ID de Prueba:	1.3.6.1.4.1.25623.1.0.902832
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS12-034.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-034. Vulnerability Insight: Multiple flaws are due to - An error exists when parsing TrueType fonts. - An error in the t2embed.dll module when parsing TrueType fonts can be exploited via a specially crafted TTF file. - An error in GDI+ when handling certain records can be exploited via a specially crafted EMF image file. - An error in win32k.sys related to certain Windows and Messages handling can be exploited to execute arbitrary code in the context of another process. - An error in win32k.sys when handling keyboard layout files can be exploited to execute arbitrary code in the context of another process. - An error in win32k.sys related to scrollbar calculations can be exploited to execute arbitrary code in the context of another process. Vulnerability Impact: Successful exploitation could allow an attacker to gain escalated privileges and execute arbitrary code. Affected Software/OS: - Microsoft .NET Framework 4 - Microsoft Silverlight 4 and 5 - Microsoft .NET Framework 3.5.1 - Microsoft Office 2003 Service Pack 3 - Microsoft Office 2007 Service Pack 2 - Microsoft Office 2010 Service Pack 1 - Microsoft .NET Framework 3.0 Service Pack 2 - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3402 Cert/CC Advisory: TA11-347A http://www.us-cert.gov/cas/techalerts/TA11-347A.html Cert/CC Advisory: TA12-129A http://www.us-cert.gov/cas/techalerts/TA12-129A.html Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files http://isc.sans.edu/diary/Duqu+Mitigation/11950 http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf Microsoft Security Bulletin: MS11-087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 Microsoft Security Bulletin: MS12-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 Microsoft Security Bulletin: MS12-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645 http://www.securitytracker.com/id?1027039 http://secunia.com/advisories/49121 http://secunia.com/advisories/49122 Common Vulnerability Exposure (CVE) ID: CVE-2012-0159 BugTraq ID: 53335 http://www.securityfocus.com/bid/53335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667 XForce ISS Database: microsoft-truetype-code-exec(75124) https://exchange.xforce.ibmcloud.com/vulnerabilities/75124 Common Vulnerability Exposure (CVE) ID: CVE-2012-0162 BugTraq ID: 53358 http://www.securityfocus.com/bid/53358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14655 Common Vulnerability Exposure (CVE) ID: CVE-2012-0164 BugTraq ID: 53363 http://www.securityfocus.com/bid/53363 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15580 Common Vulnerability Exposure (CVE) ID: CVE-2012-0165 BugTraq ID: 53347 http://www.securityfocus.com/bid/53347 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621 http://www.securitytracker.com/id?1027038 XForce ISS Database: windows-gdi-emf-code-exec(75125) https://exchange.xforce.ibmcloud.com/vulnerabilities/75125 Common Vulnerability Exposure (CVE) ID: CVE-2012-0167 BugTraq ID: 53351 http://www.securityfocus.com/bid/53351 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15628 XForce ISS Database: windows-gdi-emf-bo(75126) https://exchange.xforce.ibmcloud.com/vulnerabilities/75126 Common Vulnerability Exposure (CVE) ID: CVE-2012-0176 BugTraq ID: 53360 http://www.securityfocus.com/bid/53360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15574 http://www.securitytracker.com/id?1027040 Common Vulnerability Exposure (CVE) ID: CVE-2012-0180 BugTraq ID: 53324 http://www.securityfocus.com/bid/53324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15466 Common Vulnerability Exposure (CVE) ID: CVE-2012-0181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15355 Common Vulnerability Exposure (CVE) ID: CVE-2012-1848 BugTraq ID: 53327 http://www.securityfocus.com/bid/53327 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15555
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.