Cumulative Security Update of ActiveX Kill Bits (950760)
|
|
Article ID: 33134
Last updated: 27 Jan, 2009
|
|
|
|
Views: 7016
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
Cumulative Security Update of ActiveX Kill Bits (950760) |
|
| This script is Copyright (C) 2008 Tenable Network Security |
|
|
| Family | Windows : Microsoft Bulletins |
| Plugin ID | 33134 |
| Bugtraq ID | 29558
|
| CVE ID | CVE-2007-0675
CVE-2008-0956
|
|
| Description: |
Synopsis :
The remote Windows host has an ActiveX control that is affected by
multiple memory corruption vulnerabilities.
Description :
The remote host contains the sapi.dll ActiveX control.
The version of this control installed on the remote host reportedly
contains multiple memory corruption flaws. If an attacker can trick a
user on the affected host into visiting a specially-crafted web page,
he may be able to leverage this issue to execute arbitrary code on the
host subject to the users privileges.
Solution :
Microsoft has released a set of patches for Windows 2000, XP, 2003, Vista and 2008 :
http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) |
|
