Информационная безопасность
[RU] switch to English


Уязвимости безопасности в Microsoft .Net и Silverlight
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11058
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждение памяти, выполнение кода.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability.")
 CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-060 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-060 - Critical Vulnerabilities in the Microsoft .NET Common Language Runtime and in Microsoft Silverlight Could Allow Remote Code Execution (2265906)

Переполнение буфера в библиотеке glpng
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11060
Тип:библиотека
Уровень опасности:
5/10
Описание:Переполнение буфера динамической памяти в функции pngLoadRawF().
CVE:CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF function, leading to heap-based buffer overflows.)
Оригинальный текстdocumentSECUNIA, Secunia Research: glpng PNG Processing Two Integer Overflow Vulnerabilities (11.08.2010)

Повреждение памяти в SChannel Microsoft Windows
дополнено с 10 марта 2009 г.
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:9726
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждение памяти при разборе сертификата TLS/SSL, подмена сертификата, перехват соединения.
CVE:CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability.")
 CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.)
 CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-049 - Critical Vulnerabilities in SChannel could allow Remote Code Execution (980436) (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing (960225) (10.03.2009)
Файлы:Microsoft Security Bulletin MS09-007 - Important Vulnerability in SChannel Could Allow Spoofing (960225)

Многочисленные уязвимости безопасности в ядре Microsoft Windows
дополнено с 10 августа 2010 г.
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11048
Тип:локальная
Уровень опасности:
6/10
Описание:Повреждение памяти, повышение привилегий, DoS.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability.")
 CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability.")
 CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability.")
 CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability.")
 CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability.")
 CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability.")
 CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local users to gain privileges via vectors involving thread creation, aka "Windows Kernel Data Initialization Vulnerability.")
 CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability.")
Оригинальный текстdocumentCORE SECURITY TECHNOLOGIES ADVISORIES, [CORE-2010-0623] Microsoft Windows CreateWindow function callback vulnerability (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-048 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329) (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-047 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852) (10.08.2010)
Файлы:Microsoft Security Bulletin MS10-047 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (981852)
 Microsoft Security Bulletin MS10-048 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2160329)

Повреждение памяти в Microsoft Windows MovieMaker
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11049
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждение памяти при разборе файлов проекта.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
CVE:CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability.")
Оригинальный текстdocumentSECUNIA, Secunia Research: Windows Movie Maker String Parsing Buffer Overflow (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-050 - Important Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-050 - Important Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (981997)

Повреждение памяти в Microsoft XML Core Services
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11050
Тип:библиотека
Уровень опасности:
8/10
Описание:Повреждение памяти при разборе ответа в XMLHTTP.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted response, aka "Msxml2.XMLHTTP.3.0 Response Handling Memory Corruption Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-051 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-051 - Critical Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2079403)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11052
Тип:удаленная
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, межсайтовый доступ.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Layout Memory Corruption Vulnerability.")
 CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, CVE-2010-0245, and CVE-2010-0246.)
 CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to an object in memory, aka "Race Condition Memory Corruption Vulnerability.")
 CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability.")
 CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine the origin of script code, which allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information, via unspecified vectors, aka "Event Handler Cross-Domain Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer Table Element Use-after-free Vulnerability (CVE-2010-2560) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CIframeElement" Object Use-after-free Vulnerability (CVE-2010-2558) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "OnPropertyChange_Src()" Use-after-free Vulnerability (CVE-2010-2556) (11.08.2010)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "boundElements" Property Use-after-free Vulnerability (CVE-2010-2557) (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-053 - Critical Cumulative Security Update for Internet Explorer (2183461)

Многочисленные уязвимости в службе SMB / CIFS Microsoft Windows
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11053
Тип:удаленная
Уровень опасности:
7/10
Описание:Переполнения буфера, повышение привилегий, DoS.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability.")
 CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability.")
 CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)

Повреждение памяти в кодеке Cinepak Microsoft Windows
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11054
Тип:библиотека
Уровень опасности:
5/10
Описание:Повреждение памяти при воспроизведении файлов.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 7
CVE:CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-10-148: Microsoft Cinepak Codec CVDecompress Remote Code Execution Vulnerability (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-055 - Critical Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-055 - Critical Vulnerability in Cinepak Codec Could Allow Remote Code Execution (982665)

