Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:13 декабря 2012 г.
Источник:
SecurityVulns ID:12780
Тип:библиотека
Уровень опасности:
9/10
Описание:Повреждения памяти при разборе шрифтов OpenType и TrueType, повреждение памяти при обработке имен файлов, переполнение буфера в DirectPlay, недостаточная проверка сертификатов в компоненте DirectAccess IP-HTTPS.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-4786 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2012-4774 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability.")
 CVE-2012-2556 (The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability.")
 CVE-2012-2549 (The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server 2012 does not properly validate certificates, which allows remote attackers to bypass intended access restrictions via a revoked certificate, aka "Revoked Certificate Bypass Vulnerability.")
 CVE-2012-1537 (Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-078 - Critical Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2783534)
 Microsoft Security Bulletin MS12-081 - Critical Vulnerability in Windows File Handling Component Could Allow Remote Code Execution (2758857)
 Microsoft Security Bulletin MS12-082 - Important Vulnerability in DirectPlay Could Allow Remote Code Execution (2770660)
 Microsoft Security Bulletin MS12-083 - Important Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass (2765809)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород