OpenVAS Plugins

Current NVT count: 30657
New NVTs this Month: 113 (Last update: 2013-05-22 06:32:25)
New NVTs last Month: 290
Plugin Set: 201305150605

Search Results - 921 NVT(s) found

MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2820917)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903205
Filename: secpod_ms13-033.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1295
BID: 58886
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Winsrv.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-033.

Vulnerability Insight:
The flaw is due to an improper sanitation of user-supplied input when
handling certain objects in memory.

Impact:
Successful exploitation will allow attackers to execute arbitrary code,
gain escalated privileges, and cause memory corruption.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP x32 Edition Service Pack 3 and prior
Microsoft Windows XP x64 Edition Service Pack 2 and prior
Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
https://technet.microsoft.com/en-us/security/bulletin/ms13-033

---

McAfee VirusScan Enterprise Version Detection (Windows)    ->

Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803319
Filename: gb_mcafee_virusscan_enterprise_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Set the Version of McAfee VirusScan Enterprise in KB"

Detection of installed version of McAfee VirusScan Enterprise.

The script detects the version of McAfee VirusScan Enterprise and sets the
version in KB

---

Microsoft Silverlight Remote Code Execution Vulnerability (2814124)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902954
Filename: secpod_ms13-022.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_silverlight_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0074
BID: 58327
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS13-022.

Vulnerability Insight:
The flaw is due to a double-free error when rendering a HTML object, which
can be exploited via a specially crafted Silverlight application.

Impact:
Successful exploitation could allow an attacker to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft Silverlight version 5

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-022

References:
http://secunia.com/advisories/52547
http://support.microsoft.com/kb/2814124
http://technet.microsoft.com/en-us/security/bulletin/ms13-022

---

Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2807986)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903200
Filename: secpod_ms13-027.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-1285 CVE-2013-1286 CVE-2013-1287
BID: 58359 58360 58361
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Usb8023.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-027.

Vulnerability Insight:
Multiple flaws are due to improper handling of objects in memory by the
kernel-mode driver, which can be exploited by inserting a malicious USB
device into the system.

Impact:
Successful exploitation could allow remote attackers to compromise the
affected system and possibly execute arbitrary code with System-level
privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 x32/x64 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows XP x64 Edition Service Pack 2 and prior
Microsoft Windows 2003 x32/x64 Service Pack 2 and prior
Microsoft Windows Vista x32/x64 Service Pack 2 and prior
Microsoft Windows Server 2008 x32/x64 Service Pack 2 and prior
Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS13-027

References:
http://www.osvdb.org/91155
http://www.osvdb.org/91156
http://www.osvdb.org/91157
http://support.microsoft.com/kb/2807986
http://technet.microsoft.com/en-us/security/bulletin/MS13-027

---

Microsoft Visio Remote Code Execution Vulnerability (2801261)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902956
Filename: secpod_visio_ms13-023.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0079
BID: 58369
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'visio.exe' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS13-023.

Vulnerability Insight:
The flaw is caused by a type confusion error when handling Tree objects
and can be exploited via a specially crafted Visio file.

Impact:
Successful exploitation could allow attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft Visio 2010 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-023

References:
http://secunia.com/advisories/52550
http://support.microsoft.com/kb/2760762
http://www.securitytracker.com/id/1028276
http://technet.microsoft.com/en-us/security/bulletin/MS13-023

---

Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902958
Filename: secpod_filterpack_ms13-023.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0079
BID: 58369
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'Onifiltr.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS13-023.

Vulnerability Insight:
The flaw is caused by a type confusion error when handling Tree objects
and can be exploited via a specially crafted Visio file.

Impact:
Successful exploitation could allow attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft Filter Pack Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-023

References:
http://secunia.com/advisories/52550
http://support.microsoft.com/kb/2553501
http://www.securitytracker.com/id/1028276
http://technet.microsoft.com/en-us/security/bulletin/MS13-023

---

Nuance PDF Reader Version Detection (Windows)    ->

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803328
Filename: gb_nuance_pdf_reader_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Nuance PDF Reader on Windows"

Detection of installed version of Nuance PDF Reader.

The script logs in via smb, searches for Nuance PDF Reader in the
registry and gets the version from registry

---

Microsoft OneNote Version Detection (Windows)    ->

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803436
Filename: gb_ms_onenote_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Microsoft OneNote on Windows"

Detection of installed version of Microsoft OneNote.

The script logs in via smb, and detect the version of Microsoft OneNote
on remote host and sets the KB

---

Microsoft Windows TCP/IP Denial of Service Vulnerability (2790655)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902945
Filename: secpod_ms13-018.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0075
BID: 57858
CVSS: 7.1
Risk factor : High

Summary: Check for the vulnerable 'tcpip.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-018.

Vulnerability Insight:
The flaw is due to an error within the TCP/IP stack, which remains in
TCP FIN_WAIT_2 state after receiving an ACK to the FIN packet when
handling a tear down sequence.

Impact:
Successful exploitation could allow attackers to exhaust the non-paged pool
and render the system unusable or trigger a restart.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior
Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior
Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-018

References:
http://secunia.com/advisories/52158/
http://support.microsoft.com/kb/2790655
http://www.securitytracker.com/id/1028128
http://technet.microsoft.com/en-us/security/bulletin/ms13-018

---

MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2790113)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902946
Filename: secpod_ms13-019.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0076
BID: 57821
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Winsrv.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-019.

Vulnerability Insight:
The flaw is due to an error in the Client/Server Run-time Subsystem (CSRSS)
when handling the reference counter for certain objects in memory and can be
execute code with escalated privileges.

Impact:
Successful exploitation will allow attackers to gain escalated privileges
and execute the code.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior
Microsoft Windows Server 2008 R2 Edition Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-019

References:
http://secunia.com/advisories/52162/
http://support.microsoft.com/kb/2790113
http://www.securitytracker.com/id/1028127
http://technet.microsoft.com/en-us/security/bulletin/ms13-019

---

Foxit Advanced PDF Editor Version Detection (Windows)    ->

Copyright (c) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803303
Filename: gb_foxit_advanced_pdf_editor_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Foxit AdvancedEditor on Windows"

Detection of installed version of Foxit Advanced PDF Editor.

The script logs in via smb, searches for Foxit Advanced PDF Editor in the
registry and gets the version from registry

---

Microsoft Groove Server Detection    ->

Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803097
Filename: gb_ms_groove_server_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Microsoft Groove Server"

Detection of installed version of Microsoft Groove
Server.

The script logs in via smb, searches for Microsoft Groove Server in the
registry and gets the version from 'ServerVersion' string in
registry

---

Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902940
Filename: secpod_ms13-007.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0005
BID: 57141
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable files"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-004.

Vulnerability Insight:
The flaw is due to an error within the WCF 'Replace()' function when handling
Open Data Protocol (OData) data and can be exploited to exhaust system
resources.

Impact:
Successful exploitation will allow an attacker to execute arbitrary code
and cause a DoS (Denial of Service).

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 3.5, 3.5.1 and 4

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-007

References:
http://secunia.com/advisories/51772/
http://support.microsoft.com/kb/2736416
http://support.microsoft.com/kb/2736428
http://support.microsoft.com/kb/2736418
http://support.microsoft.com/kb/2736422
http://technet.microsoft.com/en-us/security/bulletin/ms13-007

---

Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)

Copyright (C) 2013 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902939
Filename: secpod_ms13-004.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2013-0001 CVE-2013-0002 CVE-2013-0003 CVE-2013-0004
BID: 57124 57126 57114 57113
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable files"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS13-004.

Vulnerability Insight:
- An error within the System Drawing namespace of Windows Forms when handling
pointers can be exploited to bypass CAS (Code Access Security) restrictions
and disclose information.
- An error within WinForms when handling certain objects can be exploited to
cause a buffer overflow.
- A boundary error within the System.DirectoryServices.Protocols namespace
when handling objects can be exploited to cause a buffer overflow.
- A double construction error within the framework does not validate object
permissions and can be exploited via a specially crafted XAML Browser
Application (XBAP) or an untrusted .NET application.

Impact:
Successful exploitation will allow an attacker to execute arbitrary code
with the privileges of the currently logged-in user. Failed attacks will
cause denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1, 4 and 4.5

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms13-004

References:
http://secunia.com/advisories/51777/
http://support.microsoft.com/kb/2769324
http://support.microsoft.com/kb/2742613
http://support.microsoft.com/kb/2742595
http://support.microsoft.com/kb/2756921
http://support.microsoft.com/kb/2756920
http://support.microsoft.com/kb/2742599
http://support.microsoft.com/kb/2742598
http://support.microsoft.com/kb/2756919
http://support.microsoft.com/kb/2756918
http://support.microsoft.com/kb/2742601
http://support.microsoft.com/kb/2742596
http://support.microsoft.com/kb/2742597
http://support.microsoft.com/kb/2742604
http://support.microsoft.com/kb/2742607
http://technet.microsoft.com/en-us/security/bulletin/ms13-004

---

Microsoft System Center Operations Manager Detection (Windows)    ->

Copyright (C) 2013 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803096
Filename: gb_ms_scom_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Microsoft System Center Operations Manager"

Detection of installed version of Microsoft System
Center Operations Manager.

The script logs in via smb, searches for Microsoft System Center Operations
Manager in the registry and gets the version from 'ServerVersion' string in
registry

---

IBM RBD Web Services Information Disclosure Vulnerability (Win)

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802685
Filename: gb_ibm_rational_busi_developer_info_disc_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-3319
BID: 55718
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of IBM Rational Business Developer on Windows"

Overview: This host is installed with IBM Rational Business Developer and is
prone information disclosure vulnerability.

Vulnerability Insight:
Error exists within web service created with the IBM Rational Business
Developer product.

Impact:
Successful exploitation could allow remote attackers to obtain potentially
sensitive information.

Impact Level: Application

Affected Software/OS:
IBM Rational Business Developer version 8.x to 8.0.1.3 on Windows

Fix: Upgrade to IBM Rational Business Developer version 8.0.1.4 or later,
For updates refer to http://www-01.ibm.com/software/awdtools/developer/business/

References:
http://osvdb.org/85867
http://secunia.com/advisories/50755/
http://xforce.iss.net/xforce/xfdb/78726
http://www-01.ibm.com/support/docview.wss?uid=swg21612314

---

IBM Rational Developer for System z Information Disclosure Vulnerability (Win)

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802687
Filename: gb_ibm_rational_deve_for_system_z_info_disc_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-4862
BID: 56725
CVSS: 2.1
Risk factor : Medium

Summary: Check for the version of IBM Rational Developer for System z on Windows"

Overview: This host is installed with IBM Rational Developer for System z and
is prone information disclosure vulnerability.

Vulnerability Insight:
The flaw is due to error in the application, which does not properly store the
SSL certificate password.

Impact:
Successful exploitation could allow local users to obtain sensitive information
via unspecified vectors.

Impact Level: Application

Affected Software/OS:
IBM Rational Developer for System z version 7.1 through 8.5.1 on Windows

Fix: Upgrade to IBM Rational Developer for System z version 8.5.2 or later,
For updates refer to http://www.ibm.com/developerworks/downloads/r/rdz/index.html

References:
http://osvdb.org/87925
http://secunia.com/advisories/51401/
http://xforce.iss.net/xforce/xfdb/79919
http://www-01.ibm.com/support/docview.wss?uid=swg21617886

---

GreenBrowser Version Detection (Win)    ->

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803066
Filename: gb_greenbrowser_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of GreenBrowser"

Detection of installed version of GreenBrowser.

The script logs in via smb, searches for GreenBrowser in the registry and
gets the version from GreenBrowser.exe file using 'InstallLocation' string in registry

---

Adobe Photoshop Camera Raw Plug-in Code Execution Vulnerabilities (Windows)

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803081
Filename: gb_adobe_photoshop_camera_raw_code_exec_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl - gb_adobe_photoshop_detect.nasl

Family: General

CVE: CVE-2012-5679 CVE-2012-5680
BID: 56922 56924
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Adobe Photoshop Camera Raw Plug-in on Windows"

Overview: This host is installed with Adobe Photoshop Camera Raw Plug-in and
is prone to code execution vulnerabilities.

Vulnerability Insight:
Errors exists within the 'Camera Raw.8bi' plug-in when
- Parsing a LZW compressed TIFF images can be exploited to cause a buffer
underflow via a specially crafted LZW code within an image row strip.
- Allocating memory during TIFF image processing can be exploited to cause
buffer overflow via a specially crafted image dimensions.

Impact:
Successful exploitation will allow attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Adobe Photoshop Camera Raw Plug-in version before 7.3 on Windows

Fix: Upgrade to Adobe Photoshop Camera Raw Plug-in version 7.3 or later,
For updates refer to http://www.adobe.com/downloads/

References:
http://osvdb.org/88389
http://osvdb.org/88390
http://secunia.com/advisories/49929
http://securitytracker.com/id?1027872
http://www.adobe.com/support/security/bulletins/apsb12-28.html

---

Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901301
Filename: secpod_ms12-069.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-2551
BID: 55778
CVSS: 5.0
Risk factor : Medium

Summary: Check for the vulnerable 'Kerberos.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-069.

Vulnerability Insight:
The flaw is present due to an error in Kerberos implementation which fails to
properly handle a specially crafted session.

Impact:
Successful exploitation could allow authenticated attackers to cause a denial
of service condition on the affected system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows 2008 R2 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms12-069.mspx

References:
http://secunia.com/advisories/50867/
http://support.microsoft.com/kb/2425227
http://www.microsoft.com/technet/security/bulletin/ms12-069.mspx

---

Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902694
Filename: secpod_ms12-073.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-2531 CVE-2012-2532
BID: 56440
CVSS: 5.0
Risk factor : Medium

Summary: Check for the vulnerable 'Ftpsvc.dll' file version"

Overview: This host is missing a moderate security update according to
Microsoft Bulletin MS12-073.

Vulnerability Insight:
The flaws are due to
- IIS improperly manages the permissions of a log file.
- An error within the IIS FTP service when negotiating encrypted
communications channels.

Impact:
Successful exploitation will allow an attacker to gain access to sensitive
information that may aid in further attacks.

Impact Level: Application

Affected Software/OS:
Microsoft FTP Service 7.0 for IIS 7.0
- On Microsoft Windows Vista/2008 server Service Pack 2 and prior
Microsoft FTP Service 7.5 for IIS 7.5
- On Microsoft Windows Vista/2008 server Service Pack 2 and prior
- On Microsoft Windows 7 Service Pack 1 and prior
- On Microsoft Windows Server 2008 R2 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-073

References:
http://secunia.com/advisories/51235
http://support.microsoft.com/kb/2733829
http://technet.microsoft.com/en-us/security/bulletin/ms12-073

---

Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902934
Filename: secpod_ms12-074.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-1895 CVE-2012-1896 CVE-2012-2519 CVE-2012-4776 CVE-2012-4777
BID: 56455 56456 56462 56464
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable files"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-074.

Vulnerability Insight:
- An error within permissions checking of objects that perform reflection can
be exploited via a specially crafted XAML Browser Application (XBAP) or an
untrusted .NET application.
- An sanitisation error when processing partially trusted code can be exploited
to disclose certain data via a specially crafted XAML Browser Application
(XBAP) or an untrusted .NET application.
- The Entity Framework component loads certain libraries in an insecure manner,
which can be exploited to load arbitrary libraries by tricking a user into
opening certain files located on a remote WebDAV or SMB share.
- A validation error when acquiring proxy settings via the
Web Proxy Auto-Discovery (WPAD) can be exploited to execute JavaScript code
with reduced restrictions.
- An error within permissions checking of Windows Presentation Foundation (WPF)
objects that perform reflection can be exploited via a specially crafted XAML
Browser Application (XBAP) or an untrusted .NET application.

Impact:
Successful exploitation will allow an attacker to execute arbitrary code
with the privileges of the currently logged-in user. Failed attacks will
cause denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0, 3.5, 3.5.1,
and 4

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-074

References:
http://secunia.com/advisories/51236/
http://support.microsoft.com/kb/2745030
http://support.microsoft.com/kb/2729456
http://support.microsoft.com/kb/2729460
http://support.microsoft.com/kb/2729449
http://support.microsoft.com/kb/2729452
http://support.microsoft.com/kb/2729451
http://support.microsoft.com/kb/2729450
http://support.microsoft.com/kb/2729453
http://support.microsoft.com/kb/2698023
http://technet.microsoft.com/en-us/security/bulletin/ms12-074

---

FlashFXP Version Detection    ->

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802969
Filename: gb_flashfxp_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of FlashFXP"

Detection of installed version of FlashFXP.

The script logs in via smb, searches for FlashFXP in the registry and
gets the version from registry

---

Adobe LiveCycle Designer Version Detection (Windows)    ->

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802959
Filename: gb_adobe_livecycle_designer_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Adobe LiveCycle Designer"

Detection of installed version of Adobe LiveCycle Designer.

The script logs in via smb, searches for Adobe LiveCycle Designer in the registry
and gets the version from registry

---

HP iNode Management Center Version Detection    ->

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802672
Filename: gb_hp_inode_mgmt_center_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of HP iNode Management Center"

Detection of installed version of HP iNode Management Center.

The script logs in via smb, searches for HP iNode Management Center in the
registry and gets the version from registry key.

---

Microsoft System Center Configuration Manager Version Detection    ->

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803023
Filename: gb_ms_system_center_configmgr_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Microsoft System Center Configuration Manager"

Detection of installed version of Microsoft System
Center Configuration Manager.

The script logs in via smb, searches for Microsoft System Center Configuration
Manager in the registry and gets the version from 'DisplayVersion' string in
registry

---

Cisco Products ActiveX Control Multiple Vulnerabilities

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802459
Filename: gb_cisco_prdts_activex_mult_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-2493 CVE-2012-2494 CVE-2012-2495
BID: 54107 54108
CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID"

Overview: This host is installed with Cisco ASMC/Hostscan/Secure Desktop or
Cisco ActiveX controls and is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple flaws are due to,
- An insufficient validation of input by the Cisco AnyConnect Secure Mobility
Client WebLaunch component.
- An improper sanitization of user-supplied input by the affected software's
download feature.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Impact Level: System/Application

Affected Software/OS:
Cisco Hostscan version 3.x before 3.0 MR8
Cisco AnyConnect VPN before 3.0 MR8 (3.0.08057)
Cisco AnyConnect Secure Mobility Client version
2.x before 2.5 MR6 and 3.x before 3.0 MR8 on Windows

Fix: Upgrade to AnyConnect 3.0 MR8 (3.0.08057), Hostscan 3.0 MR8 (3.0.08062)
and Cisco Secure Desktop 3.6.6020 or later,
http://www.cisco.com/

Workaround:
Set the killbit for the following CLSIDs,
{705ec6d4-b138-4079-a307-ef13e4889a82}
{f8fc1530-0608-11df-2008-0800200c9a66}
{e34f52fe-7769-46ce-8f8b-5e8abad2e9fc}
{55963676-2f5e-4baf-ac28-cf26aa587566}
{cc679cb8-dc4b-458b-b817-d447b3b6ac31}

*****
NOTE: Ignore this warning, if upgraded to above mentioned versions.
*****

References:
http://technet.microsoft.com/en-us/security/advisory/2736233
http://tools.cisco.com/security/center/viewAlert.x?alertId=26196
http://tools.cisco.com/security/center/viewAlert.x?alertId=26197
http://tools.cisco.com/security/center/viewAlert.x?alertId=26198
http://tools.cisco.com/security/center/viewAlert.x?alertId=26199
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac

---

Adobe Photoshop PNG Image Processing Buffer Overflow Vulnerabilities (Windows)

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.803025
Filename: gb_adobe_photoshop_png_image_file_bof_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl - gb_adobe_photoshop_detect.nasl

Family: General

CVE: CVE-2012-4170 CVE-2012-0275
BID: 55333 55372
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Adobe Photoshop on Windows"

Overview: This host is installed with Adobe Photoshop and is prone to buffer
overflow vulnerabilities.

Vulnerability Insight:
- A boundary error in the 'Standard MultiPlugin.8BF' module fails to
process a Portable Network Graphics (PNG) image, which allows attacker to
cause a buffer overflow via a specially crafted 'tRNS' chunk size.
- Improper validation in Photoshop.exe when decompressing
SGI24LogLum-compressed TIFF images.

Impact:
Successful exploitation will allow attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Adobe Photoshop version CS6 (13.0) on Windows

Fix: Upgrade to Adobe Photoshop version CS6 (13.0.1) or later,
For updates refer to http://www.adobe.com/downloads/

References:
http://osvdb.org/85006
http://secunia.com/advisories/49141
http://www.adobe.com/support/security/bulletins/apsb12-20.html

---

Search in LDAP the lastLogonTimestamp of Users.    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96170
Filename: GSHB_LDAP_User_lastlogon.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Search in LDAP the lastLogonTimestamp of Users."

Overview: This script search in LDAP the lastLogonTimestamp of Users.

---

Create System Characteristics for NIST Windows OVAL Definitions    ->

This script is Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802042
Filename: gb_nist_win_oval_sys_char_generator.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Creates System Characteristics for NIST Windows OVAL Definitions"

Create a System Characteristics elements as defined by the OVAL specification
for NIST Windows.xml and store it in the Knowledge Base.

---

Microsoft SharePoint Privilege Elevation Vulnerabilities (2663841)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902919
Filename: secpod_ms12-011.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0017 CVE-2012-0144 CVE-2012-0145
BID: 51928 51934 51937
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of vulnerable files"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-011.

Vulnerability Insight:
Input passed to 'inplview.aspx', 'themeweb.aspx' and 'skey' parameter in
'wizardlist.aspx' is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

Impact:
Successful exploitation will allow attacker to execute arbitrary script
code in the browser of an unsuspecting user in the context of the affected
site.

Impact Level: Application

Affected Software/OS:
Microsoft SharePoint Server 2010 Service Pack 1 and prior
Microsoft SharePoint Foundation 2010 Service Pack 1 and prior

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-011

References:
http://secunia.com/advisories/48029/
http://support.microsoft.com/kb/2553413
http://support.microsoft.com/kb/2597124
http://technet.microsoft.com/en-us/security/bulletin/ms12-011

---

Microsoft MSN Messenger Service Version Detection    ->

Copyright (c) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902915
Filename: secpod_windows_messenger_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Microsoft MSN Messenger Service"

Detection of installed version of Microsoft MSN Messenger.

The script logs in via smb, searches for Microsoft MSN Messenger in the
registry and gets the exe file path from 'InstallationDirectory' string
in registry and version from the 'msmsgs.exe'

---

Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (2688338)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902676
Filename: secpod_ms12-032.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0174 CVE-2012-0179
BID: 53352 53349
CVSS: 6.8
Risk factor : High

Summary: Check for the vulnerable 'tcpip.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-032.

Vulnerability Insight:
The flaws are due to the way,
- Windows Firewall handles outbound broadcast packets.
- Windows TCP/IP stack handles the binding of an IPv6 address to a local
interface.

Impact:
Successful exploitation could allow attackers to bypass certain security
restrictions and gain escalated privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Server 2008 R2 Service Pack 1
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-032

References:
http://secunia.com/advisories/49114
http://support.microsoft.com/kb/2688338
http://technet.microsoft.com/en-us/security/bulletin/ms12-032

---

Microsoft Windows Prtition Manager Privilege Elevation Vulnerability (2690533)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902677
Filename: secpod_ms12-033.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0178
BID: 53378
CVSS: 6.8
Risk factor : High

Summary: Check for the vulnerable 'Partmgr.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-033.

Vulnerability Insight:
The flaw is due to the way Windows Partition Manager (partmgr.sys)
allocates objects in memory, when two or more processes or threads call
Plug and Play (PnP) Configuration Manager functions at the same time.

Impact:
Successful exploitation could allow attackers to gain escalated privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
Microsoft Windows Server 2008 R2 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-033

References:
http://secunia.com/advisories/49115
http://support.microsoft.com/kb/2690533
http://technet.microsoft.com/en-us/security/bulletin/ms12-033

---

MS Security Update For Microsoft Office, .NET Framework, and Silverlight (2681578)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902832
Filename: secpod_ms12-034.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_silverlight_detect.nasl - secpod_office_products_version_900032.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3402 CVE-2012-0159 CVE-2012-0162 CVE-2012-0164 CVE-2012-0165 CVE-2012-0167 CVE-2012-0176 CVE-2012-0180 CVE-2012-0181 CVE-2012-1848
BID: 50462 53324 53326 53327 53335 53347 53351 53358 53360 53363
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of vulnerable files"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-034.

Vulnerability Insight:
Multiple flaws are due to
- An error exists when parsing TrueType fonts.
- An error in the t2embed.dll module when parsing TrueType fonts can be
exploited via a specially crafted TTF file.
- An error in GDI+ when handling certain records can be exploited via a
specially crafted EMF image file.
- An error in win32k.sys related to certain Windows and Messages handling
can be exploited to execute arbitrary code in the context of another
process.
- An error in win32k.sys when handling keyboard layout files can be exploited
to execute arbitrary code in the context of another process.
- An error in win32k.sys related to scrollbar calculations can be exploited
to execute arbitrary code in the context of another process.

Impact:
Successful exploitation could allow an attacker to gain escalated privileges
and execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4
Microsoft Silverlight 4 and 5
Microsoft .NET Framework 3.5.1
Microsoft Office 2003 Service Pack 3
Microsoft Office 2007 Service Pack 2
Microsoft Office 2010 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-034

References:
http://secunia.com/advisories/49120
http://secunia.com/advisories/49121
http://support.microsoft.com/kb/2681578
http://www.securitytracker.com/id/1027048
http://technet.microsoft.com/en-us/security/bulletin/ms12-034

---

Microsoft .NET Framework Remote Code Execution Vulnerability (2693777)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902833
Filename: secpod_ms12-035.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0160 CVE-2012-0161
BID: 53356 53357
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable files"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-035.

Vulnerability Insight:
The flaws are due to
- An error within the .NET Framework does not properly serialize user input
and can be exploited to treat untrusted input as trusted.
- An error within the .NET Framework does not properly handle exceptions when
serializing objects and can be exploited via partially trusted assemblies.

Impact:
Successful exploitation could allow an attacker to execute arbitrary code
with the privileges of the currently logged-in user. Failed attacks will
cause denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1,
and 4

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-035

References:
http://secunia.com/advisories/49117
http://support.microsoft.com/kb/2693777
http://www.securitytracker.com/id/1027036
http://technet.microsoft.com/en-us/security/bulletin/ms12-035

---

Microsoft VPN ActiveX Control Remote Code Execution Vulnerability (2695962)

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802774
Filename: gb_ms_vpn_activex_control_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVSS: 9.3
Risk factor : Critical

Summary: Check kill bit is set for Cisco ASA CLSID"

Overview: This host is installed with Cisco Adaptive Security Appliance and
is prone to activeX control remote code execution vulnerability.

Vulnerability Insight:
The flaw is due to Cisco Adaptive Security Appliances (Cisco ASA),
uses an ActiveX control on client systems to perform port forwarding
operations. Microsoft ActiveX technology may be affected if the system has
ever connected to a device that is running the Cisco Clientless VPN solution.

Impact:
Successful exploitation will let the attacker execute arbitrary codes on the
affected machine.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
Microsoft Windows XP Service Pack 2 and prior for x64-based Systems
Microsoft Windows Server 2008 R2 Service Pack 1 and prior for x64-based Systems

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://support.microsoft.com/kb/2695962

References:
http://support.microsoft.com/kb/2695962
http://technet.microsoft.com/en-us/security/advisory/2695962#section8
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120314-asaclient

---

Microsoft Internet Information Services (IIS) Version Detection    ->

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802432
Filename: gb_ms_iis_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Set the Version of Internet Information Services (IIS) in KB"

Version

---

Adobe Illustrator Detection (Windows)

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802789
Filename: gb_adobe_illustrator_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Adobe Illustrator on Windows"

Detection of installed version of Adobe Illustrator.

The script logs in via smb, searches for Adobe Illustrator in the
registry and gets the version from 'Version' string in registry

---

Adobe Illustrator Multiple Unspecified Vulnerabilities (Windows)

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802790
Filename: gb_adobe_illustrator_mult_unspecified_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-2026 CVE-2012-2025 CVE-2012-2024 CVE-2012-2023 CVE-2012-0780 CVE-2012-2042
BID: 53422
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Adobe Illustrator on Windows"

Overview: This host is installed with Adobe Illustrator and is prone
to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to an multiple unspecified errors in the
application.

Impact:
Successful exploitation will allow attackers to execute arbitrary code
or cause denial of service.

Impact Level: Application/System

Affected Software/OS:
Adobe Illustrator version CS5.5 (15.1) on Windows.

Fix: Apply patch for Adobe Illustrator CS5 and CS5.5,
For updates refer to http://www.adobe.com/support/security/bulletins/apsb12-10.html

Or upgrade to Adobe Illustrator version CS6 or later,
For updates refer to http://www.adobe.com/downloads/

References:
http://osvdb.org/81758
http://secunia.com/advisories/47118
http://www.securitytracker.com/id/1027047
http://www.adobe.com/support/security/bulletins/apsb12-10.html

---

Adobe Photoshop BOF and Use After Free Vulnerabilities (Windows)

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802782
Filename: gb_adobe_photoshop_bof_n_use_after_free_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl - gb_adobe_photoshop_detect.nasl

Family: General

CVE: CVE-2012-2027 CVE-2012-2028 CVE-2012-2052 CVE-2012-0275
BID: 53421 52634 53464 55372
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Adobe Photoshop on Windows"

Overview: This host is installed with Adobe Photoshop and is prone to buffer
overflow and use after free vulnerabilities.

Vulnerability Insight:
The flaws are caused by
- An insufficient input validation while decompressing TIFF images.
- An input sanitisation error when parsing TIFF images can be exploited
to cause a heap-based buffer overflow via a specially crafted file.

Impact:
Successful exploitation will allow attackers to execute arbitrary code.

Impact Level: Application/System

Affected Software/OS:
Adobe Photoshop version prior to CS6 on Windows

Fix: Apply patch for Adobe Photoshop CS5 and CS5.1,
For updates refer to http://helpx.adobe.com/photoshop/kb/security-update-photoshop.html

Or upgrade to Adobe Photoshop version CS6 or later,
For updates refer to http://www.adobe.com/downloads/

References:
http://osvdb.org/81861
http://secunia.com/advisories/48457/
http://securitytracker.com/id/1027046
http://www.adobe.com/support/security/bulletins/apsb12-11.html

---

Adobe Flash Professional Detection (Windows)    ->

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802778
Filename: gb_adobe_flash_professional_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Adobe Flash Professional for Windows"

Detection of installed version of Adobe Flash Professional.

The script logs in via smb, searches for Adobe Flash Professional in the
registry and gets the version from 'Version' string in registry

---

OpenJPEG CMAP Record Parsing Vulnerability

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903019
Filename: secpod_openjpeg_cmap_record_parsing_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-1499
BID: 52654
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of OpenJPEG"

Overview: This host is installed with OpenJPEG and is prone to record parsing
vulnerability.

Vulnerability Insight:
The flaw is due to an error when parsing a CMAP record and can be
exploited to cause an out of bounds write via specially crafted JPEG files.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software :
OpenJPEG version prior to 1.5

Fix: Upgrade to the OpenJPEG version 1.5 or later,
For updates refer to http://code.google.com/p/openjpeg/downloads/list

References:
http://secunia.com/advisories/48498/
http://openjpeg.googlecode.com/svn/branches/openjpeg-1.5/NEWS
http://technet.microsoft.com/en-us/security/msvr/msvr12-004#section1

---

Microsoft Forefront Unified Access Gateway (UAG) Detection    ->

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802746
Filename: gb_ms_forefront_unified_access_gateway_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of MS Forefront Unified Access Gateway"

Version

---

Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902828
Filename: secpod_ms12-025.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0163
BID: 52921
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'System.Drawing.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-025.

Vulnerability Insight:
The flaw is due to an error within the .NET CRL (Common Language
Runtime) when handling certain parameters passed to a function and can be
exploited via a specially crafted web page.

Impact:
Successful exploitation could allow an attacker to execute arbitrary code
with the privileges of the currently logged-in user. Failed attacks will
cause denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-025

References:
http://secunia.com/advisories/48786
http://support.microsoft.com/kb/2671605
http://www.securitytracker.com/id/1026904
http://technet.microsoft.com/en-us/security/bulletin/ms12-025

---

Windows Authenticode Signature Remote Code Execution Vulnerability (2653956)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902669
Filename: secpod_ms12-024.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0151
BID: 52317
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Wintrust.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-024.

Vulnerability Insight:
The flaw is due to the way Windows Authenticode Signature Verification
function verifies portable executable (PE) files, which can be exploited to
add malicious code to the file without invalidating the signature.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code as the logged-on user.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-024

References:
http://secunia.com/advisories/48581
http://support.microsoft.com/kb/2653956
http://technet.microsoft.com/en-us/security/bulletin/ms12-024

---

GOM Media Player Version Detection (Windows)    ->

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903001
Filename: secpod_gom_player_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Set KB for the version of GOM Media Player"

Detection of installed version of GOM Media Player.

The script logs in via smb, searches for GOM Media Player in the
registry and gets the installed path from 'ProgramPath' string in registry
and grep the version from .exe file

---

Dell Webcam crazytalk4.ocx ActiveX Multiple BOF Vulnerabilities

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903013
Filename: secpod_dell_webcam_activex_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

BID: 52571 52560
CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID of Dell Webcam ActiveX Control"

Overview: This host is installed with Dell Webcam and is prone to multiple
buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to boundary error when processing user-supplied
input.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application using the ActiveX control.

Impact Level: System/Application

Affected Software/OS:
Dell Webcam

Fix: No solution or patch is available as of 29th March, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://search.dell.com/results.aspx?c=us&l=en&s=basd&cat=cmu&k=dell+webcam+central

References:
http://www.securityfocus.com/bid/52571/
http://www.securityfocus.com/bid/52560/
http://www.exploit-db.com/exploits/18621/

---

ALFTP Insecure Executable File Loading Vulnerability

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.903012
Filename: secpod_alftp_insecure_exec_file_load_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-0315
BID: 51984
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of ALFTP"

Overview: This host is installed with ALFTP and is prone to insecure
executable file loading vulnerability.

Vulnerability Insight:
The flaw is due to the application loading executables (readme.exe)
in an insecure manner. This can be exploited to run an arbitrary program by
tricking a user into opening a file located on a remote WebDAV or SMB share.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software :
ALFTP version prior to 5.31

Fix: Upgrade to the ALFTP version 5.31 or later,
For updates refer to http://www.altools.jp/download/ALFTP.aspx

References:
http://secunia.com/advisories/48027/
http://www.securityfocus.com/bid/51984
http://jvn.jp/en/jp/JVN85695061/index.html
http://jvn.jp/en/jp/JVN85695061/995223/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000011.html

---

Microsoft Windows DNS Server Denial of Service Vulnerability (2647170)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902906
Filename: secpod_ms12-017.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0006
BID: 52374
CVSS: 5.0
Risk factor : Medium

Summary: Check for the vulnerable 'Dns.exe' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-017.

Vulnerability Insight:
The flaws are exists when Windows DNS server processing certain lookup
queries and can be exploited to restart the DNS server.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code or to cause the DNS server to stop responding or to restart.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-017

References:
http://secunia.com/advisories/48394
http://support.microsoft.com/kb/2647170
http://technet.microsoft.com/en-us/security/bulletin/ms12-017

---

Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (2641653)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902907
Filename: secpod_ms12-018.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0157
BID: 52317
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-018.

Vulnerability Insight:
The flaw is due to an error in win32k.sys when handling the 'PostMessage()'
function and can be exploited via an application passing specially crafted input
to the function.

Impact:
Successful exploitation could allow local attackers to gain escalated
privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-018

References:
http://secunia.com/advisories/47919/
http://support.microsoft.com/kb/2641653
http://www.securitytracker.com/id/1026793
http://technet.microsoft.com/en-us/security/bulletin/ms12-018

---

Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902908
Filename: secpod_ms12-019.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0156
BID: 52332
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable 'D3d10_1.dll'and 'Dwrite.dll' file version"

Overview: This host has moderate security update missing according to
Microsoft Bulletin MS12-019.

Vulnerability Insight:
The flaw is due to an error in DirectWrite and can be exploited to
cause an application using the API to stop responding via a specially crafted
sequence of unicode characters.

Impact:
Successful exploitation could allow remote attackers to cause a denial
of service.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-019

References:
http://secunia.com/advisories/48361
http://support.microsoft.com/kb/2665364
http://technet.microsoft.com/en-us/security/bulletin/ms12-019

---

Microsoft Remote Desktop Protocol Remote Code Execution Vulnerabilities (2671387)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902663
Filename: secpod_ms12-020.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0002 CVE-2012-0152
BID: 52353 52354
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-020.

Vulnerability Insight:
The flaws are due to the way Remote Desktop Protocol accesses an
object in memory that has been improperly initialized or has been deleted
and the way RDP service processes the packets.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code as the logged-on user or cause a denial of service condition.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP x32 Edition Service Pack 3 and prior
Microsoft Windows XP x64 Edition Service Pack 2 and prior
Microsoft Windows 7 x32/x64 Edition Service Pack 1 and prior
Microsoft Windows 2003 x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Vista x32/x64 Edition Service Pack 2 and prior
Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior
Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-020

References:
http://secunia.com/advisories/48395
http://support.microsoft.com/kb/2671387
http://www.securitytracker.com/id/1026790
http://technet.microsoft.com/en-us/security/bulletin/ms12-020

---

Microsoft Expression Design Version Detection    ->

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802707
Filename: gb_ms_expression_design_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Set KB for the version of Microsoft Expression Design"

Detection of installed version of Microsoft Expression Design.

The script logs in via smb, searches for Microsoft Expression Design in the
registry and gets the version from 'Version' string in registry

---

Microsoft Windows ActiveX Control Multiple Vulnerabilities (2647518)

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802426
Filename: gb_ms_windows_activex_control_mult_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID and Hotfix"

Overview: This script will list all the vulnerable activex controls installed
on the remote windows machine with references and cause.

Vulnerability Insight:
The flaws are due to errors in the handling of Biostat SamplePower,
Blueberry Software Flashback Component and HP Photo Creative ActiveX
controls.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code,
and can compromise a vulnerable system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix: Apply the patch from below link,
http://support.microsoft.com/kb/2647518

Workaround:
Set the killbit for the following CLSIDs,
{6e84d662-9599-11d2-9367-20cc03c10627},
{7e00a3b0-8f5c-11d2-baa4-04f205c10000},
{4ba9089c-ddfc-4206-b937-74484b06d305},
{A3CD4BF9-EC17-47A4-833C-50A324D6FF35},
{57733FF6-E100-4A4B-A7D1-A85AD17ABC54},
{9B8E377B-7291-491A-B611-BB3E1D5F99F0},
{ee5e14b0-4abf-409e-9c39-74f3d35bd85a},
{b34b19f4-7ebe-46cb-807c-746e72ebb4b6},
{7a7b986c-31e9-4286-88ca-b9dc481ca989},
{8290cb76-9f61-458b-ad2c-3f6fd2e8cd7d},
{dd7b057d-9020-4630-baf8-7a0cda04588d},
{fc7F9cc6-e049-4698-8a25-59ad87c7dce2}.

References:
http://support.microsoft.com/kb/2647518
http://technet.microsoft.com/en-us/security/advisory/2647518

---

Microsoft SMB Signing Information Disclosure Vulnerability

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902797
Filename: secpod_ms_smb_signing_info_disc_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 5.0
Risk factor : Medium

Summary: Check if SMB signing is disabled"

Overview: This host is disabled SMB signing and is prone to information
disclosure vulnerability.

Vulnerability Insight:
The flaw is due to disabling SMB signing. Malicious users could sniff
network traffic, capture, and reply to SMB transactions that are not signed
by performing a man-in-the-middle (MITM) attack to obtain sensitive
information.

Impact:
Successful exploitation could allow remote attackers to gain sensitive
information.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior
Microsoft Windows 2003 Service Pack 1 and prior

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://support.microsoft.com/kb/916846

References:
http://support.microsoft.com/kb/916846

---

Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2660465)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902810
Filename: secpod_ms12-008.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0154 CVE-2011-5046
BID: 51122 51920
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-008.

Vulnerability Insight:
Multiple flaws are due to
- An error in win32k.sys when validating input passed from user mode through
the kernel component of GDI can be exploited to corrupt memory via a
specially crafted web page containing an IFRAME with an overly large
'height' attribute viewed using the Apple Safari browser.
- A use-after-free error in win32k.sys when handling certain keyboard layouts
can be exploited to dereference already freed memory and gain escalated
privileges.

Impact:
Successful exploitation could allow remote attackers to cause a denial of
service and possibly execute arbitrary code with kernel-level privileges.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-008

References:
http://osvdb.org/77908
http://secunia.com/advisories/47237
http://support.microsoft.com/kb/2660465
http://xforce.iss.net/xforce/xfdb/71873
http://www.exploit-db.com/exploits/18275
http://technet.microsoft.com/en-us/security/bulletin/ms12-008

---

MS Windows Ancillary Function Driver Privilege Elevation Vulnerabilities (2645640)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902424
Filename: secpod_ms12-009.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0148 CVE-2012-0149
BID: 51930 51936
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Afd.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-009.

Vulnerability Insight:
The flaws are caused due an error in Ancillary Function Driver (AFD) which
does not properly validate input passed from user mode to the Windows kernel.

Impact:
Successful exploitation could allow elevation of privilege if an attacker
logs on to a user's system and runs a specially crafted application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 2K3 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-009

References:
http://secunia.com/advisories/47911/
http://support.microsoft.com/kb/2645640
http://technet.microsoft.com/en-us/security/bulletin/ms12-009

---

MS Windows Color Control Panel Remote Code Execution Vulnerability (2643719)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902791
Filename: secpod_ms12-012.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-5082
BID: 44157
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Colorcpl.exe' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-012.

Vulnerability Insight:
The flaw is due to a Color Control Panel library used by the Color
Control Panel application is loading libraries in an insecure manner.

Impact:
Successful exploitation allows an attackers to use the vulnerable application
to open a file from a network share location that contains a specially
crafted Dynamic Link Library (DLL) file.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-012

References:
http://secunia.com/advisories/41874/
http://securitytracker.com/id/1026682
http://technet.microsoft.com/en-us/security/bulletin/ms12-012

---

MS Windows C Run-Time Library Remote Code Execution Vulnerability (2654428)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902653
Filename: secpod_ms12-013.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0150
BID: 51913
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Msvcrt.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-013.

