Windows : Microsoft Bulletins : Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902411

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS11-022.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-022.

Vulnerability Insight:
The flaws are caused by errors related to floating point techno-color time bandit,
persist directory and OfficeArt atoms, which could be exploited by attackers to
execute arbitrary code by tricking a user into opening a specially crafted PowerPoint file.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code by
tricking a user into opening a malicious PPT file.

Affected Software/OS:
- Microsoft PowerPoint 2010

- Microsoft PowerPoint Viewer 2010

- Microsoft PowerPoint 2002 Service Pack 3

- Microsoft PowerPoint 2003 Service Pack 3

- Microsoft PowerPoint 2007 Service Pack 2

- Microsoft PowerPoint Viewer 2007 Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0655
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
Microsoft Security Bulletin: MS11-022
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624
http://www.securitytracker.com/id?1025340
http://www.vupen.com/english/advisories/2011/0941
Common Vulnerability Exposure (CVE) ID: CVE-2011-0656
BugTraq ID: 47251
http://www.securityfocus.com/bid/47251
Bugtraq: 20110412 ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/517482/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-11-125
http://osvdb.org/71770
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761
Common Vulnerability Exposure (CVE) ID: CVE-2011-0976
Bugtraq: 20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/516233/100/0/threaded
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft
http://zerodayinitiative.com/advisories/ZDI-11-044/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978
http://secunia.com/advisories/43213

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902411
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Office PowerPoint Remote Code Execution Vulnerabilities (2489283)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS11-022.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-022. Vulnerability Insight: The flaws are caused by errors related to floating point techno-color time bandit, persist directory and OfficeArt atoms, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PowerPoint file. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a malicious PPT file. Affected Software/OS: - Microsoft PowerPoint 2010 - Microsoft PowerPoint Viewer 2010 - Microsoft PowerPoint 2002 Service Pack 3 - Microsoft PowerPoint 2003 Service Pack 3 - Microsoft PowerPoint 2007 Service Pack 2 - Microsoft PowerPoint Viewer 2007 Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0655 Cert/CC Advisory: TA11-102A http://www.us-cert.gov/cas/techalerts/TA11-102A.html Microsoft Security Bulletin: MS11-022 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12624 http://www.securitytracker.com/id?1025340 http://www.vupen.com/english/advisories/2011/0941 Common Vulnerability Exposure (CVE) ID: CVE-2011-0656 BugTraq ID: 47251 http://www.securityfocus.com/bid/47251 Bugtraq: 20110412 ZDI-11-125: Microsoft Office PowerPoint PersistDirectoryEntry Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/517482/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-11-125 http://osvdb.org/71770 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11761 Common Vulnerability Exposure (CVE) ID: CVE-2011-0976 Bugtraq: 20110207 ZDI-11-044: Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/516233/100/0/threaded http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-microsoft http://zerodayinitiative.com/advisories/ZDI-11-044/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11978 http://secunia.com/advisories/43213
Copyright	Copyright (C) 2011 Greenbone AG