Windows : Microsoft Bulletins : Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902917

Categoría: Windows : Microsoft Bulletins

Título: Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)

Resumen: This host is missing an important security update according to; Microsoft Bulletin MS12-041.

Descripción: Summary:
This host is missing an important security update according to
Microsoft Bulletin MS12-041.

Vulnerability Insight:
Multiple flaws are due to:

- An error in win32k.sys within the string atom class name and lipboard
format atom name handling and can be exploited to execute arbitrary code.

- An integer overflow error when handling the reference counter for font
resources when loading TrueType fonts.

- A race condition error in win32k.sys when handling particular thread
creation attempts and can be exploited to execute arbitrary code.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with kernel-mode privileges

Affected Software/OS:
- Microsoft Windows XP x32 Edition Service Pack 3 and prior

- Microsoft Windows XP x64 Edition Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior

- Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

- Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-1864
Cert/CC Advisory: TA12-164A
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
Microsoft Security Bulletin: MS12-041
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15496
Common Vulnerability Exposure (CVE) ID: CVE-2012-1865
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15649
Common Vulnerability Exposure (CVE) ID: CVE-2012-1866
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15096
Common Vulnerability Exposure (CVE) ID: CVE-2012-1867
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15510
Common Vulnerability Exposure (CVE) ID: CVE-2012-1868
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15647

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902917
Categoría:	Windows : Microsoft Bulletins
Título:	Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2709162)
Resumen:	This host is missing an important security update according to; Microsoft Bulletin MS12-041.
Descripción:	Summary: This host is missing an important security update according to Microsoft Bulletin MS12-041. Vulnerability Insight: Multiple flaws are due to: - An error in win32k.sys within the string atom class name and lipboard format atom name handling and can be exploited to execute arbitrary code. - An integer overflow error when handling the reference counter for font resources when loading TrueType fonts. - A race condition error in win32k.sys when handling particular thread creation attempts and can be exploited to execute arbitrary code. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with kernel-mode privileges Affected Software/OS: - Microsoft Windows XP x32 Edition Service Pack 3 and prior - Microsoft Windows XP x64 Edition Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1864 Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html Microsoft Security Bulletin: MS12-041 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-041 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15496 Common Vulnerability Exposure (CVE) ID: CVE-2012-1865 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15649 Common Vulnerability Exposure (CVE) ID: CVE-2012-1866 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15096 Common Vulnerability Exposure (CVE) ID: CVE-2012-1867 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15510 Common Vulnerability Exposure (CVE) ID: CVE-2012-1868 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15647
Copyright	Copyright (C) 2012 Greenbone AG