CVE-2013-3129
https://notcve.org/view.php?id=CVE-2013-3129
Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." Microsoft .NET Framework v3.0 SP2, v3.5, v3.5.1, v4, y v4.5; Silverlight v5 anteriores a v5.1.20513.0; win32k.sys en the kernel-mode drivers, y GDI+, DirectWrite, y Journal, en Windows XP SP2 y SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, y Windows RT; GDI+ en Office 2003 SP3, 2007 SP3, y 2010 SP1; GDI+ en Visual Studio .NET 2003 SP1; y GDI+ in Lync 2010, 2010 Attendee, 2013, y Basic 2013 permiten a atacantes remotos a ejecutar código a través de ficheros de fuentes TrueType manipulados, tambíen conocido como "TrueType Font Parsing Vulnerability." • http://www.us-cert.gov/ncas/alerts/TA13-190A https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-052 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-053 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17323 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17341 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-1856 – Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-1856
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." El control TabStrip ActiveX en Common Controls en MSCOMCTL.OCX en Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 y SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, y R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, y Visual Basic 6.0 Runtime permite a atacantes remotos ejecutar código de su elección a través de (1) un documento o (2) página web que provoca una corrupción del estado del sistema, también conocido como 'MSCOMCTL.OCX RCE Vulnerability.' The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. • http://www.securityfocus.com/bid/54948 http://www.us-cert.gov/cas/techalerts/TA12-227A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-060 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15447 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-1854
https://notcve.org/view.php?id=CVE-2012-1854
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic for Applications SDK allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Visual Basic for Applications Insecure Library Loading Vulnerability," as exploited in the wild in July 2012. Vulnerabilidad de búsqueda de ruta no confiable ("Untrusted search path") en VBE6.dll en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Microsoft Visual Basic para Applications (VBA); y Summit Microsoft Visual Basic para Applications SDK permite a usuarios locales conseguir privilegios a través de un troyano dll en el directorio de trabajo actual, como lo demuestra un directorio que contiene un archivo. docx, también conocido como vulnerabilidad "Visual Basic para la carga de librerías inseguras"," como fue explotado en julio de 2012. • http://www.us-cert.gov/cas/techalerts/TA12-192A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-046 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14950 •
CVE-2012-0158 – Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2012-0158
The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." Los controles ActiveX (1) ListView, (2) ListView2, (3) TreeView, y (4) TreeView2 en MSCOMCTL.OCX en the Common Controls en Microsoft Office 2003 SP3, 2007 SP2 y SP3, y 2010 Gold y SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, y 2008 SP2, SP3, y R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, y 2009 Gold y R2; Visual FoxPro 8.0 SP1 y 9.0 SP2; y Visual Basic 6.0 Runtime permita a atacantes remotos ejecutar código a través de la manipulación de: (a) sitios web, (b) documento de Office, o (c) fichero .rtf que provoca una corrupción "system state", como la explotada en April del 2012, también conocida como vulnerabilidad "MSCOMCTL.OCX RCE". Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user. • https://www.exploit-db.com/exploits/18780 https://github.com/Sunqiz/CVE-2012-0158-reproduction https://github.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2012-0158.F.doc http://opensources.info/comment-on-the-curious-case-of-a-cve-2012-0158-exploit-by-chris-pierce http://www.securityfocus.com/bid/52911 http://www.securitytracker.com/id?1026899 http://www.securitytracker.com/id?1026900 http://www.securitytracker.com/id?1026902 http://www.securitytracker.com/id?1026903 http://www.secur • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2011-1229
https://notcve.org/view.php?id=CVE-2011-1229
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability." Vulneravilidad de desreferencia a puntero nulo en win32k.sys en el controlador kernel-modeen en Microsoft Windows XP SP2 ySP3, Windows Server 2003 SP2, Windows Vista SP1 y SP2, Windows Server 2008 Gold, SP2, R2, y R2 SP1, y Windows 7 Gold y SP1, permite a usuarios locales obtener privilegios a través de aplicaciones manipuladas lanzan un desreferencia a puntero nulo. Vulnerabilidad distinta de "Vulnerabilidad tipo 2" listada en los CVEs en MS11-034, también conocida como "Win32k Null Pointer De-reference Vulnerability." • http://blogs.technet.com/b/srd/archive/2011/04/12/ms11-034-addressing-vulnerabilities-in-the-win32k-subsystem.aspx http://osvdb.org/71735 http://secunia.com/advisories/44156 http://support.avaya.com/css/P8/documents/100133352 http://www.securityfocus.com/bid/47229 http://www.securitytracker.com/id?1025345 http://www.us-cert.gov/cas/techalerts/TA11-102A.html http://www.vupen.com/english/advisories/2011/0952 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011 • CWE-476: NULL Pointer Dereference •