Nuevas variantes de vulnerabilidades que afectan a Microsoft
Posted: 10/12/10 by komz in Etiquetas: Microsoft vulnerabilities, Remote Code Execution Vulnerability, Stack Buffer Overflow Vulnerability, Vulnerabilidades
0
1. Microsoft Office Drawing Exception Handling Remote Code Execution Vulnerability
Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious Office file.
Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
2. Microsoft Office RTF File Stack Buffer Overflow Vulnerability
Microsoft Office is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue by enticing a victim to open a malicious RTF file or view an email in RTF format. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
3. Microsoft Office Art Drawing Record Remote Code Execution Vulnerability
Microsoft Office is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
4. Microsoft Office Large SPID Read AV Remote Code Execution Vulnerability
Microsoft Office is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.
fuente: securityfocus.com
Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing an unsuspecting victim to open a malicious Office file.
Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
2. Microsoft Office RTF File Stack Buffer Overflow Vulnerability
Microsoft Office is prone to a remote stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary-checks on user-supplied data.
An attacker can exploit this issue by enticing a victim to open a malicious RTF file or view an email in RTF format. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
3. Microsoft Office Art Drawing Record Remote Code Execution Vulnerability
Microsoft Office is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
4. Microsoft Office Large SPID Read AV Remote Code Execution Vulnerability
Microsoft Office is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.
Desde Vulnerability Team exortamos a los usuarios y administradores revisar las notificaciones y aplicar las actualizaciones necesarias, para ayudar a mitigar los riesgos.
fuente: securityfocus.com