Повреждение памяти в Microsoft Windows DirectShow
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11051
Тип:библиотека
Уровень опасности:
7/10
Описание:Повреждение памяти при воспроизведении MP3.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-10-147: Microsoft Windows MPEG Layer-3 Audio Decoder Remote Code Execution Vulnerability (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-052 - Critical Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-052 - Critical Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution (2115168)

Уязвимости безопасности стекаTCP/IP в Microsoft Windows
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11056
Тип:удаленная
Уровень опасности:
6/10
Описание:DoS, повышение привилегий.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability.")
 CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-058 - Important Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-058 - Important Vulnerabilities in TCP/IP Could Allow Elevation of Privilege (978886)

Многочисленные уязвимости безопасности в Adobe Flash Player
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11059
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Flash Player 9.0
 ADOBE : Flash Player 10.1
 ADOBE : AIR 2.0
CVE:CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2214.)
 CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "click-jacking" issue.)
 CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2213, and CVE-2010-2216.)
 CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-0209, CVE-2010-2214, and CVE-2010-2216.)
 CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code by calling the ActionScript native object 2200 connect method multiple times with different arguments, a different vulnerability than CVE-2010-2160, CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, and CVE-2010-2187.)
 CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and Adobe AIR before 2.0.3, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2213, CVE-2010-2214, and CVE-2010-2216.)
Оригинальный текстdocumentZDI, ZDI-10-149: Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution Vulnerability (11.08.2010)
 documentADOBE, Security update available for Adobe Flash Player (11.08.2010)

Межсайтовый скриптинг в Cisco Wireless Control System
дополнено с 9 августа 2010 г.
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11043
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг и SQL-инъекция в веб-интерфейсе.
Затронутые продукты:CISCO : Wireless Control System 6.0
CVE:CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.)
Оригинальный текстdocumentCISCO, Cisco Security Advisory: SQL Injection Vulnerability in Cisco Wireless Control System (11.08.2010)
 documentTom Neaves, Cisco Wireless Control System XSS (09.08.2010)

Уязвимости безопасности в Tracing Feature for Services Microsoft Windows
Опубликовано:11 августа 2010 г.
Источник:
SecurityVulns ID:11057
Тип:локальная
Уровень опасности:
5/10
Описание:Слабые разрешения на раздел реестра, переполнение буфера при чтении значений из реестра.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability.")
 CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-059 - Important Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-059 - Important Vulnerabilities in the Tracing Feature for Services Could Allow Elevation of Privilege (982799)

Многочисленные уязвимости безопасности в Microsoft Office
дополнено с 11 августа 2010 г.
Опубликовано:16 августа 2010 г.
Источник:
SecurityVulns ID:11055
Тип:удаленная
Уровень опасности:
7/10
Описание:Многочисленные повреждения памяти при разборе различных форматов файлов в Word и Excel.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Works 9
CVE:CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability.")
 CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability.")
 CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows remote attackers to execute arbitrary code via unspecified properties in the data in a crafted RTF document, aka "Word RTF Parsing Buffer Overflow Vulnerability.")
 CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich text data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RTF document, aka "Word RTF Parsing Engine Memory Corruption Vulnerability.")
 CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Works 9 do not properly handle malformed records in a Word file, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, aka "Word Record Parsing Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 08.10.10: Microsoft Office RTF Parsing Engine Memory Corruption Vulnerability (16.08.2010)
 documentZDI, ZDI-10-151: Microsoft Office Word 2007 plcffldMom Parsing Remote Code Execution Vulnerability (14.08.2010)
 documentZDI, ZDI-10-150: Microsoft Office Word sprmCMajority Record Parsing Remote Code Execution Vulnerability (11.08.2010)
 documentCHECKPOINT, Microsoft Office Word HTML Linked Objects Memory Corruption Vulnerability - CVE-2010-1903 (11.08.2010)
 documentIDEFENCE, iDefense Security Advisory 08.10.10: Microsoft Word RTF File Parsing Heap Buffer Overflow Vulnerability (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-057 - Important Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) (11.08.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-056 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) (11.08.2010)
Файлы:Microsoft Security Bulletin MS10-056 - Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638)
 Microsoft Security Bulletin MS10-057 - Important Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород