Windows : Microsoft Bulletins : Microsoft Office Remote Code Execution Vulnerabilities (2587634)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902567

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Office Remote Code Execution Vulnerabilities (2587634)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS11-073.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS11-073.

Vulnerability Insight:
- The flaw is due to the application loading libraries in an
insecure manner when attempting to validate an opened file. This can be
exploited to load arbitrary libraries by tricking a user into opening a
PPT file located on a remote WebDAV or SMB share.

- An error when parsing unspecified data can be exploited to dereference an
uninitialised value as an object pointer via a specially crafted Word
document.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code as
the logged-on user.

Affected Software/OS:
- Microsoft Office 2003 Service Pack 3

- Microsoft Office 2007 Service Pack 2

- Microsoft Office 2010 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1980
Cert/CC Advisory: TA11-256A
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Microsoft Security Bulletin: MS11-073
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12694
Common Vulnerability Exposure (CVE) ID: CVE-2011-1982
CERT/CC vulnerability note: VU#909022
http://www.kb.cert.org/vuls/id/909022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902567
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Office Remote Code Execution Vulnerabilities (2587634)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS11-073.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS11-073. Vulnerability Insight: - The flaw is due to the application loading libraries in an insecure manner when attempting to validate an opened file. This can be exploited to load arbitrary libraries by tricking a user into opening a PPT file located on a remote WebDAV or SMB share. - An error when parsing unspecified data can be exploited to dereference an uninitialised value as an object pointer via a specially crafted Word document. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code as the logged-on user. Affected Software/OS: - Microsoft Office 2003 Service Pack 3 - Microsoft Office 2007 Service Pack 2 - Microsoft Office 2010 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1980 Cert/CC Advisory: TA11-256A http://www.us-cert.gov/cas/techalerts/TA11-256A.html Microsoft Security Bulletin: MS11-073 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12694 Common Vulnerability Exposure (CVE) ID: CVE-2011-1982 CERT/CC vulnerability note: VU#909022 http://www.kb.cert.org/vuls/id/909022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12243
Copyright	Copyright (C) 2011 Greenbone AG