Информационная безопасность
[RU] switch to English


DoS против DNS-сервер в Microsoft Windows
Опубликовано:14 марта 2012 г.
Источник:
SecurityVulns ID:12247
Тип:удаленная
Уровень опасности:
6/10
Описание:Отказ при обработке запроса.
Затронутые продукты:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2012-0006 (The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-017 - Important Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Небезопасная загрузка DLL в Microsoft Expression Design
Опубликовано:14 марта 2012 г.
Источник:
SecurityVulns ID:12248
Тип:клиент
Уровень опасности:
5/10
Описание:Небезопасная загрузка DLL при обработке файлов .xpr и .design
Затронутые продукты:MICROSOFT : Microsoft Expression Design 2
 MICROSOFT : Microsoft Expression Design 3
 MICROSOFT : Microsoft Expression Design 4
CVE:CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-022 - Important Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

Выполнение кода в Microsoft Visual Studio
Опубликовано:14 марта 2012 г.
Источник:
SecurityVulns ID:12249
Тип:локальная
Уровень опасности:
5/10
Описание:Небезопасная загрузка add-in
Затронутые продукты:MICROSOFT : Microsoft Visual Studio 2010
 MICROSOFT : Microsoft Visual Studio 2008
CVE:CVE-2012-0008 (Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability.")

Многочисленные уязвимости безопасности в Microsoft Windows
Опубликовано:14 марта 2012 г.
Источник:
SecurityVulns ID:12250
Тип:удаленная
Уровень опасности:
8/10
Описание:Повышение привилегий через драйверы, DoS против DirectWrite, повреждение памяти и DoS в RDP.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability.")
 CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability.")
 CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability.")
 CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability.")
Файлы:Microsoft Security Bulletin MS12-018 - Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
 Microsoft Security Bulletin MS12-019 - Moderate Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
 Microsoft Security Bulletin MS12-020 - Critical Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород