Test Kennung:	1.3.6.1.4.1.25623.1.0.801725
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS08-052.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-052. Vulnerability Insight: The issues are caused by memory corruptions, integer, heap and buffer overflows, and input validation errors in GDI+ when rendering malformed WMF, PNG, TIFF and BMP images, or when processing Office Art Property Tables in Office documents. Vulnerability Impact: Successful exploitation could allow attackers to crash an affected application or execute arbitrary code. Affected Software/OS: - Microsoft SQL Server 2005 SP 2/3 - Microsoft Office Excel Viewer 2007 - Microsoft Office XP/2003 SP 3 and prior - Microsoft Office Visio 2002 SP 2 and prior - Microsoft Office Groove 2007 SP1 and prior - Microsoft Excel Viewer 2003 SP 3 and prior - Microsoft Office 2007 System SP 1/2 and prior - Microsoft Office Word Viewer 2003 SP 3 and prior - Microsoft Office Visio Viewer 2007 SP 2 and prior - Microsoft Office PowerPoint Viewer 2007 SP 2 and prior - Microsoft Visual Studio 2008 SP 1 and prior - Microsoft Visual Studio .NET 2003 SP 1 and prior - Microsoft Windows 2000 SP4 with Internet Explorer 6 SP 1 - Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2 - Microsoft Office PowerPoint Viewer 2003 - Microsoft Office PowerPoint Viewer 2007 Service Pack 1 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 31018 BugTraq ID: 31019 BugTraq ID: 31020 BugTraq ID: 31021 BugTraq ID: 31022 Common Vulnerability Exposure (CVE) ID: CVE-2007-5348 http://www.securityfocus.com/bid/31018 Cert/CC Advisory: TA08-253A http://www.us-cert.gov/cas/techalerts/TA08-253A.html HPdes Security Advisory: HPSBST02372 http://marc.info/?l=bugtraq&m=122235754013992&w=2 HPdes Security Advisory: SSRT080133 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=743 Microsoft Security Bulletin: MS08-052 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6055 http://www.securitytracker.com/id?1020834 http://secunia.com/advisories/32154 http://www.vupen.com/english/advisories/2008/2520 http://www.vupen.com/english/advisories/2008/2696 Common Vulnerability Exposure (CVE) ID: CVE-2008-3012 http://www.securityfocus.com/bid/31019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6040 http://www.securitytracker.com/id?1020835 Common Vulnerability Exposure (CVE) ID: CVE-2008-3013 http://www.securityfocus.com/bid/31020 Bugtraq: 20080909 ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496154/100/0/threaded http://ifsec.blogspot.com/2008/09/windows-gdi-gif-memory-corruption.html http://www.zerodayinitiative.com/advisories/ZDI-08-056 http://www.zerodayinitiative.com/advisories/ZDI-08-056/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5986 http://www.securitytracker.com/id?1020836 Common Vulnerability Exposure (CVE) ID: CVE-2008-3014 http://www.securityfocus.com/bid/31021 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6004 http://www.securitytracker.com/id?1020837 Common Vulnerability Exposure (CVE) ID: CVE-2008-3015 http://www.securityfocus.com/bid/31022 Bugtraq: 20080909 ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/496153/100/0/threaded https://www.exploit-db.com/exploits/6619 https://www.exploit-db.com/exploits/6716 http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability.txt http://www.evilfingers.com/patchTuesday/MS08_052_GDI+_Vulnerability_ver2.txt http://www.zerodayinitiative.com/advisories/ZDI-08-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5881 http://www.securitytracker.com/id?1020838
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.