Windows : Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801966

Categoría: Windows

Título: Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)

Resumen: This script will list all the vulnerable activex controls installed; on the remote windows machine with references and cause.

Descripción: Summary:
This script will list all the vulnerable activex controls installed
on the remote windows machine with references and cause.

Vulnerability Insight:
The flaws are due to error in restricting the SetLayoutData method,
which fails to properly restrict the SetLayoutData method.

Vulnerability Impact:
Successful exploitation will let the remote attackers execute arbitrary code,
and can compromise a vulnerable system.

Affected Software/OS:
- Microsoft Windows 7 Service Pack 1 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 2 and prior

- Microsoft Windows Server 2008 Service Pack 2 and prior

Solution:
Apply the patch Workaround:
Set the killbit for the following CLSIDs,

{B4CB50E4-0309-4906-86EA-10B6641C8392},

{E4F874A0-56ED-11D0-9C43-00A0C90F29FC},

{FB7FE605-A832-11D1-88A8-0000E8D220A6}

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-0331
BugTraq ID: 46930
http://www.securityfocus.com/bid/46930
http://secunia.com/secunia_research/2011-22/
http://osvdb.org/71249
http://secunia.com/advisories/43360
http://www.vupen.com/english/advisories/2011/0725
Common Vulnerability Exposure (CVE) ID: CVE-2011-1207
BugTraq ID: 47643
http://www.securityfocus.com/bid/47643
http://securitytracker.com/id?1025464
http://secunia.com/advisories/43399
http://secunia.com/advisories/43474
http://www.vupen.com/english/advisories/2011/1129
Common Vulnerability Exposure (CVE) ID: CVE-2011-1827
BugTraq ID: 47695
http://www.securityfocus.com/bid/47695
https://www.sec-consult.com/en/advisories.html#a68
http://www.vupen.com/english/advisories/2011/1162

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801966
Categoría:	Windows
Título:	Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)
Resumen:	This script will list all the vulnerable activex controls installed; on the remote windows machine with references and cause.
Descripción:	Summary: This script will list all the vulnerable activex controls installed on the remote windows machine with references and cause. Vulnerability Insight: The flaws are due to error in restricting the SetLayoutData method, which fails to properly restrict the SetLayoutData method. Vulnerability Impact: Successful exploitation will let the remote attackers execute arbitrary code, and can compromise a vulnerable system. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: Apply the patch Workaround: Set the killbit for the following CLSIDs, {B4CB50E4-0309-4906-86EA-10B6641C8392}, {E4F874A0-56ED-11D0-9C43-00A0C90F29FC}, {FB7FE605-A832-11D1-88A8-0000E8D220A6} CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-0331 BugTraq ID: 46930 http://www.securityfocus.com/bid/46930 http://secunia.com/secunia_research/2011-22/ http://osvdb.org/71249 http://secunia.com/advisories/43360 http://www.vupen.com/english/advisories/2011/0725 Common Vulnerability Exposure (CVE) ID: CVE-2011-1207 BugTraq ID: 47643 http://www.securityfocus.com/bid/47643 http://securitytracker.com/id?1025464 http://secunia.com/advisories/43399 http://secunia.com/advisories/43474 http://www.vupen.com/english/advisories/2011/1129 Common Vulnerability Exposure (CVE) ID: CVE-2011-1827 BugTraq ID: 47695 http://www.securityfocus.com/bid/47695 https://www.sec-consult.com/en/advisories.html#a68 http://www.vupen.com/english/advisories/2011/1162
Copyright	Copyright (C) 2011 Greenbone AG