Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 15 сентября 2010 г.
Опубликовано:16 сентября 2010 г.
Источник:
SecurityVulns ID:11143
Тип:удаленная
Уровень опасности:
9/10
Описание:Переполнение буфера в Microsoft Outlook при разборе сообщения, повреждение памяти при разборе шрифтов.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Office XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.)
 CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability.")
 CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability.")
Оригинальный текстdocumentadi_ks_(at)_secniche.org, CVE-2010-3200 : Microsoft Word 2003 MSO Null Pointer Dereference Vulnerability (16.09.2010)
 documentSECUNIA, Secunia Research: Microsoft Outlook Content Parsing Integer Underflow Vulnerability (16.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-064 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011) (15.09.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-063 - Critical Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113) (15.09.2010)
Файлы:Microsoft Security Bulletin MS10-063 - Critical Vulnerability in Unicode Scripts Processor Could Allow Remote Code Execution (2320113)
 Microsoft Security Bulletin MS10-064 - Critical Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (2315011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород