the version of Win32k.sys is less than 6.0.6002.22876 AND the version of win32k.sys is greater than or equal to 6.0.6002.22000 OR Win 7 and 2K8R2 and vulnerable file version Win 7 / 2k8 R2 Microsoft Windows 7 is installed AND Microsoft Windows Server 2008 R2 x64 Edition is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition is installed AND Check for vulnerable version Check if the version of Win32K.sys is less than 6.1.7600.17039 OR Check for LDR Check if the version of Win32K.sys is less than 6.1.7600.21231 AND the version of win32k.sys is greater than or equal to 6.1.7600.20000 OR Win 7 / 2K8 R2 SP1 and vulnerable file version Win 7 SP1 / 2k8 R2 SP1 Microsoft Windows 7 (32-bit) Service Pack 1 is installed AND Microsoft Windows 7 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 x64 Service Pack 1 is installed AND Microsoft Windows Server 2008 R2 Itanium-Based Edition Service Pack 1 is installed AND Check for vulnerable version Check if the version of Win32K.sys is less than 6.1.7601.17860 OR Check for LDR Check if the version of Win32k.sys is less than 6.1.7601.22016 AND the version of win32k.sys is greater than or equal to 6.1.7601.21000

Definition Id: oval:org.mitre.oval:def:15689

Oval ID:	oval:org.mitre.oval:def:15689
Title:	SharePoint Reflected List Parameter Vulnerability - MS12-050
Description:	Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2012-1863	Version:	8
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Microsoft SharePoint Foundation 2010 Microsoft SharePoint Server 2007 Microsoft SharePoint Services 3.0 Microsoft SharePoint Services 2.0
Definition Synopsis:
sharepoint services 3.0 sp2 Check if the version of Onetutil.dll is less than 12.0.6661.5000 AND Microsoft Windows SharePoint Services 3.0 SP2 is installed OR sharepoint foundation Check if the version of Onfda.dll is less than 14.0.6106.5000 AND sharepoint foundation 2010/sp1 Microsoft SharePoint Foundation 2010 Service Pack 1 is installed AND Microsoft SharePoint Foundation 2010 is installed OR sharepoint server 2007 Check if the version of Microsoft.sharepoint.publishing.dll is less than 12.0.6660.5000 AND sharepoint server 2007 sp2/sp3 Microsoft Office SharePoint Server 2007 SP2 is installed AND Microsoft Office SharePoint Server 2007 SP3 is installed OR sharepoint services 2.0/version Microsoft Windows SharePoint Services 2.0 is installed AND Check if the version of onetutil.dll is less than 11.0.8346.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Data Access Components cpe:2.3:a:microsoft:data_access_components:2.8:sp2:::::: cpe:2.3:a:microsoft:data_access_components:2.8:sp1::::::	2
Application	Microsoft Internet Explorer cpe:2.3:a:microsoft:internet_explorer:9:::::::*	1
Application	Microsoft Lync cpe:2.3:a:microsoft:lync:2010::x64::::: cpe:2.3:a:microsoft:lync:2010::attendee::::: cpe:2.3:a:microsoft:lync:2010::x86:::::	3
Application	Microsoft Office cpe:2.3:a:microsoft:office:2011::mac::::: cpe:2.3:a:microsoft:office:2010:sp1:x86:::::* cpe:2.3:a:microsoft:office:2010::x86::::: cpe:2.3:a:microsoft:office:2010:sp1:x64:::::* cpe:2.3:a:microsoft:office:2010:sp1:::::: cpe:2.3:a:microsoft:office:2007:sp2:::::: cpe:2.3:a:microsoft:office:2007:sp3:::::: cpe:2.3:a:microsoft:office:2003:sp3::::::	8
Application	Microsoft Office Communicator cpe:2.3:a:microsoft:office_communicator:2007:r2::::::	1
Application	Microsoft Office Sharepoint Server cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x32:::::* cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp2:x64:::::* cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x32:::::* cpe:2.3:a:microsoft:office_sharepoint_server:2007:sp3:x64:::::*	4
Application	Microsoft Office Web Apps cpe:2.3:a:microsoft:office_web_apps:2010:::::::* cpe:2.3:a:microsoft:office_web_apps:2010:sp1::::::	2
Application	Microsoft Sharepoint Foundation cpe:2.3:a:microsoft:sharepoint_foundation:2010:::::::* cpe:2.3:a:microsoft:sharepoint_foundation:2010:sp1::::::	2
Application	Microsoft Sharepoint Server cpe:2.3:a:microsoft:sharepoint_server:2010:sp1:::::: cpe:2.3:a:microsoft:sharepoint_server:2010:::::::* cpe:2.3:a:microsoft:sharepoint_server:2007:sp2:::::: cpe:2.3:a:microsoft:sharepoint_server:2007:sp3::::::	4
Application	Microsoft Sharepoint Services cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x32:::::* cpe:2.3:a:microsoft:sharepoint_services:3.0:sp2:x64:::::*	2
Application	Microsoft Visual Basic For Applications cpe:2.3:a:microsoft:visual_basic_for_applications::::::::	1
Application	Microsoft Visual Basic For Applications Sdk cpe:2.3:a:microsoft:visual_basic_for_applications_sdk::::::::	1
Application	Microsoft Windows Data Access Components cpe:2.3:a:microsoft:windows_data_access_components:6.0:::::::*	1
Application	Microsoft Xml Core Services cpe:2.3:a:microsoft:xml_core_services:6.0:::::::* cpe:2.3:a:microsoft:xml_core_services:5.0:::::::* cpe:2.3:a:microsoft:xml_core_services:4.0:::::::* cpe:2.3:a:microsoft:xml_core_services:3.0:::::::*	4
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server::sp2::::::* cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::	2
Os	Microsoft Windows 7 cpe:2.3:o:microsoft:windows_7::sp1:x86::::: cpe:2.3:o:microsoft:windows_7:::x64:::::* cpe:2.3:o:microsoft:windows_7:::x86:::::* cpe:2.3:o:microsoft:windows_7::sp1:x64::::: cpe:2.3:o:microsoft:windows_7:-:sp1:::ultimate_n::x64: cpe:2.3:o:microsoft:windows_7:-:sp1:::ultimate_n::x86: cpe:2.3:o:microsoft:windows_7:-:::::::*	7
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*	1
Os	Microsoft Windows Server 2008 cpe:2.3:o:microsoft:windows_server_2008:r2::::::itanium: cpe:2.3:o:microsoft:windows_server_2008:r2::::::x64: cpe:2.3:o:microsoft:windows_server_2008::sp2:itanium::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x86::::: cpe:2.3:o:microsoft:windows_server_2008::r2:itanium::::: cpe:2.3:o:microsoft:windows_server_2008::r2:x64::::: cpe:2.3:o:microsoft:windows_server_2008::sp2:x64::::: cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:::::*	8
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista::sp2:x86::::: cpe:2.3:o:microsoft:windows_vista::sp2::::::*	2
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp3::::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*	2

SAINT Exploits

Description	Link
Microsoft XML Core Services memory corruption	More info here

ExploitDB Exploits

id	Description
2012-07-12	IE9, SharePoint, Lync toStaticHTML HTML Sanitizing Bypass

OpenVAS Exploits

Date	Description
2012-07-11	Name : Microsoft Internet Explorer Multiple Vulnerabilities (2719177) File : nvt/secpod_ms12-044.nasl
2012-07-11	Name : Microsoft Windows Data Access Components Remote Code Execution Vulnerability... File : nvt/secpod_ms12-045.nasl
2012-07-11	Name : Visual Basic for Applications Remote Code Execution Vulnerability (2707960) File : nvt/secpod_ms12-046.nasl
2012-07-11	Name : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (27... File : nvt/secpod_ms12-047.nasl
2012-07-11	Name : Microsoft Windows Shell Remote Code Execution Vulnerability (2691442) File : nvt/secpod_ms12-048.nasl
2012-07-11	Name : Microsoft Windows TLS Protocol Information Disclosure Vulnerability (2655992) File : nvt/secpod_ms12-049.nasl
2012-07-11	Name : Microsoft SharePoint Multiple Privilege Elevation Vulnerabilities (2695502) File : nvt/secpod_ms12-050.nasl
2012-07-11	Name : Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X) File : nvt/secpod_ms12-051_macosx.nasl
2012-06-14	Name : Microsoft XML Core Services Remote Code Execution Vulnerability (2719615) File : nvt/gb_ms_xml_core_services_code_exec_vuln.nasl
2012-06-13	Name : Microsoft Internet Explorer Multiple Vulnerabilities (2699988) File : nvt/secpod_ms12-037.nasl
2012-06-13	Name : Microsoft Lync Remote Code Execution Vulnerabilities (2707956) File : nvt/secpod_ms12-039.nasl

Information Assurance Vulnerability Management (IAVM)

Date	Description
2012-07-12	IAVM : 2012-A-0110 - Microsoft Windows Shell Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0033309
2012-07-12	IAVM : 2012-A-0108 - Microsoft TLS Protocol Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0033310
2012-07-12	IAVM : 2012-A-0109 - Microsoft Visual Basic for Applications Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0033311
2012-07-12	IAVM : 2012-A-0107 - Microsoft Data Access Components (MDAC) Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0033313

Snort® IPS/IDS

Date	Description
2019-05-24	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49932 - Revision : 1 - Type : BROWSER-PLUGINS
2019-05-24	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49931 - Revision : 1 - Type : BROWSER-PLUGINS
2019-05-24	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49930 - Revision : 1 - Type : BROWSER-PLUGINS
2019-05-24	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 49929 - Revision : 1 - Type : BROWSER-PLUGINS
2016-03-14	Microsoft Internet Explorer corrupted HROW instance write access violation at... RuleID : 37316 - Revision : 1 - Type : BROWSER-IE
2016-03-14	Microsoft Internet Explorer nonexistent attribute removal memory corruption a... RuleID : 36813 - Revision : 2 - Type : BROWSER-IE
2016-03-14	Microsoft Internet Explorer nonexistent attribute removal memory corruption a... RuleID : 36812 - Revision : 3 - Type : BROWSER-IE
2016-03-14	Microsoft Internet Explorer nonexistent attribute removal memory corruption a... RuleID : 36811 - Revision : 2 - Type : BROWSER-IE
2015-09-24	Microsoft Windows WebDAV invalid character argument injection attempt RuleID : 35731 - Revision : 3 - Type : OS-WINDOWS
2014-01-10	Multiple exploit kit Payload detection - readme.dll RuleID : 27898 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - calc.dll RuleID : 27897 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - contacts.dll RuleID : 27896 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.dll RuleID : 27895 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - about.dll RuleID : 27894 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2/Darkleech exploit kit landing page request RuleID : 27865-community - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2/Darkleech exploit kit landing page request RuleID : 27865 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit possible jar download RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit Java exploit requested RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit Java exploit requested RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit plugin detection RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit landing page RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Gong Da Jar file download RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	iFramer toolkit injected iframe detected - specific structure RuleID : 27271 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 27072 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 27071 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit JNLP request RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page - specific structure RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	iFramer injection - specific structure RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit successful redirection - jnlp bypass RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	iFramer injection - specific structure RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java payload detection RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Sakura exploit kit redirection structure RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit pdf payload detection RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit java payload detection RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.dll RuleID : 26508 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page - specific structure RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit jar file redirection RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit jar file downloaded RuleID : 26434 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page RuleID : 26343 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page - specific structure RuleID : 26342 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Nuclear exploit kit landing page RuleID : 26341 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval - ff.php RuleID : 26339 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	IFRAMEr injection detection - leads to exploit kit RuleID : 26338 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 26337 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar download RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection page RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit MyApplet class retrieval RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection page RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 26227 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Portable Executable download RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit redirection structure RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Gong Da exploit kit redirection page received RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Portable Executable download RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit former location - has been removed RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious class file download RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit SWF file download RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit EOT file download RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit java exploit retrieval RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit landing page RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit malicious jar file download RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit Java exploit download RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Cool exploit kit PDF exploit RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit 32-alpha jar request RuleID : 25798 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 25611 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page RuleID : 25569 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page retrieval RuleID : 25568 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Multiple Exploit Kit Payload detection - setup.exe RuleID : 25526 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 25388 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - readme.exe RuleID : 25387 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - about.exe RuleID : 25386 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - calc.exe RuleID : 25385 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - contacts.exe RuleID : 25384 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit Payload detection - info.exe RuleID : 25383 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Multiple exploit kit malicious jar file dropped RuleID : 25382 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Internet Explorer nonexistent attribute removal memory corruption a... RuleID : 25320 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Blackholev2 exploit kit url structure detected RuleID : 25043 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit Java Class download RuleID : 24793 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24670 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24669 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24668 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	KaiXin exploit kit attack vector attempt RuleID : 24667 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection successful RuleID : 24638 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection page - specific structure RuleID : 24637 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit redirection page - specific structure RuleID : 24636 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page download attempt RuleID : 24608 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page received - specific structure RuleID : 24593 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 24548 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 24547 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page download attempt RuleID : 24546 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole admin page outbound access attempt RuleID : 24544 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackhole admin page inbound access attempt RuleID : 24543 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit fallback executable download RuleID : 24501 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole - Cookie Set RuleID : 24475 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page Received RuleID : 24228 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 - URI Structure RuleID : 24227 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackholev2 exploit kit landing page received RuleID : 24226 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Office SharePoint name field cross site scripting attempt RuleID : 24198 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10	Blackhole possible email Landing to 8 chr folder RuleID : 24171 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Windows WebDAV invalid character argument injection attempt RuleID : 24090 - Revision : 6 - Type : OS-WINDOWS
