Windows : Microsoft Bulletins : Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900667

Categoría: Windows : Microsoft Bulletins

Título: Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-022.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-022.

Vulnerability Insight:
Multiple flaws exist due to:

- Buffer overflow error in the Windows Print Spooler when parsing certain
printing data structures, via a specially crafted RPC request and a
malicious print server.

- Error in the Windows Printing Service that does not properly check the files
that can be included with separator pages.

- Error in the Windows Print Spooler that does not properly validate the paths
from which a DLL may be loaded.

Vulnerability Impact:
Successful exploitation could allow remote or Local attackers to disclose
sensitive information or compromise a vulnerable system.

Affected Software/OS:
- Microsoft Windows 2003 Service Pack 2

- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0228
BugTraq ID: 35206
http://www.securityfocus.com/bid/35206
Cert/CC Advisory: TA09-160A
http://www.us-cert.gov/cas/techalerts/TA09-160A.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=806
Microsoft Security Bulletin: MS09-022
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022
http://osvdb.org/54932
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6317
http://www.securitytracker.com/id?1022352
http://secunia.com/advisories/35365
http://www.vupen.com/english/advisories/2009/1541
Common Vulnerability Exposure (CVE) ID: CVE-2009-0229
BugTraq ID: 35208
http://www.securityfocus.com/bid/35208
http://osvdb.org/54933
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815
Common Vulnerability Exposure (CVE) ID: CVE-2009-0230
BugTraq ID: 35209
http://www.securityfocus.com/bid/35209
http://osvdb.org/54934
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6287

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900667
Categoría:	Windows : Microsoft Bulletins
Título:	Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-022.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-022. Vulnerability Insight: Multiple flaws exist due to: - Buffer overflow error in the Windows Print Spooler when parsing certain printing data structures, via a specially crafted RPC request and a malicious print server. - Error in the Windows Printing Service that does not properly check the files that can be included with separator pages. - Error in the Windows Print Spooler that does not properly validate the paths from which a DLL may be loaded. Vulnerability Impact: Successful exploitation could allow remote or Local attackers to disclose sensitive information or compromise a vulnerable system. Affected Software/OS: - Microsoft Windows 2003 Service Pack 2 - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0228 BugTraq ID: 35206 http://www.securityfocus.com/bid/35206 Cert/CC Advisory: TA09-160A http://www.us-cert.gov/cas/techalerts/TA09-160A.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=806 Microsoft Security Bulletin: MS09-022 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-022 http://osvdb.org/54932 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6317 http://www.securitytracker.com/id?1022352 http://secunia.com/advisories/35365 http://www.vupen.com/english/advisories/2009/1541 Common Vulnerability Exposure (CVE) ID: CVE-2009-0229 BugTraq ID: 35208 http://www.securityfocus.com/bid/35208 http://osvdb.org/54933 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5815 Common Vulnerability Exposure (CVE) ID: CVE-2009-0230 BugTraq ID: 35209 http://www.securityfocus.com/bid/35209 http://osvdb.org/54934 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6287
Copyright	Copyright (C) 2009 Greenbone AG