Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Office multiple security vulnerabilities
Published:15.12.2011
Source:
SecurityVulns ID:12092
Type:client
Threat Level:
7/10
Description:Privilege escalation, use-after-free, insecure DLL loading, memory corruption.
Affected:MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
 MICROSOFT : Office 2007
 MICROSOFT : Office 2008 for Mac
 MICROSOFT : Office 2010
 MICROSOFT : Office 2011 for Mac
CVE:CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability.")
 CVE-2011-3412 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability.")
 CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability.")
 CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability.")
 CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability.")
 CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability.")
 CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability.")
 CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability.")
 CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability.")
Original documentdocumentZDI, ZDI-11-346 : Microsoft Office 2007 Office Art Shape Record Hierarchy Parsing Remote Code Execution Vulnerability (15.12.2011)
 documentZDI, ZDI-11-347 : Microsoft Office Word Hidden Border Remote Code Execution Vulnerability (15.12.2011)
Files:Microsoft Security Bulletin MS11-088 - Important Vulnerability in Microsoft Office IME (Chinese) Could Allow Elevation of Privilege (2652016)
 Microsoft Security Bulletin MS11-089 - Important Vulnerability in Microsoft Office Could Allow Remote Code Execution (2590602)
 Microsoft Security Bulletin MS11-094 - Important Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2639142)
 Microsoft Security Bulletin MS11-096 - Important Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241)
 Microsoft Security Bulletin MS11-091 - Important Vulnerabilities in Microsoft Publisher Could Allow Remote Code Execution (2607702)

Microsoft Windows Media memory corruption
Published:15.12.2011
Source:
SecurityVulns ID:12093
Type:local
Threat Level:
4/10
Description:Memory corruption on .dvr-ms files parsing.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 7
CVE:CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability.")
Files:Microsoft Security Bulletin MS11-092 - Critical Vulnerability in Windows Media Could Allow Remote Code Execution (2648048)

Microsoft Active Directory buffer overflow
Published:15.12.2011
Source:
SecurityVulns ID:12094
Type:remote
Threat Level:
6/10
Description:Buffer overflow on LDAP request parsing.
CVE:CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability.")
Files:Microsoft Security Bulletin MS11-095 - Important Vulnerability in Active Directory Could Allow Remote Code Execution (2640045)

Microsoft Windows multiple security vulnerabilities
updated since 15.12.2011
Published:26.12.2011
Source:
SecurityVulns ID:12090
Type:client
Threat Level:
9/10
Description:Buffer overflow on TTF fonts parsing, OLE objects memory corruption, CSRSS and kernel privilege escalations, ActiveX code execution.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
 MICROSOFT : Windows 2008 Server_
CVE:CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability.")
 CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability.")
 CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability.")
 CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability.")
 CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free Vulnerability (MS11-090) (26.12.2011)
 documentVUPEN Security Research, VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution Vulnerability (MS11-090) (26.12.2011)
Files:Microsoft Security Bulletin MS11-087 - Critical Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2639417)
 Microsoft Security Bulletin MS11-093 - Important Vulnerability in OLE Could Allow Remote Code Execution (2624667)
 Microsoft Security Bulletin MS11-097 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (2620712)
 Microsoft Security Bulletin MS11-098 - Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (2633171)
 Microsoft Security Bulletin MS11-090 - Critical Cumulative Security Update of ActiveX Kill Bits (2618451)

Microsoft Internet Explorer multiple security vulnerabilities
updated since 15.12.2011
Published:26.12.2011
Source:
SecurityVulns ID:12091
Type:client
Threat Level:
6/10
Description:Information leakage, insecure library loading.
Affected:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability.")
 CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability.")
 CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability.")
Original documentdocumentVUPEN Security Research, VUPEN Security Research - Microsoft Windows Media Player DVR-MS Buffer Overflow Vulnerability (MS11-092) (26.12.2011)
Files:Microsoft Security Bulletin MS11-099 - Important Cumulative Security Update for Internet Explorer (2618444)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod