Windows : Microsoft Bulletins : Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902281

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS11-002.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-002.

Vulnerability Insight:
The flaws are due to:

- A buffer overflow error in the Data Source Name (DSN) argument of an Open
Database Connectivity (ODBC) API that may be used by third-party applications,
which could allow attackers to execute arbitrary code by convincing a user to
visit a specially crafted web page.

- A memory corruption error in the Microsoft Data Access Components (MDAC) when
handling internal data structures, which could be exploited by remote attackers
to execute arbitrary code via a specially crafted web page.

Vulnerability Impact:
Successful exploitation will allow the attacker to execute arbitrary code on
the targeted system.

Affected Software/OS:
- Microsoft Windows 7

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0026
BugTraq ID: 45695
http://www.securityfocus.com/bid/45695
Cert/CC Advisory: TA11-011A
http://www.us-cert.gov/cas/techalerts/TA11-011A.html
http://www.zerodayinitiative.com/advisories/ZDI-11-001/
Microsoft Security Bulletin: MS11-002
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002
http://osvdb.org/70443
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12333
http://www.securitytracker.com/id?1024947
http://secunia.com/advisories/42804
http://www.vupen.com/english/advisories/2011/0075
Common Vulnerability Exposure (CVE) ID: CVE-2011-0027
BugTraq ID: 45698
http://www.securityfocus.com/bid/45698
http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/
http://www.zerodayinitiative.com/advisories/ZDI-11-002/
http://osvdb.org/70444
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12411

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902281
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS11-002.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-002. Vulnerability Insight: The flaws are due to: - A buffer overflow error in the Data Source Name (DSN) argument of an Open Database Connectivity (ODBC) API that may be used by third-party applications, which could allow attackers to execute arbitrary code by convincing a user to visit a specially crafted web page. - A memory corruption error in the Microsoft Data Access Components (MDAC) when handling internal data structures, which could be exploited by remote attackers to execute arbitrary code via a specially crafted web page. Vulnerability Impact: Successful exploitation will allow the attacker to execute arbitrary code on the targeted system. Affected Software/OS: - Microsoft Windows 7 - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0026 BugTraq ID: 45695 http://www.securityfocus.com/bid/45695 Cert/CC Advisory: TA11-011A http://www.us-cert.gov/cas/techalerts/TA11-011A.html http://www.zerodayinitiative.com/advisories/ZDI-11-001/ Microsoft Security Bulletin: MS11-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-002 http://osvdb.org/70443 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12333 http://www.securitytracker.com/id?1024947 http://secunia.com/advisories/42804 http://www.vupen.com/english/advisories/2011/0075 Common Vulnerability Exposure (CVE) ID: CVE-2011-0027 BugTraq ID: 45698 http://www.securityfocus.com/bid/45698 http://vreugdenhilresearch.nl/ms11-002-pwn2own-heap-overflow/ http://www.zerodayinitiative.com/advisories/ZDI-11-002/ http://osvdb.org/70444 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12411
Copyright	Copyright (C) 2011 Greenbone AG