Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Word security vulnerabilities
Published:09.10.2012
Source:
SecurityVulns ID:12623
Type:client
Threat Level:
6/10
Description:Memory corruption, use-after-free.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : Word Viewer
 MICROSOFT : Office Web Apps 2010
CVE:CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; Office Compatibility Pack SP2 and SP3; Word Automation Services on Microsoft SharePoint Server 2010; and Office Web Apps 2010 SP1 allows remote attackers to execute arbitrary code via a crafted RTF document, aka "RTF File listid Use-After-Free Vulnerability.")
 CVE-2012-0182 (Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability.")
Files:Microsoft Security Bulletin MS12-064 - Critical Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319)

Microsoft Works memory corruption
Published:09.10.2012
Source:
SecurityVulns ID:12624
Type:local
Threat Level:
5/10
Description:Memory corruption on Word files parsing.
Affected:MICROSOFT : Works 9
CVE:CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Word .doc file, aka "Works Heap Vulnerability.")
Files:Microsoft Security Bulletin MS12-065 - Important Vulnerability in Microsoft Works Could Allow Remote Code Execution (2754670)

Multiple Microsoft web applications crossite scripting
Published:09.10.2012
Source:
SecurityVulns ID:12625
Type:remote
Threat Level:
6/10
Description:Insufficient HTML sanitization
Affected:MICROSOFT : SharePoint Server 2007
 MICROSOFT : InfoPath 2007
 MICROSOFT : InfoPath 2010
 MICROSOFT : SharePoint Server 2010
 MICROSOFT : SharePoint Foundation 2010
 MICROSOFT : Lync 2010
 MICROSOFT : Microsoft Communicator 2007
 MICROSOFT : Office Web Apps 2010
 MICROSOFT : Groove Server 2010
 MICROSOFT : Windows SharePoint Services 3.0
CVE:CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability.")
Files:Microsoft Security Bulletin MS12-066 - Important Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517)

Microsoft Fast Search Server vulnerabilities
Published:09.10.2012
Source:
SecurityVulns ID:12626
Type:remote
Threat Level:
5/10
Description:Multiple vulnerabilities in Oracle Outside In built-in libraries.
Affected:MICROSOFT : FAST Search Server 2010
CVE:CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
Files:Microsoft Security Bulletin MS12-067 - Important Vulnerabilities in FAST Search Server 2010 for SharePoint Parsing Could Allow Remote Code Execution (2742321)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod