Информационная безопасность
[RU] switch to English


Повреждение памяти в Microsoft Remote Desktop
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12403
Тип:удаленная
Уровень опасности:
8/10
Описание:Повреждение памяти при обработке пакетов RDP.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.)
Файлы:Microsoft Security Bulletin MS12-036 - Critical Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939)

Многочисленные уязвимости безопасности в Mictosoft Lync
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12406
Тип:удаленная
Уровень опасности:
6/10
Описание:Проблемы с парсингом шрифтов, небезопасная загрузка DLL, межсайтовый скриптинг.
Затронутые продукты:MICROSOFT : Lync 2010
 MICROSOFT : Microsoft Communicator 2007
CVE:CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
 CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability.")
 CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-039 - Important Vulnerabilities in Lync Could Allow Remote Code Execution (2707956)

Межсайтовый скриптинг в Microsoft Dynamics AX
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12407
Тип:удаленная
Уровень опасности:
5/10
Описание:Межсайтовый скриптинг при отображении URL.
Затронутые продукты:MICROSOFT : Dynamics AX 2012
CVE:CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-040 - Important Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (2709100)

Доступ за границы буфера через PDO в PHP
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12408
Тип:библиотека
Уровень опасности:
5/10
Описание:Доступ за границы буфера через прекомпилированный запрос.
Оригинальный текстdocument0x721427D8 0x721427D8, [php<=5.4.3] Parsing Bug in PHP PDO prepared statements may lead to access violation (13.06.2012)

Обход защиты в Microsoft IIS
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12409
Тип:удаленная
Уровень опасности:
6/10
Описание:Доступ к содержимому скриптовых файлов, обход парольной защиты.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
Оригинальный текстdocumentHI-TECH ., IIS 6.0/7.5 Vulnerabilities [moderate risk] - ISOWAREZ BDAY RELEASE (13.06.2012)

Многочисленные уязвимости безопасности в Mozilla Firefox / Thunderbird / Seamonkey
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12410
Тип:клиент
Уровень опасности:
8/10
Описание:Переполнения буфера, повреждения памяти, use-after-free, выполнение кода, повышение привилегий.
Затронутые продукты:MOZILLA : Firefox 12.0
 MOZILLA : Thunderbird 12.0
 MOZILLA : SeaMonkey 2.9
CVE:CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure.)
 CVE-2012-1946 (Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 might allow remote attackers to execute arbitrary code via document changes involving replacement or insertion of a node.)
 CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.)
 CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.)
 CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allows local users to gain privileges via a Trojan horse wsock32.dll file in an application directory.)
 CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.)
 CVE-2012-1941 (Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns.)
 CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by changing the size of a container of absolutely positioned elements in a column.)
 CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted JavaScript code.)
 CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.)
 CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.)
 CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.)
 CVE-2011-3101 (Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors.)
Файлы:Mozilla Foundation Security Advisory 2012-34
 Mozilla Foundation Security Advisory 2012-35
 Mozilla Foundation Security Advisory 2012-36
 Mozilla Foundation Security Advisory 2012-37
 Mozilla Foundation Security Advisory 2012-38
 Mozilla Foundation Security Advisory 2012-39
 Mozilla Foundation Security Advisory 2012-40

DoS против ISC bind
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12412
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при обработке RDATA нулевой длины.
Затронутые продукты:ISC : bind 9.7
 BIND : bind 9.8
CVE:CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record.)
Файлы:Handling of zero length rdata can cause named to terminate unexpectedly

Переполнение буфера в PHP
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12413
Тип:библиотека
Уровень опасности:
6/10
Описание:Переполнение буфера при обработке файлов tar
Затронутые продукты:PHP : PHP 5.4
CVE:CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tar file that triggers a heap-based buffer overflow.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2492-1] php5 security update (13.06.2012)

Уязвимости безопасности в PostgreSQL
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12414
Тип:библиотека
Уровень опасности:
5/10
Описание:Слабая реазлизация crypt(), DoS.
Затронутые продукты:POSTGRES : PostgreSQL 8.4
CVE:CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler.)
 CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contains a 0x80 character, which makes it easier for context-dependent attackers to obtain access via an authentication attempt with an initial substring of the intended password, as demonstrated by a Unicode password.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 2491-1] postgresql-8.4 security update (13.06.2012)

Многочисленные уязвимости безопасности в RealNetworks RealPlayer
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12415
Тип:клиент
Уровень опасности:
6/10
Описание:Многочисленные уязвимости при разборе различных форматов.
Затронутые продукты:REAL : RealPlayer SP 1.1
 REAL : RealPlayer 15.02
CVE:CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.)
 CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.)
 CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.)
 CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.)
 CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.)
Оригинальный текстdocumentZDI, ZDI-12-092 : RealNetworks RealPlayer QCELP Stream Parsing Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-087 : RealNetworks RealPlayer raac.dll stsz Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-086 : RealNetworks RealPlayer rvrender RMFF Flags Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-085 : RealNetworks RealPlayer dmp4 esds Width Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-084 : RealNetworks RealPlayer RV10 Encoded Height/Width Remote Code Execution Vulnerability (13.06.2012)

