Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Microsoft Word
Опубликовано:9 октября 2012 г.
Источник:
SecurityVulns ID:12623
Тип:клиент
Уровень опасности:
6/10
Описание:Повреждение памяти, использование после освобождения.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : Word Viewer
 MICROSOFT : Office Web Apps 2010
CVE:CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability.")
 CVE-2012-0182 (Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-064 - Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

Повреждение памяти в Microsoft Works
Опубликовано:9 октября 2012 г.
Источник:
SecurityVulns ID:12624
Тип:локальная
Уровень опасности:
5/10
Описание:Повреждение памяти при разборе файлов Word.
Затронутые продукты:MICROSOFT : Works 9
CVE:CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-065 - Important Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)

Межсайтовый скриптинг во многих веб-приложениях Microsoft
Опубликовано:9 октября 2012 г.
Источник:
SecurityVulns ID:12625
Тип:удаленная
Уровень опасности:
6/10
Описание:Недостаточная валидация HTML-данных.
Затронутые продукты:MICROSOFT : SharePoint Server 2007
 MICROSOFT : InfoPath 2007
 MICROSOFT : InfoPath 2010
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : SharePoint Foundation 2010
 MICROSOFT : Lync 2010
 MICROSOFT : Microsoft Communicator 2007
 MICROSOFT : Office Web Apps 2010
 MICROSOFT : Groove Server 2010
 MICROSOFT : Windows SharePoint Services 3.0
CVE:CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-066 - Important Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

Уязвимости в Microsoft Fast Search Server
Опубликовано:9 октября 2012 г.
Источник:
SecurityVulns ID:12626
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные уязвимости во встроенных библиотеках Oracle Outside In.
Затронутые продукты:MICROSOFT : FAST Search Server 2010
CVE:CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
Файлы:Microsoft Security Bulletin MS12-067 - Important Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород