Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Clase de Activo Sistema Operativo Sistema Operativo Sistema Operativo Firewall Access Point Switch
Direccin IP
Nombre Activo Windows Server 2003 Windows 7 Windows Server 2008 Cisco ASA 5500 AP Cisco Aironet Cisco Catalyst 3560
Descripcin del Activo de TI Soporta aplicaciones o servicios corporativos Sistema operativo de usuario final Terminal Server Firewall de la red corporativa Punto de Acceso inalambrico Switch de Core Asterisk es un programa de software libre (bajo licencia GPL) que proporciona funcionalidades de una central telefnica (PBX) para telefonia VOIP. Telefono Grandstream que permite la comunicacin por Voz sobre IP Navegador Web Internet Explorer Herramienta de Ofimtica
URL Fabricante
Propietario Cordinador de Sistemas Cordinador de Sistemas Cordinador de Sistemas Cordinador de Sistemas Cordinador de Sistemas Cordinador de Sistemas
Cantidad 2 30 5 4 10 2
1 40 30 30
Servicio o Procesos del negocio Gestin de Prstamos Gestin de Prstamos Internet y Wifi Internet y Wifi Internet y Wifi Internet y Wifi
Nombre Activo de TI
http://www.cvedetails.com/cve/CVE-20120157/
3/13/2012
http://www.cvedetails.com/cve/CVE-20120154/
2/14/2012
http://www.cvedetails.com/cve/CVE-20120148/
2/14/2012
http://www.cvedetails.com/cve/CVE-20120005/
1/10/2012
http://www.cvedetails.com/cve/CVE-20105082/
1/17/2012
http://www.cvedetails.com/cve/CVE-20120358/
3/12/2012
http://www.cvedetails.com/cve/CVE-20120356/
3/14/2012
http://www.cvedetails.com/cve/CVE-20120355/
3/14/2012
http://www.cvedetails.com/cve/CVE-20120354/
3/14/2012
http://www.cvedetails.com/cve/CVE-20120354/
3/14/2012
AP Cisco Aironet
8/28/2009
AP Cisco Aironet
8/27/2009
AP Cisco Aironet
1/22/2006
AP Cisco Aironet
11/12/2005
AP Cisco Aironet
4/9/2002 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020409-aironet-te
http://www.cvedetails.com/cve/CVE-20054258/
12/15/2005
https://supportforums.cisco.com/thread/210 7248
9/28/2011
https://supportforums.cisco.com/thread/2 107248
9/28/2011
http://www.securityfocus.com/archive/1/5 17863
5/4/2011
http://www.securityfocus.com/archive/1/5 17865/30/0/threaded
5/4/2011
Asterisk
http://osvdb.org/show/osvdb/80125
3/15/2012
Asterisk
http://osvdb.org/show/osvdb/80126
3/15/2012
Asterisk
http://osvdb.org/show/osvdb/78482
1/15/2012
Asterisk
http://osvdb.org/show/osvdb/77597
7/18/2011
Asterisk
http://osvdb.org/show/osvdb/77598
8/12/2011
Telefono VOIP
http://osvdb.org/show/osvdb/40185
8/22/2007
Internet Explorer
http://www.securityfocus.com/bid/45246
12/22/2010
Internet Explorer
http://www.securityfocus.com/bid/40487
6/1/2010
Internet Explorer
http://www.cvedetails.com/cve/CVE-20101118/
3/25/2012
Microsoft Office
http://www.cvedetails.com/cve/CVE-20113413/
12/13/2011
Microsoft Office
http://www.cvedetails.com/cve/CVE-20113403/
12/13/2011
Microsoft Office
http://www.cvedetails.com/cve/CVE-20111990/
9/15/2011
Microsoft Office
http://www.cvedetails.com/cve/CVE-20111989/
9/15/2011
Microsoft Office
http://www.cvedetails.com/cve/CVE-20111988/
9/15/2011
http://osvdb.org/show/osvdb/80125
http://technet.microsoft.com/enus/security/bulletin/ms12-018
3/13/2012
http://technet.microsoft.com/security/bulletin/MS12008
2/14/2012
http://technet.microsoft.com/security/bulletin/MS12009
2/14/2012
http://technet.microsoft.com/security/bulletin/MS12003
1/10/2012
http://technet.microsoft.com/security/bulletin/MS12012
1/17/2012
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20120314-asaclient
3/12/2012
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20120314-asa
3/14/2012
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20120314-asa
3/14/2012
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20120314-asa
3/14/2012
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20120314-asa
3/14/2012
http://tools.cisco.com/security/center/viewAlert.x?alert Id=18919
2/27/2009
http://www.airmagnet.com/assets/AM_Technote_SkyJa ck_082509.pdf
2/27/2009
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20060112-wireless
1/22/2006
http://tools.cisco.com/security/center/content/CiscoSe curityAdvisory/cisco-sa-20051102-lwapp
11/12/2005
4/9/2002 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020409-aironet-telnet
http://www.cisco.com/warp/public/cc/pd/si/casi/ca350 0xl/index.shtml
12/15/2005
https://supportforums.cisco.com/thread/2107248
9/28/2011
https://supportforums.cisco.com/thread/2107248
9/28/2011
http://tools.cisco.com/security/center/content/CiscoSe curityResponse/cisco-sr-20110505-ios
5/4/2011
http://www.securityfocus.com/archive/1/517865/30/0/ threaded
5/4/2011
http://downloads.asterisk.org/pub/security/AST-2012002.html
3/14/2012
http://downloads.asterisk.org/pub/security/AST-2012003.html
3/14/2012
http://downloads.asterisk.org/pub/security/AST-2012001.html
1/15/2012
http://downloads.asterisk.org/pub/security/AST-2011013.html
7/18/2011
http://downloads.asterisk.org/pub/security/AST-2011014.html
8/12/2011
http://archives.neohapsis.com/archives/fulldisclosure/2 007-08/0401.html
8/22/2007
12/22/2010
http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
http://www.securityfocus.com/bid/40487
6/12/2010
3/16/2010 4/13/2010
03/25/2010
http://technet.microsoft.com/security/bulletin/MS11094
12/13/2011
http://technet.microsoft.com/security/bulletin/MS11096
12/13/2011
http://technet.microsoft.com/enus/security/bulletin/MS11-072
9/15/2011
http://technet.microsoft.com/enus/security/bulletin/MS11-072
9/15/2011
http://technet.microsoft.com/enus/security/bulletin/MS11-072
9/15/2011
Categora
Nombre Vulnerabilidad
Importante
CVE-2012-0157
Importante
CVE-2012-0154
Importante
CVE-2012-0148
Importante
CVE-2012-0005
Importante
CVE-2010-5082
Critico
CVE-2012-0358 CSCtr00165
CISCO 20120314 Cisco ASA 5500 Series Adaptive Security Appliance Clientless VPN ActiveX Control Remote Code Execution Vulnerability
Importante
CVE-2012-0356
CISCO 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Importante
CVE-2012-0355
CISCO 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Importante
CVE-2012-0354
CISCO 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Importante
CVE-2012-0353
CISCO 20120314 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module
Importante
CVE-2009-2861 CSCtb56664.
Importante
CVE-2009-2976
Importante
CVE-2006-0354 CSCsc16644
Importante
CVE-2005-3482
Importante
cisco-sa-20020409
Importante
CVE-2005-4258
Multiple Unspecified Cisco Catalyst Switches LanD Packet Denial Of Service Vulnerability
Importante
2363 - CVE-MAP-NOMATCH
Importante
2363 - CVE-MAP-NOMATCH
Importante
N/A
Importante
N/A
Importante
osvdb: 80125
Importante
osvdb: 80126
Asterisk main/utils.c ast_parse_digest() Function HTTP Digest Authentication String Parsing Remote Overflow
Importante
CVE-2012-0885
Asterisk main/utils.c ast_parse_digest() Function HTTP Digest Authentication String Parsing Remote Overflow
Importante
osvdb: 77597
Importante
osvdb: 77598
Importante
isvdb: 40185
Grandstream SIP Phone GXV-3000 Crafted SIP INVITE Message Privilege Escalation
Critica
CVE-2010-3971
Critica
Importante Importante
CVE-2010-0806 CVE-2010-0483
Importante
CVE-2010-1118
Importante
CVE-2011-3413
Importante
CVE-2011-3413
Importante
CVE-2011-1990
Importante
CVE-2011-1989
Importante
CVE-2011-1988
Descripcin de la Vulnerabilidad win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability." Use-after-free vulnerability in win32k.sys in the kernelmode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability. afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability." The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
Versiones Afectadas
Impacto
XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1
Medio
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit
Medio
Bajo
Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2
Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows Microsoft Windows Server local users to gain privileges via a Trojan horse sti.dll 2008 SP2, R2, and R2 file in the current working directory, as demonstrated by SP1 a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
Bajo
Cisco Adaptive Security Buffer overflow in the Cisco Port Forwarder ActiveX Appliances (ASA) 5500 control in cscopf.ocx, as distributed through the series devices with Clientless VPN feature on Cisco Adaptive Security software 7.0 through 7.2 Appliances (ASA) 5500 series devices with software before 7.2(5.6), 8.0 before 7.0 through 7.2 before 7.2(5.6), 8.0 before 8.0(5.26), 8.0(5.26), 8.1 before 8.1 before 8.1(2.53), 8.2 before 8.2(5.18), 8.3 before 8.1(2.53), 8.2 before 8.3(2.28), 8.2 before 8.4(2.16), and 8.6 before 8.6(1.1), 8.2(5.18), 8.3 before allows remote attackers to execute arbitrary code via 8.3(2.28), 8.2 before unspecified vectors, aka Bug ID CSCtr00165. 8.4(2.16), and 8.6 before 8.6(1.1), (ASA) 5500 series devices, and the ASA Cisco ASA 5500 Series Adaptive Security Appliances Services Module (ASA) and Cisco Catalyst 6500 Series ASA Services (ASASM) in Cisco Module (ASASM) are affected by the following Catalyst 6500 series vulnerabilities: devices, with software 7.0 Cisco ASA UDP Inspection Engine Denial of Service through 7.2 before Vulnerability 7.2(5.7), 8.0 before Cisco ASA Threat Detection Denial of Service 8.0(5.27), 8.1 before Vulnerability 8.1(2.53), 8.2 before Cisco ASA Syslog Message 305006 Denial of Service 8.2(5.8), 8.3 before Vulnerability 8.3(2.25), 8.4 before Protocol Independent Multicast Denial of Service 8.4(2.5), and 8.5 before Vulnerability 8.5(1.2) and the Firewall These vulnerabilities are independent of each other; a Services Module (FWSM) release that is affected by one of the vulnerabilities 3.1 and 3.2 before 3.2(23) may not be affected by the others. and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 (ASA) 5500 series devices, and the ASA Cisco ASA 5500 Series Adaptive Security Appliances Services Module (ASA) and Cisco Catalyst 6500 Series ASA Services (ASASM) in Cisco Module (ASASM) are affected by the following Catalyst 6500 series vulnerabilities: devices, with software 7.0 Cisco ASA UDP Inspection Engine Denial of Service through 7.2 before Vulnerability 7.2(5.7), 8.0 before Cisco ASA Threat Detection Denial of Service 8.0(5.27), 8.1 before Vulnerability 8.1(2.53), 8.2 before Cisco ASA Syslog Message 305006 Denial of Service 8.2(5.8), 8.3 before Vulnerability 8.3(2.25), 8.4 before Protocol Independent Multicast Denial of Service 8.4(2.5), and 8.5 before Vulnerability 8.5(1.2) and the Firewall These vulnerabilities are independent of each other; a Services Module (FWSM) release that is affected by one of the vulnerabilities 3.1 and 3.2 before 3.2(23) may not be affected by the others. and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500
Alto
Medio
Medio
(ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series The Threat Detection feature on Cisco Adaptive devices, with software 7.0 Security Appliances (ASA) 5500 series devices, and through 7.2 before the ASA Services Module (ASASM) in Cisco Catalyst 7.2(5.7), 8.0 before 6500 series devices, with software 8.0 through 8.2 8.0(5.27), 8.1 before before 8.2(5.20), 8.3 before 8.3(2.29), 8.4 before 8.1(2.53), 8.2 before 8.4(3), 8.5 before 8.5(1.6), and 8.6 before 8.6(1.1) 8.2(5.8), 8.3 before allows remote attackers to cause a denial of service 8.3(2.25), 8.4 before (device reload) via (1) IPv4 or (2) IPv6 packets that 8.4(2.5), and 8.5 before trigger a shun event, aka Bug ID CSCtw35765. 8.5(1.2) and the Firewall Services Module (FWSM) 3.1 and 3.2 before 3.2(23) and 4.0 and 4.1 before 4.1(8) in Cisco Catalyst 6500 (ASA) 5500 series The UDP inspection engine on Cisco Adaptive Security devices, and the ASA Appliances (ASA) 5500 series devices, and the ASA Services Module Services Module (ASASM) in Cisco Catalyst 6500 (ASASM) in Cisco series devices, with software 8.0 before 8.0(5.25), 8.1 Catalyst 6500 series before 8.1(2.50), 8.2 before 8.2(5.5), 8.3 before devices, with software 8.0 8.3(2.22), 8.4 before 8.4(2.1), and 8.5 before 8.5(1.2) before 8.0(5.25), 8.1 does not properly handle flows, which allows remote before 8.1(2.50), 8.2 attackers to cause a denial of service (device reload) before 8.2(5.5), 8.3 before via a crafted series of (1) IPv4 or (2) IPv6 UDP 8.3(2.22), 8.4 before packets, aka Bug ID CSCtq10441. 8.4(2.1), La funcionalidad Over-the-Air Provisioning (OTAP) en dispositivos Cisco Aironet Lightweight Access Point 1100 y 1200 no implementan apropiadamente la asociacin al punto de acceso, lo que permite a los Cisco Aironet Lightweight atacantes remoto suplantar un controlador y causar Access Point 1100 y 1200 una denegacin de servicio (parada de servicio) a travs de una gestin de paquetes de radio remota (RRM) manipulados, tambin conocidos como "SkyJack" o Bug ID CSCtb56664. Los dispositivos Cisco Aironet Lightweight Access Point (AP) envan el contenido de ciertos paquetes de multidifusin en texto plano, lo que permite a atacantes Cisco Aironet Lightweight remotos descubrir las direcciones IP y MAC del Access Point 1100 y 1200 Wireless LAN Controller as como los detalles de configuracin del Punto de Acceso (AP) espiando la red wireless.
Medio
Medio
Medio
Medio
Cisco Aironet 1400 Series Wireless Bridges Cisco Aironet 1300 Series Access Points Cisco Aironet 1240AG Cisco IOS before 12.3-7-JA2 on Aironet Wireless Series Access Points Access Points (WAP) allows remote authenticated Cisco Aironet 1230AG users to cause a denial of service (termination of Series Access Points packet passing or termination of client connections) by Cisco Aironet 1200 Series sending the management interface a large number of Access Points spoofed ARP packets, which creates a large ARP table Cisco Aironet 1130AG that exhausts memory, aka Bug ID CSCsc16644 Series Access Points Cisco Aironet 1100 Series Access Points Cisco Aironet 350 Series Access Points running IOS
Bajo
Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.
Cisco 1200, 1131, and 1240 series access points controlled by Cisco 2000 and 4400 series Airespace Wireless LAN (WLAN) Controllers that are running software version 3.1.59.24 are affected by this vulnerability.
Bajo
It is possible to cause a denial-of-service attack if Cisco Aironet products have Telnet access enabled. Telnet access is the only requirement for such an attack; there are no additional conditions. Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. Recently we have been warn by our security team for a SSH vulnerability been detected on our Cisco devices (Cisco catalyst 2960, 3560) using McAfee Foundstone
Bajo
Bajo
Recently we have been warn by our security team for a SSH vulnerability been detected on our Cisco devices (Cisco catalyst 2960, 3560) using McAfee Foundstone A potential denial of service condition may exist in Cisco's IOS firmware.
Bajo
The problem reportedly occurs when a large number of Cisco Router 2921 UDP packets are sent to device running IOS. This causes the system to use all available CPU resources and thus become unresponsive. The device may have to be reset manually if the attack is successful It has been reported that the Cisco Internet Operating System (IOS) is affected by a remote SNMP message processing denial of service vulnerability. This issue may be leveraged to cause a denial of service Cisco router 2921/K9 IOS condition in the affected device. The denial of service 15.0<1r>M6 is due to the process consumed all available CPU resources in the affected device.The device may have to be reset manually if the attack is successful. The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.4.x before 1.4.43, 1.6.x 1.8.x before 1.8.7.2 uses different port numbers for before 1.6.2.21, and 1.8.x responses to invalid requests depending on whether a before 1.8.7.2 SIP username exists, which allows remote attackers to enumerate usernames via a series of requests The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.4.x before 1.4.43, 1.6.x 1.8.x before 1.8.7.2 uses different port numbers for before 1.6.2.21, and 1.8.x responses to invalid requests depending on whether a before 1.8.7.2 SIP username exists, which allows remote attackers to enumerate usernames via a series of requests chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted SDP message with a crypto attribute and a (1) video or (2) text media type, as demonstrated by CSipSimple. The SIP over UDP implementation in Asterisk Open Source 1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2 uses different port numbers for responses to invalid requests depending on whether a SIP username exists, which allows remote attackers to enumerate usernames via a series of requests.
Medio
Medio
Medio
Medio
1.4.x before 1.4.43, 1.6.x before 1.6.2.21, and 1.8.x before 1.8.7.2
Medio
All
Alto
channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 and 1.8.x before 1.8.7.2, when automon is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted sequence of SIP requests. The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader 1.0.0.6, and Boot 1.0.0.18 allows remote attackers to force silent call completion, eavesdrop on the phone's local environment, and cause a denial of service (blocked call reception) via a certain SIP INVITE message followed by a certain "SIP/2.0 183 Session Progress" message.
All
Alto
GXV3000
El error se produce en la librera "mshtml.dll". Puede permitir que, al visitar una pgina web maliciosa, se ejecute cdigo en el ordenador comprometido, para, entre otras cosas, controlarla remotamente.
IE 6, 7 y 8
Alto
Microsoft Internet Explorer CSS 'expression' Vulnerabilidad de denegacin de Servicio remota Los atacantes pueden aprovechar este problema de atraer a un usuario desprevenido para ver una pgina web especialmente diseado. IE 6, 7 y 8
Versiones vulnerables de Internet Explorer 6, 7, y 8 Vulnerabilidad en Internet Explorer que podra permitir la ejecucin de y 7 IE 6 cdigo arbitrario en las versiones IE vulnerables, y podria ca
Vulnerabilidad en Internet Explorer que podra permitir la ejecucin 6, 7cdigo arbitrario visitando una pgina web especialmente ma IE de y 8 Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010. Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
IE 6, 7 y 8
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability." Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecified array index, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Out of Bounds Array Indexing Vulnerability."
Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; O
Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel 2010 Gold and SP1; Excel in Office 2010 Gold and SP1; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Excel 2007 SP2; Excel in Excel Services on Office SharePoint Server 2007 SP2; Office 2007 SP2; Excel Excel Services on Office SharePoint Server 2010 Gold Viewer SP2; O and SP1; and Excel Web App 2010 Gold and SP1 do not properly parse conditional expressions associated with formatting requirements, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Conditional Expression Parsing Vulnerability." Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and Excel 2007 SP2; Excel in PowerPoint 2007 File Formats SP2 do not properly Office 2007 SP2; Excel parse records in Excel spreadsheets, which allows Viewer SP2; O remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Heap Corruption Vulnerability."
Solucin definitiva
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/ CiscoSecurityAdvisory/cisco-sa-20120314-asa
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/ CiscoSecurityAdvisory/cisco-sa-20120314-asa
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/ CiscoSecurityAdvisory/cisco-sa-20120314-asa
Cisco has released free software updates that address these vulnerabilities. Workarounds are available to mitigate some of the vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/ CiscoSecurityAdvisory/cisco-sa-20120314-asa
Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/en/US/docs/general/warr anty/English/EU1KEN_.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/swusingswc.shtml. Cisco has made free software available to address this vulnerability for affected customers. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment. Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco's software license terms found at http://www.cisco.com/public/swlicense-agreement.html, or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/swusingswc.shtml. This vulnerability is fixed in release 11.21, which is available now. Currently we are not aware of any vendorsupplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>. Our ssh version is 2.0 and we did change the RSA key to 2048 but then the result still the same.
Our ssh version is 2.0 and we did change the RSA key to 2048 but then the result still the same.
Currently there are not any vendor-supplied patches for this issue.
Currently there are not any vendor-supplied patches for this issue.
Upgrade to version 1.4.44, 1.6.2.23, 1.8.10.1 or 10.2.1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Upgrade to version 1.4.44, 1.6.2.23, 1.8.10.1 or 10.2.1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
Upgrade to version 10.0.1 or higher or 1.8.8.2 or higher, as it has been reported to fix this vulnerability
Upgrade to version 10.0.1 or higher or 1.8.8.2 or higher, as it has been reported to fix this vulnerability
Upgrade to version 1.6.2.21 or higher or 1.8.7.2 or higher, as it has been reported to fix this vulnerability
Actualizar el Firmware http://www.grandstream.com/support/firmware La solucin propuesta por Microsoft: utilizar Enhanced Mitigation Experience Toolkit (EMET) de Microsoft. Esta herramienta permite que todas las DLL cargadas por un programa sean obligadas a usar ASLR. Esto quiere decir que sern colocadas en lugares aleatorios de la memoria. La solucin es para cada uno de los equipos y no se controla desde el dominio
Actualizar http://www.microsoft.com/en-us/default.aspx
3/13/2012
2/14/2012
2/14/2012
1/10/2012
1/17/2012
3/12/2012
3/14/2012
3/14/2012
3/14/2012
3/14/2012
1/12/2006
11/12/2005
4/9/2002
12/15/2005
9/28/2011
9/28/2011
3/15/2012
3/15/2012
1/15/2012
7/18/2011
8/12/2011
12/8/2010
6/16/2010
3/30/2010 4/13/2010
3/25/2010
12/13/2011
12/13/2011
9/15/2011
9/15/2011
9/15/2011
Nro de OC
Observacin
Servicios o Procesos Crticos del negocio Gestin de Catalogo en Linea Gestin de Afiliacin Gestin de Prstamos Gestin de Reservas de materiales Gestin de Renovacin del prstamo Internet y WIFI Visitas guiadas Referencia y orientacin a los usuarios Cursos y capacitaciones Talleres (escritores, msica, artes) Salas de exposicin y auditorio
Descripcin
Ofrecer a los diferentes pblicos (nios, jvenes, adultos) acceso gratuito de internet
Trazabilidad Total
Alto=10
Medio=5
Bajo
Alto
Media
Bajo
16
Bajo
Media
Media
Bajo
11
Bajo=1
Asterisk
Cisco Catalyst 2960 Cisco Catalyst 3560 Cisco Router 2921 Internet Explorer Telefono VOIP 1 2 2 4
VULNERABILIDAD
AMENAZA
DIMENSIONES DISPONIBILIDAD
Vulnerabilidad
Amenaza
Robo fisico
Descarga electrica
Vulnerabilidad SSH
2000
malas configuraciones
Asterisk
500
Fallas tcnicas
Fallas de software
Vulnerabilidades en el navegador
Valor
2/365 3/365
0.005479452 0.008219178
70.00% 30.00% 15.00% 60.00% 20.00% 80.00% 60.00% 60.00% 50.00% 45.00% 25.00% 75.00% 0.4 0.3 0.6 0.2 0.5 0.6 0.5 0.9 0.2 0.3 0.7 0.1 0.4
2 veces
4 veces 10 veces
2/365
4/365 10/365 1/365 2/365 4/365 3/365 4/365 2/365 6/365 3/365 4/365 3/365 9/365 4/365 3/365 2/360 8/360 5/360 2/360 2/360 3/360 8/360
0.005479452
0.010958904
0.821917808
6.575342466
0.02739726 0.002739726
0.005479452 0.010958904 0.008219178 0.010958904 0.005479452 0.016438356 0.008219178 0.010958904 0.008219178 0.024657534 0.010958904 0.008219178 0.005555556 0.022222222 0.013888889 0.005555556 0.005555556 0.008333333 0.022222222
5.479452055 2.191780822
6.575342466 13.15068493 8.219178082 9.863013699 2.739726027 24.65753425 1.643835616 5.479452055 2.465753425 2.465753425 2.739726027 2.465753425 1.944444444 14 1.944444444 1.166666667 2.722222222 0.583333333 0.177777778
14.24657534
7 veces
2veces 4 veces 6 veces 4 veces 2 veces 6 veces 3 veces 4 veces 3 veces 9 veces 4 veces 3 veces 2 veces 8 veces 5 veces 2 veces 2 veces 3 veces 8 veces
27.94520548
37.26027397
9.589041096
7.671232877
17.88888889
4.472222222
0.377777778
Reisgo x Activo
Riesgo anual Activo (cualitativ o) ESCALA RIESGO CUALITATIVO MUY ALTO ALTO MEDIO BAJO 50
14.24657534