Thursday, December 5, 2013

CPE: McAfee AudioParasitic: Episode 38 M$ Sec bulletin

length: 00:11:01

MS08-039:  vulnerabilities in Outlook Web Access (OWA) for Microsoft Exchange Server.

MS08-038: Windows Explorer that could allow remote code execution when a specially crafted saved-search file is opened and saved. Affecting Windows Vista and Windows Server 2008.

MS08-037: vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
DNS insufficient socket entropy vulnerability

MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege –pretty wide OS range
Buffer over run vul – convert function
Memory corruption

Mostly sql injection – not coding flaw
Not platform independent
Issue with query language itself.

Labels: ,


Post a Comment

Subscribe to Post Comments [Atom]

<< Home