English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.801720
Categoría:Windows : Microsoft Bulletins
Título:Vulnerabilities in GDI Could Allow Remote Code Execution (925902)
Resumen:This host is missing a critical security update according to; Microsoft Bulletin MS07-017.
Descripción:Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS07-017.

Vulnerability Insight:
The flaw is due to

- A boundary error within the handling of animated cursors

- Invalid memory reference.

- Privilege escalation vulnerability when rendering malformed 'EMF'
image files.

- Error in Windows TrueType Font Rasterizer.

Vulnerability Impact:
Successful exploitation allows remote attackers to execute arbitrary code.

Affected Software/OS:
- Microsoft Windows XP Service Pack 2 and prior

- Microsoft Windows 2000 Service Pack 4 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-0038
Bugtraq: 20070330 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) (Google Search)
http://www.securityfocus.com/archive/1/464269/100/0/threaded
Bugtraq: 20070331 Re: 0-day ANI vulnerability in Microsoft Windows (CVE-2007-0038) (Google Search)
http://www.securityfocus.com/archive/1/464339/100/0/threaded
Bugtraq: 20070331 RE: [Full-disclosure] 0-day ANI vulnerability in Microsoft Windows(CVE-2007-0038) (Google Search)
http://www.securityfocus.com/archive/1/464342/100/0/threaded
http://www.securityfocus.com/archive/1/464340/100/0/threaded
Bugtraq: 20070402 MS announces out-of-band patch for ANI 0day (Google Search)
http://www.securityfocus.com/archive/1/464460/100/100/threaded
Bugtraq: 20070402 More information on ZERT patch for ANI 0day (Google Search)
http://www.securityfocus.com/archive/1/464459/100/100/threaded
Cert/CC Advisory: TA07-089A
http://www.us-cert.gov/cas/techalerts/TA07-089A.html
Cert/CC Advisory: TA07-093A
http://www.us-cert.gov/cas/techalerts/TA07-093A.html
Cert/CC Advisory: TA07-100A
http://www.us-cert.gov/cas/techalerts/TA07-100A.html
CERT/CC vulnerability note: VU#191609
http://www.kb.cert.org/vuls/id/191609
http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0470.html
HPdes Security Advisory: HPSBST02206
http://www.securityfocus.com/archive/1/466186/100/200/threaded
HPdes Security Advisory: SSRT071354
http://www.determina.com/security_center/security_advisories/securityadvisory_0day_032907.asp
Microsoft Security Bulletin: MS07-017
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-017
http://www.osvdb.org/33629
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1854
http://secunia.com/advisories/24659
http://securityreason.com/securityalert/2542
http://www.vupen.com/english/advisories/2007/1215
XForce ISS Database: win-ani-code-execution(33301)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33301
Common Vulnerability Exposure (CVE) ID: CVE-2007-1211
BugTraq ID: 23275
http://www.securityfocus.com/bid/23275
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=499
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1571
http://www.securitytracker.com/id?1017843
XForce ISS Database: win-wmf-dos(33258)
https://exchange.xforce.ibmcloud.com/vulnerabilities/33258
Common Vulnerability Exposure (CVE) ID: CVE-2007-1212
BugTraq ID: 23278
http://www.securityfocus.com/bid/23278
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1923
http://www.securitytracker.com/id?1017844
Common Vulnerability Exposure (CVE) ID: CVE-2007-1213
BugTraq ID: 23276
http://www.securityfocus.com/bid/23276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1797
http://www.securitytracker.com/id?1017845
Common Vulnerability Exposure (CVE) ID: CVE-2007-1215
BugTraq ID: 23273
http://www.securityfocus.com/bid/23273
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1927
http://www.securitytracker.com/id?1017847
CopyrightCopyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.