فا

‫ Microsoft Multiple Products Two Vulnerabilities

IRCAD2014063363
ID:IRCAD2014063363
Release Date: 2014-06-10
Criticality level: Highly critical
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Live Meeting 2007
Microsoft Lync 2010
Microsoft Lync 2010 Attendee 4.x
Microsoft Lync 2013
Microsoft Office 2007
Microsoft Office 2010
 
Description:
Two vulnerabilities have been reported in multiple Microsoft products, which can be exploited by malicious people to compromise a user's system.
1) An error within Unicode Scripts Processor can be exploited to execute arbitrary code via a specially crafted font file.
2) An error within GDI+ when validating images can be exploited to execute arbitrary code via a specially crafted image file.
 
Solution:
Apply updates.
Windows Server 2003 Service Pack 2 (Windows GDI+) (2957503)
Windows Vista Service Pack 2 (Windows GDI+) (2957503)
Windows 8.1 for 32-bit Systems[1] (gdi32) (2964736)
Windows 8.1 for 32-bit Systems[1] (DirectWrite) (2964718)
Windows 8.1 for x64-based Systems[1] (DirectWrite)(2964718)
Windows Server 2012 (gdi32) (2964736)
Windows Server 2012 R2[1] (gdi32) (2964736)
Windows Server 2012 R2[1] (DirectWrite) (2964718)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (Windows GDI+) (2957503)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (usp10) (2957509)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (Windows GDI+) (2957503)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (usp10)
(2957509)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (Windows GDI+)(2957503)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (usp10) (2957509)
Windows Server 2012 (Server Core installation) (gdi32) (2964736)
Windows Server 2012 R2 (Server Core installation)[1] (gdi32)(2964736)
Windows Server 2012 R2 (Server Core installation)[1] (DirectWrite)(2964718)
Microsoft Office 2010 Service Pack 1 (32-bit editions) (2863942)
Microsoft Office 2010 Service Pack 1 (32-bit editions) (2767915)
Microsoft Office 2010 Service Pack 2 (32-bit editions) (2863942)
Microsoft Office 2010 Service Pack 2 (32-bit editions) (2767915)
Microsoft Office 2010 Service Pack 1 (64-bit editions) (2863942)
Microsoft Office 2010 Service Pack 1 (64-bit editions) (2767915)
Microsoft Office 2010 Service Pack 2 (64-bit editions) (2863942)
Microsoft Office 2010 Service Pack 2 (64-bit editions) (2767915)
Microsoft Lync 2010 (32-bit) (2963285)
Microsoft Lync 2010 (64-bit) (2963285)
Microsoft Lync 2010 Attendee [1] (user level install) (2963282)
Microsoft Lync 2010 Attendee (admin level install) (2963284)
Microsoft Lync 2013 (32-bit) (2881013)
Microsoft Lync Basic 2013 (32-bit) (2881013)
Microsoft Lync 2013 (64-bit) (2881013)
Microsoft Lync Basic 2013 (64-bit) (2881013)
 
References:
Microsoft (KB2967487, KB2957503, KB2957509, KB2964736, KB2965155, KB2964718, KB2965161, KB2878233, KB2881069, KB2863942, KB2767915, KB2968966, KB2963285, KB2963282, KB2963284, KB2881013):
 
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 خرداد 1393

امتیاز

امتیاز شما
تعداد امتیازها:0