Next Page >>
Windows Storage Server
=====================
Windows Operating Systems
=====================
Microsoft Windows Unified Data Storage Server (incl. R2)
Microsoft Windows Server 2003 Enterprise / Standard Editions (incl. R2)
Microsoft Windows Storage Server 2003 (incl. R2)
Microsoft Windows 2000 Server / Advanced Server SP4
Microsoft Windows Small Business Server 2000 SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows Small Business 2003 Server Premium / Standard (incl. R2)
Version
Windows Operating Systems
Microsoft Windows Unified Data Storage Server (incl. R2)
Microsoft Windows Server 2003 Enterprise / Standard Editions (incl. R2)
Microsoft Windows Storage Server 2003 (incl. R2)
Microsoft Windows 2000 Server / Advanced Server SP4
Windows Operating Systems
Version
Microsoft Windows Unified Data Storage Server (incl. R2)
Microsoft Windows Server 2003 Enterprise / Standard Editions (incl. R2)
Microsoft Windows Storage Server 2003 (incl. R2)
Microsoft Windows 2000 Server / Advanced Server SP4
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (x64) Service Pack 2
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium) Service Pack 2
Microsoft Windows Server 2008 (Itanium)
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows 2000 Service Pack 4
EXPLOITATION
------------
This section gives a detailed account of how these emulation flaws can
be exploited on Windows XP x64 and Windows Server 2003 x64.
Exploitation on x64 versions of *BSD is also believed to be possible,
but has not yet been proven, so a brief discussion of the BSD x64
kernel and also the Linux x64 kernel (which is believed to prevent
exploitation) is presented first.
--------------------
This vulnerability was verified by the authors on the following platforms:
Windows NT4 SP1
Windows Server 2003 SP2
Windows XP SP3
Windows Vista x32
Windows 7 x32 RC
However, all versions of Windows implementing NTLMv1 are suspected to be
EXPLOITATION
------------
This section gives a detailed account of how this emulation flaw can
be exploited on Windows XP x64 and Windows Server 2003 x64.
Exploitation on x64 versions of *BSD is also believed to be possible,
but has not yet been proven, so a brief discussion of the BSD x64
kernel and also the Linux x64 kernel (which is believed to prevent
exploitation) is presented first.
Windows Operating Systems
Version
Microsoft Windows Unified Data Storage Server (incl. R2)
Microsoft Windows Server 2003 Enterprise / Standard Editions (incl. R2)
Microsoft Windows Storage Server 2003 (incl. R2)
Microsoft Windows 2000 Server / Advanced Server SP4
. Internet Explorer 6sp2 on Windows XP sp3
. Internet Explorer 7 on Windows XP sp2
. Internet Explorer 7 on Windows XP sp3
. Internet Explorer 7 on Windows Vista sp1
. Internet Explorer 7 on Windows Vista sp2
. Internet Explorer 7 on Windows Server 2003 sp2 if
Protected Mode is OFF and not using Enhanced Security Configuration
. Internet Explorer 7 on Windows Server 2008 i
if Protected Mode is OFF and
not using Enhanced Security Configuration
. Internet Explorer 8 on Windows XP sp2
. Windows 7
. Windows Vista
. Windows Server 2008 R2
. Windows Server 2008
. Microsoft Windows XP
. Microsoft Windows Server 2003
5. *Non-vulnerable packages*
. Windows 7 with MS10-048
Potential security vulnerability has been identified with HP System Management Homepage running PHP. These vulnerabilities could be exploited remotely to allow Cross Site Scripting (XSS) , to create a Denial of Service (DoS), or to execute arbitrary code.
References: CVE-2004-1019, CVE-2004-1020, CVE-2004-1063, CVE-2004-1064, CVE-2004-1065
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
System Management Homepage Version 2.0.0 through Version 2.0.2 for Microsoft Windows 2000, Windows Server 2003, Windows Server 2003 x64 Edition, Windows Server 2003 64-bit and Linux.
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01682739
Version: 1
HPSBMA02413 SSRT080040 rev.1 - HP WMI Mapper for Windows Server 2003 and Windows Server 2008 for Itanium-based Servers, Remote Unauthorized Access to Data, Local Unauthorized Access
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2009-03-02
Last Updated: 2009-03-09
Windows XP SP 3
Windows XP Professional x64 Edition SP 2
Windows Server 2003 SP 2
Windows Server 2003 x64 Edition SP 2
Windows Server 2003 with SP2 for Itanium-based Systems
iDefense has confirmed the existence of this vulnerability in the
following Microsoft products:
Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows Server 2003 Service Pack 1
Windows Server 2003 Service Pack 2
The following products are not affected:
Windows Vista
>
> - Juha-Matti
>
> "CaseArmour.net Security Administrator" <security@casearmour.net> kirjoitti:
> > It would be useful to know if this is also an issue with msjet40.dll
> > 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
> > for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> > SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
> > because I don't have many apps that still use MDAC.
