Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Windows security vulnerabilities
Published:15.01.2014
Source:
SecurityVulns ID:13526
Type:library
Threat Level:
6/10
Description:Privilege escalations via NDProxy and win32k.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability.")
 CVE-2013-5065 (NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.)
Files:Microsoft Security Bulletin MS14-002 - Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2914368)
 Microsoft Security Bulletin MS14-003 - Important Vulnerability in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2913602)

Microsoft Office multiple security vulnerabilities
Published:15.01.2014
Source:
SecurityVulns ID:13527
Type:client
Threat Level:
7/10
Description:Multiple memory corruptions on Microsoft Word documents parsing.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2007
 MICROSOFT : Office 2010
 MICROSOFT : Office 2013
CVE:CVE-2014-0260 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office Compatibility Pack SP3; Word Viewer; SharePoint Server 2010 SP1 and SP2 and 2013; Office Web Apps 2010 SP1 and SP2; and Office Web Apps Server 2013 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability.")
 CVE-2014-0259 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability.")
 CVE-2014-0258 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability.")
Files:Microsoft Security Bulletin MS14-001 - Important Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605)

Microsoft Dynamics AX DoS
Published:15.01.2014
Source:
SecurityVulns ID:13528
Type:remote
Threat Level:
5/10
Description:Query filter hangs on request processing.
Affected:MICROSOFT : Dynamics AX 2012
 MICROSOFT : Dynamics AX 4.0
 MICROSOFT : Dynamics AX 2009
CVE:CVE-2014-0261 (Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service (instance outage) via crafted data to an Application Object Server (AOS) instance, aka "Query Filter DoS Vulnerability.")
Files:Microsoft Security Bulletin MS14-004 - Important Vulnerability in Microsoft Dynamics AX Could Allow Denial of Service (2880826)

graphviz buffer overflow
Published:15.01.2014
Source:
SecurityVulns ID:13529
Type:library
Threat Level:
4/10
Description:Buffer overflow on file parsing.
Affected:GRAPHVIZ : graphviz 2.34
CVE:CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list.")
 CVE-2014-0978 (Stack-based buffer overflow in the yyerror function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via a long line in a dot file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 2843-1] graphviz security update (15.01.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod