فا

‫ Microsoft Windows Journal File Handling Code Execution Vulnerabilities

ID: IRCAD2015053920
Release Date: 2015-05-12
Criticality level: Highly critical
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Vista
Description:
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
1) An error when handling Windows Journal (.jnt) files can be exploited to execute arbitrary code via a specially crafted Windows Journal file.
2) Another error when handling Windows Journal (.jnt) files can be exploited to execute arbitrary code via a specially crafted Windows Journal file.
3) Another error when handling Windows Journal (.jnt) files can be exploited to execute arbitrary code via a specially crafted Windows Journal file.
4) Another error when handling Windows Journal (.jnt) files can be exploited to execute arbitrary code via a specially crafted Windows Journal file.
5) Another error when handling Windows Journal (.jnt) files can be exploited to execute arbitrary code via a specially crafted Windows Journal file.
6) Another error when handling Windows Journal (.jnt) files can be exploited to execute arbitrary code via a specially crafted Windows Journal file.
Successful exploitation of the vulnerabilities requires that the Desktop Experience feature is enabled (not enabled by default) on Windows Server 2008 and that the Ink and Handwriting Services feature is enabled (not enabled by default) on Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
Solution
Apply update.
References:
MS15-045 (KB3046002, KB3046002):
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 9 خرداد 1394

امتیاز

امتیاز شما
تعداد امتیازها: 0