Vulnerabilities in Microsoft Windows
Multiple vulnerabilities in Microsoft Windows
1. Vulnerability in the processing of checking revocation IP-HTTPS certificates in Microsoft Windows
Danger: Low
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-2549
Vector of operation: Remote
Impact: Security Bypass
Affected Products: Microsoft Windows Server 2008, Windows Server 2012
Affected versions: Microsoft Windows 2008 R2, Windows 2012
Description:
Which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to insufficient authentication certificates in IP-HTTPS component. A remote user can use the revoked certificate as valid.
Manufacturer URL: http://www.microsoft.com
Solution: Install the update from the manufacturer.
Link:
Vulnerability in IP-HTTPS Component Could Allow Security Feature Bypass
2. Arbitrary code execution in Microsoft Windows in DirectPlay
Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-1537
Vector of operation: Remote
Impact: System Compromise
Affected Products: Microsoft Windows XP Professional, XP Home Edition, Server 2003 Web Edition, Server 2003 Standard Edition, Server 2003 Enterprise Edition, Server 2003 Datacenter Edition, Storage Server 2003, Windows Vista, Windows 7, Server 2008, Windows 8, Server 2012
Affected versions: Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8, Windows 2012
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
An error in the processing of data DirectPlay. This can be exploited using a document Office, containing a specially crafted data DirectPlay heap overflow and execute arbitrary code on the target system.
Manufacturer URL: http://www.microsoft.com
Solution: Install the update from the manufacturer.
Link:
Vulnerability in DirectPlay Could Allow Remote Code Execution
3. Vulnerability when processing file names in Microsoft Windows
Danger: High
Patch: Yes
Number of vulnerabilities: 1
CVE ID: CVE-2012-4774
Vector of operation: Remote
Impact: System Compromise
Affected Products: Microsoft Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Storage Server 2003, Windows Vista, Windows 7, Windows Server 2008
Affected versions: Microsoft Windows XP, Microsoft Windows 2003, Microsoft Windows Vista, Microsoft Windows 2008, Microsoft Windows 7, Microsoft Windows 2008 R2
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient bounds checking when processing a file or directory. This can be exploited via a specially crafted file or folder to execute arbitrary code on the target system.
Manufacturer URL: http://www.microsoft.com
Solution: Install the update from the manufacturer.
Link:
Vulnerability in Windows File Handling Component Could Allow Remote Code Execution
4. Multiple vulnerabilities in the kernel of Microsoft Windows
Danger: High
Patch: Yes
Number of vulnerabilities: 2
CVE ID: CVE-2012-2556
CVE-2012-4786
Vector of operation: Remote
Impact: System Compromise
Affected Products: Microsoft Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Web Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Datacenter Edition, Windows Storage Server 2003, Microsoft Windows Vista, Microsoft Windows Server 2008 , Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows Server 2012
Affected versions: Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7, Windows 2008 R2, Windows 8, Windows 2012
Description:
Which can be exploited by malicious people to execute arbitrary code on the target system.
1. An error in the processing of OpenType fonts. This can be exploited via a specially crafted OpenType font to execute arbitrary code on the target system.
2. An error in the processing of TrueType fonts. This can be exploited via a specially crafted TrueType font to execute arbitrary code on the target system.
Manufacturer URL: http://www.microsoft.com
Solution: Install the update from the manufacturer.
Link:
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution
Filed under: Vulnerabilities
