Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name TA13-008A First vendor Publication 2013-01-08
Vendor US-CERT Last vendor Modification 2013-01-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for January 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for January 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA13-008A.html

CWE : Common Weakness Enumeration

% Id Name
25 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
17 % CWE-264 Permissions, Privileges, and Access Controls
17 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 % CWE-20 Improper Input Validation
8 % CWE-399 Resource Management Errors
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)
8 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:15458
 
Oval ID: oval:org.mitre.oval:def:15458
Title: MSXML XSLT Vulnerability - MS13-002
Description: Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0007
Version: 9
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Expression Web
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Compatibility Pack
Microsoft Groove Server 2007
Microsoft SharePoint Server 2007
Microsoft Word Viewer
Microsoft XML Core Services 4.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:15760
 
Oval ID: oval:org.mitre.oval:def:15760
Title: System Center Operations Manager Web Console XSS Vulnerability-I - MS13-003
Description: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0009
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft System Center Operations Manager 2007
Microsoft System Center Operations Manager 2007 R2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16232
 
Oval ID: oval:org.mitre.oval:def:16232
Title: System Center Operations Manager Web Console XSS Vulnerability-II - MS13-003
Description: Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
Family: windows Class: vulnerability
Reference(s): CVE-2013-0010
Version: 3
Platform(s): Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Product(s): Microsoft System Center Operations Manager 2007
Microsoft System Center Operations Manager 2007 R2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16273
 
Oval ID: oval:org.mitre.oval:def:16273
Title: Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability - MS13-006
Description: The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0013
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16282
 
Oval ID: oval:org.mitre.oval:def:16282
Title: Replace Denial of Service Vulnerability - MS13-007
Description: The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0005
Version: 9
Platform(s): Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Management OData IIS Extension
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16326
 
Oval ID: oval:org.mitre.oval:def:16326
Title: Win32k Improper Message Handling Vulnerability - MS13-005
Description: win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0008
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16339
 
Oval ID: oval:org.mitre.oval:def:16339
Title: Double Construction Vulnerability - MS13-004
Description: Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0004
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16343
 
Oval ID: oval:org.mitre.oval:def:16343
Title: WinForms Buffer Overflow Vulnerability - MS13-004
Description: Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0002
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16357
 
Oval ID: oval:org.mitre.oval:def:16357
Title: Windows Print Spooler Components Vulnerability - MS13-001
Description: The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0011
Version: 3
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008 R2
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16361
 
Oval ID: oval:org.mitre.oval:def:16361
Title: Internet Explorer Use After Free Vulnerability - MS13-008
Description: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
Family: windows Class: vulnerability
Reference(s): CVE-2012-4792
Version: 5
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16381
 
Oval ID: oval:org.mitre.oval:def:16381
Title: S.DS.P Buffer Overflow Vulnerability - MS13-004
Description: Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0003
Version: 11
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4.0
Microsoft .NET Framework 4.5
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:16429
 
Oval ID: oval:org.mitre.oval:def:16429
Title: MSXML Integer Truncation Vulnerability - MS13-002
Description: Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2013-0006
Version: 9
Platform(s): Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Expression Web
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Compatibility Pack
Microsoft Groove Server 2007
Microsoft SharePoint Server 2007
Microsoft Word Viewer
Microsoft XML Core Services 3.0
Microsoft XML Core Services 5.0
Microsoft XML Core Services 6.0
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 8
Application 2
Application 2
Application 3
Application 1
Application 3
Application 2
Application 2
Application 2
Application 1
Application 4
Os 6
Os 2
Os 1
Os 1
Os 10
Os 1
Os 2
Os 2

SAINT Exploits

Description Link
Internet Explorer CButton Use After Free Vulnerability More info here

ExploitDB Exploits

id Description
2013-02-11 MS13-005 HWND_BROADCAST PoC
2013-01-02 Microsoft Internet Explorer CButton Object Use-After-Free Vulnerability

Information Assurance Vulnerability Management (IAVM)

Date Description
2013-01-10 IAVM : 2013-A-0004 - Multiple Vulnerabilities in Microsoft XML Core Services
Severity : Category I - VMSKEY : V0036444
2013-01-10 IAVM : 2013-B-0001 - Microsoft Open Data Protocol Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0036447
2013-01-10 IAVM : 2013-B-0002 - Microsoft System Center Operations Manager Privilege Escalation Vulnerabilities
Severity : Category II - VMSKEY : V0036448
2013-01-09 IAVM : 2013-B-0003 - Microsoft Windows Security Bypass Vulnerability
Severity : Category I - VMSKEY : V0036450
2013-01-08 IAVM : 2013-A-0006 - Multiple Vulnerabilities in Microsoft .NET Framework
Severity : Category I - VMSKEY : V0036453

Snort® IPS/IDS

Date Description
2016-04-28 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 38364 - Revision : 2 - Type : BROWSER-IE
2016-04-28 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 38363 - Revision : 1 - Type : BROWSER-IE
2015-01-13 Microsoft Windows XP .theme file remote code execution attempt
RuleID : 32730 - Revision : 3 - Type : FILE-OTHER
2014-03-22 Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos at...
RuleID : 29866 - Revision : 2 - Type : SERVER-IIS
2014-03-15 Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos at...
RuleID : 29759 - Revision : 2 - Type : SERVER-IIS
2014-01-10 overly large XML file MSXML heap overflow attempt
RuleID : 28286 - Revision : 3 - Type : FILE-OTHER
2014-01-10 Gong Da exploit kit possible jar download
RuleID : 27706 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit Java exploit requested
RuleID : 27705 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit Java exploit requested
RuleID : 27704 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit plugin detection
RuleID : 27703 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit landing page
RuleID : 27702 - Revision : 3 - Type : EXPLOIT-KIT
2014-01-10 Gong Da Jar file download
RuleID : 27701 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit JNLP request
RuleID : 27070 - Revision : 2 - Type : EXPLOIT-KIT
2014-01-10 Blackholev2 exploit kit landing page - specific structure
RuleID : 27067 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26617 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit successful redirection - jnlp bypass
RuleID : 26541 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 iFramer injection - specific structure
RuleID : 26540 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java payload detection
RuleID : 26512 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Sakura exploit kit redirection structure
RuleID : 26511 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit pdf payload detection
RuleID : 26510 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Multiple exploit kit java payload detection
RuleID : 26509 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page - specific structure
RuleID : 26507 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit jar file redirection
RuleID : 26506 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar download
RuleID : 26256 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26254 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit MyApplet class retrieval
RuleID : 26229 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection page
RuleID : 26228 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 26056 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26055 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26054 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26053 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 26052 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 26051 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 26050 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 26049 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 26048 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit redirection structure
RuleID : 26047 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 26046 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Gong Da exploit kit redirection page received
RuleID : 26013 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Portable Executable download
RuleID : 25968 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25967 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25966 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25965 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25964 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25963 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25962 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit former location - has been removed
RuleID : 25960 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25959 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25958 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25957 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious class file download
RuleID : 25956 - Revision : 6 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25955 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit SWF file download
RuleID : 25954 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25953 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25952 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit EOT file download
RuleID : 25951 - Revision : 7 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25950 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25862 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit java exploit retrieval
RuleID : 25861 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit landing page
RuleID : 25860 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit malicious jar file download
RuleID : 25859 - Revision : 8 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit Java exploit download
RuleID : 25858 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Cool exploit kit PDF exploit
RuleID : 25857 - Revision : 9 - Type : EXPLOIT-KIT
2014-01-10 MSXML dynamic pointer casting arbitrary code execution attempt
RuleID : 25275 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Windows Server 2012 IIS OData protocol nested replace filter dos at...
RuleID : 25274 - Revision : 4 - Type : SERVER-IIS
2014-01-10 Microsoft SCOM Web Console cross-site scripting attempt
RuleID : 25273 - Revision : 3 - Type : SERVER-WEBAPP
2014-01-10 Microsoft System Center Operations Manger cross site scripting attempt
RuleID : 25272 - Revision : 5 - Type : SERVER-WEBAPP
2014-01-10 overly large XML file MSXML heap overflow attempt
RuleID : 25270 - Revision : 6 - Type : FILE-OTHER
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25235 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25234 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25134 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25133 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25132 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25131 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25130 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25129 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25128 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25127 - Revision : 4 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25126 - Revision : 3 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer deleted button use after free attempt
RuleID : 25125 - Revision : 4 - Type : BROWSER-IE

Nessus® Vulnerability Scanner

Date Description
2013-01-14 Name : The remote host is affected by a code execution vulnerability.
File : smb_nt_ms13-008.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The remote Windows host is potentially affected by a code execution vulnerabi...
File : smb_nt_ms13-001.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : Arbitrary code can be executed on the remote host through Microsoft XML Core ...
File : smb_nt_ms13-002.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : A web application hosted on the remote Windows system has multiple cross-site...
File : smb_nt_ms13-003.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The version of the .NET Framework installed on the remote host is affected by...
File : smb_nt_ms13-004.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The Windows kernel on the remote host is affected by a privilege escalation v...
File : smb_nt_ms13-005.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The remote Windows host is affected by a security feature bypass vulnerability.
File : smb_nt_ms13-006.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The version of the .NET Framework installed on the remote host is affected by...
File : smb_nt_ms13-007.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2013-02-26 13:20:13
  • Multiple Updates
2013-01-09 09:20:46
  • First insertion