Windows : Microsoft Bulletins : Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902228

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS10-056.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-056.

Vulnerability Insight:
The issues are caused by buffer overflow and memory corruption errors when
processing malformed data and records within Word and 'RTF' documents, which
could be exploited by attackers to crash an affected application or execute
arbitrary code.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted Excel document.

Affected Software/OS:
- Microsoft Office Word Viewer

- Microsoft Office Word 2002 Service Pack 3

- Microsoft Office Word 2003 Service Pack 3

- Microsoft Office Word 2007 Service Pack 2

- Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2010-1900
Cert/CC Advisory: TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Microsoft Security Bulletin: MS10-056
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490
Common Vulnerability Exposure (CVE) ID: CVE-2010-1901
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612
Common Vulnerability Exposure (CVE) ID: CVE-2010-1902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472
Common Vulnerability Exposure (CVE) ID: CVE-2010-1903
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12039

Copyright Copyright (C) 2010 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902228
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Office Word Remote Code Execution Vulnerabilities (2269638)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS10-056.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-056. Vulnerability Insight: The issues are caused by buffer overflow and memory corruption errors when processing malformed data and records within Word and 'RTF' documents, which could be exploited by attackers to crash an affected application or execute arbitrary code. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted Excel document. Affected Software/OS: - Microsoft Office Word Viewer - Microsoft Office Word 2002 Service Pack 3 - Microsoft Office Word 2003 Service Pack 3 - Microsoft Office Word 2007 Service Pack 2 - Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1900 Cert/CC Advisory: TA10-222A http://www.us-cert.gov/cas/techalerts/TA10-222A.html Microsoft Security Bulletin: MS10-056 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-056 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11490 Common Vulnerability Exposure (CVE) ID: CVE-2010-1901 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11612 Common Vulnerability Exposure (CVE) ID: CVE-2010-1902 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11472 Common Vulnerability Exposure (CVE) ID: CVE-2010-1903 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12039
Copyright	Copyright (C) 2010 Greenbone AG