Windows : Microsoft Bulletins : Microsoft XML Core Services Remote Code Execution Vulnerabilities (2756145)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.903101

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft XML Core Services Remote Code Execution Vulnerabilities (2756145)

Zusammenfassung: This host is missing a critical security; update according to Microsoft Bulletin MS13-002.

Beschreibung: Summary:
This host is missing a critical security
update according to Microsoft Bulletin MS13-002.

Vulnerability Insight:
Integer truncation and an unspecified error
caused due to the way that Microsoft XML Core Services parses XML content.

Vulnerability Impact:
Successful exploitation could allow remote
attackers to execute arbitrary code as the logged-on user.

Affected Software/OS:
- Microsoft Expression Web 2

- Microsoft Office Word Viewer

- Microsoft Office Compatibility

- Microsoft Office 2003 Service Pack 3 and prior

- Microsoft Office 2007 Service Pack 3 and prior

- Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0

- Microsoft Expression Web Service Pack 1 and prior

- Microsoft Groove Server 2007 Service Pack 3 and prior

- Microsoft SharePoint Server 2007 Service Pack 3 and prior

- Microsoft Windows XP x32 Edition Service Pack 3 and prior

- Microsoft Windows XP x64 Edition Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior

- Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

- Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2013-0006
Cert/CC Advisory: TA13-008A
http://www.us-cert.gov/cas/techalerts/TA13-008A.html
https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01
Microsoft Security Bulletin: MS13-002
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429
Common Vulnerability Exposure (CVE) ID: CVE-2013-0007
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458

Copyright Copyright (C) 2013 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.903101
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft XML Core Services Remote Code Execution Vulnerabilities (2756145)
Zusammenfassung:	This host is missing a critical security; update according to Microsoft Bulletin MS13-002.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS13-002. Vulnerability Insight: Integer truncation and an unspecified error caused due to the way that Microsoft XML Core Services parses XML content. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user. Affected Software/OS: - Microsoft Expression Web 2 - Microsoft Office Word Viewer - Microsoft Office Compatibility - Microsoft Office 2003 Service Pack 3 and prior - Microsoft Office 2007 Service Pack 3 and prior - Microsoft XML Core Services 3.0, 4.0, 5.0 and 6.0 - Microsoft Expression Web Service Pack 1 and prior - Microsoft Groove Server 2007 Service Pack 3 and prior - Microsoft SharePoint Server 2007 Service Pack 3 and prior - Microsoft Windows XP x32 Edition Service Pack 3 and prior - Microsoft Windows XP x64 Edition Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2013-0006 Cert/CC Advisory: TA13-008A http://www.us-cert.gov/cas/techalerts/TA13-008A.html https://us-cert.cisa.gov/ics/advisories/icsa-20-315-01 Microsoft Security Bulletin: MS13-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16429 Common Vulnerability Exposure (CVE) ID: CVE-2013-0007 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15458
Copyright	Copyright (C) 2013 Greenbone AG