Информационная безопасность
[RU] switch to English


Многочисленнные уязвимости безопасности в Microsoft Windows
дополнено с 18 ноября 2014 г.
Опубликовано:24 августа 2015 г.
Источник:
SecurityVulns ID:14090
Тип:библиотека
Уровень опасности:
9/10
Описание:Выполнение кода через OLE, многочисленные уязвимости в Internet Explorer, выполнение кода через Schannel, выполнение кода через XML Core Services, повышение привилегий через TCP/IP, повышение привилегий через Windows Audio Service, повышение привилегий через .NET Framework, обход ограничений в RDP, обход ограничений в IIS, повышение привилегий в IME, DoS через драйверы ядра.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 8
 MICROSOFT : Windows 2012 Server
CVE:CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to execute arbitrary code via a crafted OLE object, as exploited in the wild in October 2014 with a crafted PowerPoint document.)
 CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6349.)
 CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2014-6350.)
 CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6342.)
 CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability.")
 CVE-2014-6345 (Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability.")
 CVE-2014-6344 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6343 (Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6342 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6348.)
 CVE-2014-6341 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4143.)
 CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability.")
 CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability.")
 CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability.")
 CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability.")
 CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted web site, as demonstrated by execution of web script in Internet Explorer, aka "Windows Audio Service Vulnerability.")
 CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability.")
 CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly log unauthorized login attempts supplying valid credentials, which makes it easier for remote attackers to bypass intended access restrictions via a series of attempts, aka "Remote Desktop Protocol (RDP) Failure to Audit Vulnerability.")
 CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font, aka "Denial of Service in Windows Kernel Mode Driver Vulnerability.")
 CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly perform TypeFilterLevel checks, which allows remote attackers to execute arbitrary code via crafted data to a .NET Remoting endpoint, aka "TypeFilterLevel Vulnerability.")
 CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-6341.)
 CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (system-state corruption) via crafted XML content, aka "MSXML Remote Code Execution Vulnerability.")
 CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a crafted PDF document, aka "Microsoft IME (Japanese) Elevation of Privilege Vulnerability," as exploited in the wild in 2014.)
 CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain privileges via a crafted IOCTL call to (1) tcpip.sys or (2) tcpip6.sys, aka "TCP/IP Elevation of Privilege Vulnerability.")
Оригинальный текстdocumentVulnerability Lab, Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064) (24.08.2015)
 documentdisclosures_(at)_korelogic.com, KL-001-2015-001 : Windows 2003 tcpip.sys Privilege Escalation (02.02.2015)
Файлы:Microsoft Security Bulletin MS14-078 - Moderate Vulnerability in IME (Japanese) Could Allow Elevation of Privilege (2992719)
  Microsoft Security Bulletin MS14-079 - Moderate Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (3002885)
 https://technet.microsoft.com/en-us/library/security/ms14-076.aspx
  Microsoft Security Bulletin MS14-064 - Critical Vulnerabilities in Windows OLE Could Allow Remote Code Execution (3011443)
  Microsoft Security Bulletin MS14-065 - Critical Cumulative Security Update for Internet Explorer (3003057)
  Microsoft Security Bulletin MS14-066 - Critical Vulnerability in Schannel Could Allow Remote Code Execution (2992611)
  Microsoft Security Bulletin MS14-070 - Important Vulnerability in TCP/IP Could Allow Elevation of Privilege (2989935)
  Microsoft Security Bulletin MS14-071 - Important Vulnerability in Windows Audio Service Could Allow Elevation of Privilege (3005607)
  Microsoft Security Bulletin MS14-072 - Important Vulnerability in .NET Framework Could Allow Elevation of Privilege (3005210)
  Microsoft Security Bulletin MS14-074 - Important Vulnerability in Remote Desktop Protocol Could Allow Security Feature Bypass (3003743)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород