ID de Prueba:	1.3.6.1.4.1.25623.1.0.901040
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft ATL ActiveX Controls for MS Office Could Allow Remote Code Execution (973965)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS09-060.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS09-060. Vulnerability Insight: Multiple flaws are due to - Error in the Microsoft Active Template Library (ATL) within the ATL headers that handle instantiation of an object from data streams. - Error in the ATL headers, which could allow a string to be read with no ending NULL bytes, which could allow an attacker to manipulate a string to read extra data beyond the end of the string and thus disclose information in memory. - Error in the Microsoft Active Template Library (ATL) headers, which could allow attackers to call 'VariantClear()' on a variant that has not been correctly initialized, leading to arbitrary code execution. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM privileges, and can cause Denial of Service. Affected Software/OS: - Microsoft Office Outlook 2002/2003/2007 - Microsoft Office Visio Viewer 2007 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0901 BugTraq ID: 35832 http://www.securityfocus.com/bid/35832 Cert/CC Advisory: TA09-195A http://www.us-cert.gov/cas/techalerts/TA09-195A.html Cert/CC Advisory: TA09-223A http://www.us-cert.gov/cas/techalerts/TA09-223A.html Cert/CC Advisory: TA09-286A http://www.us-cert.gov/cas/techalerts/TA09-286A.html HPdes Security Advisory: HPSBMA02488 http://marc.info/?l=bugtraq&m=126592505426855&w=2 HPdes Security Advisory: SSRT100013 http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx Microsoft Security Bulletin: MS09-035 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-035 Microsoft Security Bulletin: MS09-037 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037 Microsoft Security Bulletin: MS09-060 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6289 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6311 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6373 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7581 http://secunia.com/advisories/35967 http://secunia.com/advisories/36187 http://secunia.com/advisories/36374 http://secunia.com/advisories/36746 http://sunsolve.sun.com/search/document.do?assetkey=1-66-266108-1 http://www.vupen.com/english/advisories/2009/2034 http://www.vupen.com/english/advisories/2009/2232 Common Vulnerability Exposure (CVE) ID: CVE-2009-2493 Cert/CC Advisory: TA09-342A http://www.us-cert.gov/cas/techalerts/TA09-342A.html Microsoft Security Bulletin: MS09-055 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-055 Microsoft Security Bulletin: MS09-072 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6245 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6304 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6421 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6473 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6621 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6716 http://secunia.com/advisories/38568 http://secunia.com/advisories/41818 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020775.1-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264648-1 SuSE Security Announcement: SUSE-SA:2009:053 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00002.html http://www.vupen.com/english/advisories/2010/0366 Common Vulnerability Exposure (CVE) ID: CVE-2009-2495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6305 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6478 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7573
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.