Executive Summary
Informations | |||
---|---|---|---|
Name | TA13-043B | First vendor Publication | 2013-02-12 |
Vendor | US-CERT | Last vendor Modification | 2013-02-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for February 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA13-043B.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
62 % | CWE-362 | Race Condition |
29 % | CWE-399 | Resource Management Errors |
4 % | CWE-264 | Permissions, Privileges, and Access Controls |
2 % | CWE-200 | Information Exposure |
2 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
2 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:15524 | |||
Oval ID: | oval:org.mitre.oval:def:15524 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1254 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1254 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15873 | |||
Oval ID: | oval:org.mitre.oval:def:15873 | ||
Title: | Media Decompression Vulnerability - MS13-011 | ||
Description: | Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0077 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15875 | |||
Oval ID: | oval:org.mitre.oval:def:15875 | ||
Title: | Internet Explorer CMarkup use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CMarkup Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0020 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15911 | |||
Oval ID: | oval:org.mitre.oval:def:15911 | ||
Title: | Oracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080 | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3217 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15967 | |||
Oval ID: | oval:org.mitre.oval:def:15967 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1268 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1268 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15999 | |||
Oval ID: | oval:org.mitre.oval:def:15999 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1266 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1266 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16069 | |||
Oval ID: | oval:org.mitre.oval:def:16069 | ||
Title: | Internet Explorer LsGetTrailInfo use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0022 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16080 | |||
Oval ID: | oval:org.mitre.oval:def:16080 | ||
Title: | Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3217 (MS13-013) | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3217 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16122 | |||
Oval ID: | oval:org.mitre.oval:def:16122 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1253 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1253 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16126 | |||
Oval ID: | oval:org.mitre.oval:def:16126 | ||
Title: | Internet Explorer pasteHTML use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0024 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16142 | |||
Oval ID: | oval:org.mitre.oval:def:16142 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1250 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1250 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16175 | |||
Oval ID: | oval:org.mitre.oval:def:16175 | ||
Title: | VML memory corruption vulnerability in Internet Explorer - MS13-010 | ||
Description: | The Vector Markup Language (VML) implementation in Microsoft Internet Explorer 6 through 10 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via a crafted web site, aka "VML Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0030 | Version: | 8 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 10 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16176 | |||
Oval ID: | oval:org.mitre.oval:def:16176 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1257 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1257 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16178 | |||
Oval ID: | oval:org.mitre.oval:def:16178 | ||
Title: | Oracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080 | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3214 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16202 | |||
Oval ID: | oval:org.mitre.oval:def:16202 | ||
Title: | Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0393 - MS13-012 | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0393 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16224 | |||
Oval ID: | oval:org.mitre.oval:def:16224 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1274 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1274 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16244 | |||
Oval ID: | oval:org.mitre.oval:def:16244 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1262 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1262 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16245 | |||
Oval ID: | oval:org.mitre.oval:def:16245 | ||
Title: | Internet Explorer CHTML use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CHTML Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0029 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16249 | |||
Oval ID: | oval:org.mitre.oval:def:16249 | ||
Title: | Internet Explorer CObjectElement use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CObjectElement Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0028 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16251 | |||
Oval ID: | oval:org.mitre.oval:def:16251 | ||
Title: | Vulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012 | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0418 | Version: | 4 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft Exchange Server 2007 Microsoft Exchange Server 2010 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16256 | |||
Oval ID: | oval:org.mitre.oval:def:16256 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1277 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1277 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16284 | |||
