ID de Prueba:	1.3.6.1.4.1.25623.1.0.902784
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS12-002.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS12-002. Vulnerability Insight: The flaw is due to the way that Windows registers and uses Windows Object Packager. This can be exploited to load an executable file (packager.exe) in an insecure manner by tricking a user into opening a Publisher file '.pub' containing an embedded packaged object located on a remote WebDAV or SMB share. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Affected Software/OS: - Microsoft Windows - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-0009 BugTraq ID: 51297 http://www.securityfocus.com/bid/51297 Cert/CC Advisory: TA12-010A http://www.us-cert.gov/cas/techalerts/TA12-010A.html Microsoft Security Bulletin: MS12-002 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-002 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14393 http://www.securitytracker.com/id?1026494 http://secunia.com/advisories/45189
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.