Skip to main content

Microsoft Office, Windows, .NET Framework, and Silverlight Multiple Vulnerabilities

Last Update Date: 9 May 2012 17:35 Release Date: 9 May 2012 5372 Views

RISK: High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS
  1. TrueType Font Parsing Vulnerability

    A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font file. The vulnerability could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

     

  2. TrueType Font Parsing Vulnerability

    A remote code execution vulnerability exists in the way that affected components handle a specially crafted TrueType font file. The vulnerability could allow remote code execution if a user opens a specially crafted TrueType font file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

     

  3. .NET Framework Buffer Allocation Vulnerability

    A remote code execution vulnerability exists in Microsoft .NET Framework that can allow a specially crafted Microsoft .NET Framework application to access memory in an unsafe manner. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

     

  4. .NET Framework Index Comparison Vulnerability

    A denial of service vulnerability exists in the way that .NET Framework compares the value of an index. An attacker who successfully exploited this vulnerability could cause applications created using WPF APIs to stop responding until manually restarted. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights in any fashion.

     

  5. GDI+ Record Type Vulnerability

    A remote code execution vulnerability exists in the way that GDI+ handles validation of specially crafted EMF images. The vulnerability could allow remote code execution if a user opens a specially crafted EMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

     

  6. GDI+ Heap Overflow Vulnerability

    A remote code execution vulnerability exists in the way that the Office GDI+ library handles validation of specially crafted EMF images embedded within an Office document. The vulnerability could allow remote code execution if a user opens a specially crafted Office document. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

     

  7. Silverlight Double-Free Vulnerability

    A remote code execution vulnerability exists in Microsoft Silverlight that can allow a specially crafted Silverlight application to access memory in an unsafe manner. An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

     

  8. Windows and Messages Vulnerability

    An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver manages the functions related to Windows and Messages handling. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

     

  9. Keyboard Layout File Vulnerability

    An elevation of privilege vulnerability exists in the way that the Windows kernel-mode driver manages Keyboard Layout files. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.

     

  10. Scrollbar Calculation Vulnerability

    An elevation of privilege vulnerability exists in the Windows kernel-mode driver. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights.


Impact

  • Elevation of Privilege
  • Remote Code Execution

System / Technologies affected

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4
  • Microsoft Office 2003
  • Microsoft Office 2007
  • Microsoft Office 2010
  • Microsoft Silverlight 4
  • Microsoft Silverlight 5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link