ID de Prueba:	1.3.6.1.4.1.25623.1.0.900568
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Search Script Execution Vulnerability (963093)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-023.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-023. Vulnerability Insight: The flaw is caused because the search function does not properly restrict the environment within which scripts execute, which could allow sensitive information disclosure. Vulnerability Impact: Remote attackers could exploit this issue to obtain sensitive information or access to data on the affected system by convincing a user to download a crafted file to a specific location, and then open an application that loads the file. Affected Software/OS: - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0239 Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html Microsoft Security Bulletin: MS09-023 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-023 http://osvdb.org/54935 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5428 http://www.securitytracker.com/id?1022353 http://secunia.com/advisories/35366 http://www.vupen.com/english/advisories/2009/1542
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.