2/10/2009

마이크로소프트 2009년 2월 패치


익스플로이터빌러티 인덱스를 도입한지 몇달 되었는데, 요번달 인덱스는 모두 1과 2다. 숫자가 낮을 수록 위험하다는 의미인듯 하다. 흠 거의 모두가 위험한 익스플로잇들인 셈이군. MS09-004의 SQL extended procedure를 sql injection을 통해서 접근해서 버퍼 오버플로우를 일으키는 시나리오는 마음에 든다.
Bulletin ID Bulletin Title CVE ID Exploitability Index Assessment Key Notes

MS09-002

Cumulative Security Update for Internet Explorer (961260)

CVE-2009-0075

1 - Consistent exploit code likely

Consistent exploit code can be crafted easily.

MS09-002

Cumulative Security Update for Internet Explorer (961260)

CVE-2009-0076

1 - Consistent exploit code likely

Consistent exploit code can be crafted easily.

MS09-003

Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

CVE-2009-0098

2 - Inconsistent exploit code likely 

(None)

MS09-003

Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

CVE-2009-0099

2 - Inconsistent exploit code likely 

This is a denial-of-service vulnerability. Attacks exploiting this vulnerability will likely result only in denial of service, not remote code execution. 

MS09-004

Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420)

CVE-2008-5416

1 - Consistent exploit code likely 

Post-authentication, functional exploit code has been published.

MS09-005

Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

CVE-2009-0095

2 - Inconsistent exploit code likely 

(None)

MS09-005

Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

CVE-2009-0096

2 - Inconsistent exploit code likely 

(None)

MS09-005

Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

CVE-2009-0097

2 - Inconsistent exploit code likely 

(None)

Posted via email from bugtruck's posterous

댓글 없음:

댓글 쓰기