ID de Prueba:	1.3.6.1.4.1.25623.1.0.804860
Categoría:	Windows : Microsoft Bulletins
Título:	Windows OLE Object Handling Arbitrary Code Execution Vulnerability (3000869)
Resumen:	This host is missing an important security; update according to Microsoft Bulletin MS14-060.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS14-060. Vulnerability Insight: The flaw is due to an unspecified error when handling OLE objects embedded within Microsoft Office files. Vulnerability Impact: Successful exploitation will allow attacker to compromise a user's system. Affected Software/OS: - Microsoft Windows 8 x32/x64 - Microsoft Windows Server 2012/R2 - Microsoft Windows 8.1 x32/x64 - Microsoft Windows 7 x32/x64 Service Pack 1 and prior - Microsoft Windows Vista x32/x64 Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-4114 BugTraq ID: 70419 http://www.securityfocus.com/bid/70419 http://www.exploit-db.com/exploits/35019 http://www.exploit-db.com/exploits/35020 http://www.exploit-db.com/exploits/35055 http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerability-cve-2014-4114-aka-sandworm/ http://www.isightpartners.com/2014/10/cve-2014-4114/ Microsoft Security Bulletin: MS14-060 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-060 http://osvdb.org/show/osvdb/113140 http://secunia.com/advisories/60972
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.