Oval ID: | oval:org.mitre.oval:def:16284 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1261 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1261 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16294 | |||
Oval ID: | oval:org.mitre.oval:def:16294 | ||
Title: | Internet Explorer SLayoutRun use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SLayoutRun Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0025 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16301 | |||
Oval ID: | oval:org.mitre.oval:def:16301 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1260 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1260 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16313 | |||
Oval ID: | oval:org.mitre.oval:def:16313 | ||
Title: | Vulnerability in Windows Kernel could allow elevation of privilege - MS13-017 | ||
Description: | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1278 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16320 | |||
Oval ID: | oval:org.mitre.oval:def:16320 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1249 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1249 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16342 | |||
Oval ID: | oval:org.mitre.oval:def:16342 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1263 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1263 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16344 | |||
Oval ID: | oval:org.mitre.oval:def:16344 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1259 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1259 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16349 | |||
Oval ID: | oval:org.mitre.oval:def:16349 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1270 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1270 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16360 | |||
Oval ID: | oval:org.mitre.oval:def:16360 | ||
Title: | Internet Explorer CPasteCommand use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CPasteCommand Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0027 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16371 | |||
Oval ID: | oval:org.mitre.oval:def:16371 | ||
Title: | Shift JIS character encoding vulnerability - MS13-009 | ||
Description: | Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0015 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16373 | |||
Oval ID: | oval:org.mitre.oval:def:16373 | ||
Title: | TCP FIN WAIT Vulnerability - MS13-018 | ||
Description: | The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0075 | Version: | 4 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16374 | |||
Oval ID: | oval:org.mitre.oval:def:16374 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1269 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1269 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16379 | |||
Oval ID: | oval:org.mitre.oval:def:16379 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1264 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1264 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16385 | |||
Oval ID: | oval:org.mitre.oval:def:16385 | ||
Title: | Microsoft OLE Automation Remote Code Execution Vulnerability - MS13-020 | ||
Description: | Object Linking and Embedding (OLE) Automation in Microsoft Windows XP SP3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted RTF document, aka "OLE Automation Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1313 | Version: | 6 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16388 | |||
Oval ID: | oval:org.mitre.oval:def:16388 | ||
Title: | Microsoft NFS Server Denial Of Service Vulnerability - MS13-014 | ||
Description: | The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1281 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16399 | |||
Oval ID: | oval:org.mitre.oval:def:16399 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1275 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1275 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16408 | |||
Oval ID: | oval:org.mitre.oval:def:16408 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1251 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1251 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16412 | |||
Oval ID: | oval:org.mitre.oval:def:16412 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1267 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1267 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16431 | |||
Oval ID: | oval:org.mitre.oval:def:16431 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1248 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1248 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16432 | |||
Oval ID: | oval:org.mitre.oval:def:16432 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1276 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1276 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16436 | |||
Oval ID: | oval:org.mitre.oval:def:16436 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1256 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1256 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16438 | |||
Oval ID: | oval:org.mitre.oval:def:16438 | ||
Title: | Internet Explorer SetCapture use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer SetCapture Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0018 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16443 | |||
Oval ID: | oval:org.mitre.oval:def:16443 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1272 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1272 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16448 | |||
Oval ID: | oval:org.mitre.oval:def:16448 | ||
Title: | Vulnerability in Windows Kernel could allow elevation of privilege - MS13-017 | ||
Description: | The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1280 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16458 | |||
Oval ID: | oval:org.mitre.oval:def:16458 | ||
Title: | Vulnerability in Windows Kernel could allow elevation of privilege - MS13-017 | ||
Description: | Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1279 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16460 | |||
