Windows : Microsoft Bulletins : Microsoft Internet Explorer Multiple Vulnerabilities (2497640)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900278

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Internet Explorer Multiple Vulnerabilities (2497640)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS11-018.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS11-018.

Vulnerability Insight:
Multiple flaws are due to

- memory corruptions when Internet Explorer attempts to access incorrectly
initialized memory or an object under certain conditions.

- during certain processes, Internet Explorer incorrectly allows attackers
to access and read content from different domains.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code in the context of the application. Failed exploit attempts will result
in denial-of-service conditions.

Affected Software/OS:
Microsoft Internet Explorer version 6.x/7.x/8.x.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 47190
BugTraq ID: 45639
BugTraq ID: 47191
BugTraq ID: 47192
BugTraq ID: 46821
Common Vulnerability Exposure (CVE) ID: CVE-2011-0094
Cert/CC Advisory: TA11-102A
http://www.us-cert.gov/cas/techalerts/TA11-102A.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900
Microsoft Security Bulletin: MS11-018
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12463
http://www.securitytracker.com/id?1025327
Common Vulnerability Exposure (CVE) ID: CVE-2011-0346
http://www.securityfocus.com/bid/45639
Bugtraq: 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more (Google Search)
http://www.securityfocus.com/archive/1/515506/100/0/threaded
CERT/CC vulnerability note: VU#427980
http://www.kb.cert.org/vuls/id/427980
http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html
http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt
http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt
http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882
http://www.securitytracker.com/id?1024940
http://www.vupen.com/english/advisories/2011/0026
XForce ISS Database: ms-ie-releaseinterface-code-execution(64482)
https://exchange.xforce.ibmcloud.com/vulnerabilities/64482
Common Vulnerability Exposure (CVE) ID: CVE-2011-1244
http://www.securityfocus.com/bid/47191
http://osvdb.org/71777
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926
Common Vulnerability Exposure (CVE) ID: CVE-2011-1245
http://www.securityfocus.com/bid/47192
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12385
Common Vulnerability Exposure (CVE) ID: CVE-2011-1345
http://www.securityfocus.com/bid/46821
http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011
http://twitter.com/aaronportnoy/statuses/45642180118855680
http://twitter.com/msftsecresponse/statuses/45646985998516224
http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own
http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367
https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228
XForce ISS Database: ms-ie-unspec-code-exec(66062)
https://exchange.xforce.ibmcloud.com/vulnerabilities/66062

Copyright Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900278
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Internet Explorer Multiple Vulnerabilities (2497640)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS11-018.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS11-018. Vulnerability Insight: Multiple flaws are due to - memory corruptions when Internet Explorer attempts to access incorrectly initialized memory or an object under certain conditions. - during certain processes, Internet Explorer incorrectly allows attackers to access and read content from different domains. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions. Affected Software/OS: Microsoft Internet Explorer version 6.x/7.x/8.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 47190 BugTraq ID: 45639 BugTraq ID: 47191 BugTraq ID: 47192 BugTraq ID: 46821 Common Vulnerability Exposure (CVE) ID: CVE-2011-0094 Cert/CC Advisory: TA11-102A http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=900 Microsoft Security Bulletin: MS11-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12463 http://www.securitytracker.com/id?1025327 Common Vulnerability Exposure (CVE) ID: CVE-2011-0346 http://www.securityfocus.com/bid/45639 Bugtraq: 20110101 Announcing cross_fuzz, a potential 0-day in circulation, and more (Google Search) http://www.securityfocus.com/archive/1/515506/100/0/threaded CERT/CC vulnerability note: VU#427980 http://www.kb.cert.org/vuls/id/427980 http://archives.neohapsis.com/archives/fulldisclosure/2010-12/0698.html http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html http://lcamtuf.coredump.cx/cross_fuzz/fuzzer_timeline.txt http://lcamtuf.coredump.cx/cross_fuzz/known_vuln.txt http://lcamtuf.coredump.cx/cross_fuzz/msie_crash.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11882 http://www.securitytracker.com/id?1024940 http://www.vupen.com/english/advisories/2011/0026 XForce ISS Database: ms-ie-releaseinterface-code-execution(64482) https://exchange.xforce.ibmcloud.com/vulnerabilities/64482 Common Vulnerability Exposure (CVE) ID: CVE-2011-1244 http://www.securityfocus.com/bid/47191 http://osvdb.org/71777 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11926 Common Vulnerability Exposure (CVE) ID: CVE-2011-1245 http://www.securityfocus.com/bid/47192 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12385 Common Vulnerability Exposure (CVE) ID: CVE-2011-1345 http://www.securityfocus.com/bid/46821 http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011 http://twitter.com/aaronportnoy/statuses/45642180118855680 http://twitter.com/msftsecresponse/statuses/45646985998516224 http://www.computerworld.com/s/article/9214002/Safari_IE_hacked_first_at_Pwn2Own http://www.zdnet.com/blog/security/pwn2own-2011-ie8-on-windows-7-hijacked-with-3-vulnerabilities/8367 https://threatpost.com/en_us/blogs/pwn2own-winner-stephen-fewer-031011 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12228 XForce ISS Database: ms-ie-unspec-code-exec(66062) https://exchange.xforce.ibmcloud.com/vulnerabilities/66062
Copyright	Copyright (C) 2011 Greenbone Networks GmbH