Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Office
Опубликовано:13 ноября 2013 г.
Источник:
SecurityVulns ID:13399
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти при разборе WPD, различные переполнения буфера и повреждения памяти в Microsoft Word, утечка информации в Outlook.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does not properly expand metadata contained in S/MIME certificates, which allows remote attackers to obtain sensitive network configuration and state information via a crafted certificate in an e-mail message, aka "S/MIME AIA Vulnerability.")
 CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Heap Overwrite Vulnerability.")
 CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "Word Stack Buffer Overwrite Vulnerability.")
 CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-091 - Important Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2885093)
 Microsoft Security Bulletin MS13-094 - Important Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород