Windows : Microsoft Bulletins : Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.809832

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)

Resumen: This host is missing a critical security; update according to Microsoft Bulletin MS16-147.

Descripción: Summary:
This host is missing a critical security
update according to Microsoft Bulletin MS16-147.

Vulnerability Insight:
The flaw exists due to the way Windows
Uniscribe handles objects in the memory.

Vulnerability Impact:
Successful exploitation will allow an attacker
to take control of the affected system. An attacker could then:

- install programs

- view, change, or delete data

- or create new accounts with full user rights.

Users whose accounts are configured to have fewer user rights on the system could
be less impacted than users who operate with administrative user rights.

Affected Software/OS:
- Microsoft Windows 8.1 x32/x64

- Microsoft Windows 10 x32/x64

- Microsoft Windows Server 2012/2012R2

- Microsoft Windows 10 Version 1511 x32/x64

- Microsoft Windows 10 Version 1607 x32/x64

- Microsoft Windows Vista x32/x64 Service Pack 2

- Microsoft Windows Server 2008 x32/x64 Service Pack 2

- Microsoft Windows 7 x32/x64 Service Pack 1

- Microsoft Windows Server 2008 R2 x64 Service Pack 1

- Microsoft Windows Server 2016

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-7274
BugTraq ID: 94758
http://www.securityfocus.com/bid/94758
https://www.exploit-db.com/exploits/41615/
Microsoft Security Bulletin: MS16-147
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147
http://www.securitytracker.com/id/1037440

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.809832
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Uniscribe Remote Code Execution Vulnerability (3204063)
Resumen:	This host is missing a critical security; update according to Microsoft Bulletin MS16-147.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS16-147. Vulnerability Insight: The flaw exists due to the way Windows Uniscribe handles objects in the memory. Vulnerability Impact: Successful exploitation will allow an attacker to take control of the affected system. An attacker could then: - install programs - view, change, or delete data - or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Affected Software/OS: - Microsoft Windows 8.1 x32/x64 - Microsoft Windows 10 x32/x64 - Microsoft Windows Server 2012/2012R2 - Microsoft Windows 10 Version 1511 x32/x64 - Microsoft Windows 10 Version 1607 x32/x64 - Microsoft Windows Vista x32/x64 Service Pack 2 - Microsoft Windows Server 2008 x32/x64 Service Pack 2 - Microsoft Windows 7 x32/x64 Service Pack 1 - Microsoft Windows Server 2008 R2 x64 Service Pack 1 - Microsoft Windows Server 2016 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-7274 BugTraq ID: 94758 http://www.securityfocus.com/bid/94758 https://www.exploit-db.com/exploits/41615/ Microsoft Security Bulletin: MS16-147 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-147 http://www.securitytracker.com/id/1037440
Copyright	Copyright (C) 2016 Greenbone AG