Windows : Microsoft Bulletins : Windows Backup Manager Remote Code Execution Vulnerability (2478935)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.901173

Categoría: Windows : Microsoft Bulletins

Título: Windows Backup Manager Remote Code Execution Vulnerability (2478935)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS11-001.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-001.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain
libraries from the current working directory, which could allow attackers
to execute arbitrary code and conduct DLL hijacking attacks via a Trojan
horse fveapi.dll which is located in the same folder as a .wbcat file.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code and conduct DLL hijacking attacks.

Affected Software/OS:
Microsoft Windows Vista Service Pack 2 and prior.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3145
Cert/CC Advisory: TA11-011A
http://www.us-cert.gov/cas/techalerts/TA11-011A.html
http://www.exploit-db.com/exploits/14751/
Microsoft Security Bulletin: MS11-001
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-001
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12273
http://www.securitytracker.com/id?1024948
http://www.vupen.com/english/advisories/2011/0074

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.901173
Categoría:	Windows : Microsoft Bulletins
Título:	Windows Backup Manager Remote Code Execution Vulnerability (2478935)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS11-001.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-001. Vulnerability Insight: The flaw is due to the application insecurely loading certain libraries from the current working directory, which could allow attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse fveapi.dll which is located in the same folder as a .wbcat file. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code and conduct DLL hijacking attacks. Affected Software/OS: Microsoft Windows Vista Service Pack 2 and prior. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3145 Cert/CC Advisory: TA11-011A http://www.us-cert.gov/cas/techalerts/TA11-011A.html http://www.exploit-db.com/exploits/14751/ Microsoft Security Bulletin: MS11-001 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-001 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12273 http://www.securitytracker.com/id?1024948 http://www.vupen.com/english/advisories/2011/0074
Copyright	Copyright (C) 2011 Greenbone AG