ID de Prueba:	1.3.6.1.4.1.25623.1.0.802500
Categoría:	Windows
Título:	Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability
Resumen:	Microsoft Windows operating system is prone to a pivilege escalation vulnerability.;; This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902767.
Descripción:	Summary: Microsoft Windows operating system is prone to a pivilege escalation vulnerability. This VT has been deprecated and replaced by the VT with the OID: 1.3.6.1.4.1.25623.1.0.902767. Vulnerability Insight: The flaw is due to due to an error within the Win32k kernel-mode driver when parsing TrueType fonts. Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code with kernel-level privileges. Failed exploit attempts may result in a denial-of-service condition. Affected Software/OS: - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior - Microsoft Windows server 2003 Service Pack 2 and prior Solution: Apply the workaround. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3402 Cert/CC Advisory: TA11-347A http://www.us-cert.gov/cas/techalerts/TA11-347A.html Cert/CC Advisory: TA12-129A http://www.us-cert.gov/cas/techalerts/TA12-129A.html Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files http://isc.sans.edu/diary/Duqu+Mitigation/11950 http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf Microsoft Security Bulletin: MS11-087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 Microsoft Security Bulletin: MS12-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 Microsoft Security Bulletin: MS12-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645 http://www.securitytracker.com/id?1027039 http://secunia.com/advisories/49121 http://secunia.com/advisories/49122
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.