CVE-2012-0159 – Microsoft Windows TrueType Font Parsing Remote Code Execution Vulnerability (Remote Kernel)
https://notcve.org/view.php?id=CVE-2012-0159
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, y R2 SP1, Windows 7 Gold y SP1, y Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Silverlight v4 anterior a v4.1.10329; y Silverlight v5 anterior a v5.1.10411 permite a atacantes remotos ejecutar código arbitrario mediante un fichero de fuentes TrueType (TTF) manipulado, también conocido como "Vulnerabilidad TrueType Font Parsing " This vulnerability allows remote attackers to execute arbitrary code from the contact of kernelspace on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the kernel's support for TrueType font parsing of compound glyphs. A sign extension error exists in win32k.sys when processing compound glyphs having a total number of contours above 0x7FFF. This can be exploited to corrupt kernel heap memory placed below the space allocated for the "flags" buffer and potentially execute arbitrary code in kernel space. • http://secunia.com/advisories/49121 http://secunia.com/advisories/49122 http://www.securityfocus.com/bid/53335 http://www.securitytracker.com/id?1027039 http://www.us-cert.gov/cas/techalerts/TA12-129A.html http://www.us-cert.gov/cas/techalerts/TA12-164A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039 https://exchange.xforce.ibmcloud.com/vulnerabilities/75124 https:& • CWE-399: Resource Management Errors •
CVE-2012-0165
https://notcve.org/view.php?id=CVE-2012-0165
GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." GDI+ en Microsoft Windows Vista SP2 y Server 2008 SP2 y Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1 no valida correctamente los tipos de registro en imágenes EMF, lo que permite a atacantes remotos ejecutar código arbitrario mediante una imagen manipulada, "Vulnerabilidad GDI+ Record Type" • http://secunia.com/advisories/49121 http://www.securityfocus.com/bid/53347 http://www.securitytracker.com/id?1027038 http://www.us-cert.gov/cas/techalerts/TA12-129A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034 https://exchange.xforce.ibmcloud.com/vulnerabilities/75125 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621 • CWE-20: Improper Input Validation •
CVE-2012-0158 – Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0158
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." Los controles ActiveX (1) ListView, (2) ListView2, (3) TreeView, y (4) TreeView2 en MSCOMCTL.OCX en the Common Controls en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, y 2008 SP2, SP3, y R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, y 2009 Gold y R2; Visual FoxPro 8.0 SP1 y 9.0 SP2; y Visual Basic 6.0 Runtime permita a atacantes remotos ejecutar código a través de la manipulación de: (a) sitios web, (b) documento de Office, o (c) fichero .rtf que provoca una corrupción "system state", como la explotada en April del 2012, también conocida como vulnerabilidad "MSCOMCTL.OCX RCE". Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user. • https://www.exploit-db.com/exploits/18780 https://github.com/Sunqiz/CVE-2012-0158-reproduction https://github.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2012-0158.F.doc http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce http://www.securityfocus.com/bid/52911 http://www.securitytracker.com/id?1026899 http://www.securitytracker.com/id?1026900 http://www.securitytracker.com/id?1026902 http://www.securitytracker.com/id?1026903 http://www.secur • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-1989 – Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2011-1989
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel Services on Office SharePoint Server 2007 SP2; Excel Services on Office SharePoint Server 2010 Gold and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." Microsoft Excel 2003 Service Pack 3 y Service Pack 2 de 2007; Excel en Office 2007 SP2, Excel 2010 Service Pack 1 Gold y SP1; Excel en Office 2010 Service Pack 1 Gold y SP1; Office 2004, 2008 y 2011 para Mac; Open XML File Format Converter para Mac; Excel Viewer Service Pack 2; Paquete de compatibilidad de Office para Word, Excel y PowerPoint 2007 Service Pack 2, Servicios de Excel en Office SharePoint Server 2007 SP2, Servicios de Excel en Office SharePoint Server 2010 Gold y SP1, y Excel Web Access 2010 Gold y SP1 no analizan correctamente las expresiones condicionales asociadas con requisitos de formato, lo que permite a atacantes remotos ejecutar código de su elección a través de una hoja de cálculo debidamente modificada. Es un problema también conocido como "Vulnerabilidad de análisis de expresiones condicionales de Excel". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within how the application parses expressions used for determining formatting requirements. • http://www.us-cert.gov/cas/techalerts/TA11-256A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-072 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12974 • CWE-20: Improper Input Validation •
CVE-2010-2738 – Microsoft Unicode Scripts Processor - Remote Code Execution (MS10-063)
https://notcve.org/view.php?id=CVE-2010-2738
The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." La implementación Uniscribe (conocido como nuevo Unicode Script Processor) en USP10.DLL de Microsoft Windows XP SP2 y SP3, Server 2003 SP2, Vista SP1 y SP2, y Server 2008 Gold y SP2, y Microsoft Office XP SP3, 2003 SP3, y 2007 SP2, no valida adecuadamente tablas asociadas con fuentes OpenType malformadas, lo cual permite a atacantes remotos ejecutar código a su elección a través de (1) un sitio web o (2) un documento Office manipulados, también conocido como "Uniscribe Font Parsing Engine Memory Corruption Vulnerability." • https://www.exploit-db.com/exploits/15158 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7214 • CWE-20: Improper Input Validation •