November 2010 - Microsoft Releases 3 Security Advisories
Publish Date: 21 février 2013
Gravité: : Critique
Date du conseil: 09 novembre 2010
Description
Microsoft addresses the following vulnerabilities in its November batch of patches:
- (MS10-087) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
Risk Rating: Critical
This security update addresses vulnerabilities in Microsoft Office that could allow remote execution when an unsuspecting user opens a specially crafted .RTF email message. Read more here. - (MS10-088) Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
Risk Rating: Important
This update resolves two vulnerabilities in Microsoft Office that could allow a malicious user to execute code remotely when users open a specially crafted PowerPoint file. Read more here. - (MS10-089) Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
Risk Rating: Important
This security update resolves four vulnerabilities in Forefront Unified Access Gateway (UAG). Read more here.
Information Exposure Rating:
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
Microsoft Bulletin ID | Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version |
---|---|---|---|---|
MS10-087 | CVE-2010-3333 | 1004498 - Word RTF File Parsing Stack Buffer Overflow Vulnerability | 10-035 | Nov 10, 2010 |
MS10-087 | CVE-2010-3336 | 1004500 - MSO Large SPID Read AV Vulnerability | 10-035 | Nov 10, 2010 |
MS10-088 | CVE-2010-2573 | 1004499 - PowerPoint Integer Underflow Causes Heap Corruption Vulnerability | 10-035 | Nov 10, 2010 |
MS10-089 | CVE-2010-2733 | 1000552 - Generic Cross Site Scripting (XSS) Prevention | 10-035 | Nov 10, 2010 |
MS10-089 | CVE-2010-2734 | 1000552 - Generic Cross Site Scripting (XSS) Prevention | 10-035 | Nov 10, 2010 |
MS10-089 | CVE-2010-2736 | 1000552 - Generic Cross Site Scripting (XSS) Prevention | 10-035 | Nov 10, 2010 |