Windows : Microsoft Bulletins : Microsoft Data Analyzer ActiveX Control Vulnerability (978262)

Preis/Funktionszusammenfassung | Bestellen | Neue Anfälligkeiten | Vertraulichkeit | Anfälligkeiten Suche

Anfälligkeitssuche		Suche in 61204 CVE Beschreibungen und 32582 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900229

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Data Analyzer ActiveX Control Vulnerability (978262)

Zusammenfassung: Check for the CLSID and Hotfix

Beschreibung:
Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-008.

Vulnerability Insight:
An unspecified error exists in the Microsoft Data Analyzer ActiveX control
(max3activex.dll) when used with Internet Explorer. Attackers can execute
arbitrary code by tricking a user into visiting a specially crafted web page.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Impact Level: System.

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx

Workaround:
Set the killbit for the following CLSIDs,
{E0ECA9C3-D669-4EF4-8231-00724ED9288F}, {C05A1FBC-1413-11D1-B05F-00805F4945F6},
{5D80A6D1-B500-47DA-82B8-EB9875F85B4D}, {0CCA191D-13A6-4E29-B746-314DEE697D83},
{2d8ed06d-3c30-438b-96ae-4d110fdc1fb8}
http://support.microsoft.com/kb/240797

References:
http://secunia.com/advisories/38503/
http://www.vupen.com/english/advisories/2010/0341
http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-0252
Microsoft Security Bulletin: MS10-008
http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
Microsoft Security Bulletin: MS10-034
http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx
Cert/CC Advisory: TA10-040A
http://www.us-cert.gov/cas/techalerts/TA10-040A.html
Cert/CC Advisory: TA10-159B
http://www.us-cert.gov/cas/techalerts/TA10-159B.html
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8424
http://secunia.com/advisories/38503
http://secunia.com/advisories/40059

Copyright Copyright (C) 2010 SecPod

Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Registrierung eines neuen Benutzers
Email:

Benutzerkennung:

Passwort:

Bitte schicken Sie mir den monatlichen Newsletter, der mich über die neuesten Services, Verbesserungen und Umfragen informiert.

Bitte schicken Sie mir eine Anfälligkeitstest Benachrichtigung, wenn ein neuer Test hinzugefügt wird.

Datenschutz

Anmeldung für registrierte Benutzer

Benutzerkennung:

Passwort:

Benutzerkennung oder Passwort vergessen?

Email/Benutzerkennung:

Test Kennung:	1.3.6.1.4.1.25623.1.0.900229
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
Zusammenfassung:	Check for the CLSID and Hotfix
Beschreibung:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-008. Vulnerability Insight: An unspecified error exists in the Microsoft Data Analyzer ActiveX control (max3activex.dll) when used with Internet Explorer. Attackers can execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact: Successful exploitation will let the remote attackers execute arbitrary code and can compromise a vulnerable system. Impact Level: System. Affected Software/OS: Micorsoft Windows 7 Microsoft Windows 2K Service Pack 4 and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2K3 Service Pack 2 and prior Microsoft Windows Vista Service Pack 1/2 and prior. Microsoft Windows Server 2008 Service Pack 1/2 and prior. Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx Workaround: Set the killbit for the following CLSIDs, {E0ECA9C3-D669-4EF4-8231-00724ED9288F}, {C05A1FBC-1413-11D1-B05F-00805F4945F6}, {5D80A6D1-B500-47DA-82B8-EB9875F85B4D}, {0CCA191D-13A6-4E29-B746-314DEE697D83}, {2d8ed06d-3c30-438b-96ae-4d110fdc1fb8} http://support.microsoft.com/kb/240797 References: http://secunia.com/advisories/38503/ http://www.vupen.com/english/advisories/2010/0341 http://www.microsoft.com/technet/security/bulletin/ms10-008.mspx
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0252 Microsoft Security Bulletin: MS10-008 http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx Microsoft Security Bulletin: MS10-034 http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx Cert/CC Advisory: TA10-040A http://www.us-cert.gov/cas/techalerts/TA10-040A.html Cert/CC Advisory: TA10-159B http://www.us-cert.gov/cas/techalerts/TA10-159B.html http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8424 http://secunia.com/advisories/38503 http://secunia.com/advisories/40059
Copyright	Copyright (C) 2010 SecPod