157 matches found
Microsoft .NET Framework Multiple Vulnerabilities (2861561)
This host is missing an important security update according to Microsoft Bulletin MS13-052. OpenVAS Vulnerability Test $Id: secpodms13-052.nasl 5555 2017-03-13 08:59:20Z cfi $ Microsoft .NET Framework Multiple Vulnerabilities 2861561 Authors: Antu Sanadi Copyright: Copyright c 2013 SecPod,...
Microsoft Windows 'Win32k.sys' 本地权限提升漏洞(CVE-2013-1333)(MS13-046)
BUGTRAQ ID: 59749 CVECAN ID: CVE-2013-1333 Microsoft Windows是微软公司推出的一系列操作系统。 如果 Windows 内核模式驱动程序不正确地处理内存中的对象,则存在一个特权提升漏洞。成功利用此漏洞的攻击者可能导致系统不稳定。 0 Microsoft Windows XP Microsoft Windows Windows Server 2012 Microsoft Windows Windows RT Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft...
MS13-041: Vulnerability in Lync could allow remote code execution: May 14, 2013
Resolves a vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted file or previews a specially crafted email message in an affected version of Microsoft Office software.INTRODUCTIONMicrosoft has released security bulletin MS13-041. To view the...
Microsoft Windows Kernel本地权限提升漏洞(CVE-2013-1294)(MS13-031)
BUGTRAQ ID: 58862 CVECAN ID: CVE-2013-1294 Microsoft Windows是微软公司推出的一系列操作系统。 如果 Windows 内核不正确地处理内存中的对象,则存在一个特权提升漏洞。成功利用此漏洞的攻击者可以获得更高的特权和读取任意多次内核内存。 0 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2003 Microsoft Windows 8 Microsoft Windows 7...
Microsoft Windows 本地权限提升漏洞(MS13-005/CVE-2013-0008)
Bugtraq ID:57135 CVE ID: CVE-2013-0008 Microsoft Windows是一款流行的操作系统 Microsoft内核win32k.sys不正确处理window广播消息,允许本地用户利用漏洞提升权限 0 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows RT Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microsoft Windows Vista 厂商解决方案...
MS12-070: Description of the security update for SQL Server 2012 QFE: October 9, 2012
None None...
Microsoft SharePoint 跨站脚本漏洞(CVE-2012-1863)
Bugtraq ID:54316 CVE ID:CVE-2012-1863 Microsoft SharePoint Server是一款服务器功能集成套件,提供全面的内容管理和企业搜索、加速共享业务流程并便利跨界限信息共享。 Microsoft SharePoint Server存在一个跨站脚本漏洞,允许攻击者通过URL中特制的JavaScript元素,注入任意WEB脚本或HTML,攻击者可以利用漏洞获得敏感信息或劫持用户会话。 0 Microsoft SharePoint Foundation 2010 SP1 Microsoft SharePoint Foundation 2010...
Three Critical Fixes in July Microsoft Patch Tuesday
Microsoft issued nine bulletins fixing 16 vulnerabilities in the July 2012 edition of Patch Tuesday. Three of the bulletins received Microsoft’s most severe ‘critical’ rating, while the remaining six were deemed merely ‘important.’ First and foremost among the critical patches is MS12-043, a fix...
Microsoft XML Core Services MSXML Uninitialized Memory Corruption
Exploit for windows platform in category remote exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework...
Seven Bulletins in Microsoft's June Patch
In the June 2012 edition of Patch Tuesday, Microsoft shipped seven security bulletins, of which, only three were deemed worthy of a critical rating. This month’s critical fixes are all remote code execution vulnerabilities in Windows, Internet Explorer, and the .NET framework. The first, MS12-036...
MS12-036: Vulnerabilities in Remote Desktop could allow remote code execution: June 12, 2012
None None...
Stratfor Subscribers Experience Phishing Attempts
Cybercriminals continue targeting customers of Stratfor, the well-known, Texas-based security and policy think-tank hacked by Anonymous on Christmas, according to a TechNet report. Social engineers have been sending malicious and fraudulent emails to Strafor subscribers since their customer...
Microsoft Now Using IP Address to Map Malware Infections
Microsoft has a new way of determining the geolocation of systems infected with malware, and it had subtle but relevant effects on the 11th volume of the Microsoft Security Intelligence Report. It’s a novel concept, instead of relying on an administrator-specified setting that anyone with hands a...
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Удалённое исполнение произвольного кода. Подвержены все 32 и 64 битные версии: Windows 7 Windows Vista Server 2008 в т.ч. R2 Подробнее тут Новость нашел на хабре...
Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
Microsoft SharePoint Server 2007 and SharePoint Services 3.0 are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Microsoft Windows DNS Server未初始化内存远程拒绝服务漏洞
Bugtraq ID: 49019 CVE ID:CVE-2011-1970 Microsoft Windows是一款流行的操作系统。 Windows DNS服务处理一个查询不存在域的请求时存在错误,不正确处理未初始化的内存对象可导致DNS服务停止响应,造成拒绝服务攻击。 Microsoft Windows Server 2008 Standard Edition SP2 Microsoft Windows Server 2008 Standard Edition Release Candidate Microsoft Windows Server 2008 Standard Editi...
Microsoft Ships 16 Fixes in June's Patch Tuesday
Microsoft patched nine critical vulnerabilities and seven important vulnerabilities, pushing out a total of 16 patches in the June edition of Patch Tuesday. One of the bugs patched was used to compromise Internet Explorer during the Pwn2Own contest this year. Four of the critical vulnerabilities...
Microsoft Releases Security Advisory 2501696
Microsoft has released Microsoft security advisory 2501696 indicating that it is investigating public reports of a vulnerability affecting Windows. This vulnerability is due to the way MHTML interprets MIME-formatted requests for content blocks within a document. Exploitation of this vulnerabilit...
Microsoft Internet Explorer - 'Winhlp32.exe' MsgBox Code Execution (MS10-023) (Metasploit)
$Id: ms10022ievbscriptwinhlp32.rb 10504 2010-09-28 16:19:50Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Office Excel OBJ记录解析栈溢出漏洞(MS10-038)
BUGTRAQ ID: 40520 CVE ID: CVE-2010-0822 Excel是微软Office套件中的电子表格工具。 Excel在解析电子表格中的畸形OBJ(recType 0x5D)记录时存在栈溢出漏洞,用户受骗打开了畸形的Excel文档就会导致执行任意代码。 Microsoft Excel 2002 SP3 Microsoft Office 2008 for Mac Microsoft Office 2004 for Mac 临时解决方法: 不要打开从不可信任来源接收到或从可信任来源意外接收到的Excel文件。 厂商补丁: Microsoft ---------...