Windows : Microsoft Bulletins : Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.802864

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)

Zusammenfassung: This host is installed with Microsoft XML Core Services and; is prone to remote code execution vulnerability.

Beschreibung: Summary:
This host is installed with Microsoft XML Core Services and
is prone to remote code execution vulnerability.

Vulnerability Insight:
Microsoft XML Core Services attempts to access
an object in memory that has not been initialized, which allows an attacker to
corrupt memory.

Vulnerability Impact:
Successful exploitation could allow remote
attackers to execute arbitrary code as the logged-on user.

Affected Software/OS:
- Microsoft Expression Web 2

- Microsoft Office Word Viewer

- Microsoft Office Compatibility

- Microsoft Office 2003 Service Pack 3 and prior

- Microsoft Office 2007 Service Pack 3 and prior

- Microsoft Expression Web Service Pack 1 and prior

- Microsoft Groove Server 2007 Service Pack 3 and prior

- Microsoft SharePoint Server 2007 Service Pack 3 and prior

- Microsoft Windows XP x32 Edition Service Pack 3 and prior

- Microsoft Windows XP x64 Edition Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior

- Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

- Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Solution:
Apply the patch from the referenced advisory.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2012-1889
Cert/CC Advisory: TA12-174A
http://www.us-cert.gov/cas/techalerts/TA12-174A.html
Cert/CC Advisory: TA12-192A
http://www.us-cert.gov/cas/techalerts/TA12-192A.html
Microsoft Security Bulletin: MS12-043
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195

Copyright This script is Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.802864
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft XML Core Services Remote Code Execution Vulnerability (2719615)
Zusammenfassung:	This host is installed with Microsoft XML Core Services and; is prone to remote code execution vulnerability.
Beschreibung:	Summary: This host is installed with Microsoft XML Core Services and is prone to remote code execution vulnerability. Vulnerability Insight: Microsoft XML Core Services attempts to access an object in memory that has not been initialized, which allows an attacker to corrupt memory. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code as the logged-on user. Affected Software/OS: - Microsoft Expression Web 2 - Microsoft Office Word Viewer - Microsoft Office Compatibility - Microsoft Office 2003 Service Pack 3 and prior - Microsoft Office 2007 Service Pack 3 and prior - Microsoft Expression Web Service Pack 1 and prior - Microsoft Groove Server 2007 Service Pack 3 and prior - Microsoft SharePoint Server 2007 Service Pack 3 and prior - Microsoft Windows XP x32 Edition Service Pack 3 and prior - Microsoft Windows XP x64 Edition Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Solution: Apply the patch from the referenced advisory. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2012-1889 Cert/CC Advisory: TA12-174A http://www.us-cert.gov/cas/techalerts/TA12-174A.html Cert/CC Advisory: TA12-192A http://www.us-cert.gov/cas/techalerts/TA12-192A.html Microsoft Security Bulletin: MS12-043 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15195
Copyright	This script is Copyright (C) 2012 Greenbone Networks GmbH