<< Previous Next >>
Windows 2003
Affected system:
==============
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2003
Microsoft Windows Vista/SP1
Microsoft Windows Server 2008
Unaffected system:
==============
. Windows 7
. Windows Vista
. Windows Server 2008 R2
. Windows Server 2008
. Microsoft Windows XP
. Microsoft Windows Server 2003
5. *Non-vulnerable packages*
. Windows 7 with MS10-048
McAfee Virtual Technician 6.3.0.1911 MVT.MVTControl.6300 ActiveX Control
GetObject() Security Bypass Remote Code Execution Vulnerability
tested against: Microsoft Windows Vista sp2
Microsoft Windows 2003 r2 sp2
Internet Explorer 7/8/9
product homepage: http://www.mcafee.com/it/downloads/free-tools/virtual-technician.aspx
RESOLUTION
The following components on the HP ProLiant Support Pack 8.30 for Windows install versions of Microsoft Visual C++ that require security updates.
HP Network Configuration Utility for Windows Server 2003 x64 Editions
HP Network Configuration Utility for Windows Server 2003
HP Network Configuration Utility for Windows Server 2008 x64 Editions
Dell Webcam Software Bundled ActiveX Control CrazyTalk4Native.dll
sprintf Remote Buffer Overflow Vulnerability
Tested against: Microsoft Windows Vista SP2
Microsoft Windows XP SP3
Microsoft Windows 2003 R2 SP2
Internet Explorer 7/8/9
download url of a test version:
http://search.dell.com/results.aspx?c=us&l=en&s=gen&cat=sup&k=Dell+SX2210+monitor&rpp=12&p=1&subcat=dyd&rf=all&nk=f&sort=K&ira=False&~srd=False&ipsys=False&advsrch=False&~ck=anav
Microsoft Windows Server 2008 R2 for x64-based Systems Service Pack 1
Microsoft Windows Server 2008 R2 for Itanium-based Systems
Microsoft Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Vista Service Pack 2
Microsoft Windows Vista x64 Edition Service Pack 2
Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2
Microsoft Windows Server 2008 for x64-based Systems Service Pack 2
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows XP SP2
Microsoft Windows 2003 SP1
Microsoft Windows Vista
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Microsoft Windows. User interaction is
iDefense has confirmed the existence of this vulnerability in the
following Microsoft products:
Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
The following products are not affected:
Windows Vista
Microsoft
-- Affected Products:
Microsoft Windows 2000 SP4
Microsoft Windows XP SP3
Microsoft Windows 2003 SP2
-- Vulnerability Details:
This vulnerability allows attackers to execute arbitrary code on
vulnerable installations of Microsoft Windows Media Player. User
interaction is required to exploit this vulnerability in that the target
>
> - Juha-Matti
>
> "CaseArmour.net Security Administrator" <security@casearmour.net> kirjoitti:
> > It would be useful to know if this is also an issue with msjet40.dll
> > 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
> > for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> > SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
> > because I don't have many apps that still use MDAC.
> >
> > On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
transferring local audio and video information to remote and so on.
Affected Software Versions:
Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003
Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP
and Windows Server 2003
-- Affected Vendors:
Microsoft
-- Affected Products:
Microsoft Windows 2003 SP2
Microsoft Windows 2000 SP4
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8387.
It would be useful to know if this is also an issue with msjet40.dll
4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
because I don't have many apps that still use MDAC.
On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
said:
>
> (C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)
Microsoft Windows Mail
Platforms: Windows 2000
Windows XP
Windows Vista
Windows server 2003
Windows Server 2008 SR2
Exploitation: Remote Exploitable
CVE Number: CVE-2010-0816
1) Summary
Affected software: Microsoft Windows 2003 SP2, Microsoft Windows 2000
SP4 Server
Vendor URL: www.microsoft.com
Severity: Medium
References: Microsoft Security Bulletin MS07-062, CVE-2007-3898
2) Vulnerability Description
EnterpriseDB Advanced Server 8.2 in all supported operative systems.
Tested Operative Systems:
Microsoft Windows 2003 SP2 x86
Red hat Enterprise Linux 4 x86
Vulnerability Details:
A problem was found in the product EnterpriseDB which may lead to remote
1) Introduction
===========
"Novell Client™ 4.91 for Windows XP is workstation software that brings an easy-to-use, secure,
and manageable networking environment to Windows XP and Windows 2003 users.
It enables you to access NetWare® services from Windows XP workstations or 2003 Windows servers,
and tightly integrates either product into your NetWare network. For example,
with Novell Client for Windows XP, you can browse through authorized NetWare directories,
transfer files, print documents and use advanced NetWare services directly from a Windows XP workstation or Windows Server 2003."
- Juha-Matti
"CaseArmour.net Security Administrator" <security@casearmour.net> kirjoitti:
> It would be useful to know if this is also an issue with msjet40.dll
> 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
> for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
> because I don't have many apps that still use MDAC.
>
> On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
this feature, but the address you chose is not in the list of registered
handlers, then the exception handling code will not transfer execution.
There are a few options to work around this:
1. On Windows 2003, prior to SP1, SafeSEH was essentially broken and you
can return to DLLs such as "ATL.dll" and a few others without the
registered list being checked.
2. Find a module loaded into memory that was not compiled with this flag.
In the case of non-Microsoft applications, use a return address in a DLL
Potential security vulnerabilities have been identified with HP System Management Homepage (SMH) for Linux and Windows running PHP and OpenSSL. These vulnerabilities could be exploited remotely to allow cross site scripting (XSS) and unauthorized access.
References: CVE-2008-5077, CVE-2008-5814
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP System Management Homepage (SMH) before v3.0.1.73 running on Linux and Windows 2003, 2008.
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
Windows XP Home
Windows XP Pro
Windows 2000
Windows 2003
Windows Vista
For a list of operating system and product versions affected, please see the Microsoft Security Advisory reference below.
Additional Information:
The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code to run on users systems when opening specially crafted content. There are multiple ways that the Indeo codec may be used and may be required by certain applications. The Indeo codec may be required when visiting legitimate Web sites, and in corporate environment line-of-business applications.
Solutions:
• Use the solution provided by Microsoft (Microsoft Security Advisory 954157).
• FortiGuard Labs released a signature "MS.Windows.Indeo.Codec.Memory.Corruption", which covers this specific vulnerability.
FortiGuard Labs continues to monitor attacks against this vulnerability.
* Microsoft Windows Vista Ultimate 32 bit
It is very likely that other versions of Windows Vista are affected by this issue.
This issue did not occur on Windows XP, Windows 2003 Advanced Server, Windows 2008 Server nor Windows Millenium Edition
Re-installation of Service Pack 1 and/or upgrading to SP2 had any effect in regards to resolve the random crashes.
To execute either the sample program or any other system command, the user has to be either the admin, in the admin group or the Administrators group.
Internet Explorer 7.0
Windows XP Home
Windows XP Pro
Windows 2000
Windows 2003
Windows Vista
Defense, Inc. recommends restricting access to the affected port until
an update has been produced by the vendor.
Tested Systems / Software
-------------------------
32-bit SolarWinds Storage Manager Server version 5.1.2 on Windows 2003
Vendor Contact
--------------
Name: SolarWinds
Microsoft
-- Affected Products:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8307.
For further product information on the TippingPoint IPS, visit:
Vendor Link:
http://www.microsoft.com/
Affected Products:
Windows 2000, Windows XP, Windows 2003, Windows Vista
Original Advisory:
http://www.insomniasec.com/advisories/ISVA-100216.1.htm
Researcher:
Other software packages using Outside In were not investigated.
IV. DETECTION
iDefense confirmed the existence of this vulnerability using the follow
versions of Outside In on Windows Server 2003.
8.1.5.4282
8.1.9.4417
8.2.2.4866
8.3.0.5129
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246
6ed9b6fc ?? ???
No additional research has been performed on the vulnerability, anyway
in my test it's necessary to load any other unsafe ActiveX component
first (tested on Windows 2003).
-------------------------------------
E] stack overflow in SNMP NetDBServer
-------------------------------------
4. *Vulnerable packages*
. Windows XP
. Windows 2003
5. *Non-vulnerable packages*
. Windows Vista
<<Previous Next>>
|
