Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.802500
Kategorie:Windows
Titel:Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
Zusammenfassung:The host is installed with Microsoft Windows operating system and is prone to; pivilege escalation vulnerability.;; This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902767.
Beschreibung:Summary:
The host is installed with Microsoft Windows operating system and is prone to
pivilege escalation vulnerability.

This VT has been replaced by OID:1.3.6.1.4.1.25623.1.0.902767.

Vulnerability Insight:
The flaw is due to due to an error within the Win32k kernel-mode
driver when parsing TrueType fonts.

Vulnerability Impact:
Successful exploitation could allow attackers to execute arbitrary code with
kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition.

Affected Software/OS:
- Microsoft Windows 7 Service Pack 1 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

- Microsoft Windows server 2003 Service Pack 2 and prior

Solution:
Apply the workaround.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 50462
Common Vulnerability Exposure (CVE) ID: CVE-2011-3402
Cert/CC Advisory: TA11-347A
http://www.us-cert.gov/cas/techalerts/TA11-347A.html
Cert/CC Advisory: TA12-129A
http://www.us-cert.gov/cas/techalerts/TA12-129A.html
Cert/CC Advisory: TA12-164A
http://www.us-cert.gov/cas/techalerts/TA12-164A.html
http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files
http://isc.sans.edu/diary/Duqu+Mitigation/11950
http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf
Microsoft Security Bulletin: MS11-087
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087
Microsoft Security Bulletin: MS12-034
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034
Microsoft Security Bulletin: MS12-039
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645
http://www.securitytracker.com/id?1027039
http://secunia.com/advisories/49121
http://secunia.com/advisories/49122
CopyrightCopyright (C) 2011 Greenbone Networks GmbH

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.