Oval ID: | oval:org.mitre.oval:def:16460 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1271 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1271 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16465 | |||
Oval ID: | oval:org.mitre.oval:def:16465 | ||
Title: | Internet Explorer COmWindowProxy use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer COmWindowProxy Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0019 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16470 | |||
Oval ID: | oval:org.mitre.oval:def:16470 | ||
Title: | Internet Explorer CDispNode use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0023 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16472 | |||
Oval ID: | oval:org.mitre.oval:def:16472 | ||
Title: | Internet Explorer InsertElement use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0026 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16474 | |||
Oval ID: | oval:org.mitre.oval:def:16474 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1258 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1258 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16475 | |||
Oval ID: | oval:org.mitre.oval:def:16475 | ||
Title: | WinForms callback elevation vulnerability in .NET Framework - MS13-015 | ||
Description: | The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0073 | Version: | 7 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16478 | |||
Oval ID: | oval:org.mitre.oval:def:16478 | ||
Title: | Vulnerability in Windows Client/Server Run-time Subsystem (CSRSS) could allow elevation of privilege - MS13-019 | ||
Description: | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0076 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 R2 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16480 | |||
Oval ID: | oval:org.mitre.oval:def:16480 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1252 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1252 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16483 | |||
Oval ID: | oval:org.mitre.oval:def:16483 | ||
Title: | Internet Explorer vtable use after free vulnerability - MS13-009 | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer vtable Use After Free Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0021 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 Microsoft Windows 8 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16490 | |||
Oval ID: | oval:org.mitre.oval:def:16490 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1273 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1273 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16500 | |||
Oval ID: | oval:org.mitre.oval:def:16500 | ||
Title: | Oracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013) | ||
Description: | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-3214 | Version: | 3 |
Platform(s): | Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 | Product(s): | Microsoft FAST Search Server 2010 for SharePoint |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:16501 | |||
Oval ID: | oval:org.mitre.oval:def:16501 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1255 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1255 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:16510 | |||
Oval ID: | oval:org.mitre.oval:def:16510 | ||
Title: | Win32k Race Condition Vulnerability CVE-2013-1265 - MS13-016 | ||
Description: | Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1265 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Internet Explorer SLayoutRun CParaElement Node Use After Free | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2012-12-12 | Name : MS Exchange Server Remote Code Execution Vulnerabilities (2784126) File : nvt/secpod_ms12-080.nasl |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-02-14 | IAVM : 2013-A-0041 - Microsoft Windows Client/Server Run-time Subsystem (CSRSS) Privilege Escalati... Severity : Category II - VMSKEY : V0036821 |
2013-02-14 | IAVM : 2013-A-0040 - Microsoft .NET Framework Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0036822 |
2013-02-14 | IAVM : 2013-A-0042 - Microsoft Windows Media Decompression Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0036827 |
2013-02-14 | IAVM : 2013-B-0013 - Microsoft NFS Server Denial of Service Vulnerability Severity : Category I - VMSKEY : V0036830 |
2013-02-14 | IAVM : 2013-A-0044 - Multiple Vulnerabilities in FAST Search Server 2010 for Microsoft SharePoint Severity : Category II - VMSKEY : V0036831 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-04-18 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 49496 - Revision : 1 - Type : FILE-OFFICE |
2019-04-18 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 49494 - Revision : 1 - Type : FILE-OFFICE |
2018-09-11 | Microsoft Internet Explorer pre-line use after free attempt RuleID : 47463 - Revision : 2 - Type : BROWSER-IE |
2017-06-06 | Microsoft Internet Explorer deleted object access memory corruption attempt RuleID : 42450 - Revision : 2 - Type : BROWSER-IE |
2017-06-06 | Microsoft Internet Explorer deleted object access memory corruption attempt RuleID : 42449 - Revision : 2 - Type : BROWSER-IE |
2017-06-06 | Microsoft Internet Explorer deleted object access memory corruption attempt RuleID : 42448 - Revision : 2 - Type : BROWSER-IE |
2016-10-11 | Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt RuleID : 40065 - Revision : 4 - Type : OS-WINDOWS |
2016-10-11 | Microsoft Windows NFS Server NULL pointer dereference denial-of-service attempt RuleID : 40064 - Revision : 2 - Type : OS-WINDOWS |
2016-03-14 | Microsoft Internet Explorer pre-line use after free attempt RuleID : 36436 - Revision : 2 - Type : BROWSER-IE |
2015-05-21 | Oracle Outside In Paradox database denial of service attempt RuleID : 34160 - Revision : 3 - Type : SERVER-OTHER |
2015-05-21 | Oracle CorelDRAW file parser heap buffer overflow attempt RuleID : 34142 - Revision : 3 - Type : SERVER-OTHER |
2015-05-21 | Oracle CorelDRAW file parser heap buffer overflow attempt RuleID : 34141 - Revision : 3 - Type : SERVER-OTHER |
2014-11-16 | Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre... RuleID : 31486 - Revision : 2 - Type : BROWSER-IE |
2014-11-16 | Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre... RuleID : 31485 - Revision : 2 - Type : BROWSER-IE |
2014-05-03 | Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre... RuleID : 30345 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 deleted object access memory corruption attempt RuleID : 27717 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 deleted object access memory corruption attempt RuleID : 27716 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26225 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26224 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26223 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26222 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26221 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26220 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26219 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26218 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26217 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 26216 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | TCP FIN sent to client RuleID : 25970 - Revision : 3 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DirectShow MPEG heap overflow attempt RuleID : 25796 - Revision : 3 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectShow MPEG heap overflow attempt RuleID : 25795 - Revision : 3 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Internet Explorer invalid Shift_JIS character xss attempt RuleID : 25794 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer invalid Shift_JIS character xss attempt RuleID : 25793 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer SVG object use after free attempt RuleID : 25792 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer compatibility mode invalid memory access attempt RuleID : 25791 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer compatibility mode invalid memory access attempt RuleID : 25790 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer iframe use after free attempt RuleID : 25789 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer iframe use after free attempt RuleID : 25788 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 deleted object access memory corruption attempt RuleID : 25787 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 9 deleted object access memory corruption attempt RuleID : 25786 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer text layout calculation use after free attempt RuleID : 25785 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer text layout calculation use after free attempt RuleID : 25784 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer SVG use after free attempt RuleID : 25778 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CTreePos use after free memory corruption attempt RuleID : 25777 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CTreePos use after free memory corruption attempt RuleID : 25776 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer pre-line use after free attempt RuleID : 25775 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | TCP FIN handshake resource exhaustion attempt RuleID : 25774 - Revision : 4 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Internet Explorer VML shape object malformed path attempt RuleID : 25773 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer onbeforeeditfocus element attribute use after fre... RuleID : 25772 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer custom cursor file use after free attempt RuleID : 25771 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer deleted object access memory corruption attempt RuleID : 25770 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CHTMLEditor object use after free attempt RuleID : 25769 - Revision : 5 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 24006 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method arbitrary code exec... RuleID : 23845 - Revision : 8 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Office MSCOMCTL ActiveX control tabstrip method attempt RuleID : 23844 - Revision : 14 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-02-12 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-009.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms13-010.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host is potentially affected by a code execution vulnerabi... File : smb_nt_ms13-011.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote mail server has multiple vulnerabilities. File : smb_nt_ms13-012.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-013.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host is potentially affected by a denial of service vulner... File : smb_nt_ms13-014.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The version of the .NET Framework installed on the remote host is affected by... File : smb_nt_ms13-015.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The Windows kernel on the remote host is affected by multiple race condition ... File : smb_nt_ms13-016.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The Windows kernel on the remote host is affected by multiple vulnerabilities. File : smb_nt_ms13-017.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host is affected by a denial of service vulnerability. File : smb_nt_ms13-018.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host has a privilege escalation vulnerability. File : smb_nt_ms13-019.nasl - Type : ACT_GATHER_INFO |
2013-02-12 | Name : The remote Windows host is affected by a remote code execution vulnerability. File : smb_nt_ms13-020.nasl - Type : ACT_GATHER_INFO |
2012-12-11 | Name : The remote mail server has multiple vulnerabilities. File : smb_nt_ms12-080.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-10-11 13:31:25 |
|
2013-10-10 13:24:16 |
|
2013-07-20 13:22:30 |
|
2013-02-13 17:19:05 |
|