Windows : Microsoft Bulletins : Microsoft Office Word Remote Code Execution Vulnerabilities (2742319)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.902926

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Office Word Remote Code Execution Vulnerabilities (2742319)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS12-064.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS12-064.

Vulnerability Insight:
- An error when parsing the PAPX section can be exploited to corrupt memory
via a specially crafted Word file.

NOTE: This vulnerability affects Microsoft Word 2007 only.

- A use-after-free error exists when handling listid and can be exploited
via a specially crafted RTF file.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a specially crafted word and RTF files.

Affected Software/OS:
- Microsoft Word Viewer

- Microsoft Office 2003 Service Pack 3

- Microsoft Office 2007 Service Pack 2

- Microsoft Office 2007 Service Pack 3

- Microsoft Office 2010 Service Pack 1

- Microsoft Office Web Apps 2010 Service Pack 1

- Microsoft SharePoint Server 2010 Service Pack 1

- Microsoft Office Compatibility Pack Service Pack 2

- Microsoft Office Compatibility Pack Service Pack 3

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-0182
BugTraq ID: 55780
http://www.securityfocus.com/bid/55780
Cert/CC Advisory: TA12-283A
http://www.us-cert.gov/cas/techalerts/TA12-283A.html
Microsoft Security Bulletin: MS12-064
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15426
Common Vulnerability Exposure (CVE) ID: CVE-2012-2528
BugTraq ID: 55781
http://www.securityfocus.com/bid/55781
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680

Copyright Copyright (C) 2012 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.902926
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Office Word Remote Code Execution Vulnerabilities (2742319)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS12-064.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-064. Vulnerability Insight: - An error when parsing the PAPX section can be exploited to corrupt memory via a specially crafted Word file. NOTE: This vulnerability affects Microsoft Word 2007 only. - A use-after-free error exists when handling listid and can be exploited via a specially crafted RTF file. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted word and RTF files. Affected Software/OS: - Microsoft Word Viewer - Microsoft Office 2003 Service Pack 3 - Microsoft Office 2007 Service Pack 2 - Microsoft Office 2007 Service Pack 3 - Microsoft Office 2010 Service Pack 1 - Microsoft Office Web Apps 2010 Service Pack 1 - Microsoft SharePoint Server 2010 Service Pack 1 - Microsoft Office Compatibility Pack Service Pack 2 - Microsoft Office Compatibility Pack Service Pack 3 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0182 BugTraq ID: 55780 http://www.securityfocus.com/bid/55780 Cert/CC Advisory: TA12-283A http://www.us-cert.gov/cas/techalerts/TA12-283A.html Microsoft Security Bulletin: MS12-064 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15426 Common Vulnerability Exposure (CVE) ID: CVE-2012-2528 BugTraq ID: 55781 http://www.securityfocus.com/bid/55781 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15680
Copyright	Copyright (C) 2012 Greenbone AG