Test ID:	1.3.6.1.4.1.25623.1.0.902224
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Unicode Scripts Processor and MS Office Could Code Execution Vulnerability (2320113)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS10-063.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-063. Vulnerability Insight: The flaw is caused by an invalid index within the Unicode Script Processor (USP10.DLL) when handling a table in the OpenType font layout, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page or opening a malicious Office document. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges and to take complete control of an affected system. Affected Software/OS: - Microsoft Office XP SP 3 and prior - Microsoft Office 2003 SP 3 and prior - Microsoft Office 2007 SP 2 and prior - Microsoft Windows XP SP 3 and prior - Microsoft Windows Vista SP 2 and prior - Microsoft Windows Server 2008 SP 2 and prior - Microsoft Windows Server 2003 SP 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2738 Microsoft Security Bulletin: MS10-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7214
Copyright	Copyright (C) 2010 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.