Test ID:	1.3.6.1.4.1.25623.1.0.902832
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS12-034.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS12-034. Vulnerability Insight: Multiple flaws are due to - An error exists when parsing TrueType fonts. - An error in the t2embed.dll module when parsing TrueType fonts can be exploited via a specially crafted TTF file. - An error in GDI+ when handling certain records can be exploited via a specially crafted EMF image file. - An error in win32k.sys related to certain Windows and Messages handling can be exploited to execute arbitrary code in the context of another process. - An error in win32k.sys when handling keyboard layout files can be exploited to execute arbitrary code in the context of another process. - An error in win32k.sys related to scrollbar calculations can be exploited to execute arbitrary code in the context of another process. Vulnerability Impact: Successful exploitation could allow an attacker to gain escalated privileges and execute arbitrary code. Affected Software/OS: - Microsoft .NET Framework 4 - Microsoft Silverlight 4 and 5 - Microsoft .NET Framework 3.5.1 - Microsoft Office 2003 Service Pack 3 - Microsoft Office 2007 Service Pack 2 - Microsoft Office 2010 Service Pack 1 - Microsoft .NET Framework 3.0 Service Pack 2 - Microsoft Windows 7 Service Pack 1 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 2 and prior - Microsoft Windows Server 2008 Service Pack 2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3402 Cert/CC Advisory: TA11-347A http://www.us-cert.gov/cas/techalerts/TA11-347A.html Cert/CC Advisory: TA12-129A http://www.us-cert.gov/cas/techalerts/TA12-129A.html Cert/CC Advisory: TA12-164A http://www.us-cert.gov/cas/techalerts/TA12-164A.html http://blogs.mcafee.com/mcafee-labs/the-day-of-the-golden-jackal-%E2%80%93-further-tales-of-the-stuxnet-files http://isc.sans.edu/diary/Duqu+Mitigation/11950 http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-291-01E.pdf Microsoft Security Bulletin: MS11-087 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 Microsoft Security Bulletin: MS12-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 Microsoft Security Bulletin: MS12-039 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13998 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15645 http://www.securitytracker.com/id?1027039 http://secunia.com/advisories/49121 http://secunia.com/advisories/49122 Common Vulnerability Exposure (CVE) ID: CVE-2012-0159 BugTraq ID: 53335 http://www.securityfocus.com/bid/53335 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15388 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15667 XForce ISS Database: microsoft-truetype-code-exec(75124) https://exchange.xforce.ibmcloud.com/vulnerabilities/75124 Common Vulnerability Exposure (CVE) ID: CVE-2012-0162 BugTraq ID: 53358 http://www.securityfocus.com/bid/53358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14655 Common Vulnerability Exposure (CVE) ID: CVE-2012-0164 BugTraq ID: 53363 http://www.securityfocus.com/bid/53363 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15580 Common Vulnerability Exposure (CVE) ID: CVE-2012-0165 BugTraq ID: 53347 http://www.securityfocus.com/bid/53347 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621 http://www.securitytracker.com/id?1027038 XForce ISS Database: windows-gdi-emf-code-exec(75125) https://exchange.xforce.ibmcloud.com/vulnerabilities/75125 Common Vulnerability Exposure (CVE) ID: CVE-2012-0167 BugTraq ID: 53351 http://www.securityfocus.com/bid/53351 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15628 XForce ISS Database: windows-gdi-emf-bo(75126) https://exchange.xforce.ibmcloud.com/vulnerabilities/75126 Common Vulnerability Exposure (CVE) ID: CVE-2012-0176 BugTraq ID: 53360 http://www.securityfocus.com/bid/53360 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15574 http://www.securitytracker.com/id?1027040 Common Vulnerability Exposure (CVE) ID: CVE-2012-0180 BugTraq ID: 53324 http://www.securityfocus.com/bid/53324 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15466 Common Vulnerability Exposure (CVE) ID: CVE-2012-0181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15355 Common Vulnerability Exposure (CVE) ID: CVE-2012-1848 BugTraq ID: 53327 http://www.securityfocus.com/bid/53327 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15555
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.