Weekly Vulnerabilities Reports > May 7 to 13, 2012
Overview
57 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 47 products from 13 vendors including Microsoft, Apple, Adobe, HP, and PHP. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Resource Management Errors", and "Numeric Errors".
- 50 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 55 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 19 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
32 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-09 | CVE-2012-2033 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2032. | 10.0 |
2012-05-09 | CVE-2012-2032 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033. | 10.0 |
2012-05-09 | CVE-2012-2031 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2032, and CVE-2012-2033. | 10.0 |
2012-05-09 | CVE-2012-2030 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. | 10.0 |
2012-05-09 | CVE-2012-2029 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033. | 10.0 |
2012-05-09 | CVE-2012-2026 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator and Illustrator Cs5.5 Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025. | 10.0 |
2012-05-09 | CVE-2012-2025 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator and Illustrator Cs5.5 Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026. | 10.0 |
2012-05-09 | CVE-2012-2024 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator and Illustrator Cs5.5 Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026. | 10.0 |
2012-05-09 | CVE-2012-2023 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator and Illustrator Cs5.5 Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. | 10.0 |
2012-05-09 | CVE-2012-0780 | Adobe | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Illustrator and Illustrator Cs5.5 Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026. | 10.0 |
2012-05-09 | CVE-2012-0778 | Adobe | Buffer Errors vulnerability in Adobe Flash Cs3, Flash CS4 and Flash Cs5.5 Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2012-05-11 | CVE-2012-1823 | PHP Fedoraproject Debian HP Opensuse Suse Apple Redhat | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. | 9.8 |
2012-05-09 | CVE-2012-0685 | Xnview | Numeric Errors vulnerability in Xnview Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0684. | 9.3 |
2012-05-09 | CVE-2012-0684 | Xnview | Numeric Errors vulnerability in Xnview Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote attackers to execute arbitrary code via a crafted file containing PSD record types, a different vulnerability than CVE-2012-0685. | 9.3 |
2012-05-09 | CVE-2012-2028 | Adobe | Buffer Errors vulnerability in Adobe Photoshop, Photoshop CS4 and Photoshop Cs5.5 Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors. | 9.3 |
2012-05-09 | CVE-2012-2027 | Adobe | Resource Management Errors vulnerability in Adobe Photoshop, Photoshop CS4 and Photoshop Cs5.5 Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a crafted TIFF (aka .TIF) file. | 9.3 |
2012-05-09 | CVE-2012-1847 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Series Record Parsing Type Mismatch Could Result in Remote Code Execution Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0185 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0184 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 and 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SXLI Record Memory Corruption Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0183 | Microsoft | RTF Data Handling Remote Memory Corruption vulnerability in Microsoft Office, Office Compatibility Pack and Word Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0176 | Microsoft | Resource Management Errors vulnerability in Microsoft Silverlight Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 on Windows allows remote attackers to execute arbitrary code via vectors involving crafted XAML glyphs, aka "Silverlight Double-Free Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0167 | Microsoft | Improper Input Validation vulnerability in Microsoft Office 2003/2007 Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0165 | Microsoft | Improper Input Validation vulnerability in Microsoft Office, Windows Server 2008 and Windows Vista GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0162 | Microsoft | Buffer Errors vulnerability in Microsoft .Net Framework 4.0 Microsoft .NET Framework 4 does not properly allocate buffers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Buffer Allocation Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0161 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0160 | Microsoft | Improper Input Validation vulnerability in Microsoft .Net Framework Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0159 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0143 | Microsoft | Resource Management Errors vulnerability in Microsoft Excel and Office Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0142 | Microsoft | Resource Management Errors vulnerability in Microsoft products Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2008 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption in OBJECTLINK Record Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0141 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2011 for Mac; Excel Viewer; and Office Compatibility Pack SP2 and SP3 do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel File Format Memory Corruption Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-0018 | Microsoft | Improper Input Validation vulnerability in Microsoft Visio Viewer 2010 Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability." | 9.3 |
2012-05-09 | CVE-2012-2009 | HP | Permissions, Privileges, and Access Controls vulnerability in HP Performance Insight Unspecified vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to gain privileges via unknown vectors. | 9.0 |
6 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-11 | CVE-2012-0662 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in the Security Framework in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted input. | 7.5 |
