Microsoft Windows内核'Win32k.sys'本地权限提升漏洞(CVE-2014-0300)

BUGTRAQ ID: 66003 CVECAN ID: CVE-2014-0300 Windows是一款由美国微软公司开发的窗口化操作系统。 Windows内核模式驱动程序没有正确处理内存对象，在实现上存在权限提升漏洞。恶意利用后可导致权限提升并读取任意大小的内核内存。 0 Microsoft Windows XP Home Edition Microsoft Windows Windows XP Professional Microsoft Windows Windows Server 2012 Microsoft Windows Vista Microsoft Windows...

Microsoft VBScript 远程代码执行漏洞(CVE-2014-0271)(MS14-010)

BUGTRAQ ID: 65395 CVECAN ID: CVE-2014-0271 Internet Explorer是微软公司推出的一款网页浏览器。 VBScript引擎除了内存对象时存在远程代码执行漏洞。该漏洞可破坏内存，使攻击者可以在当前用户上下文中执行任意代码。 0 Microsoft Internet Explorer 6-11 临时解决方法： 设置互联网和内联网安全区域设置为“高” 配置IE在运行活动脚本之前提示或直接禁用。 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS14-010）以及相应补丁:...

Microsoft Windows Kernel 'Win32k.sys'本地权限提升漏洞(CVE-2013-3881)(MS13-081)

BUGTRAQ ID: 62830 CVECAN ID: CVE-2013-3881 Windows是一款由美国微软公司开发的窗口化操作系统。 Windows内核模式驱动程序处理内存对象时存在本地权限提升漏洞，成功利用后可在内核模式中运行任意代码。 0 Microsoft Windows XP Microsoft Windows Windows Server 2012 Microsoft Windows Windows RT Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 200...

CVE-2013-1340

CVE-2013-1340 is a Windows kernel local privilege-escalation vulnerability in the Win32k.sys component (Win32k Dereference Vulnerability). The flaw occurs in memory object handling within the Win32k kernel-mode driver and affects multiple Windows platforms including XP SP2/SP3, Server 2003 SP2, V...

PT-2013-4174 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: The issue arises from Internet Explorer improperly accessing an object in memory, leading to potential remote code execution. This could result in memory corruption, allowing an...

PT-2013-3066 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Internet Explorer affected versions not specified Description: The issue is related to the way Internet Explorer accesses an object in memory that has been deleted, potentially leading to memory corruption. This could allow an attacker to...

CVE-2013-1347

CVE-2013-1347 (Internet Explorer 8) is a remote code execution vulnerability in IE8 arising from a use-after-free in CGenericElement/mshtml.dll when handling in-memory objects. Exploitation in the wild during 2013 (notably DoL incident) demonstrated remote code execution by visiting a crafted web...

Microsoft RDP ActiveX Control Remote Code Execution Vulnerability (2828223)

This host is missing a critical security update according to Microsoft Bulletin MS13-029. OpenVAS Vulnerability Test $Id: secpodms13-029.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft RDP ActiveX Control Remote Code Execution Vulnerability 2828223 Authors: Veerendra GG Copyright: Copyright c 2013...

Race condition

Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling ...

CVE-2013-1285

The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to...

PT-2013-2066 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 7 through 10 Description: The issue allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object. This occurs due to the way Internet Explorer accesses ...

Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0004)

Bugtraq ID:57113 CVE ID: CVE-2013-0004 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework里存在的一个两次构建错误会导致不正确验证内存中某些对象的权限，攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用，诱使用户解析，可完全控制应用系统，执行任意代码 0 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.0 Microsoft .NET Framework...

Microsoft .NET Framework 远程权限提升漏洞(CVE-2013-0003)

Bugtraq ID:57114 CVE ID: CVE-2013-0003 Microsoft .NET Framework是一套由Microsoft分发的帮助开发者构建基于WEB应用的系统 Microsoft .NET Framework System.DirectoryServices.Protocols S.DS.P命名空间方法没有正确校验内存中的对象大小，在拷贝这些对象到数组之前缺少正确的边界检查，可触发缓冲区溢出。攻击者可以构建特制的XMAL浏览器应用XBAP或不可信的.Net应用，诱使用户解析，可完全控制应用系统，执行任意代码 0 Microsoft .NET...

MS12-036: Vulnerability in Remote Desktop Could Allow Remote Code Execution (2685939) (uncredentialed check)

Binary data ms12-036dos.nbin...

PT-2012-3327 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 9 Description: A remote code execution issue exists due to improper handling of objects in memory. This allows attackers to execute arbitrary code by accessing a deleted object, potentially corrupting memor...

CVE-2012-1874

CVE-2012-1874 concerns Microsoft Internet Explorer 8 and 9. A use-after-free vulnerability in the IE Developer Toolbar leads to remote code execution when accessing a freed console object, due to incorrect handling of object lifetimes in memory. Public details from security analyses describe a he...

PT-2012-3622 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 8 through 9 Description: A remote code execution issue exists due to improper handling of objects in memory by Internet Explorer, allowing attackers to execute arbitrary code by accessing a deleted object...

PT-2012-3616 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Description: A remote code execution issue exists due to improper handling of objects in memory. This allows attackers to execute arbitrary code by accessing a deleted object, potentially corrupting memor...

MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) (uncredentialed check)

Binary data ms12-020remote.nbin...

Microsoft Windows Remote Desktop Protocol Code Execution (MS12-020; CVE-2012-0002)

A remote code execution vulnerability has been reported in Microsoft Windows. The vulnerability is due to an error in the way that the Remote Desktop Protocol RDP accesses an object in memory that has been improperly initialized or has been deleted. A remote attacker may exploit this issue by...