Vulnerability Insight:
The flaw is due to the way 'Msvcrt.dll' calculates the size of a
buffer in memory, allowing data to be copied into memory that has not been
properly allocated.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code as the logged-on user.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-013

References:
http://secunia.com/advisories/47949/
http://support.microsoft.com/kb/2654428
http://technet.microsoft.com/en-us/security/bulletin/ms12-013

---

MS Windows Indeo Codec Remote Code Execution Vulnerability (2661637)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902792
Filename: secpod_ms12-014.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3138
BID: 42730
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Iacenc.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-014.

Vulnerability Insight:
The flaw is due to an error in 'Indeo' filter, it is loading libraries
(e.g. iacenc.dll) in an insecure manner.

Impact:
Successful exploitation allows an attackers to load arbitrary libraries by
tricking a user into opening an AVI file located on a remote WebDAV or SMB
share via an application using the filter.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-014

References:
http://secunia.com/advisories/41114/
http://securitytracker.com/id/1026683
http://support.microsoft.com/kb/2661637
http://technet.microsoft.com/en-us/security/bulletin/ms12-014

---

Microsoft .NET Framework and Microsoft Silverlight Remote Code Execution Vulnerabilities (2651026)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902811
Filename: secpod_ms12-016.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_silverlight_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0014 CVE-2012-0015
BID: 51938 51940
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'System.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-016.

Vulnerability Insight:
Multiple flaws are due to
- An unspecified error when handling un-managed objects can be exploited via
a specially crafted XAML Browser Application (XBAP).
- An error when calculating certain buffer lengths can be exploited to corrupt
memory via a specially crafted XAML Browser Application (XBAP).

Impact:
Successful exploitation could allow attacker to execute arbitrary code within
the context of the affected application. Failed exploit attempts will likely
result in a denial-of-service condition.

Impact Level: System/Application

Affected Software/OS:
Microsoft Silverlight 4.0
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-016

References:
http://secunia.com/advisories/48030
http://support.microsoft.com/kb/2651026
http://www.securitytracker.com/id/1026681
http://technet.microsoft.com/en-us/security/bulletin/ms12-016

---

Final Draft Script File Parsing Multiple Buffer Overflow Vulnerabilities

This script is Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802393
Filename: gb_final_draft_file_parsing_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-5059
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Final Draft"

Overview: This host is installed with Final Draft and is prone to multiple
buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to an errors when parsing certain tag elements like
'Word', 'Transition', 'Location', 'Extension', 'SceneIntro', 'TimeOfDay',
and 'Character' within a '.fdx' or '.fdxtscript' files, which can be
exploited to cause a buffer overflow via files with overly long tag elements.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
on the system or cause the application to crash.

Impact Level: System/Application

Affected Software/OS:
Final Draft version 8.0 before 8.02

Fix: Upgrade to Final Draft Version 8.02 or later,
For updates refer to http://www.finaldraft.com/index.php

References:
http://osvdb.org/77454
http://secunia.com/advisories/47044
http://www.exploit-db.com/exploits/18184/
http://www.security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf

---

NeoAxis Web Player Zip File Directory Traversal Vulnerability

This script is Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802601
Filename: gb_neoaxis_web_player_zip_file_dir_trav_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-0907
BID: 51666
CVSS: 5.8
Risk factor : High

Summary: Check for the version of NeoAxis Web Player"

Overview: This host is installed with NeoAxis Web Player and is prone to
directory traversal vulnerability.

Vulnerability Insight:
The flaw is caused due by improper validation of the files extracted from
neoaxis_web_application_win32.zip file, which allows attackers to write
arbitrary files via directory traversal attacks.

Impact:
Successful exploitation will allow attacker to obtain sensitive information
that could aid in further attacks.

Impact Level: Application

Affected Software/OS:
NeoAxis web player version 1.4 and prior

Fix: No solution or patch is available as of 1st February 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.neoaxis.com/

References:
http://osvdb.org/78311
http://www.securityfocus.com/bid/51666
http://xforce.iss.net/xforce/xfdb/72427
http://aluigi.altervista.org/adv/neoaxis_1-adv.txt

---

IBM SPSS SamplePower Version Detection (Windows)    ->

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802299
Filename: gb_ibm_spss_sample_power_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of IBM SPSS SamplePower"

Detection of installed version of IBM SPSS SamplePower.

The script logs in via smb, searches for IBM SPSS SamplePower in the registry
and gets the version from 'DisplayVersion' string in registry

---

Cogent OPC DataHub and Cascade DataHub XSS and CRLF Vulnerabilities

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802565
Filename: gb_cogent_cascade_n_opc_datahub_mult_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2012-0310 CVE-2012-0309
BID: 51375
CVSS: 5.8
Risk factor : High

Summary: Check for the version of OPC DataHub or Cascade DataHub"

Overview: This host is installed with OPC DataHub or Cascade DataHub and is
prone to cross site scripting and CRLF vulnerabilities.

Vulnerability Insight:
The flaws are due to unspecified errors in the applications, allows
remote attackers to inject arbitrary web script or HTML via unspecified
vectors.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
HTML and script code in a user's browser session in context of an affected
site.

Impact Level: Application.

Affected Software :
OPC DataHub version 6.4.20 and prior
Cascade DataHub version 6.4.20 and prior

Fix: Upgrade to the OPC DataHub version 7.2 0r later
Upgrade to the Cascade DataHub version 7.2 0r later
For updates refer to http://www.cogentdatahub.com/index.html

References:
http://jvn.jp/en/jp/JVN12983784/index.html
http://jvn.jp/en/jp/JVN63249231/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html

---

Microsoft Windows Color Control Panel Privilege Escalation Vulnerability

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802383
Filename: gb_ms_win_color_control_panel_priv_escalation.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-5082
BID: 44157
CVSS: 9.3
Risk factor : Critical

Summary: Check for the Windows colorcpl.exe Existence"

Overview: Microsoft Windows Server 2008 SP2 is prone to privilege escalation
vulnerability.

Vulnerability Insight:
The flaw is due to an error in the Color Control Panel, which allows
attackers to gain privileges via a Trojan horse sti.dll file in the current
working directory.

Impact:
Successful attempt could allow local attackers to bypass security restrictions
and gain the privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows Server 2008 SP2

Fix: No solution or patch is available as of 19th January, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/en/us/default.aspx

References:
http://www.koszyk.org/b/archives/82
http://shinnai.altervista.org/exploits/SH-006-20100914.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5082

---

IBM Web Experience Factory Multiple Cross Site Scripting Vulnerabilities

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802563
Filename: gb_ibm_web_experience_factory_xss_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-5048
BID: 51246
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of IBM Web Experience Factory"

Overview: This host is installed with IBM Web Experience Factory and is prone
to multiple cross site scripting vulnerabilities.

Vulnerability Insight:
The flaws are due to improper validation of user-supplied input to
'INPUT' and 'TEXTAREA' elements.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
HTML and script code in a user's browser session in context of an affected
site.

Impact Level: Application

Affected Software :
IBM Web Experience Factory version 7.0 and 7.0.1

Fix: Upgrade to the IBM Web Experience Factory 7.0.1.2 or later
For updates refer to http://www14.software.ibm.com/webapp/download/home.jsp

References:
http://www.securityfocus.com/bid/51246/info
http://www-01.ibm.com/support/docview.wss?uid=swg21575083

---

Microsoft Windows Kernel win32k.sys Memory Corruption Vulnerability

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802379
Filename: gb_ms_win_kernel_win32k_sys_mem_corruption_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-5046
BID: 51122
CVSS: 9.3
Risk factor : Critical

Summary: Check for the Windows win32k.sys Existence"

Overview: Microsoft Windows 7 Professional 64-bit is prone to memory
corruption vulnerability.

Vulnerability Insight:
The flaw is due to an error in win32k.sys, when handling a specially
crafted web page containing an IFRAME with an overly large 'height'
attribute viewed using the Apple Safari browser.

Impact:
Successful exploitation will allow attackers to execute arbitrary code on
the system with kernel-level privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Professional 64-bit

Fix: No solution or patch is available as of 13th January, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/en/us/default.aspx

References:
http://osvdb.org/77908
http://secunia.com/advisories/47237
http://xforce.iss.net/xforce/xfdb/71873
http://www.exploit-db.com/exploits/18275/

---

Apache Tomcat Detection (Windows)    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802377
Filename: gb_apache_tomcat_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Apache Tomcat"

Detection of installed version of Apache Tomcat.

The script logs in via smb, searches for Apache Tomcat in the registry and
gets the version from 'Version' string in registry

---

Microsoft Windows Kernel Security Feature Bypass Vulnerability (2644615)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902783
Filename: secpod_ms12-001.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0001
BID: 51296
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Ntdll.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-001.

Vulnerability Insight:
The flaw is due to an error in the way the kernel (ntdll.dll) loads
structured exception handling tables and allows bypassing the SafeSEH
security mechanism. This facilitates easier exploitation of other
vulnerabilities in affected applications to execute code.

Impact:
Successful exploitation could allow attackers to execute arbitrary code by
leveraging memory corruption vulnerabilities in Windows applications.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-001

References:
http://secunia.com/advisories/47356/
http://support.microsoft.com/kb/2644615
http://www.securitytracker.com/id/1026493
http://technet.microsoft.com/en-us/security/bulletin/ms12-001

---

Microsoft Windows Object Packager Remote Code Execution Vulnerability (2603381)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902784
Filename: secpod_ms12-002.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0009
BID: 51297
CVSS: 9.3
Risk factor : Critical

Summary: Check for the hotfix"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-002.

Vulnerability Insight:
The flaw is due to the way that Windows registers and uses Windows
Object Packager. This can be exploited to load an executable file
(packager.exe) in an insecure manner by tricking a user into opening a
Publisher file '.pub' containing an embedded packaged object located on a
remote WebDAV or SMB share.

Impact:
Successful exploitation could allow attackers to execute arbitrary code with
the privileges of the user running the affected application. Failed exploit
attempts will result in a denial-of-service condition.

Impact Level: System

Affected Software/OS:
Windows Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-002

References:
http://secunia.com/advisories/45189/
http://www.securitytracker.com/id/1026494
http://technet.microsoft.com/en-us/security/bulletin/ms12-002

---

MS Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2646524)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902499
Filename: secpod_ms12-003.nasl
Dependencies: secpod_reg_enum.nasl - smb_login.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0005
BID: 51270
CVSS: 6.9
Risk factor : High

Summary: Check for the vulnerable 'winsrv.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-003.