2012-05-09 | CVE-2012-2007 | HP | SQL Injection vulnerability in HP Performance Insight SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-05-08 | CVE-2012-1675 | Oracle | Permissions, Privileges, and Access Controls vulnerability in Oracle Database Server The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, and 11.2.0.3, and 10g 10.2.0.3, 10.2.0.4, and 10.2.0.5, as used in Oracle Fusion Middleware, Enterprise Manager, E-Business Suite, and possibly other products, allows remote attackers to execute arbitrary database commands by performing a remote registration of a database (1) instance or (2) service name that already exists, then conducting a man-in-the-middle (MITM) attack to hijack database connections, aka "TNS Poison." | 7.5 |
2012-05-09 | CVE-2012-0181 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability." | 7.2 |
2012-05-09 | CVE-2012-0179 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7 and Windows Server 2008 Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability." | 7.2 |
2012-05-09 | CVE-2012-1977 | Wellintech | Credentials Management vulnerability in Wellintech Kingview 3.0 WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of passwords in user.db, which allows context-dependent attackers to obtain sensitive information by reading this file. | 7.1 |
17 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-11 | CVE-2012-0656 | Apple | Race Condition vulnerability in Apple mac OS X Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before 10.7.4, when the Guest account is enabled, allows physically proximate attackers to login to arbitrary accounts by entering the account name and no password. | 6.9 |
2012-05-11 | CVE-2012-0649 | Apple | Race Condition vulnerability in Apple mac OS X and mac OS X Server Race condition in the initialization routine in blued in Bluetooth in Apple Mac OS X before 10.7.4 allows local users to gain privileges via vectors involving a temporary file. | 6.9 |
2012-05-11 | CVE-2012-0661 | Apple | Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding. | 6.8 |
2012-05-11 | CVE-2012-0660 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | 6.8 |
2012-05-11 | CVE-2012-0659 | Apple | Numeric Errors vulnerability in Apple mac OS X and mac OS X Server Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG file. | 6.8 |
2012-05-11 | CVE-2012-0658 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted audio sample tables in a movie file that is progressively downloaded. | 6.8 |
2012-05-11 | CVE-2012-0654 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized memory locations during the processing of X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted certificate. | 6.8 |
2012-05-08 | CVE-2012-0672 | Apple | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Iphone OS WebKit in Apple iOS before 5.1.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | 6.8 |
2012-05-11 | CVE-2012-0655 | Apple | Cryptographic Issues vulnerability in Apple mac OS X and mac OS X Server libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict the length of RSA keys within X.509 certificates, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by conducting a spoofing or network-sniffing attack during communication with a site that uses a short key. | 6.4 |
2012-05-11 | CVE-2012-2329 | PHP | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP 5.4.0/5.4.1/5.4.2 Buffer overflow in the apache_request_headers function in sapi/cgi/cgi_main.c in PHP 5.4.x before 5.4.3 allows remote attackers to cause a denial of service (application crash) via a long string in the header of an HTTP request. | 5.0 |
2012-05-11 | CVE-2012-0676 | Apple | Improper Input Validation vulnerability in Apple Safari WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors. | 5.0 |
2012-05-11 | CVE-2012-0651 | Apple | Information Exposure vulnerability in Apple mac OS X and mac OS X Server The directory server in Directory Service in Apple Mac OS X 10.6.8 allows remote attackers to obtain sensitive information from process memory via a crafted message. | 5.0 |
2012-05-09 | CVE-2012-0164 | Microsoft | Unspecified vulnerability in Microsoft .Net Framework 4.0 Microsoft .NET Framework 4 does not properly compare index values, which allows remote attackers to cause a denial of service (application hang) via crafted requests to a Windows Presentation Foundation (WPF) application, aka ".NET Framework Index Comparison Vulnerability." | 5.0 |
2012-05-11 | CVE-2012-0652 | Apple | Information Exposure vulnerability in Apple mac OS X 10.7.3 Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or networked home directories are enabled, does not properly restrict what is written to the system log for network logins, which allows local users to obtain sensitive information by reading the log. | 4.9 |
2012-05-11 | CVE-2012-0675 | Apple | Improper Authentication vulnerability in Apple mac OS X and mac OS X Server Time Machine in Apple Mac OS X before 10.7.4 does not require continued use of SRP-based authentication after this authentication method is first used, which allows remote attackers to read Time Capsule credentials by spoofing the backup volume. | 4.3 |
2012-05-09 | CVE-2012-2008 | HP | Cross-Site Scripting vulnerability in HP Performance Insight Cross-site scripting (XSS) vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-05-08 | CVE-2012-0674 | Apple | Improper Input Validation vulnerability in Apple Iphone OS Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the location bar's URL via a crafted web site. | 4.3 |
2 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-05-11 | CVE-2012-0657 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X and mac OS X Server Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS Visualizer screensaver is enabled, allows physically proximate attackers to bypass screen locking and launch a Safari process via unspecified vectors. | 2.1 |
2012-05-09 | CVE-2012-0174 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 7, Windows Server 2008 and Windows Vista Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability." Per http://technet.microsoft.com/en-us/security/bulletin/ms12-032 "An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability." "In order to use this vulnerability, an attacker would first have to gain access to the local subnet of the target computer. | 1.7 |