Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:14 марта 2012 г.
Источник:
SecurityVulns ID:12250
Тип:удаленная
Уровень опасности:
8/10
Описание:Повышение привилегий через драйверы, DoS против DirectWrite, повреждение памяти и DoS в RDP.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability.")
 CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability.")
 CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability.")
 CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-018 - Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
 Microsoft Security Bulletin MS12-019 - Moderate Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
 Microsoft Security Bulletin MS12-020 - Critical Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород