Windows : Microsoft Bulletins : Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.903033

Kategorie: Windows : Microsoft Bulletins

Titel: Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)

Zusammenfassung: This host has important security update missing according to; Microsoft Bulletin MS12-047.

Beschreibung: Summary:
This host has important security update missing according to
Microsoft Bulletin MS12-047.

Vulnerability Insight:
Windows kernel-mode driver improperly validates parameters (when creating a
hook procedure) and specific keyboard layouts, which can be exploited to
execute arbitrary code.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with kernel-mode privileges.

Affected Software/OS:
- Microsoft Windows XP x32 Edition Service Pack 3 and prior

- Microsoft Windows XP x64 Edition Service Pack 2 and prior

- Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior

- Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior

- Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

- Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: BugTraq ID: 54285
BugTraq ID: 54302
Common Vulnerability Exposure (CVE) ID: CVE-2012-1890
Cert/CC Advisory: TA12-192A
http://www.us-cert.gov/cas/techalerts/TA12-192A.html
Microsoft Security Bulletin: MS12-047
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-047
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15416
Common Vulnerability Exposure (CVE) ID: CVE-2012-1893
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15654

Copyright Copyright (C) 2012 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.903033
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2718523)
Zusammenfassung:	This host has important security update missing according to; Microsoft Bulletin MS12-047.
Beschreibung:	Summary: This host has important security update missing according to Microsoft Bulletin MS12-047. Vulnerability Insight: Windows kernel-mode driver improperly validates parameters (when creating a hook procedure) and specific keyboard layouts, which can be exploited to execute arbitrary code. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with kernel-mode privileges. Affected Software/OS: - Microsoft Windows XP x32 Edition Service Pack 3 and prior - Microsoft Windows XP x64 Edition Service Pack 2 and prior - Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior - Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior - Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior - Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	BugTraq ID: 54285 BugTraq ID: 54302 Common Vulnerability Exposure (CVE) ID: CVE-2012-1890 Cert/CC Advisory: TA12-192A http://www.us-cert.gov/cas/techalerts/TA12-192A.html Microsoft Security Bulletin: MS12-047 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-047 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15416 Common Vulnerability Exposure (CVE) ID: CVE-2012-1893 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15654
Copyright	Copyright (C) 2012 Greenbone Networks GmbH