NUEVAS VULNERABILIDADES que afectan a Microsoft

Publicado: diciembre 9, 2009 de komz en 03.Vulnerabilidades
Etiquetas:, , ,

Microsoft Project Invalid Resource Memory Allocation Remote Code Execution Vulnerability
Microsoft Project is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Microsoft Internet Explorer ‘CAttrArray’ Object Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Microsoft Internet Explorer CSS Race Condition Remote Code Execution Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions.

Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability
Microsoft Windows Active Directory Federation Services (ADFS) is prone to an authentication-spoofing vulnerability affecting single sign-on (SSO) websites because it fails to properly implement session management. Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate user’s credentials, which may aid in further attacks.

fuente: securityfocus.com


Responder

Por favor, inicia sesión con uno de estos métodos para publicar tu comentario:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s