Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Office
Опубликовано:15 декабря 2011 г.
Источник:
SecurityVulns ID:12092
Тип:клиент
Уровень опасности:
7/10
Описание:Повышение привилегий, использование памяти после освобождения, небезопасная загрузка библиотек, повреждение памяти.
Затронутые продукты:MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
 MICROSOFT : Office 2011 for Mac
CVE:CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability.")
 CVE-2011-3412 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability.")
 CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability.")
 CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability.")
 CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability.")
 CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability.")
 CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability.")
 CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability.")
 CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability (15.12.2011)
 documentZDI, ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability (15.12.2011)
Файлы:Microsoft Security Bulletin MS11-088 - Important Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
 Microsoft Security Bulletin MS11-089 - Important Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
 Microsoft Security Bulletin MS11-094 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
 Microsoft Security Bulletin MS11-096 - Important Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
 Microsoft Security Bulletin MS11-091 - Important Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)

Повреждение памяти в Microsoft Windows Media
Опубликовано:15 декабря 2011 г.
Источник:
SecurityVulns ID:12093
Тип:локальная
Уровень опасности:
4/10
Описание:Повреждение памяти при разборе файлов .dvr-ms
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 7
CVE:CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability.")
Файлы:Microsoft Security Bulletin MS11-092 - Critical Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)

Переполнение буфера в Microsoft Active Directory
Опубликовано:15 декабря 2011 г.
Источник:
SecurityVulns ID:12094
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе запроса LDAP.
CVE:CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability.")
Файлы:Microsoft Security Bulletin MS11-095 - Important Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

Многочисленные уязвимости безопасности Microsoft Windows
дополнено с 15 декабря 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12090
Тип:клиент
Уровень опасности:
9/10
Описание:Переполнение буфера при разборе шрифтов TTF, повреждение памяти при разборе объектов OLE, повышение приуилегий через CSRSS и ядро системы, выполнение кода через ActiveX.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2008 Server_
CVE:CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability.")
 CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability.")
 CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) (26.12.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) (26.12.2011)
Файлы:Microsoft Security Bulletin MS11-087 - Critical Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
 Microsoft Security Bulletin MS11-093 - Important Vulnerability in OLE Could Allow Remote Code Execution (2624667)
 Microsoft Security Bulletin MS11-097 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
 Microsoft Security Bulletin MS11-098 - Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
 Microsoft Security Bulletin MS11-090 - Critical Cumulative Security Update of ActiveX Kill Bits (2618451)

Многочисленные уязвимости безопасности в Microsoft Internet Explorer
дополнено с 15 декабря 2011 г.
Опубликовано:26 декабря 2011 г.
Источник:
SecurityVulns ID:12091
Тип:клиент
Уровень опасности:
6/10
Описание:Утечка информации, небезопасная загрузка библиотек.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability.")
 CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability.")
 CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability.")
Оригинальный текстdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) (26.12.2011)
Файлы:Microsoft Security Bulletin MS11-099 - Important Cumulative Security Update for Internet Explorer (2618444)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород