Windows : Microsoft Bulletins : Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900533

Categoría: Windows : Microsoft Bulletins

Título: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-015.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-015.

Vulnerability Insight:
The flaw is due to an error in the way SearchPath function in
Windows locates and opens files on the system.

Vulnerability Impact:
Remote attackers could execute arbitrary code by convincing a user to
download a crafted file to a specific location, and then open an
application that loads the file.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1 and prior

- Microsoft Windows Server 2008 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-2540
http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html
BugTraq ID: 29445
http://www.securityfocus.com/bid/29445
Cert/CC Advisory: TA09-104A
http://www.us-cert.gov/cas/techalerts/TA09-104A.html
http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx
http://blogs.zdnet.com/security/?p=1230
http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html
http://www.microsoft.com/technet/security/advisory/953818.mspx
Microsoft Security Bulletin: MS09-014
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014
Microsoft Security Bulletin: MS09-015
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509
http://securitytracker.com/id?1020150
http://www.securitytracker.com/id?1022047
http://secunia.com/advisories/30467
http://www.vupen.com/english/advisories/2008/1706
http://www.vupen.com/english/advisories/2009/1028
http://www.vupen.com/english/advisories/2009/1029
XForce ISS Database: apple-safari-windows-code-execution(42765)
https://exchange.xforce.ibmcloud.com/vulnerabilities/42765

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900533
Categoría:	Windows : Microsoft Bulletins
Título:	Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-015.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-015. Vulnerability Insight: The flaw is due to an error in the way SearchPath function in Windows locates and opens files on the system. Vulnerability Impact: Remote attackers could execute arbitrary code by convincing a user to download a crafted file to a specific location, and then open an application that loads the file. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1 and prior - Microsoft Windows Server 2008 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2540 http://lists.apple.com/archives/security-announce/2008//Jun/msg00001.html BugTraq ID: 29445 http://www.securityfocus.com/bid/29445 Cert/CC Advisory: TA09-104A http://www.us-cert.gov/cas/techalerts/TA09-104A.html http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx http://blogs.zdnet.com/security/?p=1230 http://www.dhanjani.com/archives/2008/05/safari_carpet_bomb.html http://www.microsoft.com/technet/security/advisory/953818.mspx Microsoft Security Bulletin: MS09-014 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014 Microsoft Security Bulletin: MS09-015 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-015 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5782 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8509 http://securitytracker.com/id?1020150 http://www.securitytracker.com/id?1022047 http://secunia.com/advisories/30467 http://www.vupen.com/english/advisories/2008/1706 http://www.vupen.com/english/advisories/2009/1028 http://www.vupen.com/english/advisories/2009/1029 XForce ISS Database: apple-safari-windows-code-execution(42765) https://exchange.xforce.ibmcloud.com/vulnerabilities/42765
Copyright	Copyright (C) 2009 Greenbone AG