2014-01-10	Blackhole exploit kit landing page with specific structure RuleID : 24054 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure RuleID : 24053 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - fewbgazr catch RuleID : 23962 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - hwehes RuleID : 23850 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 23849 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection attempt RuleID : 23848 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole redirection page RuleID : 23797 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - Math.round catch RuleID : 23786 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - Math.floor catch RuleID : 23785 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 23781 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page request - tkr RuleID : 23622 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch ... RuleID : 23619 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Office Word imeshare.dll dll-load exploit attempt RuleID : 23316 - Revision : 4 - Type : FILE-OFFICE
2014-01-10	Microsoft Office Word request for imeshare.dll over SMB attempt RuleID : 23315 - Revision : 4 - Type : FILE-OFFICE
2014-01-10	Microsoft Windows SMB invalid character argument injection attempt RuleID : 23314 - Revision : 13 - Type : OS-WINDOWS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23304 - Revision : 8 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23303 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23302 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23301 - Revision : 8 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23300 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23299 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23298 - Revision : 8 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23297 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23296 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23295 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23294 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23293 - Revision : 8 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23292 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23291 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23290 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23289 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23288 - Revision : 6 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23287 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23286 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Office SharePoint query.iqy XSS attempt RuleID : 23282 - Revision : 7 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Office SharePoint scriptresx.ashx XSS attempt RuleID : 23281 - Revision : 6 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Internet Explorer corrupted HROW instance write access violation at... RuleID : 23280 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Microsoft Office SharePoint name field cross site scripting attempt RuleID : 23279 - Revision : 10 - Type : SERVER-WEBAPP
2014-01-10	Microsoft Internet Explorer nested list memory corruption attempt RuleID : 23278 - Revision : 9 - Type : BROWSER-IE
2014-01-10	Blackhole exploit kit landing page download attempt RuleID : 23159 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 23158 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Nuclear Pack exploit kit binary download RuleID : 23157 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Nuclear Pack exploit kit landing page RuleID : 23156 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23146 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23145 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23144 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23143 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft Internet Explorer MSXML .definition ActiveX clsid access attempt RuleID : 23142 - Revision : 7 - Type : BROWSER-PLUGINS
2014-01-10	Microsoft multiple product toStaticHTML XSS attempt RuleID : 23137 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Microsoft multiple product toStaticHTML XSS attempt RuleID : 23136 - Revision : 11 - Type : BROWSER-IE
2014-01-10	Blackhole redirection attempt RuleID : 22949 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole Exploit Kit javascript service method RuleID : 22088 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Blackhole landing redirection page RuleID : 22041 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole suspected landing page RuleID : 22040 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole suspected landing page RuleID : 22039 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit landing page with specific structure - Loading RuleID : 21876 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Possible exploit kit post compromise activity - taskkill RuleID : 21875 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Possible exploit kit post compromise activity - StrReverse RuleID : 21874 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - catch RuleID : 21661 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page Requested - /Index/index.php RuleID : 21660 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page Requested - /Home/index.php RuleID : 21659 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21658 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page - specific structure RuleID : 21657 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646-community - Revision : 16 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21646 - Revision : 16 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - BBB RuleID : 21581 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific header RuleID : 21549 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific header RuleID : 21539 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492-community - Revision : 22 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page with specific structure - prototype catch RuleID : 21492 - Revision : 22 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438-community - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit JavaScript carat string splitting with hostile applet RuleID : 21438 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - search.php?page= RuleID : 21348 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - .php?page= RuleID : 21347 - Revision : 12 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit malicious jar download RuleID : 21346 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit malicious jar request RuleID : 21345 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit pdf download RuleID : 21344 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit pdf request RuleID : 21343 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit response RuleID : 21259 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit control panel access RuleID : 21141 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21045 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit landing page RuleID : 21044 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit post-compromise download attempt - .php?e= RuleID : 21043 - Revision : 10 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit post-compromise download attempt - .php?f= RuleID : 21042 - Revision : 11 - Type : EXPLOIT-KIT
2014-01-10	Blackhole exploit kit URL - main.php?page= RuleID : 21041 - Revision : 12 - Type : EXPLOIT-KIT

