Информационная безопасность
[RU] switch to English


Переполнение буфера в Microsoft Office
Опубликовано:12 июня 2013 г.
Источник:
SecurityVulns ID:13123
Тип:клиент
Уровень опасности:
8/10
Описание:Уязвимость при чтении писем в Microsoft Outlook используется in-the-wild.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2011 for Mac
CVE:CVE-2013-1331 (Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-051 - Important Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
Опубликовано:12 июня 2013 г.
Источник:
SecurityVulns ID:13121
Тип:клиент
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-3142 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3139.)
 CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3110.)
 CVE-2013-3139 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3121, and CVE-2013-3142.)
 CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is enabled, does not properly handle objects in memory during the processing of script, which allows remote attackers to execute arbitrary code via a crafted web site, aka "Internet Explorer Script Debug Vulnerability.")
 CVE-2013-3125 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3120.)
 CVE-2013-3124 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3122.)
 CVE-2013-3123 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3111.)
 CVE-2013-3122 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3117 and CVE-2013-3124.)
 CVE-2013-3121 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3113, CVE-2013-3139, and CVE-2013-3142.)
 CVE-2013-3120 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3118 and CVE-2013-3125.)
 CVE-2013-3119 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3114.)
 CVE-2013-3118 (Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3120 and CVE-2013-3125.)
 CVE-2013-3117 (Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3122 and CVE-2013-3124.)
 CVE-2013-3116 (Microsoft Internet Explorer 7 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability.")
 CVE-2013-3114 (Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3119.)
 CVE-2013-3113 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3112, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.)
 CVE-2013-3112 (Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3113, CVE-2013-3121, CVE-2013-3139, and CVE-2013-3142.)
 CVE-2013-3111 (Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3123.)
 CVE-2013-3110 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3141.)
Файлы:Microsoft Security Bulletin MS13-047 - Critical Cumulative Security Update for Internet Explorer (2838727)

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:12 июня 2013 г.
Источник:
SecurityVulns ID:13122
Тип:удаленная
Уровень опасности:
7/10
Описание:Утечка информации в ядре, DoS через драйверы, повышение привилегий через спулер печати.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2012 Server
CVE:CVE-2013-3138 (Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability.")
 CVE-2013-3136 (The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability.")
 CVE-2013-1339 (The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability.")
Файлы:Microsoft Security Bulletin MS13-048 - Important Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
 Microsoft Security Bulletin MS13-049 - Important Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
 Microsoft Security Bulletin MS13-050 - Important Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород