BSM Reference Stack 3.0 security vulnerabilities and recommendations - Windows
The following security vulnerabilities were found during security scans of version 3.0 of the BSM Reference Stack on Microsoft Windows operating systems. This table represents autogenerated output.
Operating system | Port | Vulnerability name | Vulnerability description | Initial risk rating | Common Vulnerabilities Exposures (CVE) ID | Recommendation |
|---|---|---|---|---|---|---|
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft HTML Help Stack Overflow Remote Code Execution | A remote code execution vulnerability is present in some versions of Microsoft Windows. | High | CVE-MAP-NOMATCH | McAfee is currently unaware of a vendor-supplied patch or update (08/10/2011). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Adobe Products Security Update Available For Adobe Flash Player - APSB10-26 | Multiple vulnerabilities are present in some versions of Adobe Flash Player. | High | CVE-2010-3636 | Download the latest version of Adobe Flash Player from the following location: http://www.adobe.com/support/security/bulletins/apsb10-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB10-26) Adobe Products Authplay.dll Code Execution | A code execution vulnerability exists in some versions of Adobe Flash Player, Reader and Acrobat. | High | CVE-2010-3654 | The vendor has released updates to address this issue: http://www.adobe.com/support/security/bulletins/apsb10-26.htmlhttp://www.adobe.com/support/security/bulletins/apsb10-28.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-28) Adobe Flash Player Multiple Vulnerabilities | Multiple vulnerabilities are present in some versions of Adobe Flash Player. | High | CVE-2011-2445 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-28.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-21) Adobe Flash Player Multiple Vulnerabilities Prior To 10.3.183.5 | Multiple vulnerabilities are present in some versions of Adobe Flash Player. | High | CVE-2011-2130 | Download the latest version of Adobe Flash Player from the following location: http://get.adobe.com/flashplayer/ |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Adobe Flash Player VulnDisco Step Ahead Remote Code Execution | A remote code execution vulnerability is present in some versions of Adobe Flash Player. | High | CVE-2011-4694 | McAfee is currently unaware of a vendor-supplied patch or update (12/30/2011). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-26) Adobe Flash Player AVM Remote Code Execution | A remote code execution vulnerability is present in some versions of Adobe Flash Player. | High | CVE-2011-2426 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-26) Adobe Flash Player AVM Remote Code Execution II | A remote code execution vulnerability is present in some versions of Adobe Flash Player. | High | CVE-2011-2427 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-26) Adobe Flash Player Remote Code Execution | A remote code execution vulnerability is present in some versions of Adobe Flash Player. | High | CVE-2011-2428 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-26) Adobe Flash Player Streaming Remote Code Execution | A remote code execution vulnerability is present in some versions of Adobe Flash Player. | High | CVE-2011-2430 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSA11-01) Adobe Flash Player ".xls" files Denial Of Service | A denial of service vulnerability is present in some versions of Adobe Reader, Acrobat and Flash Player. | High | CVE-2011-0609 | Vendor updates are available at: http://www.adobe.com/support/security/advisories/apsa11-01.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-004) Microsoft Media Player DirectShow Remote Code Execution (2636391) | A remote code execution vulnerability is present in some versions Microsoft Windows Media Player. | High | CVE-2012-0004 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-004.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-005) Microsoft Windows Assembly Execution (2584146) | A remote code execution vulnerability is present in some versions Microsoft Windows. | High | CVE-2012-0013 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-005.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Mozilla Firefox Multiple Vulnerabilities Prior To 3.6.26 | Multiple vulnerabilities are present in some versions of Mozilla Firefox. | High | CVE-2012-0442 | Download the version 3.6.26 or later of Mozilla Firefox from the following location: http://www.mozilla.org/firefox/ |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-087) Microsoft Windows TrueType Font Parsing (2639417) | A remote code execution vulnerability is present in some versions of Microsoft Windows. | High | CVE-2011-3402 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-087.aspxSuperseded patch information:This patch has been superseded by MS12-008http://www.microsoft.com/technet/security/Bulletin/MS12-008.mspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-008) Microsoft Windows GDI Access Violation (2660465) | A remote code execution vulnerability is present in some versions of Microsoft Windows. | High | CVE-2011-5046 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-008.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-010) Microsoft IE HtmlLayout Remote Code Execution (2647516) | A remote code execution vulnerability is present in some versions Microsoft Internet Explorer. | High | CVE-2012-0011 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-010.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-016) Microsoft .NET Framework Unmanaged Objects (2651026) | A remote code execution vulnerability is present in some versions of Microsoft .NET Framework. | High | CVE-2012-0014 | The vendor has released an update to address this issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-016.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-016) Microsoft .NET Framework Heap Corruption (2651026) | A remote code execution vulnerability is present in some versions Microsoft .NET Framework. | High | CVE-2012-0015 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-016.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-013) Microsoft Windows Msvcrt.dll Buffer Overflow (2654428) | A remote code execution vulnerability is present in some versions Microsoft Windows. | High | CVE-2012-0150 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-013.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSA11-02) Adobe Flash Player/Acrobat/Reader Doc Remote Code Execution | A remote code execution vulnerability is present in some versions of Abode Flash Player, Acrobat and Reader. | High | CVE-2011-0611 | The vendor has released an update to address the issue:Adobe Flash Player: http://www.adobe.com/support/security/bulletins/apsb11-07.htmlUpdates for Adobe Reader and Acrobat:http://www.adobe.com/support/security/bulletins/apsb11-08.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-049) Microsoft XML Editor Could Allow Information Disclosure (2543893) | A information disclosure vulnerability is present in some versions of Microsoft XML Editor. | High | CVE-2011-1280 | The vendor has released an update to address the issue: http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-100) Microsoft Windows .NET Hash Tables Denial of Service (2638420) | A denial of service vulnerability is present in some versions of Microsoft Windows. | High | CVE-2011-3414 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-100 |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-012) Microsoft Color Control Panel Insecure Library Loading (2643719) | A remote code execution vulnerability is present in some versions Microsoft Windows. | High | CVE-2010-5082 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-012.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer Address Bar Pop-Up Spoofing | A spoofing vulnerability exists in some versions of Microsoft Internet Explorer. | Medium | CVE-MAP-NOMATCH | McAfee is currently unaware of a vendor-supplied patch or update. (03/7/2011) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer Cache Objects History Enumeration Weakness Information Disclosure | An information disclosure vulnerability is present in some versions of Microsoft Internet Explorer. | Medium | CVE-2011-4689 | McAfee is currently unaware of a vendor-supplied patch or update (12/30/2011). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer XSS Filter Cross-Site Scripting Vulnerability | A cross-site scripting vulnerability is present in some versions of Microsoft Internet Explorer. | Medium | CVE-2010-1489 | McAfee is currently unaware of a vendor-supplied patch or update (6/30/2011) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer findText Parsing Denial-of-Service Vulnerability | A vulnerability in Microsoft Internet Explorer may allow for remote denial-of-service attacks. | Medium | CVE-2009-2655 | McAfee is unaware of a vendor-supplied patch or update at this time (8/27/2009) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer URL Spoofing Vulnerability | A vulnerability in Micrsoft Internet Explorer may allow an attacker to spoof legitimate Web sites. | Medium | CVE-2009-3003 | McAfee Avert Labs is not aware of a vendor-supplied patch/upgrade at this time (10/06/2009) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Office Communicator (Beta) SIP Denial Of Service Vulnerability | A denial-of-service vulnerability exists in some versions of Microsoft Office Communicator. | Medium | CVE-MAP-NOMATCH | McAfee is not aware of a vendor-supplied patch or update at this time (4/6/2010) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Windows Win32k.sys Buffer Overflow Vulnerability | A buffer overflow vulnerability is present in some versions of Microsoft Windows. | Medium | CVE-MAP-NOMATCH | The vendor will address this issue via a future security update. Info: http://blogs.technet.com/b/msrc/archive/2010/08/10/update-on-the-publicly-disclosed-win32k-sys-eop-vulnerability.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Windows Service Isolation Bypass Vulnerability | A privilege escalation vulnerability is present some versions of Microsoft Windows. | Medium | CVE-2010-1886 | Microsoft has not provide a patch for this issue. Please do not run critical services with NetworkService privileges.The vendor has released an advisory describing workarounds that does not correct the underlying issue but would help block known attack vectors.For more information see, http://technet.microsoft.com/en-us/security/advisory/2264072 |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Windows Environment Variable Expansion Library Loading Vulnerability | A logic error is present in some versions of Microsoft Windows. | Medium | CVE-MAP-NOMATCH | The vendor has released an advisory describing a workaround that can be used to mitigate this issue.More information can be found at: http://support.microsoft.com/kb/329308 |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Windows wab32res.dll Insecure Library Loading Remote Code Execution | An insecure library loading vulnerability is present in some versions of Microsoft Windows. | Medium | CVE-2010-3143 | McAfee is currently unaware of a vendor-supplied patch or update (12/12/2011). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-26) Adobe Flash Player Universal Cross Site Scripting Security Bypass | A security bypass vulnerability is present in some versions of Adobe Flash Player. | Medium | CVE-2011-2444 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (APSB11-26) Adobe Flash Player Control Bypass Information Disclosure | An information disclosure vulnerability is present in some versions of Adobe Flash Player. | Medium | CVE-2011-2429 | The vendor has released an update to address the issue: http://www.adobe.com/support/security/bulletins/apsb11-26.html |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Apache Apr-util Multiple Denial Of Service Vulnerabilities | Multiple denial of service vulnerabilities are present in some versions of Apache Apr-util. | Medium | CVE-MAP-NOMATCH | Download 1.3.10 or later version of Apache apr-util from the following location: http://www.apache.org/dist/apr/ |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-006) SSL and TLS Protocols Information Disclosure (2643584) | A information disclosure vulnerability is present in some versions SSL and TLS protocol. | Medium | CVE-2011-3389 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-006.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-001) Microsoft Windows Kernel SafeSEH Bypass (2644615) | A security bypass vulnerability is present in some versions Microsoft Windows. | Medium | CVE-2012-0001 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-001.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-097) Microsoft Windows CSRSS Local Privilege Elevation (2620712) | A privilege escalation vulnerability is present in some versions of Microsoft Windows. | Medium | CVE-2011-3408 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-097.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-099) Microsoft Internet Explorer XSS Filter Information Disclosure (2618444) | An information disclosure vulnerability is present in some versions of Microsoft Internet Explorer. | Medium | CVE-2011-1992 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-099.aspxSuperseded patch information:This patch has been superseded by MS12-010http://www.microsoft.com/technet/security/Bulletin/MS12-010.mspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer 'mshtml.dll' Remote Information Disclosure Vulnerability | A vulnerability exists in Microsoft Internet Explorer that may be used by attackers to gain sensitive information. | Medium | CVE-2010-3886 | The vendor has released an update for IE7 and IE8 to address this issue. http://www.microsoft.com/technet/security/bulletin/MS11-050.mspxOn IE6, McAfee is currently unware of a vendor supplied patch or update (2012/02/15). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Skype URI Handling "/Datapath" Vulnerability | A vulnerability in Skype can be exploited to bypass certain security restrictions and can potentially lead to sensitive information disclosure. | Medium | CVE-MAP-NOMATCH | Update to version 4.2.0.155 (v4.2 hotfix #1). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-008) Microsoft Windows Keyboard Layout Use After Free (2660465) | A privilege escalation vulnerability is present in some versions Microsoft Windows. | Medium | CVE-2012-0154 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-008.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS12-009) Microsoft Windows AfdPoll Elevation of Privilege (2645640) | A privilege escalation vulnerability is present in some versions Microsoft Windows. | Medium | CVE-2012-0148 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-009.aspx |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-100) Microsoft .NET Form Authentication Spoofing (2638420) | An information disclosure vulnerability is present in some versions of Microsoft .NET | Medium | CVE-2011-3415 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-100 |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-100) Microsoft .NET User Authentication Privilege Escalation (2638420) | A privilege escalation vulnerability is present in some versions of Microsoft .NET | Medium | CVE-2011-3416 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-100 |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | (MS11-100) Microsoft .NET Cached Content Privilege Escalation (2638420) | A remote code execution vulnerability is present in some versions of Microsoft .NET | Medium | CVE-2011-3417 | The vendor has released an update to address the issue: http://technet.microsoft.com/en-us/security/bulletin/ms11-100 |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Skype file: URI Handler Vulnerability | A vulnerability in Skype may allow for code-execution attacks. | Medium | CVE-2008-1805 | The vendor has made an update available for remediation here: http://www.skype.com/download/ |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer Cache Objects History Enumeration Weakness | An information disclosure vulnerability is present in some versions of Microsoft Internet Explorer. | Low | CVE-2002-2435 | McAfee is currently unaware of a vendor-supplied patch or update (2/13/2012). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer CSS 'expression' Remote Denial of Service Vulnerability | A remote denial of service vulnerability is present in some versions of Microsoft Internet Explorer. | Low | CVE-MAP-NOMATCH | McAfee is currently not aware of any patches from the vendor. (1/16/2011) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Internet Explorer AddFavorite Method Denial-of-Service Vulnerability | A vulnerability exists in Microsoft Internet Explorer that may allow for denial of service attacks. | Low | CVE-2009-2433 | McAfee Avert Labs is not aware of a vendor supplied patch/update at this time. (8/20/2009) |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Windows Explorer Local Denial Of Service Vulnerability | A local denial of service vulnerability is present in some versions of Microsoft Windows. | Low | CVE-MAP-NOMATCH | McAfee is currently unaware of a vendor-supplied patch or update (02/09/2012). |
Windows 2008 (Version 6.1, Service Pack 1, Build 7601, Server [*]) | 139 | Microsoft Windows Local DNS Poisoning Vulnerabilities | Multiple DNS poisoning vulnerabilities are present in some versions of Microsoft Windows. | Low | CVE-MAP-NOMATCH | McAfee is currently unaware of a vendor-supplied patch or update (12/30/2011). |