Vulnerability Insight:
The flaw is due to an error in the Client/Server Run-time Subsystem
(CSRSS) when processing specially crafted sequences of unicode characters.

NOTE : This vulnerability can only be exploited on systems configured with
a Chinese, Japanese or Korean system locale.

Impact:
Successful exploitation could allow attacker to execute arbitrary code with
system-level privileges. Successfully exploiting this issue will result in
the complete compromise of affected computers.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-003

References:
http://secunia.com/advisories/47479/
http://support.microsoft.com/kb/2646524
http://technet.microsoft.com/en-us/security/bulletin/ms12-003

---

Microsoft Windows Media Could Allow Remote Code Execution Vulnerabilities (2636391)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902807
Filename: secpod_ms12-004.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0003 CVE-2012-0004
BID: 51292 51295
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable file versions"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS12-004.

Vulnerability Insight:
- An unspecified error in the Windows multimedia library (winmm.dll) when
parsing MIDI files can be exploited via a specially crafted file opened
in Windows Media Player.
- An unspecified error exists in the Line21 DirectShow filter (Quartz.dll
and Qdvd.dll) when parsing specially crafted media files.

Impact:
Successful exploitation will allow the attacker to execute arbitrary code in
the context of the user running the application which can compromise the
application and possibly the computer.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Microsoft Windows Media Center TV Pack for Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-004

References:
http://secunia.com/advisories/47485
http://securitytracker.com/id/1026492
http://www.securelist.com/en/advisories/47485
http://technet.microsoft.com/en-us/security/bulletin/ms12-004

---

Windows ClickOnce Application Installer Remote Code Execution Vulnerability (2584146)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902657
Filename: secpod_ms12-005.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0013
BID: 51284
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Packager.exe/Packager.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-005.

Vulnerability Insight:
The flaw is due to an error within the Windows Packager when
loading ClickOnce applications embedded in Microsoft Office files.

Impact:
Successful exploitation could allow local attackers to run arbitrary code
and take complete control of an affected system. An attacker can gain
administrative rights.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-005

References:
http://secunia.com/advisories/47480
http://support.microsoft.com/kb/2584146
http://technet.microsoft.com/en-us/security/bulletin/ms12-005

---

Microsoft Windows SSL/TLS Information Disclosure Vulnerability (2643584)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902900
Filename: secpod_ms12-006.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3389
BID: 49778
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-006.

Vulnerability Insight:
A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel),
when modifying the way that the Windows Secure Channel (SChannel) component
sends and receives encrypted network packets.

Impact:
Successful exploitation of this issue may allow attackers to perform limited
man-in-the-middle attacks to inject data into the beginning of the
application protocol stream to execute HTTP transactions, bypass
authentication.

Impact Level: Windows

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms12-006

References:
http://support.microsoft.com/kb/2585542
http://technet.microsoft.com/en-us/security/bulletin/ms12-006

---

Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)

Copyright (C) 2012 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902785
Filename: secpod_ms12-007.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2012-0007
BID: 51291
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of Microsoft AntiXSS Library"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS12-007.

Vulnerability Insight:
The flaw is due to error in library which fails to properly filter
HTML code from user-supplied input. A remote user may be able to exploit a
target application that uses the library to cause arbitrary scripting code to
be executed by the target user's browser.

Impact:
Successful exploitation could allow attackers to bypass the filter and
conduct cross-site scripting attacks. Successful exploits may allow attackers
to execute arbitrary script code and steal cookie-based authentication
credentials.

Impact Level: Application

Affected Software/OS:
Microsoft Anti-Cross Site Scripting Library version 3.x
Microsoft Anti-Cross Site Scripting Library version 4.0

Fix: Upgrade to Microsoft Anti-Cross Site Scripting Library version 4.2.1
For updates refer to http://technet.microsoft.com/en-us/security/bulletin/ms12-007

References:
http://secunia.com/advisories/47516/
http://securitytracker.com/id/1026499
http://technet.microsoft.com/en-us/security/bulletin/ms12-007

---

WinMount WMDrive.sys Driver IOCTL Handling Denial of Service Vulnerability

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802372
Filename: gb_winmount_driver_ioctl_handling_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2011-5032
BID: 51034
CVSS: 4.9
Risk factor : Medium

Summary: Check for the version of WinMount"

Overview: This host is installed with WinMount and is prone to denial of
service vulnerability.

Vulnerability Insight:
The flaw is due to a null pointer dereference error in WMDrive.sys,
when processing a crafted '0x87342000 IOCTL' in the WMDriver device.

Impact:
Successful exploitation will allow attacker to cause the application
to crash.

Impact Level: Application

Affected Software/OS:
WinMount version 3.5.1018 and prior.

Fix: No solution or patch is available as of 6th January, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.winmount.com/index.html

References:
http://osvdb.org/77747
http://secunia.com/advisories/46872/
http://xforce.iss.net/xforce/xfdb/71764

---

TomatoSoft Free Mp3 Player .mp3 File Denial of Service Vulnerability

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802370
Filename: gb_tomatosoft_free_mp3_player_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2011-5043
BID: 51123
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of TomatoSoft Free Mp3 Player"

Overview: This host is installed with TomatoSoft Free Mp3 Player and is
prone to denial of service vulnerability.

Vulnerability Insight:
The flaw is due to an error when parsing a crafted '.mp3' file
containing an overly long argument.

Impact:
Successful exploitation will allow attacker to cause the application
to crash.

Impact Level: Application

Affected Software/OS:
TomatoSoft Free Mp3 Player 1.0

Fix: No solution or patch is available as of 6th January, 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.tomatosoft.biz/blog/2011/12/09/free-mp3-player/

References:
http://xforce.iss.net/xforce/xfdb/71870
http://www.exploit-db.com/exploits/18254/

---

Attachmate Reflection FTP Client LIST Command Remote Heap Buffer Overflow Vulnerability

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802371
Filename: gb_attachmate_reflection_ftp_client_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-5012
BID: 50691
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Attachmate Reflection FTP Client"

Overview: This host is installed with Attachmate Reflection FTP Client and
is prone to buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to boundary error in the Reflection FTP client in
rftpcom.dll, which fails to process filenames within a directory listing.

Impact:
Successful exploitation will allow attacker to execution of arbitrary code.

Impact Level: Application

Affected Software/OS:
Attachmate Reflection 2008
Attachmate Reflection 2011 R1 before 15.3.2.569
Attachmate Reflection 2011 R2 before 15.4.1.327
Attachmate Reflection 14.1 SP1 before 14.1.1.206
Attachmate Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186

Fix:
Upgrade to the latest version or apply the fix,
For updates refer to http://support.attachmate.com/techdocs/1708.html

*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****

References:
http://osvdb.org/77189
http://secunia.com/advisories/46879
http://xforce.iss.net/xforce/xfdb/71330
http://www.securitytracker.com/id?1026340
http://www.exploit-db.com/exploits/18119/
http://support.attachmate.com/techdocs/2288.html
http://support.attachmate.com/techdocs/2502.html
http://support.attachmate.com/techdocs/1708.html

---

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2638420)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902806
Filename: secpod_ms11-100.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3414 CVE-2011-3415 CVE-2011-3416 CVE-2011-3417
BID: 51186
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of different files"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-100.

Vulnerability Insight:
- An error within ASP.NET when hashing form posts and updating a hash table.
This can be exploited to cause a hash collision resulting in high CPU
consumption via a specially crafted form sent in a HTTP POST request.
- Open redirect vulnerability in the Forms Authentication feature in the
ASP.NET subsystem allows remote attackers to redirect users to arbitrary
web sites and conduct phishing attacks via a crafted return URL.
- The Forms Authentication feature in the ASP.NET subsystem allows remote
authenticated users to obtain access to arbitrary user accounts via a
crafted username.
- The Forms Authentication feature in the ASP.NET subsystem when sliding
expiry is enabled, does not properly handle cached content, which allows
remote attackers to obtain access to arbitrary user accounts via a crafted
URL.

Impact:
Successful exploitation could allow attacker to cause a denial of service,
conduct spoofing attacks or bypass certain security restrictions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-100

References:
http://secunia.com/advisories/47323
http://www.kb.cert.org/vuls/id/903934
http://www.ocert.org/advisories/ocert-2011-003.html
http://www.nruns.com/_downloads/advisory28122011.pdf
http://technet.microsoft.com/en-us/security/bulletin/ms11-100
http://blogs.technet.com/b/srd/archive/2011/12/27/more-information-about-the-december-2011-asp-net-vulnerability.aspx

---

IBM Rational Rhapsody BB FlashBack SDK ActiveX Control Remote Code Execution VUlnerabilities

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902655
Filename: secpod_ibm_rational_rhapsody_activex_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-1388 CVE-2011-1391 CVE-2011-1392
BID: 51184
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of IBM Rational Rhapsody"

Overview: This host is installed with IBM Rational Rhapsody and is prone to
remote code execution vulnerabilities.

Vulnerability Insight:
The flaws are due to erros in the BB FlashBack ActiveX control
(BBFlashBack.Recorder.dll) within the FBRecorder class when handling the
'Start()', 'PauseAndSave()', 'InsertMarker()', 'InsertSoundToFBRAtMarker()'
and 'TestCompatibilityRecordMode()' methods.

Impact:
Successful exploitation will allow attacker to execution of arbitrary code.

Impact Level: Application

Affected Software/OS:
IBM Rational Rhapsody version prior to 7.6.1

Fix: Upgrade to IBM Rational Rhapsody versions 7.6.1 or later
For updates refer to http://www-01.ibm.com/support/docview.wss?uid=swg21576352

References:
http://secunia.com/advisories/47310
http://secunia.com/advisories/47286
http://xforce.iss.net/xforce/xfdb/71803
http://www.securelist.com/en/advisories/47310
http://www-01.ibm.com/support/docview.wss?uid=swg21576352

---

Adobe Flex SDK SWF Files Cross-Site Scripting Vulnerability (Windows)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902765
Filename: secpod_adobe_flex_sdk_swf_files_xss_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-2461
BID: 50869
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of Adobe Flex SDK"

Overview: This host is installed with Adobe Flex SDK and is prone to
cross site scripting vulnerability.

Vulnerability Insight:
The flaw is due to certain unspecified input passed to SWF files developed
using the framework is not properly sanitised before being returned to the
user.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
HTML and script code in a user's browser session in context of an
affected site.

