Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 8 февраля 2011 г.
Опубликовано:14 февраля 2011 г.
Источник:
SecurityVulns ID:11413
Тип:библиотека
Уровень опасности:
8/10
Описание:Переполнение буфера в shell при показе изображений, повреждение памяти при разборе шрифтов OpenType Compact Font Format, повышение привилегий через CSRSS, LSA, ядро и различные драйверы, подмена ответов сервера Kerberos, утечка данных в JScript/VBScript.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability.")
 CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability.")
 CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability.")
 CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability.")
 CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability.")
 CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability.")
 CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to WmiTraceMessageVa, aka "Windows Kernel Integer Truncation Vulnerability.")
 CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability.")
 CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability.")
 CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability.")
 CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability.")
 CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.)
 CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability.")
 CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability.")
 CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Shell Graphics biCompression Buffer Overflow Vulnerability (14.02.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Shell Graphics BMP "height" Integer Overflow Vulnerability (14.02.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Shell Graphics BMP "width" Integer Overflow Vulnerability (14.02.2011)
 documentIDEFENSE, iDefense Security Advisory 02.08.11: Microsoft Windows Picture and Fax Viewer Library (11.02.2011)
 documentZDI, ZDI-11-064: Microsoft Windows WmiTraceMessageVa Local Kernel Vulnerability (09.02.2011)
Файлы:Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
 Microsoft Security Bulletin MS11-011 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2393802)
 Microsoft Security Bulletin MS11-013 - Important Vulnerabilities in Kerberos Could Allow Elevation of Privilege (2496930)
 Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2476687)
 Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)
 Microsoft Security Bulletin MS11-006 - Critical Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
 Microsoft Security Bulletin MS11-012 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2479628)
 Microsoft Security Bulletin MS11-014 - Important Vulnerability in Local Security Authority Subsystem Service Could Allow Local Elevation of Privilege (2478960)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород