ID de Prueba:	1.3.6.1.4.1.25623.1.0.902669
Categoría:	Windows : Microsoft Bulletins
Título:	Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS12-024.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-024. Vulnerability Insight: The flaw is due to the way Windows Authenticode Signature Verification function verifies portable executable (PE) files, which can be exploited to add malicious code to the file without invalidating the signature. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0151 Cert/CC Advisory: TA12-101A http://www.us-cert.gov/cas/techalerts/TA12-101A.html Microsoft Security Bulletin: MS12-024 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-024 http://osvdb.org/81135 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15594 http://www.securitytracker.com/id?1026906 http://secunia.com/advisories/48581
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.