Impact Level: Application

Affected Software/OS:
Adobe Flex SDK version 3.x through 3.6 and 4.x through 4.5.1

Fix: Apply the patch from below link
http://kb2.adobe.com/cps/915/cpsid_91544.html

*****
NOTE: Ignore this warning if patch is applied already.
*****

****************************************************************
Note: This script detects Adobe Flex SDK installed as part of Adobe
Flex Builder only. If SDK is installed seperately, manual verification
is required.
****************************************************************

References:
http://secunia.com/advisories/47053/
http://www.securityfocus.com/bid/50869/info
http://kb2.adobe.com/cps/915/cpsid_91544.html
http://www.adobe.com/support/security/bulletins/apsb11-25.html

---

APC PowerChute Business Edition Unspecified Cross Site Scripting Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902771
Filename: secpod_apc_powerchute_business_edtn_xss_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-4263
BID: 51022
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of APC PowerChute Business Edition"

Overview: This host is running APC PowerChute Business Edition and is prone
to cross site scripting vulnerability.

Vulnerability Insight:
The flaw exists due to improper validation of certain unspecified input
before being returned to the user.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary HTML
and script code in a user's browser session in context of an affected site.

Impact Level: Application.

Affected Software :
APC PowerChute Business Edition version prior to 8.5

Fix: Upgrade to the APC PowerChute Business Edition version 8.5 or later
For updates refer to http://www.apc.com/products/family/index.cfm?id=125&ISOCountryCode=us

References:
http://secunia.com/advisories/47113/
http://jvn.jp/en/jp/JVN61695284/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000100.html

---

Sielco Sistemi Winlog PRO Buffer overflow Vulnerability

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802552
Filename: gb_winlog_lite_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-4037
BID: 50932
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Sielco Sistemi Winlog PRO"

Overview: This host is installed with Sielco Sistemi Winlog PRO and is prone
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to an unspecified error when processing certain values
in project files and can be exploited to cause a buffer overflow by tricking
a user into loading a malicious project file.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application.

Impact Level: System/Application

Affected Software :
Winlog Lite version before 2.07.09

Fix: Upgrade to Winlog Lite version 2.07.09 or later,
For updates refer to http://www.sielcosistemi.com/en/download/public/index.html

References:
http://secunia.com/advisories/47078
http://securitytracker.com/id?1026388
http://www.us-cert.gov/control_systems/pdf/ICSA-11-298-01.pdf

---

QQPlayer MOV File Processing Buffer Overflow Vulnerability

Copyright (C) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802367
Filename: gb_qqplayer_mov_file_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-5006
BID: 50739
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of QQPlayer"

Overview: This host is installed with QQPlayer and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error when processing MOV files, Which
can be exploited to cause a stack based buffer overflow by sending specially
crafted MOV file with a malicious PnSize value.

Impact:
Successful exploitation will allow attacker to execution of arbitrary code.

Impact Level: Application

Affected Software/OS:
QQPlayer version 3.2.845 and prior.

Fix: No solution or patch is available as of 02,January 2012. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.qq.com/

References:
http://osvdb.org/77266
http://1337day.com/exploits/16899
http://secunia.com/advisories/46924
http://xforce.iss.net/xforce/xfdb/71368
http://www.exploit-db.com/exploits/18137/

---

WellinTech KingView HistoryServer.exe Heap Based Buffer Overflow Vulnerability

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802550
Filename: gb_kingview_heap_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-4536
BID: 51159
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of KingView"

Overview: This host is installed with KingView and is prone to heap based
buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error in the 'nettransdll.dll' module of the
'HistorySvr' component when processing a packet containing opcode 3. This can
be exploited to cause a heap-based buffer overflow via a specially crafted
packet sent to TCP port 777.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application. Failed attacks will cause
denial-of-service conditions.

Impact Level: System/Application

Affected Software :
KingView version 6.53 and 65.30.2010.18018

Fix: Apply the patch from below link
http://www.kingview.com/news/detail.aspx?contentid=587

*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****

References:
http://secunia.com/advisories/47339
http://www.kingview.com/news/detail.aspx?contentid=587
http://www.zerodayinitiative.com/advisories/ZDI-11-351/
http://www.us-cert.gov/control_systems/pdf/ICSA-11-355-02.pdf

---

CoCSoft Stream Down Buffer overflow Vulnerability

Copyright (c) 2012 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802551
Filename: gb_cocsoft_stream_down_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-5052
CVSS: 6.8
Risk factor : High

Summary: Check for the version of CoCSoft Stream Down"

Overview: This host is installed with CoCSoft Stream Down and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to an unspecified error in the application, which can
be exploited to cause a heap-based buffer overflow.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application.

Impact Level: System/Application

Affected Software :
CoCSoft Stream Down version 6.8.0

Fix: No solution or patch is available as of 2nd January, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.cocsoft.com/index.html

References:
http://www.exploit-db.com/exploits/18283/
http://dev.metasploit.com/redmine/issues/6168

---

Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902767
Filename: secpod_ms11-087.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3402
BID: 50462
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-087.

Vulnerability Insight:
The flaw is due to to an error within the Win32k kernel-mode driver
(win32k.sys) when parsing TrueType fonts.

Impact:
Successful exploitation could allow local attackers to run arbitrary code in
kernel mode and take complete control of an affected system. An attacker
could then install programs view, change, or delete data or create new
accounts with full administrative rights.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-087

References:
https://secunia.com/advisories/46724/
http://support.microsoft.com/kb/2639417
http://technet.microsoft.com/en-us/security/bulletin/ms11-087

---

Microsoft Office IME (Chinese) Privilege Elevation Vulnerability (2652016)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902496
Filename: secpod_ms11-088.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2010
BID: 50950
CVSS: 7.2
Risk factor : High

Summary: Check for the version of Imtctip.dll and Imsctip.dll file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-088.

Vulnerability Insight:
The flaw is due to the Microsoft Pinyin (MSPY) Input Method Editor
(IME) for Simplified Chinese unsafely exposing certain configuration
options.

Impact:
Successful exploitation could allow attackers to to execute arbitrary code
with kernel-mode privileges.

Impact Level: Application

Affected Software/OS:
Microsoft Pinyin IME 2010
Microsoft Office Pinyin SimpleFast Style 2010 and
Microsoft Office Pinyin New Experience Style 2010

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-088

References:
http://secunia.com/advisories/47062/
http://support.microsoft.com/kb/2583956
http://support.microsoft.com/kb/2647540
http://technet.microsoft.com/en-us/security/bulletin/ms11-088

---

Microsoft Windows Time Component Remote Code Execution Vulnerability (2618451)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902598
Filename: secpod_ms11-090.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3397
BID: 50970
CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-090.

Vulnerability Insight:
The flaw is due to an unspecified error in the time component in
DATIME.DLL, which allows remote attackers to execute arbitrary code via
a crafted web site.

Impact:
Successful exploitation allows execution of arbitrary code when viewing a
specially crafted web page using Internet Explorer.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-090

References:
http://secunia.com/advisories/47099
http://www.securitytracker.com/id/1026408
http://technet.microsoft.com/en-us/security/bulletin/ms11-090

---

Microsoft Windows Media Remote Code Execution Vulnerability (2648048)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902597
Filename: secpod_ms11-092.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3401
BID: 50957
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Encdec.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-092.

Vulnerability Insight:
The flaw is due to an error in Windows Media Player and Windows Media
Center when parsing Microsoft Digital Video Recording files (DVR-MS) and can
be exploited to corrupt memory.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with the privileges of the user running the application.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-092

References:
http://secunia.com/advisories/47117
http://support.microsoft.com/kb/2619339
http://www.securitytracker.com/id/1026407
http://technet.microsoft.com/en-us/security/bulletin/ms11-092

---

Microsoft Windows OLE Remote Code Execution Vulnerability (2624667)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902596
Filename: secpod_ms11-093.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3400
BID: 50977
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Ole32.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-093.

Vulnerability Insight:
The flaw is due to an error when handling certain properties of
an Object Linking and Embedding (OLE) object and can be exploited via a
specially crafted file containing an OLE object.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with the privileges of the user running the application. Failed exploit
attempts may result in a denial-of-service condition.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-093

References:
https://secunia.com/advisories/47207
http://support.microsoft.com/kb/2624667
http://www.securitytracker.com/id/1026418
http://technet.microsoft.com/en-us/security/bulletin/ms11-093

---

MS Windows Active Directory Remote Code Execution Vulnerability (2640045)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902768
Filename: secpod_ms11-095.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3406
BID: 50959
CVSS: 9.0
Risk factor : Critical

Summary: Check for the version of Adamdsa.dll and Ntdsa.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-095

Vulnerability Insight:
The flaw is due to an error within the implementations of Active
Directory, Active Directory Application Mode (ADAM), and Active Directory
Lightweight Directory Service (AD LDS) when handling certain queries.

Impact:
Successful exploitation will allow the remote attackers to execute arbitrary
code with Network Service privileges. Failed exploit attempts may result in a
denial-of-service condition.

Impact Level: System/Application.

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2003 Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-095

References:
http://secunia.com/advisories/47202/
http://support.microsoft.com/kb/2626416
http://support.microsoft.com/kb/2621146
http://technet.microsoft.com/en-us/security/bulletin/ms11-095

---

Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2620712)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902643
Filename: secpod_ms11-097.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-3408
BID: 50972
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Csrsrv.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-097.

Vulnerability Insight:
The flaw is caused by an error in the Client/Server Run-time Subsystem(CSRSS)
when evaluating inter-process device event message permissions, which could
allow a low integrity process to send message to a higher integrity process.

Impact:
Successful exploitation could allow local attackers to obtain sensitive
information or gain privileges when runnin with administrator privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-097

References:
http://secunia.com/advisories/47210
http://support.microsoft.com/kb/2620712
http://technet.microsoft.com/en-us/security/bulletin/ms11-097

---

Microsoft Windows Kernel Privilege Elevation Vulnerability (2633171)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902766
Filename: secpod_ms11-098.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2018
BID: 50969
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'ntoskrnl.exe' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-098.

Vulnerability Insight:
The flaw is caused due an error within certain exception handlers in the
kernel when handling objects.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with kernel-mode privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-098

References:
http://secunia.com/advisories/47204/
http://support.microsoft.com/kb/2633171
http://technet.microsoft.com/en-us/security/bulletin/ms11-098

---

InduSoft Web Studio Multiple Remote Code Execution Vulnerabilitites

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802537
Filename: gb_indusoft_web_studio_mult_remote_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-4051 CVE-2011-4052
BID: 50675 50677
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Indusoft Web Studio"

Overview: This host is installed with Indusoft Web Studio and is prone to
multiple remote code execution vulnerabilities.

Vulnerability Insight:
The flaws are due to
- An error in 'CEServer component'. When handling the remove File operation
(0x15) the process blindly copies user supplied data to a fixed-length
buffer on the stack.
- An error in remote agent component (CEServer.exe). When handling incoming
requests the process fails to perform any type of authentication, which
allows direct manipulation and creation of files on disk, loading of
arbitrary DLLs and process control.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
within the context of the affected application.

Impact Level: Application.

