Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - October 09, 2012

by: Carol~ October 9, 2012 7:15 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - October 09, 2012

by Carol~ Moderator - 10/9/12 7:15 AM

Debian update for bacula

Release Date : 2012-10-09

Criticality level : Less critical
Impact: Security Bypass
Where : From local network
Solution Status : Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for bacula. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2558-1:
http://www.debian.org/security/2012/dsa-2558

http://secunia.com/advisories/50808/


Reply
Report offensive post
Email to friend

Adobe Flash Player / AIR Multiple Vulnerabilities

by Carol~ Moderator - 10/9/12 7:20 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: Adobe AIR 3.x
Adobe Flash Player 11.x

Description:
Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to compromise a user's system.

1) Some unspecified errors can be exploited to cause buffer overflows. No further information is currently available.

2) Some unspecified errors can be exploited to corrupt memory. No further information is currently available.

3) Another unspecified error can be exploited to corrupt memory. No further information is currently available.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are reported in the following versions:
* Adobe Flash Player versions 11.4.402.278 and prior for Windows
* Adobe Flash Player versions 11.4.402.265 and prior for Macintosh
* Adobe Flash Player versions 11.2.202.238 and prior for Linux
* Adobe Flash Player versions 11.1.115.17 and prior for Android 4.x
* Adobe Flash Player versions 11.1.111.16 and prior for Android 3.x and 2.x
* Adobe AIR versions 3.4.0.2540 and prior for Windows and Macintosh, SDK (includes AIR for iOS), and for Android

Solution:
Update to a fixed version.

Provided and/or discovered by:
The vendor credits:
1, 2) Mateusz Jurczyk, Gynvael Coldwind, and Fermin Serna, Google Security Team.
3) Dark Son, Code Audit Labs

Original Advisory:
http://www.adobe.com/support/security/bulletins/apsb12-22.html

http://secunia.com/advisories/50876/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Google Chrome Multiple Vulnerabilities

by Carol~ Moderator - 10/9/12 7:20 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: Google Chrome 22.x

Description:
Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system.

1) The application bundles a vulnerable version of Adobe Flash player.

2) An error exists related to Skia text rendering.

3) A race condition error exists related to audio device handling.

4) An error exists related to ICU regex handling and can be exploited to cause an out-of-bounds read.

5) An error exists related to compositor handling and can be exploited to cause an out-of-bounds read.

6) An error exists related to plug-in crash monitoring for Pepper plug-ins.

Solution:
Update to version 22.0.1229.92.

Provided and/or discovered by:
The vendor credits:
2, 3) Atte Kettunen, OUSPG.
4) Arthur Gerkis.
5) Inferno, Google Chrome Security Team.
6) Chris Evans, Google Chrome Security Team.

Original Advisory:
http://googlechromereleases.blogspot.dk/2012/10/stable-channel-update.html

http://secunia.com/advisories/50872/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Icy Phoenix "subject" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 10/9/12 7:20 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Icy Phoenix 2.x

Description:
A vulnerability has been discovered in Icy Phoenix, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "subject" parameter to contact_us.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Kurdish hackers team

Original Advisory:
http://packetstorm.codar.com.br/1210-exploits/icyphoenix2-xss.txt

http://secunia.com/advisories/50890/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Siemens SiPass Integrated Message Processing Buffer Overflow

by Carol~ Moderator - 10/9/12 7:20 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Siemens SiPass Integrated Message Processing Buffer Overflow Vulnerability

Release Date : 2012-10-09

Criticality level : Moderately critical
Impact: System access
Where : From local network
Solution Status : Vendor Patch

Software: SiPass Integrated 2.x

Description:
A vulnerability has been reported in Siemens SiPass Integrated, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within SiPass server when handling messages and can be exploited to cause a buffer overflow via a specially crafted message sent to TCP port 4343.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions MP2.6 and prior.

Solution:
Apply hotfix available via support.

Provided and/or discovered by:
The vendor credits Lucas Apa, IOActive.

Original Advisory:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-938777.pdf

http://secunia.com/advisories/50900/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Interspire Email Marketer "Action" Cross-Site Scripting

by Carol~ Moderator - 10/9/12 7:20 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Interspire Email Marketer "Action" Cross-Site Scripting Vulnerability

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Interspire Email Marketer 6.x

Description:
Ibrahim El-Sayed has reported a vulnerability in Interspire Email Marketer, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "Action" parameter in admin/index.php (when "Page" is set to "Addons" and "Addon" is set to "dynamiccontenttags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 6.0.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Ibrahim El-Sayed (the_storm), Vulnerability Lab

Original Advisory:
http://www.vulnerability-lab.com/download_content.php?id=710

http://secunia.com/advisories/50815/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Linux Kernel HFS+ Privilege Escalation Vulnerability

by Carol~ Moderator - 10/9/12 7:21 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System : Linux Kernel 2.6.x

Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially gain escalated privileges.

Solution:
Update to version 2.6.32.60.

Original Advisory:
http://www.kernel.org/pub/linux/kernel/v2.6/longterm/v2.6.32/ChangeLog-2.6.32.60

http://secunia.com/advisories/50849/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for kernel

by Carol~ Moderator - 10/9/12 7:21 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Privilege escalation
DoS
Where : Local system
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 8.04

Description:
Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
USN-1598-1:
http://www.ubuntu.com/usn/usn-1598-1/

http://secunia.com/advisories/50807/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for flash-plugin

by Carol~ Moderator - 10/9/12 7:22 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: Red Hat Enterprise Linux Desktop Supplementary (v. 6)
Red Hat Enterprise Linux Server Supplementary (v. 6)
Red Hat Enterprise Linux Workstation Supplementary (v. 6)
RHEL Desktop Supplementary (v. 5 client)
RHEL Supplementary (v. 5 server)

Description:
Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2012:1346-1:
https://rhn.redhat.com/errata/RHSA-2012-1346.html

http://secunia.com/advisories/50820/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for kernel

by Carol~ Moderator - 10/9/12 7:24 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System : Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for kernel. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Solution:
Apply updated packages.

Original Advisory:
USN-1599-1:
http://www.ubuntu.com/usn/usn-1599-1/

http://secunia.com/advisories/50848/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Pale Moon Multiple Unspecified Vulnerabilities

by Carol~ Moderator - 10/9/12 8:32 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Moderately critical
Impact: Unknown
Where : From remote
Solution Status : Vendor Patch

Software: Pale Moon 15.x

Description:
Multiple vulnerabilities with an unknown impact have been reported in Pale Moon.

The vulnerabilities are caused due to unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 15.2.

Solution:
Update to version 15.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://forum.palemoon.org/viewtopic.php?f=1&t=1510

http://secunia.com/advisories/50817/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Zen Cart "zen_get_all_get_params()" Cross-Site Scripting

by Carol~ Moderator - 10/9/12 9:24 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Zen Cart "zen_get_all_get_params()" Cross-Site Scripting Vulnerability

Release Date : 2012-10-09

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Zen Cart 1.x

Description:
Stefan Schurtz has discovered a vulnerability in Zen Cart, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via arbitrary parameter names and values to e.g. login.php in the admin section is not properly sanitised in the "zen_get_all_get_params()" function (admin/includes/functions/general.php) before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires knowledge of the administration section URL.

The vulnerability is confirmed in version 1.5.1. Other versions may also be affected.

Solution:
Apply patch.

Provided and/or discovered by:
Stefan Schurtz via Secunia.

Original Advisory:
http://www.zen-cart.com/showthread.php?200947-XSS-Flaw-Patch

http://secunia.com/advisories/50574/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Siemens SIMATIC S7-1200 Cross-Site Scripting Vulnerability

by Carol~ Moderator - 10/9/12 9:56 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Operating System : Siemens SIMATIC S7-1200 2.x
Siemens SIMATIC S7-1200 3.x

Description:
A vulnerability has been reported in Siemens SIMATIC S7-1200, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input passed to the web server component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 2.x, 3.0.0, and 3.0.1.

Solution:
Apply firmware update available via support.

Provided and/or discovered by:
The vendor credits Dmitriy Serebryannikov, Artem Chaikin, Yury Goltsev, and Timur Yunusov, Positive Technologies.

Original Advisory:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf

http://secunia.com/advisories/50816/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Fujitsu Interstage HTTP Server "httpOnly" Cookie Information

by Carol~ Moderator - 10/9/12 11:42 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Fujitsu Interstage HTTP Server "httpOnly" Cookie Information Disclosure Vulnerability

Release Date : 2012-10-09

Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From remote
Solution Status : Vendor Workaround

Software: Interstage Application Server 10.x
Interstage Application Server 5.x
Interstage Application Server 6.x
Interstage Application Server 7.x
Interstage Application Server 8.x
Interstage Application Server 9.x
Interstage Apworks 6.x
Interstage Apworks 7.x
Interstage Business Application Server 8.x
Interstage Job Workload Server 8.x
Interstage Studio 10.x
Interstage Studio 8.x
Interstage Studio 9.x

Description:
Fujitsu has acknowledged a vulnerability in Interstage HTTP Server, which can be exploited by malicious people to disclose potentially sensitive information.

Please see the vendor's advisory for a list of affected products.

Solution:
Apply the recommended workaround (please see the vendor's advisory for details).

