Windows : Microsoft Office Products Insecure Library Loading Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902254

Categoría: Windows

Título: Microsoft Office Products Insecure Library Loading Vulnerability

Resumen: microsoft product(s) is prone to insecure library loading vulnerability.

Descripción: Summary:
microsoft product(s) is prone to insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to the application
insecurely loading certain libraries from the current working directory,
which could allow attackers to execute arbitrary code by tricking a user into
opening a file from a network share.

Vulnerability Impact:
Successful exploitation will allow the
attackers to execute arbitrary code and conduct DLL hijacking attacks.

Affected Software/OS:
- Microsoft Visio 2003

- Microsoft Office Groove 2007

- Microsoft Office PowerPoint 2007/2010

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-3141
http://www.exploit-db.com/exploits/14723/
Common Vulnerability Exposure (CVE) ID: CVE-2010-3142
http://www.exploit-db.com/exploits/14782/
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219
Common Vulnerability Exposure (CVE) ID: CVE-2010-3146
Cert/CC Advisory: TA11-067A
http://www.us-cert.gov/cas/techalerts/TA11-067A.html
http://www.exploit-db.com/exploits/14746/
Microsoft Security Bulletin: MS11-016
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632
http://www.vupen.com/english/advisories/2010/2188
Common Vulnerability Exposure (CVE) ID: CVE-2010-3148
Cert/CC Advisory: TA11-193A
http://www.us-cert.gov/cas/techalerts/TA11-193A.html
http://www.exploit-db.com/exploits/14744/
Microsoft Security Bulletin: MS11-055
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122
http://www.vupen.com/english/advisories/2010/2192

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902254
Categoría:	Windows
Título:	Microsoft Office Products Insecure Library Loading Vulnerability
Resumen:	microsoft product(s) is prone to insecure library loading vulnerability.
Descripción:	Summary: microsoft product(s) is prone to insecure library loading vulnerability. Vulnerability Insight: The flaw is due to the application insecurely loading certain libraries from the current working directory, which could allow attackers to execute arbitrary code by tricking a user into opening a file from a network share. Vulnerability Impact: Successful exploitation will allow the attackers to execute arbitrary code and conduct DLL hijacking attacks. Affected Software/OS: - Microsoft Visio 2003 - Microsoft Office Groove 2007 - Microsoft Office PowerPoint 2007/2010 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-3141 http://www.exploit-db.com/exploits/14723/ Common Vulnerability Exposure (CVE) ID: CVE-2010-3142 http://www.exploit-db.com/exploits/14782/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12219 Common Vulnerability Exposure (CVE) ID: CVE-2010-3146 Cert/CC Advisory: TA11-067A http://www.us-cert.gov/cas/techalerts/TA11-067A.html http://www.exploit-db.com/exploits/14746/ Microsoft Security Bulletin: MS11-016 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-016 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12632 http://www.vupen.com/english/advisories/2010/2188 Common Vulnerability Exposure (CVE) ID: CVE-2010-3148 Cert/CC Advisory: TA11-193A http://www.us-cert.gov/cas/techalerts/TA11-193A.html http://www.exploit-db.com/exploits/14744/ Microsoft Security Bulletin: MS11-055 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-055 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7122 http://www.vupen.com/english/advisories/2010/2192
Copyright	Copyright (C) 2015 Greenbone AG