> >
> > On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
transferring local audio and video information to remote and so on.
Affected Software Versions:
Microsoft Windows Live Messenger 4.7 on Windows XP and Windows Server 2003
Microsoft Windows Live Messenger 5.1 on Windows 2000, Windows XP
and Windows Server 2003
Microsoft Windows Mail
Platforms: Windows 2000
Windows XP
Windows Vista
Windows server 2003
Windows Server 2008 SR2
Exploitation: Remote Exploitable
CVE Number: CVE-2010-0816
NT_Naming_Service.exe runs with SYSTEM level privledges
Confirmed & Tested Vulnerable SAP Business One versions:
2005 A (6.80.123) SP:00 PL:06 (On Windows Server 2003 R2 Standard SP2)
2005 A (6.80.320) SP:01 PL:34 (On Windows Server 2003 R2 Enterprise SP2)
Proof of Concept exploit ---> http://www.milw0rm.com/exploits/9319 .
The vendor has been notified, no patch has yet been released.
Binaries:
http://oss.coresecurity.com/pshtoolkit/release/1.1/pshtoolkit_v1.1.tgz
This version basically works best with German/French versions of WinXPSP2, and
also with Windows Server 2003. If you had problems with any of these
with the previous
version, please try this one. Now, there's basically a -B switch that
tries to find the necessary addresses in runtime, and a bigger
database of possible addresses.
be affected, including but not limited to the following actively supported
versions:
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
--------------------
- Juha-Matti
"CaseArmour.net Security Administrator" <security@casearmour.net> kirjoitti:
> It would be useful to know if this is also an issue with msjet40.dll
> 4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
> for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
> SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
> because I don't have many apps that still use MDAC.
>
> On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
It would be useful to know if this is also an issue with msjet40.dll
4.0.9510.0 (Windows Server 2003 SP2 + hotfixes). I have an installer
for Windows XP SP2 that -- seems -- to cleanly apply Windows Server 2003
SP2's MDAC 2.82. I haven't been able to give it a serious, hard testing
because I don't have many apps that still use MDAC.
On Fri, 16 Nov 2007 19:25:29 +0800, "cocoruder" <cocoruder@gmail.com>
said:
>
> (C:\Windows\System32\msjet40.dll, version is 4.0.8618.0)
RESOLUTION
The following components on the HP ProLiant Support Pack 8.30 for Windows install versions of Microsoft Visual C++ that require security updates.
HP Network Configuration Utility for Windows Server 2003 x64 Editions
HP Network Configuration Utility for Windows Server 2003
HP Network Configuration Utility for Windows Server 2008 x64 Editions
Microsoft
-- Affected Products:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8307.
For further product information on the TippingPoint IPS, visit:
Microsoft
-- Affected Products:
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8661.
Microsoft
-- Affected Products:
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP SP3
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8386.
> Microsoft Windows NT Workstation
> Microsoft Windows NT Server 4.0
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Win98
> Microsoft Windows Server 2003
>
> Impact of Vulnerability: Remote Code Execution / Virus Infection /
> Unexpected shutdowns
>
> Recommendation: Users running vulnerable version should install a repair
4.1. *Vulnerable platforms*
. Microsoft Windows 2000 up to and including Service Pack 4
. Microsoft Windows Server 2003 up to and including Service Pack 2
. Microsoft Windows XP up to and including Service Pack 3
. Windows Vista up to and including Service Pack 1 (not exploitable
with IE running with Protected mode on)
. Windows Server 2008
Microsoft
-- Affected Products:
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8307.
For further product information on the TippingPoint IPS, visit:
Systems Affected:
Internet Explorer 6 SP1 - Windows 2000 SP4
Internet Explorer 6 SP1 - Windows XP SP1
Internet Explorer 6 SP2 - Windows XP SP2
Internet Explorer 6 SP1 - Windows Server 2003 SP1
Internet Explorer 6 SP2 - Windows Server 2003 SP2
Overview:
eEye Digital Security has discovered a heap overflow vulnerability in
VGX.DLL's processing of compressed content referenced from VML. VGX.DLL
Next Page>>
|