Original Advisory:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-201203e.html

http://secunia.com/advisories/50840/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Windows Kernel Integer Overflow Privilege

by Carol~ Moderator - 10/9/12 11:42 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Microsoft Windows Kernel Integer Overflow Privilege Escalation Vulnerability

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Privilege escalation
Where : Local system
Solution Status : Vendor Patch

Operating System : Microsoft Windows 7
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an integer overflow error when handling certain objects and can be exploited to execute arbitrary code with kernel privileges.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits an anonymous person via iDefense.

Original Advisory:
MS12-068 (KB2724197):
http://technet.microsoft.com/en-us/security/bulletin/ms12-068

http://secunia.com/advisories/50862/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Windows Kerberos Session Handling Denial

by Carol~ Moderator - 10/9/12 11:46 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Microsoft Windows Kerberos Session Handling Denial of Service Vulnerability

Release Date : 2012-10-09

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System : Microsoft Windows 7
Microsoft Windows Server 2008

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL pointer dereference error within the Kerberos implementation when handling session requests and can be exploited to restart the system via a specially crafted session request.

Solution:
Apply updates.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS12-069 (KB2743555):
http://technet.microsoft.com/en-us/security/bulletin/ms12-069

http://secunia.com/advisories/50867/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Products PAPX Section and listid Handling

by Carol~ Moderator - 10/9/12 11:51 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Microsoft Products PAPX Section and listid Handling Vulnerabilities

Release Date : 2012-10-09

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office 2010
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats
Microsoft Office Web Apps
Microsoft Office Word 2007
Microsoft Office Word Viewer
Microsoft SharePoint Server 2010
Microsoft Word 2003
Microsoft Word 2010

Description:
Two vulnerabilities have been reported in multiple Microsoft products, which can be exploited by malicious people to compromise a user's system.

1) An error when parsing the PAPX section can be exploited to corrupt memory via a specially crafted Word file.

NOTE: This vulnerability affects Microsoft Word 2007 only.

2) A use-after-free error exists when handling listid and can be exploited via a specially crafted RTF file.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution:
Apply updates.

Provided and/or discovered by:
1) The vendor credits an anonymous person via ZDI.
2) The vendor credits an anonymous person via Beyond Security SSD.

Original Advisory:
MS12-064 (KB2742319, KB2687483, KB2687315, KB2553488, KB2687485, KB2687314, KB2598237, KB2687401)
http://technet.microsoft.com/en-us/security/bulletin/ms12-064

http://secunia.com/advisories/50835/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft SQL Server Cross-Site Scripting Vulnerability

by Carol~ Moderator - 10/9/12 11:58 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft SQL Server 2000
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server 2008
Microsoft SQL Server 2012

Description:
A vulnerability has been reported in Microsoft SQL Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised within the SQL Server Report Manager before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS12-070 (KB983814, KB2716429, KB2716427, KB2716434, KB2716433, KB2716436, KB2716435, KB2716440, KB2716439, KB2716442, KB2716441):
http://technet.microsoft.com/en-us/security/bulletin/ms12-070

http://secunia.com/advisories/50901/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Products HTML Sanitisation Component Cross-Site

by Carol~ Moderator - 10/9/12 11:59 AM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Microsoft Products HTML Sanitisation Component Cross-Site Scripting Vulnerability

Release Date : 2012-10-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Groove Server 2010
Microsoft InfoPath 2010
Microsoft Lync 2010
Microsoft Office Communicator 2007
Microsoft Office InfoPath 2007
Microsoft Office Web Apps
Microsoft SharePoint Foundation 2010
Microsoft SharePoint Server 2007
Microsoft SharePoint Server 2010
Microsoft Windows SharePoint Services 3.x

Description:
A vulnerability has been reported in multiple Microsoft products, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised within the HTML Sanitisation component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

NOTE: This is currently being actively exploited in limited targeted attacks.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Drew Hintz, Google Security Team.

Original Advisory:
MS12-066 (KB2687439, KB2687440, KB2687436, KB2687417, KB2726391, KB2726382, KB2726388, KB2726384, KB2687405, KB2687435, KB2589280, KB2687402, KB2687356, KB2687434, KB2687401, KB2687434):
http://technet.microsoft.com/en-us/security/bulletin/ms12-066

http://secunia.com/advisories/50855/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Microsoft Works DOC File Processing Memory Corruption

by Carol~ Moderator - 10/9/12 1:27 PM

In Reply to: VULNERABILITIES / FIXES - October 09, 2012 by Carol~ Moderator

Microsoft Works DOC File Processing Memory Corruption Vulnerability

Release Date : 2012-10-09

Criticality level : Highly critical
Impact: System access
Where : From remote
Solution Status : Vendor Patch

Software: Microsoft Works 9.x

Description:
A vulnerability has been reported in Microsoft Works, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error when processing Word files and can be exploited to corrupt memory via a specially crafted DOC file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
MS12-065 (KB2754670):
http://technet.microsoft.com/en-us/security/bulletin/ms12-065

http://secunia.com/advisories/50844/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close