Windows : Microsoft Bulletins : Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.801491

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS08-023.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS08-023.

Vulnerability Insight:
The flaw is due to an error in 'hxvz.dll' ActiveX control.

Vulnerability Impact:
Successful exploitation will let the remote attackers execute arbitrary code.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 2 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

Workaround:

Set the killbit for the following CLSIDs,
{314111b8-a502-11d2-bbca-00c04f8ec294}, {314111c6-a502-11d2-bbca-00c04f8ec294}

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-1086
BugTraq ID: 28606
http://www.securityfocus.com/bid/28606
Cert/CC Advisory: TA08-099A
http://www.us-cert.gov/cas/techalerts/TA08-099A.html
HPdes Security Advisory: HPSBST02329
http://marc.info/?l=bugtraq&m=120845064910729&w=2
HPdes Security Advisory: SSRT080048
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680
Microsoft Security Bulletin: MS08-023
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5475
http://www.securitytracker.com/id?1019800
http://secunia.com/advisories/29714
http://www.vupen.com/english/advisories/2008/1147/references
XForce ISS Database: ie-hxvz-code-execution(41464)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41464

Copyright Copyright (C) 2011 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.801491
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS08-023.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-023. Vulnerability Insight: The flaw is due to an error in 'hxvz.dll' ActiveX control. Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 2 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. Workaround: Set the killbit for the following CLSIDs, {314111b8-a502-11d2-bbca-00c04f8ec294}, {314111c6-a502-11d2-bbca-00c04f8ec294} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1086 BugTraq ID: 28606 http://www.securityfocus.com/bid/28606 Cert/CC Advisory: TA08-099A http://www.us-cert.gov/cas/techalerts/TA08-099A.html HPdes Security Advisory: HPSBST02329 http://marc.info/?l=bugtraq&m=120845064910729&w=2 HPdes Security Advisory: SSRT080048 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=680 Microsoft Security Bulletin: MS08-023 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-023 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5475 http://www.securitytracker.com/id?1019800 http://secunia.com/advisories/29714 http://www.vupen.com/english/advisories/2008/1147/references XForce ISS Database: ie-hxvz-code-execution(41464) https://exchange.xforce.ibmcloud.com/vulnerabilities/41464
Copyright	Copyright (C) 2011 Greenbone AG