Windows : Microsoft Bulletins : Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.901211

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS12-060.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS12-060.

Vulnerability Insight:
The flaw is due to an error within the TabStrip ActiveX control
in MSCOMCTL.OCX file and can be exploited to execute arbitrary code.

Vulnerability Impact:
Successful exploitation could allow an attacker to execute arbitrary code
within the context of the application.

Affected Software/OS:
- Microsoft Visual Basic 6.0

- Microsoft Commerce Server 2009

- Microsoft SQL Server 2000 Service Pack 4

- Microsoft SQL Server 2005 Service Pack 4

- Microsoft SQL Server 2008 Service Pack 2

- Microsoft SQL Server 2008 Service Pack 3

- Microsoft Visual FoxPro 8.0 Service Pack 1

- Microsoft Visual FoxPro 9.0 Service Pack 2

- Microsoft Commerce Server 2002 Service Pack 4

- Microsoft Commerce Server 2007 Service Pack 2

- Microsoft Office 2003 Service Pack 3 and prior

- Microsoft Office 2007 Service Pack 3 and prior

- Microsoft Office 2010 Service Pack 1 and prior

- Microsoft Host Integrati on Microsoft Windows Server 2004 Service Pack 1

- Microsoft SQL Server 2000 Analysis Services Service Pack 4

- Microsoft SQL Server 2005 Express with Advanced Services Service Pack 4

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 54948
Common Vulnerability Exposure (CVE) ID: CVE-2012-1856
http://www.securityfocus.com/bid/54948
Cert/CC Advisory: TA12-227A
http://www.us-cert.gov/cas/techalerts/TA12-227A.html
Microsoft Security Bulletin: MS12-060
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447

Copyright Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.901211
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Common Controls Remote Code Execution Vulnerability (2720573)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS12-060.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-060. Vulnerability Insight: The flaw is due to an error within the TabStrip ActiveX control in MSCOMCTL.OCX file and can be exploited to execute arbitrary code. Vulnerability Impact: Successful exploitation could allow an attacker to execute arbitrary code within the context of the application. Affected Software/OS: - Microsoft Visual Basic 6.0 - Microsoft Commerce Server 2009 - Microsoft SQL Server 2000 Service Pack 4 - Microsoft SQL Server 2005 Service Pack 4 - Microsoft SQL Server 2008 Service Pack 2 - Microsoft SQL Server 2008 Service Pack 3 - Microsoft Visual FoxPro 8.0 Service Pack 1 - Microsoft Visual FoxPro 9.0 Service Pack 2 - Microsoft Commerce Server 2002 Service Pack 4 - Microsoft Commerce Server 2007 Service Pack 2 - Microsoft Office 2003 Service Pack 3 and prior - Microsoft Office 2007 Service Pack 3 and prior - Microsoft Office 2010 Service Pack 1 and prior - Microsoft Host Integrati on Microsoft Windows Server 2004 Service Pack 1 - Microsoft SQL Server 2000 Analysis Services Service Pack 4 - Microsoft SQL Server 2005 Express with Advanced Services Service Pack 4 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 54948 Common Vulnerability Exposure (CVE) ID: CVE-2012-1856 http://www.securityfocus.com/bid/54948 Cert/CC Advisory: TA12-227A http://www.us-cert.gov/cas/techalerts/TA12-227A.html Microsoft Security Bulletin: MS12-060 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447
Copyright	Copyright (C) 2012 Greenbone Networks GmbH