Gravité: : Critique
  Date du conseil: 09 novembre 2010

  Description

Microsoft addresses the following vulnerabilities in its November batch of patches:


  • (MS10-087) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
    Risk Rating: Critical

    This security update addresses vulnerabilities in Microsoft Office that could allow remote execution when an unsuspecting user opens a specially crafted .RTF email message. Read more here.

  • (MS10-088) Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
    Risk Rating: Important

    This update resolves two vulnerabilities in Microsoft Office that could allow a malicious user to execute code remotely when users open a specially crafted PowerPoint file. Read more here.

  • (MS10-089) Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
    Risk Rating: Important

    This security update resolves four vulnerabilities in Forefront Unified Access Gateway (UAG). Read more here.

  Information Exposure Rating:

Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):

Microsoft Bulletin ID Vulnerability ID Identifier & Title IDF First Pattern Version IDF First Pattern Release Version
MS10-087 CVE-2010-3333 1004498 - Word RTF File Parsing Stack Buffer Overflow Vulnerability 10-035 Nov 10, 2010
MS10-087 CVE-2010-3336 1004500 - MSO Large SPID Read AV Vulnerability 10-035 Nov 10, 2010
MS10-088 CVE-2010-2573 1004499 - PowerPoint Integer Underflow Causes Heap Corruption Vulnerability 10-035 Nov 10, 2010
MS10-089 CVE-2010-2733 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010
MS10-089 CVE-2010-2734 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010
MS10-089 CVE-2010-2736 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010

  Solutions