Nessus® Vulnerability Scanner

Date	Description
2012-07-11	Name : An application installed on the remote Mac OS X host is affected by an elevat... File : macosx_ms12-051.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : Arbitrary code can be executed on the remote host through Microsoft XML Core ... File : smb_nt_ms12-043.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : The remote host is affected by code execution vulnerabilities. File : smb_nt_ms12-044.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : Arbitrary code can be executed on the remote host through Microsoft Data Acce... File : smb_nt_ms12-045.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : Arbitrary code can be executed on the remote host through Visual Basic for Ap... File : smb_nt_ms12-046.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : The remote Windows host is affected by multiple privilege escalation vulnerab... File : smb_nt_ms12-047.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : The remote Windows host is affected by a remote code execution vulnerability. File : smb_nt_ms12-048.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : The remote Windows host has an information disclosure vulnerability. File : smb_nt_ms12-049.nasl - Type : ACT_GATHER_INFO
2012-07-11	Name : The remote host is affected by multiple privilege escalation and information ... File : smb_nt_ms12-050.nasl - Type : ACT_GATHER_INFO
2012-06-13	Name : The remote host is affected by code execution vulnerabilities. File : smb_nt_ms12-037.nasl - Type : ACT_GATHER_INFO
2012-06-13	Name : Arbitrary code can be executed on the remote host through Microsoft Lync. File : smb_nt_ms12-039.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2013-03-07 13:21:06	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	13
Oval ID(s)	14
CPE ID(s)	58
Saint Exploit(s)	1
ExploitDB Exploit(s)	1
Openvas Exploit(s)	11
IAVM(s)	4
Snort® Rule(s)	207
Nessus® Exploit(s)	11

	Related
9.3	CVE-2012-1891
9.3	CVE-2012-1524
9.3	CVE-2012-1522
9.3	CVE-2012-0175
8.8	CVE-2012-1889
7.2	CVE-2012-1893
7.2	CVE-2012-1890
6.9	CVE-2012-1894
6.9	CVE-2012-1854
4.3	CVE-2012-1870
4.3	CVE-2012-1863
4.3	CVE-2012-1861
4.3	CVE-2012-1859
4.3	CVE-2012-1858
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 14 more Alert(s)