Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft WIndows DNS Server DoS
Published:14.03.2012
Source:
SecurityVulns ID:12247
Type:remote
Threat Level:
6/10
Description:Crash on request processing.
Affected:MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2012-0006 (The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability.")
Files:Microsoft Security Bulletin MS12-017 - Important Vulnerability in DNS Server Could Allow Denial of Service (2647170)

Microsoft Expression Design unsafe DLL loading
Published:14.03.2012
Source:
SecurityVulns ID:12248
Type:client
Threat Level:
5/10
Description:Unsafe DLL loading on .xpr and .design files processing.
Affected:MICROSOFT : Microsoft Expression Design 2
 MICROSOFT : Microsoft Expression Design 3
 MICROSOFT : Microsoft Expression Design 4
CVE:CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; Expression Design SP1; and Expression Design 2, 3, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .xpr or .DESIGN file, aka "Expression Design Insecure Library Loading Vulnerability.")
Files:Microsoft Security Bulletin MS12-022 - Important Vulnerability in Expression Design Could Allow Remote Code Execution (2651018)

Microsoft Visual Studio code execution
Published:14.03.2012
Source:
SecurityVulns ID:12249
Type:local
Threat Level:
5/10
Description:Unsafe add-in loading
Affected:MICROSOFT : Microsoft Visual Studio 2010
 MICROSOFT : Microsoft Visual Studio 2008
CVE:CVE-2012-0008 (Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability.")

Microsoft Windows multiple security vulnerabilities
Published:14.03.2012
Source:
SecurityVulns ID:12250
Type:remote
Threat Level:
8/10
Description:Kernel drivers privileges escalation, DirectWrite API DoS, RDP memory corruption and DoS.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability.")
 CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability.")
 CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability.")
 CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability.")
Files:Microsoft Security Bulletin MS12-018 - Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2641653)
 Microsoft Security Bulletin MS12-019 - Moderate Vulnerability in DirectWrite Could Allow Denial of Service (2665364)
 Microsoft Security Bulletin MS12-020 - Critical Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod