Skip to main content

Security Bulletin

Filter by:

RISK: Medium Risk

Medium Risk

Microsoft Windows SMBv2 Multiple Vulnerabilities( 14 October 2009 )

1. SMBv2 Infinite Loop VulnerabilityA denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB version 2 (SMBv2) packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4516 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Kernel Multiple Vulnerabilities( 14 October 2009 )

1. Windows Kernel Integer Underflow VulnerabilityAn elevation of privilege vulnerability exists in the Windows kernel due to the incorrect truncation of a 64-bit value to a 32-bit value. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4407 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Media Runtime Multiple Vulnerabilities( 14 October 2009 )

1. Windows Media Runtime Voice Sample Rate VulnerabilityA remote code execution vulnerability exists in Windows Media Player due to the improper processing of specially crafted Advanced Systems Format (ASF) files. An attacker could exploit the vulnerability by constructing a specially crafted audio file that could allow...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4569 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows GDI+ Multiple Vulnerabilities( 14 October 2009 )

1. GDI+ WMF Integer Overflow VulnerabilityA remote code execution vulnerability exists in the way that GDI+ allocates buffer size when handling WMF image files. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4619 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows IIS FTP Service Multiple Vulnerabilities( 14 October 2009 )

1. IIS FTP Service DoS VulnerabilityA vulnerability exists in the FTP Service in Microsoft Internet Information Services (IIS) 5., Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6., and Microsoft Internet Information Services...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4459 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows Memory Corruption in Indexing Service Vulnerability( 14 October 2009 )

A remote code execution vulnerability exists in the Indexing Service on Windows systems. The vulnerability is due to an ActiveX control included with the service not properly handling specifically crafted Web content. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4408 Views

RISK: Medium Risk

Medium Risk

Microsoft Office ATL ActiveX Controls Multiple Vulnerabilities( 14 October 2009 )

1. ATL Uninitialized Object VulnerabilityA remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to an issue in the ATL headers that could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized. Because...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4422 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows ATL COM Initialization Vulnerability( 14 October 2009 )

A remote code execution vulnerability exists in the Microsoft ActiveX controls listed in the FAQ section of this vulnerability, which were compiled using the vulnerable Microsoft Active Template Library described in Microsoft Security Bulletin MS09-035. An attacker could exploit the vulnerability in these controls by constructing...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4551 Views

RISK: Medium Risk

Medium Risk

Microsoft Windows CryptoAPI Multiple Vulnerabilities( 14 October 2009 )

1. Null Truncation in X.509 Common Name VulnerabilityA spoofing vulnerability exists in the Microsoft Windows CryptoAPI component when parsing ASN.1 information from X.509 certificates. An attacker who successfully exploited this vulnerability could impersonate another user or system.2. Integer Overflow...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4542 Views

RISK: Medium Risk

Medium Risk

Microsoft .NET Framework Multiple Vulnerabilities( 14 October 2009 )

1. Microsoft .NET Framework Pointer Verification VulnerabilityA remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application could...
Last Update Date: 28 Jan 2011 Release Date: 14 Oct 2009 4816 Views