Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | TA13-134A | First vendor Publication | 2013-05-14 |
| Vendor | US-CERT | Last vendor Modification | 2013-05-14 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. DescriptionThe Microsoft Security Bulletin Summary for May 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities. ImpactA remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. SolutionApply Updates |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA13-134A.html |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-416 | Use After Free |
| 17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 13 % | CWE-20 | Improper Input Validation |
| 7 % | CWE-399 | Resource Management Errors |
| 7 % | CWE-200 | Information Exposure |
| 7 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 7 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 3 % | CWE-287 | Improper Authentication |
| 3 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 3 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:15830 | |||
| Oval ID: | oval:org.mitre.oval:def:15830 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-3140) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted CMarkup object, aka "Internet Explorer Use After Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-3140 | Version: | 7 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15952 | |||
| Oval ID: | oval:org.mitre.oval:def:15952 | ||
| Title: | Vulnerability in Lync Could Allow Remote Code Execution - MS13-041 | ||
| Description: | Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1302 | Version: | 8 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Communicator 2007 R2 Microsoft Lync 2010 Microsoft Lync 2010 Attendee Microsoft Lync Server 2013 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:15979 | |||
| Oval ID: | oval:org.mitre.oval:def:15979 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-0811) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1307. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0811 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16088 | |||
| Oval ID: | oval:org.mitre.oval:def:16088 | ||
| Title: | Vulnerability in HTTP.sys could allow denial of service - MS13-039 | ||
| Description: | HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1305 | Version: | 3 |
| Platform(s): | Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16091 | |||
| Oval ID: | oval:org.mitre.oval:def:16091 | ||
| Title: | Win32k Window Handle Vulnerability - MS13-046 | ||
| Description: | win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1334 | Version: | 4 |
| Platform(s): | Microsoft Windows XP Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16204 | |||
| Oval ID: | oval:org.mitre.oval:def:16204 | ||
| Title: | Vulnerability in Windows Essentials Could Allow Information Disclosure - MS13-045 | ||
| Description: | Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-0096 | Version: | 3 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Windows Essentials 2012 Microsoft Windows Essentials 2011 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16229 | |||
| Oval ID: | oval:org.mitre.oval:def:16229 | ||
| Title: | Word Shape Corruption Vulnerability - MS13-043 | ||
| Description: | Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1335 | Version: | 9 |
| Platform(s): | Microsoft Windows 8 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office 2003 Microsoft Office Word Viewer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16317 | |||
| Oval ID: | oval:org.mitre.oval:def:16317 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-2551) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-2551 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16328 | |||
| Oval ID: | oval:org.mitre.oval:def:16328 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1312) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1312 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16332 | |||
| Oval ID: | oval:org.mitre.oval:def:16332 | ||
| Title: | DirectX Graphics Kernel Subsystem Double Fetch Vulnerability - MS13-046 | ||
| Description: | dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1332 | Version: | 6 |
| Platform(s): | Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16355 | |||
| Oval ID: | oval:org.mitre.oval:def:16355 | ||
| Title: | Signed integer vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1327 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16396 | |||
| Oval ID: | oval:org.mitre.oval:def:16396 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1309) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-2551. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1309 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16398 | |||
| Oval ID: | oval:org.mitre.oval:def:16398 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1306) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1313. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1306 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16415 | |||
| Oval ID: | oval:org.mitre.oval:def:16415 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1308) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1309 and CVE-2013-2551. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1308 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16518 | |||
| Oval ID: | oval:org.mitre.oval:def:16518 | ||
| Title: | JSON Array Information Disclosure Vulnerability - (CVE-2013-1297) MS13-037 | ||
| Description: | Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1297 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16525 | |||
| Oval ID: | oval:org.mitre.oval:def:16525 | ||
| Title: | Return value validation vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1321 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16548 | |||
| Oval ID: | oval:org.mitre.oval:def:16548 | ||
| Title: | Integer overflow vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1317 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16554 | |||
| Oval ID: | oval:org.mitre.oval:def:16554 | ||
| Title: | Buffer underflow vulnerability in Microsoft Publisher - CVE-2013-1329 - MS13-042 | ||
| Description: | Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1329 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16559 | |||
| Oval ID: | oval:org.mitre.oval:def:16559 | ||
| Title: | Microsoft .NET Framework Common Language Runtime spoofing vulnerability - (CVE-2013-1336) MS13-040 | ||
| Description: | The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1336 | Version: | 7 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework 4.5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16584 | |||
| Oval ID: | oval:org.mitre.oval:def:16584 | ||
| Title: | Negative value allocation vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1316 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16650 | |||
