The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of SCOM

computer vulnerability alert CVE-2013-1346

Microsoft System Center 2012 Endpoint Protection: memory corruption via Microsoft Malware Protection Engine

Synthesis of the vulnerability

An attacker can generate a memory corruption in Microsoft Malware Protection Engine of Microsoft System Center 2012 Endpoint Protection, in order to trigger a denial of service, and possibly to execute code.
Impacted products: SCOM.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 15/05/2013.
Identifiers: 2846338, BID-59885, CVE-2013-1346, VIGILANCE-VUL-12826.

Description of the vulnerability

The Microsoft Malware Protection Engine component analyzes files. It is installed in several Microsoft products.

However, the analysis of a malformed file corrupts its memory.

An attacker can therefore generate a memory corruption in Microsoft Malware Protection Engine of Microsoft System Center 2012 Endpoint Protection, in order to trigger a denial of service, and possibly to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2013-0009 CVE-2013-0010

Microsoft System Center Operations Manager: two Cross Site Scripting

Synthesis of the vulnerability

An attacker can use two Cross Site Scripting of Microsoft System Center Operations Manager, in order to execute JavaScript code in the context of the web site.
Impacted products: SCOM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/01/2013.
Identifiers: 2748552, BID-55401, BID-55408, CERTA-2013-AVI-008, CVE-2013-0009, CVE-2013-0010, MS13-003, VIGILANCE-VUL-12311.

Description of the vulnerability

Two vulnerabilities were announced in the Web Console of Microsoft System Center Operations Manager.

Data coming from the attacker is directly displayed in generated web pages. [severity:2/4; BID-55401, CVE-2013-0009]

Data coming from the attacker is directly displayed in generated web pages. [severity:2/4; BID-55408, CVE-2013-0010]

An attacker can therefore use two Cross Site Scripting of Microsoft System Center Operations Manager, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about SCOM: