ID de Prueba:	1.3.6.1.4.1.25623.1.0.902265
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Office Word Remote Code Execution Vulnerabilities (2293194)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS10-079.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-079. Vulnerability Insight: The flaws are due to: - An uninitialized pointer error when processing malformed data in a Word file - An improper boundary check when processing certain data in a Word file - An error when handling index values within a Word document - A stack overflow error when processing malformed data within a Word document - An error when handling return values, bookmarks, pointers while parsing a specially crafted Word - A heap overflow error when handling malformed records within a Word file - An error when handling indexes while parsing a specially crafted Word file Vulnerability Impact: Successful exploitation could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted word document. Affected Software/OS: - Microsoft Word 2010 - Microsoft Office Word Viewer - Microsoft Office Word 2002 Service Pack 3 - Microsoft Office Word 2003 Service Pack 3 - Microsoft Office Word 2007 Service Pack 2 - Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2747 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word Uninitialized Pointer Vulnerability (CVE-2010-2747) (Google Search) http://www.securityfocus.com/archive/1/514310/100/0/threaded Cert/CC Advisory: TA10-285A http://www.us-cert.gov/cas/techalerts/TA10-285A.html Microsoft Security Bulletin: MS10-079 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-079 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7121 Common Vulnerability Exposure (CVE) ID: CVE-2010-2748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7375 Common Vulnerability Exposure (CVE) ID: CVE-2010-2750 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word Document Array Indexing Vulnerability (CVE-2010-2750) (Google Search) http://www.securityfocus.com/archive/1/514292/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7582 Common Vulnerability Exposure (CVE) ID: CVE-2010-3214 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word Document Stack Overflow Vulnerability (CVE-2010-3214) (Google Search) http://www.securityfocus.com/archive/1/514302/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7322 Common Vulnerability Exposure (CVE) ID: CVE-2010-3215 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word Return Value Handling Vulnerability (CVE-2010-3215) (Google Search) http://www.securityfocus.com/archive/1/514295/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6974 Common Vulnerability Exposure (CVE) ID: CVE-2010-3216 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word Bookmarks Invalid Pointer Vulnerability (CVE-2010-3216) (Google Search) http://www.securityfocus.com/archive/1/514291/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7529 Common Vulnerability Exposure (CVE) ID: CVE-2010-3217 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word Document Invalid Pointer Vulnerability (CVE-2010-3217) (Google Search) http://www.securityfocus.com/archive/1/514298/100/0/threaded Bugtraq: 20101223 Secunia Research: Microsoft Word LFO Parsing Double-Free Vulnerability (Google Search) http://www.securityfocus.com/archive/1/515440/100/0/threaded http://secunia.com/secunia_research/2010-76/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6695 Common Vulnerability Exposure (CVE) ID: CVE-2010-3218 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7010 Common Vulnerability Exposure (CVE) ID: CVE-2010-3219 Bugtraq: 20101014 VUPEN Security Research - Microsoft Office Word BKF Objects Array Indexing Vulnerability (CVE-2010-3219) (Google Search) http://www.securityfocus.com/archive/1/514305/100/0/threaded https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7019 Common Vulnerability Exposure (CVE) ID: CVE-2010-3220 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6792 Common Vulnerability Exposure (CVE) ID: CVE-2010-3221 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7032
Copyright	Copyright (C) 2010 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.