Executive Summary
Informations | |||
---|---|---|---|
Name | TA13-317A | First vendor Publication | 2013-11-13 |
Vendor | US-CERT | Last vendor Modification | 2013-11-16 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. DescriptionThe Microsoft Security Bulletin Summary for November 2013 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address these vulnerabilities. The November Security Bulletin includes a patch for the new “watering hole” campaign which utilizes a US-based website that specializes in domestic and international security policy. ImpactThese vulnerabilities could allow remote code execution, elevation of privilege, information disclosure or denial of service. SolutionApply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2013, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA13-317A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
63 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
21 % | CWE-200 | Information Exposure |
5 % | CWE-264 | Permissions, Privileges, and Access Controls |
5 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
5 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:18342 | |||
Oval ID: | oval:org.mitre.oval:def:18342 | ||
Title: | Information disclosure vulnerability in Microsoft Internet Explorer (CVE-2013-3909) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3909 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18488 | |||
Oval ID: | oval:org.mitre.oval:def:18488 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3916) - MS13-088 | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3912. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3916 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18706 | |||
Oval ID: | oval:org.mitre.oval:def:18706 | ||
Title: | Information disclosure vulnerability in Microsoft Internet Explorer (CVE-2013-3908) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3908 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18722 | |||
Oval ID: | oval:org.mitre.oval:def:18722 | ||
Title: | Graphics Device Interface Integer Overflow Vulnerability (CVE-2013-3940) - MS13-089 | ||
Description: | Integer overflow in the Graphics Device Interface (GDI) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image in a Windows Write (.wri) document, which is not properly handled in WordPad, aka "Graphics Device Interface Integer Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3940 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18805 | |||
Oval ID: | oval:org.mitre.oval:def:18805 | ||
Title: | Ancillary Function Driver Information Disclosure Vulnerability (CVE-2013-3887) - MS13-093 | ||
Description: | The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows local users to obtain sensitive information from kernel memory by leveraging improper copy operations, aka "Ancillary Function Driver Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3887 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18851 | |||
Oval ID: | oval:org.mitre.oval:def:18851 | ||
Title: | Address Corruption Vulnerability in Hyper-V (CVE-2013-3898) - MS13-092 | ||
Description: | Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, does not ensure memory-address validity, which allows guest OS users to execute arbitrary code in all guest OS instances, and allows guest OS users to cause a denial of service (host OS crash), via a guest-to-host hypercall with a crafted function parameter, aka "Address Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3898 | Version: | 3 |
Platform(s): | Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Hyper-V Server |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:18893 | |||
Oval ID: | oval:org.mitre.oval:def:18893 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3914) - MS13-088 | ||
Description: | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3914 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18936 | |||
Oval ID: | oval:org.mitre.oval:def:18936 | ||
Title: | Internet Explorer Memory Corruption Vulnerability (CVE-2013-3871) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3871 | Version: | 6 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19109 | |||
Oval ID: | oval:org.mitre.oval:def:19109 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3910) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3910 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19112 | |||
Oval ID: | oval:org.mitre.oval:def:19112 | ||
Title: | Digital Signatures Vulnerability (CVE-2013-3869) - MS13-095 | ||
Description: | Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to cause a denial of service (daemon hang) via a web-service request containing a crafted X.509 certificate that is not properly handled during validation, aka "Digital Signatures Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3869 | Version: | 3 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19138 | |||
Oval ID: | oval:org.mitre.oval:def:19138 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3917) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3915. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3917 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19162 | |||
Oval ID: | oval:org.mitre.oval:def:19162 | ||
Title: | Word Stack Buffer Overwrite Vulnerability in Microsoft Office (CVE-2013-1324) - MS13-091 | ||
Description: | Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1324 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows Vista Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Office 2003 Microsoft Office 2007 Microsoft Office 2010 Microsoft Office 2013 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19178 | |||
Oval ID: | oval:org.mitre.oval:def:19178 | ||
Title: | WPD File Format Memory Corruption Vulnerability in Microsoft Office (CVE-2013-0082) - MS13-091 | ||
Description: | Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-0082 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office 2003 Microsoft Office 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19182 | |||
Oval ID: | oval:org.mitre.oval:def:19182 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3912) - MS13-088 | ||
Description: | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3916. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3912 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19239 | |||
Oval ID: | oval:org.mitre.oval:def:19239 | ||
Title: | S/MIME AIA Vulnerability (CVE-2013-3905) - MS13-094 | ||
Description: | Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3905 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Outlook 2007 Microsoft Outlook 2010 Microsoft Outlook 2013 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19243 | |||
Oval ID: | oval:org.mitre.oval:def:19243 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3915) - MS13-088 | ||
Description: | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3917. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3915 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows XP Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19265 | |||
Oval ID: | oval:org.mitre.oval:def:19265 | ||
Title: | Memory corruption vulnerability in Microsoft Internet Explorer (CVE-2013-3911) - MS13-088 | ||
Description: | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-3911 | Version: | 5 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 8 Microsoft Windows Server 2012 | Product(s): | Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:19321 | |||
Oval ID: | oval:org.mitre.oval:def:19321 | ||
Title: | Word Heap Overwrite Vulnerability in Microsoft Office (CVE-2013-1325) - MS13-091 | ||
Description: | Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-1325 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Office 2003 Microsoft Office 2007 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-14 | IAVM : 2013-A-0213 - Cumulative Security Update of Microsoft ActiveX Kill Bits Severity : Category II - VMSKEY : V0042293 |
2013-11-14 | IAVM : 2013-A-0214 - Microsoft GDI Memory Corruption Vulnerability Severity : Category II - VMSKEY : V0042294 |
2013-11-14 | IAVM : 2013-A-0216 - Microsoft Office Outlook Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0042295 |
2013-11-14 | IAVM : 2013-A-0215 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0042296 |
2013-11-14 | IAVM : 2013-B-0127 - Microsoft Windows Ancillary Function Driver Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0042302 |
2013-11-14 | IAVM : 2013-B-0128 - MIcrosoft Windows Digital Signature Denial of Service Vulnerability Severity : Category I - VMSKEY : V0042304 |
2013-11-14 | IAVM : 2013-B-0129 - Microsoft Windows Hyper-V Privilege Escalation Vulnerability Severity : Category II - VMSKEY : V0042305 |
2013-11-14 | IAVM : 2013-B-0126 - Multiple Vulnerabilities in Microsoft Office Severity : Category II - VMSKEY : V0042306 |
2013-10-10 | IAVM : 2013-A-0188 - Cumulative Security Update for Microsoft Internet Explorer Severity : Category I - VMSKEY : V0040759 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-04-13 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 49428 - Revision : 1 - Type : FILE-OTHER |
2019-04-13 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 49427 - Revision : 1 - Type : FILE-OTHER |
2016-03-24 | InformationCardSigninHelper ActiveX function call access RuleID : 37823 - Revision : 1 - Type : BROWSER-PLUGINS |
2016-03-24 | InformationCardSigninHelper ActiveX clsid access RuleID : 37822 - Revision : 2 - Type : BROWSER-PLUGINS |
2016-03-14 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 36501 - Revision : 3 - Type : FILE-OTHER |
2016-03-14 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 36500 - Revision : 4 - Type : FILE-OTHER |
2016-03-14 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 36499 - Revision : 2 - Type : FILE-OTHER |
2016-03-14 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 36498 - Revision : 2 - Type : FILE-OTHER |
2015-02-18 | Microsoft Internet Explorer CAnchorElement use after free attempt RuleID : 33099 - Revision : 5 - Type : BROWSER-IE |
2014-01-18 | Microsoft Internet Explorer print preview information disclosure attempt RuleID : 28997 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer generic use after free attempt RuleID : 28524 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer generic use after free attempt RuleID : 28523 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer print preview information disclosure attempt RuleID : 28522 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28521 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28520 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28519 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28518 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28517 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28516 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28515 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28514 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28513 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28512 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28511 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28510 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Wordpad embedded BMP overflow attempt RuleID : 28509 - Revision : 5 - Type : FILE-OTHER |
2014-01-10 | InformationCardSigninHelper ActiveX function call access RuleID : 28506 - Revision : 7 - Type : BROWSER-PLUGINS |
2014-01-10 | InformationCardSigninHelper ActiveX clsid access RuleID : 28505 - Revision : 8 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer undo use after free attempt RuleID : 28504 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 28503 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 28502 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | WordPerfect file magic with .doc extension RuleID : 28501 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | WordPerfect file magic with .doc extension RuleID : 28500 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 28499 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Word WordPerfect CSTYL border element stack overflow attempt RuleID : 28498 - Revision : 3 - Type : FILE-OTHER |
2014-01-10 | Microsoft Internet Explorer createRange user after free attempt RuleID : 28496 - Revision : 4 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer execCommand CTreePos memory corruption attempt RuleID : 28495 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer execCommand CTreePos memory corruption attempt RuleID : 28494 - Revision : 3 - Type : BROWSER-IE |
2014-10-14 | DeputyDog diskless method outbound connection RuleID : 28493-community - Revision : 6 - Type : MALWARE-CNC |
2014-01-10 | DeputyDog diskless method outbound connection RuleID : 28493 - Revision : 6 - Type : MALWARE-CNC |
2014-01-10 | Microsoft Internet Explorer freed CTreePos object use-after-free attempt RuleID : 28492 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CEditAdorner use after free attempt RuleID : 28491 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer deleted object memory corruption attempt RuleID : 28490 - Revision : 3 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer CAnchorElement use after free attempt RuleID : 28489 - Revision : 6 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-11-13 | Name : The remote host is affected by multiple code execution vulnerabilities. File : smb_nt_ms13-088.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote host is affected by a remote code execution vulnerability. File : smb_nt_ms13-089.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote Windows host is missing an update that disables selected ActiveX c... File : smb_nt_ms13-090.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The Microsoft Office component installed on the remote host is affected by mu... File : smb_nt_ms13-091.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote Windows host is susceptible to an elevation of privilege attack. File : smb_nt_ms13-092.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote Windows host contains a driver that allows information disclosure. File : smb_nt_ms13-093.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The version of Microsoft Outlook installed on the remote Windows host is affe... File : smb_nt_ms13-094.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote Windows host is affected by a denial of service vulnerability. File : smb_nt_ms13-095.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-12-20 13:23:56 |
|
2013-11-16 13:20:31 |
|