| Oval ID: | oval:org.mitre.oval:def:16650 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1307) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-0811. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1307 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16669 | |||
| Oval ID: | oval:org.mitre.oval:def:16669 | ||
| Title: | Invalid range check vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1322 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16682 | |||
| Oval ID: | oval:org.mitre.oval:def:16682 | ||
| Title: | Corrupt interface pointer vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1318 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16689 | |||
| Oval ID: | oval:org.mitre.oval:def:16689 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1310) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1310 | Version: | 5 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16727 | |||
| Oval ID: | oval:org.mitre.oval:def:16727 | ||
| Title: | Internet Explorer Use After Free Vulnerability - MS13-038 | ||
| Description: | Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1347 | Version: | 5 |
| Platform(s): | Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16733 | |||
| Oval ID: | oval:org.mitre.oval:def:16733 | ||
| Title: | Incorrect NULL value handling vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1323 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16738 | |||
| Oval ID: | oval:org.mitre.oval:def:16738 | ||
| Title: | Internet Explorer Use After Free Vulnerability - (CVE-2013-1311) MS13-037 | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1311 | Version: | 9 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 8 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16741 | |||
| Oval ID: | oval:org.mitre.oval:def:16741 | ||
| Title: | Mircosoft .NET Framework authentication bypass vulnerability - (CVE-2013-1337) MS13-040 | ||
| Description: | Microsoft .NET Framework 4.5 does not properly create policy requirements for custom Windows Communication Foundation (WCF) endpoint authentication in certain situations involving passwords over HTTPS, which allows remote attackers to bypass authentication by sending queries to an endpoint, aka "Authentication Bypass Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1337 | Version: | 5 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft .NET Framework 4.5 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16749 | |||
| Oval ID: | oval:org.mitre.oval:def:16749 | ||
| Title: | Return value handling vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1319 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:16750 | |||
| Oval ID: | oval:org.mitre.oval:def:16750 | ||
| Title: | Vulnerability in Microsoft Visio Could Allow Information Disclosure - MS13-044 | ||
| Description: | Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1301 | Version: | 3 |
| Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Visio 2003 Microsoft Visio 2007 Microsoft Visio 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16765 | |||
| Oval ID: | oval:org.mitre.oval:def:16765 | ||
| Title: | Pointer handling vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1328 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 Microsoft Publisher 2007 Microsoft Publisher 2010 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16769 | |||
| Oval ID: | oval:org.mitre.oval:def:16769 | ||
| Title: | Win32k Buffer Overflow Vulnerability - MS13-046 | ||
| Description: | Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1333 | Version: | 3 |
| Platform(s): | Microsoft Windows 7 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:16776 | |||
| Oval ID: | oval:org.mitre.oval:def:16776 | ||
| Title: | Buffer overflow vulnerability in Microsoft Publisher - MS13-042 | ||
| Description: | Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2013-1320 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 | Product(s): | Microsoft Publisher 2003 |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 5 | |
| Application | 5 | |
| Application | 3 | |
| Application | 1 | |
| Application | 1 | |
| Application | 3 | |
| Application | 3 | |
| Application | 2 | |
| Application | 1 | |
| Application | 1 | |
| Os | 4 | |
| Os | 2 | |
| Os | 1 | |
| Os | 1 | |
| Os | 4 | |
| Os | 1 | |
| Os | 2 | |
| Os | 2 |
SAINT Exploits
| Description | Link |
|---|---|
| Internet Explorer textNode Style Computation Use After Free Vulnerability | More info here |
| Internet Explorer VML Dashstyle Attributes Integer Overflow | More info here |
| Internet Explorer CGenericElement Object Use-after-free Vulnerability | More info here |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2013-05-16 | IAVM : 2013-A-0107 - Multiple Microsoft Publisher Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0037937 |
| 2013-05-16 | IAVM : 2013-B-0051 - Microsoft Lync Remote Code Execution Vulnerability Severity : Category II - VMSKEY : V0037938 |
| 2013-05-16 | IAVM : 2013-B-0053 - Microsoft Windows HTTP.sys Denial of Service Vulnerability Severity : Category I - VMSKEY : V0037939 |
| 2013-05-16 | IAVM : 2013-B-0052 - Microsoft Visio Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0037941 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2017-03-01 | Microsoft Windows Win32 Divide Error Exception Denial of Service attempt RuleID : 41465 - Revision : 2 - Type : FILE-EXECUTABLE |
| 2017-03-01 | Microsoft Windows Win32 Divide Error Exception Denial of Service attempt RuleID : 41464 - Revision : 2 - Type : FILE-EXECUTABLE |
| 2017-03-01 | Microsoft Windows Win32 Divide Error Exception Denial of Service attempt RuleID : 41463 - Revision : 2 - Type : FILE-EXECUTABLE |
| 2017-03-01 | Microsoft Windows Win32 Divide Error Exception Denial of Service attempt RuleID : 41462 - Revision : 2 - Type : FILE-EXECUTABLE |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38011 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38010 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38009 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38008 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38007 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38006 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38005 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38004 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38003 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38002 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 38001 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | IE MsRdpClient ActiveX attempt RuleID : 38000 - Revision : 2 - Type : BROWSER-PLUGINS |
| 2016-04-05 | IE MsRdpClient ActiveX attempt RuleID : 37999 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | IE MsRdpClient ActiveX attempt RuleID : 37998 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | IE MsRdpClient ActiveX attempt RuleID : 37997 - Revision : 2 - Type : BROWSER-PLUGINS |
| 2016-04-05 | IE MsRdpClient ActiveX attempt RuleID : 37996 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2016-04-05 | IE MsRdpClient ActiveX attempt RuleID : 37995 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
| 2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-11-16 | Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt RuleID : 31585 - Revision : 3 - Type : BROWSER-IE |
| 2014-11-16 | Microsoft Internet Explorer CSS .ipsum layout use-after-free attempt RuleID : 31584 - Revision : 3 - Type : BROWSER-IE |
| 2014-03-15 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 29803 - Revision : 3 - Type : BROWSER-IE |
| 2014-03-15 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 29802 - Revision : 3 - Type : BROWSER-IE |
| 2014-03-06 | Microsoft Internet Explorer VML array with negative length memory corruption ... RuleID : 29602 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Nuclear exploit kit Microsoft Internet Explorer vulnerability request RuleID : 28424 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Himan exploit kit landing page RuleID : 28307 - Revision : 2 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144-community - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit outbound traffic RuleID : 27144 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27143 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27142 - Revision : 3 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit landing page RuleID : 27141 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Private exploit kit numerically named exe file dowload RuleID : 27140 - Revision : 4 - Type : EXPLOIT-KIT |
| 2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 27062 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 27061 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26754 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26753 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26668 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer ANIMATECOLOR SMIL access attempt RuleID : 26666 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer runtimeStyle memory corruption attempt RuleID : 26642 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer runtimeStyle memory corruption attempt RuleID : 26641 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer XML digital signature transformation of digest value RuleID : 26640 - Revision : 7 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer XML digital signature transformation of digest value RuleID : 26639 - Revision : 7 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer VML array with negative length memory corruption ... RuleID : 26638 - Revision : 7 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer DCOMTextNode object use after free attempt RuleID : 26637 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer DCOMTextNode object use after free attempt RuleID : 26636 - Revision : 6 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 26635 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 8 deleted object access via timer memory corrupti... RuleID : 26634 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer html reload loop attempt RuleID : 26633 - Revision : 7 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows 2012 Server additional empty Accept-Encoding field denial o... RuleID : 26632 - Revision : 3 - Type : SERVER-WEBAPP |
| 2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26631 - Revision : 2 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CDispNode float css element use after free attempt RuleID : 26630 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer setInterval focus use after free attempt RuleID : 26629 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Office Visio SVG external entity local file disclosure attempt RuleID : 26628 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Visio SVG external entity local file disclosure attempt RuleID : 26627 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | XML parameter entity reference local file disclosure attempt RuleID : 26626 - Revision : 6 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosur... RuleID : 26625 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer 7-9 VBScript JSON reference information disclosur... RuleID : 26624 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows Live Writer wlw protocol handler information disclosure att... RuleID : 26623 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows Live Writer wlw protocol handler information disclosure att... RuleID : 26622 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26572 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26571 - Revision : 3 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26570 - Revision : 5 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer null object access attempt RuleID : 26569 - Revision : 4 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26365 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26364 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26363 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26362 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26361 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26360 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26359 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26358 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26357 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26356 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows RDP ActiveX component mstscax use after free attempt RuleID : 26355 - Revision : 11 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-05-15 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-037.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote host is affected by a code execution vulnerability. File : smb_nt_ms13-038.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Windows host is potentially affected by a vulnerability that could... File : smb_nt_ms13-039.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The version of the .NET Framework installed on the remote host is affected by... File : smb_nt_ms13-040.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote host is affected by a remote code execution vulnerability. File : smb_nt_ms13-041.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : Microsoft Publisher, a component of Microsoft Office installed on the remote ... File : smb_nt_ms13-042.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : A Microsoft Office component installed on the remote host is affected by a co... File : smb_nt_ms13-043.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The remote Visio install is affected by an information disclosure vulnerability. File : smb_nt_ms13-044.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : An application on the remote Windows host has an information disclosure vulne... File : smb_nt_ms13-045.nasl - Type : ACT_GATHER_INFO |
| 2013-05-15 | Name : The Windows kernel on the remote host is affected by multiple vulnerabilities. File : smb_nt_ms13-046.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2013-12-31 13:22:54 |
|
| 2013-05-23 00:19:06 |
|
