Severity: : Critical
  Advisory Date: 09 de ноября de 2010

  DESCRIPTION

Microsoft addresses the following vulnerabilities in its November batch of patches:


  • (MS10-087) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930)
    Risk Rating: Critical

    This security update addresses vulnerabilities in Microsoft Office that could allow remote execution when an unsuspecting user opens a specially crafted .RTF email message. Read more here.

  • (MS10-088) Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (2293386)
    Risk Rating: Important

    This update resolves two vulnerabilities in Microsoft Office that could allow a malicious user to execute code remotely when users open a specially crafted PowerPoint file. Read more here.

  • (MS10-089) Vulnerabilities in Forefront Unified Access Gateway (UAG) Could Allow Elevation of Privilege (2316074)
    Risk Rating: Important

    This security update resolves four vulnerabilities in Forefront Unified Access Gateway (UAG). Read more here.

  INFORMATION EXPOSURE

Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):

Microsoft Bulletin ID Vulnerability ID Identifier & Title IDF First Pattern Version IDF First Pattern Release Version
MS10-087 CVE-2010-3333 1004498 - Word RTF File Parsing Stack Buffer Overflow Vulnerability 10-035 Nov 10, 2010
MS10-087 CVE-2010-3336 1004500 - MSO Large SPID Read AV Vulnerability 10-035 Nov 10, 2010
MS10-088 CVE-2010-2573 1004499 - PowerPoint Integer Underflow Causes Heap Corruption Vulnerability 10-035 Nov 10, 2010
MS10-089 CVE-2010-2733 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010
MS10-089 CVE-2010-2734 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010
MS10-089 CVE-2010-2736 1000552 - Generic Cross Site Scripting (XSS) Prevention 10-035 Nov 10, 2010

  SOLUTION