Уязвимости безопасности в Symantec WebGateway
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12416
Тип:удаленная
Уровень опасности:
6/10
Описание:Выполнение кода, нефильтруемые шел-символы.
Затронутые продукты:SYMANTEC : Symantec Web Gateway 5.0
CVE:CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.)
 CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.)
Оригинальный текстdocumentZDI, ZDI-12-090 : Symantec Web Gateway Shell Command Injection Remote Code Execution Vulnerability (13.06.2012)
 documentZDI, ZDI-12-091 : Symantec Web Gateway upload_file Remote Code Execution Vulnerability (13.06.2012)

Уязвимости безопасности в Network Instruments Observer
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12417
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнения буфера при разборе SNMP
Затронутые продукты:NETWORKINSTRUMEN : Observer 15.1
Оригинальный текстdocumentSECUNIA, Secunia Research: Network Instruments Observer SNMP OID Processing Denial of Service (13.06.2012)
 documentSECUNIA, Secunia Research: Network Instruments Observer SNMP Processing Buffer Overflows (13.06.2012)

Многочисленные уязвимости безопасности в Adobe Flash Player
дополнено с 16 февраля 2012 г.
Опубликовано:13 июня 2012 г.
Источник:
SecurityVulns ID:12208
Тип:клиент
Уровень опасности:
8/10
Описание:Повреждения памяти, обход ограничений, межсайтовый скриптинг.
Затронутые продукты:ADOBE : Flash Player 11.1
CVE:CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, CVE-2012-0762, CVE-2012-0763, CVE-2012-0764, and CVE-2012-0766.)
 CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.)
 CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.)
 CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
 CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted MP4 data.)
 CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via leveraging an unspecified "type confusion.")
 CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.)
Оригинальный текстdocumentZDI, ZDI-12-080 : Adobe Flash Player MP4 Stream Decoding Remote Code Execution Vulnerability (13.06.2012)
 documentADOBE, http://www.adobe.com/support/security/bulletins/apsb12-03.html (16.02.2012)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 13 июня 2012 г.
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12404
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти, утечка информации, выполнение кода.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Scrolling Events Information Disclosure Vulnerability.")
 CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnRowsInserted Event Remote Code Execution Vulnerability.")
 CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "insertRow Remote Code Execution Vulnerability.")
 CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access an undefined memory location, aka "insertAdjacentText Remote Code Execution Vulnerability.")
 CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnBeforeDeactivate Event Remote Code Execution Vulnerability.")
 CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability.")
 CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.)
 CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Same ID Property Remote Code Execution Vulnerability.")
 CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows user-assisted remote attackers to execute arbitrary code by accessing a deleted object, aka "Developer Toolbar Remote Code Execution Vulnerability.")
 CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and initialize string data, which allows remote attackers to obtain sensitive information from process memory via a crafted HTML document, aka "Null Byte Information Disclosure Vulnerability.")
 CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 9 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability.")
 CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability.")
 CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Center Element Remote Code Execution Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "CollectionCache" Remote Use-after-free (MS12-037) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "GetAtomTable" Remote Use-after-free (MS12-037 / CVE-2012-1875) (25.06.2012)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Internet Explorer "Col" Element Remote Heap Overflow (MS12-037 / CVE-2012-1876) (25.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability (17.06.2012)
 documentvulnhunt_(at)_gmail.com, [CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability (17.06.2012)
 documentZDI, ZDI-12-093 : (Pwn2Own) Microsoft Internet Explorer Fixed Table Colspan Remote Code Execution Vulnerability (17.06.2012)
Файлы:Microsoft Security Bulletin MS12-037 - Critical Cumulative Security Update for Internet Explorer (2699988)

Повышение привилегий в ядре FreeBSD
дополнено с 13 июня 2012 г.
Опубликовано:25 июня 2012 г.
Источник:
SecurityVulns ID:12411
Тип:локальная
Уровень опасности:
6/10
Описание:Повышение привилегий при возврате из системного вызова на некоторых платформах.
Затронутые продукты:FREEBSD : FreeBSD 7.4
 FREEBSD : FreeBSD 9.0
 FREEBSD : FreeBSD 8.3
CVE:CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Оригинальный текстdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED] (25.06.2012)
 documentFREEBSD, CVE-2012-0217 (13.06.2012)

Многочисленные уязвимости безопасности в Microsoft Windows
дополнено с 13 июня 2012 г.
Опубликовано:20 августа 2012 г.
Источник:
SecurityVulns ID:12405
Тип:удаленная
Уровень опасности:
7/10
Описание:Выполнение кода в .Net, повышение привилегий через ядро и различные драйверы.
CVE:CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 allows local users to gain privileges via a crafted application, aka "Win32k.sys Race Condition Vulnerability.")
 CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability.")
 CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability.")
 CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.)
 CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.)
 CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability.")
 CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.)
 CVE-2012-0217 (The User Mode Scheduler in the kernel in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 on the Intel x64 platform does not properly handle system requests, which allows local users to gain privileges via a crafted application, aka "User Mode Scheduler Memory Corruption Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-12-141 : Microsoft .NET Framework Clipboard Unsafe Memory Access Remote Code Execution Vulnerability (20.08.2012)
Файлы:Microsoft Security Bulletin MS12-038 - Critical Vulnerability in .NET Framework Could Allow Remote Code Execution (2706726)
 Microsoft Security Bulletin MS12-041 - Important Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2709162)
 Microsoft Security Bulletin MS12-042 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (2711167)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород