Microsoft Exchange Server Remote Privilege Escalation Vulnerability (4013242)

This host is missing an important security update according to Microsoft Bulletin MS17-015. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

APT Group Embeds C&C Data on TechNet Pages

The so-called Deputy Dog APT group has surfaced again with a means of keeping its command and control servers under wraps that involves Microsoft’s TechNet online resources. New research published last week by Microsoft and FireEye revealed targeted attacks against organizations have been...

Microsoft SharePoint 跨站脚本漏洞(CVE-2012-1863)

Bugtraq ID:54316 CVE ID:CVE-2012-1863 Microsoft SharePoint Server是一款服务器功能集成套件，提供全面的内容管理和企业搜索、加速共享业务流程并便利跨界限信息共享。 Microsoft SharePoint Server存在一个跨站脚本漏洞，允许攻击者通过URL中特制的JavaScript元素，注入任意WEB脚本或HTML，攻击者可以利用漏洞获得敏感信息或劫持用户会话。 0 Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Foundation 2010...

Microsoft Windows DNS Server未初始化内存远程拒绝服务漏洞

Bugtraq ID: 49019 CVE ID：CVE-2011-1970 Microsoft Windows是一款流行的操作系统。 Windows DNS服务处理一个查询不存在域的请求时存在错误，不正确处理未初始化的内存对象可导致DNS服务停止响应，造成拒绝服务攻击。 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Editi...

Microsoft Technet Cross Site Scripting

A cross site scripting vulnerability was discovered by t3am3lite on the Microsoft technet site. Full blog with screenshots: http://security-sh3ll.blogspot.com/2009/11/microsoft-technet-vulnerable-to-cross.html Exploitation:...

PowerPoint畸形文件解析代码执行漏洞

BUGTRAQ ID: 34351 CVECAN ID: CVE-2009-0556 Microsoft PowerPoint是微软Office套件中的文档演示工具。 PowerPoint在解析特制的PPT文件时可能会导致访问内存中的无效对象，这可能允许攻击者执行任意代码。目前这个漏洞正在被名为Exploit:Win32/Apptom.gen的病毒积极的理由。 Microsoft PowerPoint 2004 for Mac Microsoft PowerPoint 2003 SP3 Microsoft PowerPoint 2002 SP3 Microsoft PowerPoint...