Windows : Microsoft Bulletins : Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902727

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS11-072.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS11-072.

Vulnerability Insight:
The flaws are caused by memory corruption, array-indexing and use-after-free
errors when handling the crafted Excel files.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code
with the privileges of the user running the affected application.

Affected Software/OS:
- Microsoft Excel 2003 Service Pack 3

- Microsoft Excel 2007 Service Pack 2

- Microsoft Office 2007 Service Pack 2

- Microsoft Excel Viewer Service Pack 2

- Microsoft Excel 2010 Service Pack 1 and prior

- Microsoft Office 2010 Service Pack 1 and prior

- Microsoft Excel Services installed on Microsoft Office SharePoint Server 2007 Service Pack 2

- Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-1986
Cert/CC Advisory: TA11-256A
http://www.us-cert.gov/cas/techalerts/TA11-256A.html
Microsoft Security Bulletin: MS11-072
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12345
Common Vulnerability Exposure (CVE) ID: CVE-2011-1987
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953
Common Vulnerability Exposure (CVE) ID: CVE-2011-1988
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836
Common Vulnerability Exposure (CVE) ID: CVE-2011-1989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974
Common Vulnerability Exposure (CVE) ID: CVE-2011-1990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902727
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Office Excel Remote Code Execution Vulnerabilities (2587505)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS11-072.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS11-072. Vulnerability Insight: The flaws are caused by memory corruption, array-indexing and use-after-free errors when handling the crafted Excel files. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code with the privileges of the user running the affected application. Affected Software/OS: - Microsoft Excel 2003 Service Pack 3 - Microsoft Excel 2007 Service Pack 2 - Microsoft Office 2007 Service Pack 2 - Microsoft Excel Viewer Service Pack 2 - Microsoft Excel 2010 Service Pack 1 and prior - Microsoft Office 2010 Service Pack 1 and prior - Microsoft Excel Services installed on Microsoft Office SharePoint Server 2007 Service Pack 2 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1986 Cert/CC Advisory: TA11-256A http://www.us-cert.gov/cas/techalerts/TA11-256A.html Microsoft Security Bulletin: MS11-072 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12345 Common Vulnerability Exposure (CVE) ID: CVE-2011-1987 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12953 Common Vulnerability Exposure (CVE) ID: CVE-2011-1988 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12836 Common Vulnerability Exposure (CVE) ID: CVE-2011-1989 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 Common Vulnerability Exposure (CVE) ID: CVE-2011-1990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11982
Copyright	Copyright (C) 2011 Greenbone AG