Windows : Microsoft Bulletins : Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900086

Categoría: Windows : Microsoft Bulletins

Título: Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS09-006.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-006.

Vulnerability Insight:
- Input validation error when passing input from user-mode through the
kernel component of GDI. e.g. tricking a user into viewing a specially
crafted Enhanced MetaFile (EMF) or Windows MetaFile (WMF) image file
hosted on a malicious website.

- Error in the kernel when validating handles and while handling certain
invalid pointers.

Vulnerability Impact:
Successful exploitation may lead users to run arbitrary code with escalated
privileges.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1 and prior

- Microsoft Windows Server 2008 Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0081
BugTraq ID: 34012
http://www.securityfocus.com/bid/34012
Cert/CC Advisory: TA09-069A
http://www.us-cert.gov/cas/techalerts/TA09-069A.html
Microsoft Security Bulletin: MS09-006
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-006
http://osvdb.org/52522
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6202
http://www.securitytracker.com/id?1021826
http://secunia.com/advisories/34117
http://www.vupen.com/english/advisories/2009/0659
Common Vulnerability Exposure (CVE) ID: CVE-2009-0082
BugTraq ID: 34027
http://www.securityfocus.com/bid/34027
http://osvdb.org/52523
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6036
http://www.securitytracker.com/id?1021827
Common Vulnerability Exposure (CVE) ID: CVE-2009-0083
BugTraq ID: 34025
http://www.securityfocus.com/bid/34025
http://osvdb.org/52524
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5440

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900086
Categoría:	Windows : Microsoft Bulletins
Título:	Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-006.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-006. Vulnerability Insight: - Input validation error when passing input from user-mode through the kernel component of GDI. e.g. tricking a user into viewing a specially crafted Enhanced MetaFile (EMF) or Windows MetaFile (WMF) image file hosted on a malicious website. - Error in the kernel when validating handles and while handling certain invalid pointers. Vulnerability Impact: Successful exploitation may lead users to run arbitrary code with escalated privileges. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1 and prior - Microsoft Windows Server 2008 Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0081 BugTraq ID: 34012 http://www.securityfocus.com/bid/34012 Cert/CC Advisory: TA09-069A http://www.us-cert.gov/cas/techalerts/TA09-069A.html Microsoft Security Bulletin: MS09-006 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-006 http://osvdb.org/52522 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6202 http://www.securitytracker.com/id?1021826 http://secunia.com/advisories/34117 http://www.vupen.com/english/advisories/2009/0659 Common Vulnerability Exposure (CVE) ID: CVE-2009-0082 BugTraq ID: 34027 http://www.securityfocus.com/bid/34027 http://osvdb.org/52523 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6036 http://www.securitytracker.com/id?1021827 Common Vulnerability Exposure (CVE) ID: CVE-2009-0083 BugTraq ID: 34025 http://www.securityfocus.com/bid/34025 http://osvdb.org/52524 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5440
Copyright	Copyright (C) 2009 Greenbone AG