Affected Software:
InduSoft Web Studio version 6.1 and 7.0

Fix: Install the hotfix from below link
http://www.indusoft.com/hotfixes/hotfixes.php

*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****

References:
http://www.zerodayinitiative.com/advisories/ZDI-11-329/
http://www.zerodayinitiative.com/advisories/ZDI-11-330/
http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf

---

SopCast sop:// URI Handling Buffer Overflow Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802281
Filename: gb_sopcast_uri_handling_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

BID: 50901
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of SopCast"

Overview: This host is installed with SopCast and is prone to buffer overflow
vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error in the WebPlayer ActiveX Control
when handling the 'ChannelName' property can be exploited to cause a stack
based buffer overflow via a specially crafted 'sop://' URL string.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code in the context of the user running an affected application. Failed
exploit attempts may lead to a denial-of-service condition.

Impact Level: System/Application

Affected Software/OS:
SopCast version 3.4.7.45585

Fix: No solution or patch is available as of 8th December, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.sopcast.com/

References:
http://secunia.com/advisories/40940
http://www.exploit-db.com/exploits/18200
http://packetstormsecurity.org/files/107528/ZSL-2011-5063.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5063.php

---

ChaSen Buffer Overflow Vulnerability (Windows)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802343
Filename: gb_chasen_bof_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-4000
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable ChaSen version"

Overview: The host is running ChaSen Software and is prone to buffer
overflow vulnerability

Vulnerability Insight:
The flaw is due to an error when reading user-supplied input string,
which allows attackers to execute arbitrary code via a crafted string.

Impact:
Successful exploitation allows remote attackers to cause a buffer overflow
or execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
ChaSen Version 2.4.x

Fix: Use ChaSen Version 2.3.3,
For updates refer to http://chasen.naist.jp/hiki/ChaSen/

References:
http://jvn.jp/en/jp/JVN16901583/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000099.html

---

MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802403
Filename: gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 4.3
Risk factor : Medium

Summary: Check for the Microsoft Windows Patch"

This NVT has been superseded by KB2718704 Which is addressed in NVT
gb_unauth_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802634).


Overview: The host is installed with Microsoft Windows operating system and
is prone to spoofing vulnerability.

Vulnerability Insight:
The flaw is due to an error when handling the fraudulent digital
certificates issued by Entrust and GTE CyberTrust. It is not properly
validating its identity.

Impact:
Successful exploitation will allow remote attackers to spoof content, perform
phishing attacks or perform man-in-the-middle attacks against all Web browser
users including users of Internet Explorer.

Impact Level: System

Affected Software/OS:
Windows 7 Service Pack 1 and prior
Windows XP Service Pack 3 and prior
Windows Vista Service Pack 2 and prior
Windows Server 2003 Service Pack 2 and prior
Windows Server 2008 Service Pack 2 and prior

Fix: Apply the Patch from below link,
For updates refer to http://support.microsoft.com/kb/2641690

References:
http://support.microsoft.com/kb/2641690
http://support.microsoft.com/kb/294871
http://technet.microsoft.com/en-us/security/advisory/2641690

---

Investintech Products Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802501
Filename: gb_investintech_prdts_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set KB for the version of Investintech Products"

Overview : This script finds the installed version of Investintech
products and sets the result in KB.

---

AbsoluteFTP LIST Command Remote Buffer Overflow Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802271
Filename: gb_absoluteftp_list_cmd_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVSS: 6.8
Risk factor : High

Summary: Check for the version of AbsoluteFTP"

Overview: This host is installed with AbsoluteFTP and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error when processing an overly long
'LIST' command. This can be exploited to cause a stack-based buffer overflow
via a specially crafted FTP LIST command.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code within the context of the application. Failed attacks may cause a
denial of service condition.

Impact Level: System/Application

Affected Software/OS:
AbsoluteFTP versions 1.9.6 through 2.2.10

Fix: No solution or patch is available as of 10th November, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.vandyke.com/products/absoluteftp/

References:
http://xforce.iss.net/xforce/xfdb/71210
http://www.exploit-db.com/exploits/18102
http://packetstormsecurity.org/files/106797/absoluteftp-overflow.txt

---

Microsoft Windows TCP/IP Remote Code Execution Vulnerability (2588516)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902484
Filename: secpod_ms11-083.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2013
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'tcpip.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-083.

Vulnerability Insight:
The flaw is due to an integer overflow error in the TCP/IP
implementation when parsing UDP traffic and which can be exploited
via a continuous flow of specially crafted UDP datagrams sent to a
closed port.

Impact:
Successful exploitation could allow remote attacker to execute the arbitrary
code in kernel mode. An attacker could then install programs, view, change,
delete data or create new accounts with full user rights.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-083.mspx

References:
http://secunia.com/advisories/46731
http://support.microsoft.com/kb/2588516
http://technet.microsoft.com/en-us/security/bulletin/ms11-083

---

Windows Kernel-Mode Drivers Remote Code Execution Vulnerability (2617657)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902485
Filename: secpod_ms11-084.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2004
CVSS: 7.1
Risk factor : High

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host has moderate security update missing according to
Microsoft Bulletin MS11-084.

Vulnerability Insight:
The flaw is due to an array-indexing error in 'Win32k.sys' when
parsing TrueType font files, which can be exploited by attackers to cause
a denial of service.

Impact:
Successful exploitation could allow local attackers to gain elevated
privileges or to run arbitrary code in kernel mode and take complete control
of an affected system. An attacker could then install programs view, change,
or delete data or create new accounts with full administrative rights.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-084

References:
http://secunia.com/advisories/46751
http://support.microsoft.com/kb/2617657
http://technet.microsoft.com/en-us/security/bulletin/ms11-084

---

Windows Mail and Windows Meeting Space Remote Code Execution Vulnerability (2620704)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902486
Filename: secpod_ms11-085.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2016
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'wab32.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-085.

Vulnerability Insight:
The flaw is due to Windows Mail and Windows Meeting Space loading
certain libraries in an insecure manner. This can be exploited to load
arbitrary libraries by tricking a user into opening an EML or WCINV file
located on a remote WebDAV or SMB share.

Impact:
Successful exploitation could allow remote attacker to execute the arbitrary
code or compromise a user's system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-085.mspx

References:
http://secunia.com/advisories/46752
http://support.microsoft.com/kb/2620704
http://technet.microsoft.com/en-us/security/bulletin/ms11-085

---

Microsoft Windows Active Directory LDAPS Authentication Bypass Vulnerability (2630837)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902487
Filename: secpod_ms11-086.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2014
CVSS: 9.0
Risk factor : Critical

Summary: Check for the version of Adamdsa.dll and Ntdsa.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-086.

Vulnerability Insight:
The flaw is due to an error in Active Directory when configured to
use LDAP over SSL. It fails to validate the revocation status of an SSL
certificate against the CRL (Certificate Revocation List) associated with
the domain account. This can be exploited to authenticate to the Active
Directory domain using a revoked certificate.

Impact:
Successful exploitation will allow the remote attackers to use revoked
certificate to authenticate to the Active Directory domain and gain
access to network resources or run code under the privileges of a
specific authorized user with which the certificate is associated.

Impact Level: System/Application.

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2003 Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms1-086.mspx

References:
http://secunia.com/advisories/46755/
http://support.microsoft.com/kb/2601626
http://support.microsoft.com/kb/2616310
http://technet.microsoft.com/en-us/security/bulletin/ms11-086

---

Microsoft Windows TrueType Font Parsing Privilege Elevation Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802500
Filename: gb_ms_truetype_font_privilege_elevation_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2011-3402
BID: 50462
CVSS: 9.3
Risk factor : Critical

Summary: Check if t2embed.dll is accessible"

This NVT has been replaced by NVT secpod_ms11-087.nasl
(OID:1.3.6.1.4.1.25623.1.0.902767).


Overview:
The host is installed with Microsoft Windows operating system and is prone to
pivilege escalation vulnerability.

Vulnerability Insight:
The flaw is due to due to an error within the Win32k kernel-mode
driver when parsing TrueType fonts.

Impact:
Successful exploitation could allow attackers to execute arbitrary code with
kernel-level privileges. Failed exploit attempts may result in a
denial-of-service condition.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior
Microsoft Windows server 2003 Service Pack 2 and prior

Fix: Apply the workaround from below link,
http://support.microsoft.com/kb/2639658

References:
http://secunia.com/advisories/46724/
http://support.microsoft.com/kb/2639658
http://technet.microsoft.com/en-us/security/advisory/2639658

---

PlotSoft PDFill PDF Editor Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802178
Filename: gb_plotsoft_pdfill_pdf_editor_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set version of PlotSoft PDFill PDF Editor in KB"

Overview: This script detects the installed version of PlotSoft PDFill
PDF Editor and sets the result in KB.

---

Microsoft Host Integration Server Denial of Service Vulnerabilities (2607670)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902580
Filename: secpod_ms11-082.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2007 CVE-2011-2008
BID: 49997 49998
CVSS: 5.0
Risk factor : Medium

Summary: Check for the vulnerable 'Snadmod.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-082.

Vulnerability Insight:
Multiple flaws are due to input validation errors when processing
certain requests can be exploited to trigger an infinite loop, corrupt
memory and cause the snabase.exe, snaserver.exe, snalink.exe, or
mngagent.exe process to stop responding via specially crafted requests
sent to UDP port 1478 or TCP ports 1477 and 1478.

Impact:
Successful exploitation could allow remote attackers to cause the application
to become unresponsive or to crash, denying service to legitimate users.

Impact Level: Application

Affected Software/OS:
Microsoft Host Integration Server 2009/2010
Microsoft Host Integration Server 2006 SP1 and prior
Microsoft Host Integration Server 2004 SP1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-082

References:
http://secunia.com/advisories/46399
http://www.securitytracker.com/id/1026168
http://technet.microsoft.com/en-us/security/bulletin/ms11-082

---

MS Windows Ancillary Function Driver Privilege Elevation Vulnerability (2592799)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902482
Filename: secpod_ms11-080.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2005
BID: 49941
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Afd.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-080.

Vulnerability Insight:
The flaw is caused by an error in Ancillary Function Driver (AFD) which does
not properly validates input before passing the input from user mode to the
Windows kernel.

Impact:
Successful exploitation could allow elevation of privilege if an attacker
logs on to a user's system and runs a specially crafted application.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-080

References:
http://support.microsoft.com/kb/2592799
http://technet.microsoft.com/en-us/security/bulletin/ms11-080

---

Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902581
Filename: secpod_ms11-078.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_silverlight_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1253
BID: 49999
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'mscorlib.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-078.

Vulnerability Insight:
The flaw due to an error when restricting inheritance within classes
and can be exploited via a specially crafted web page.

Impact:
Successful exploitation could allow attacker to execute arbitrary code within
the context of the affected application. Failed exploit attempts will likely
result in a denial-of-service condition.

Impact Level: System/Application

Affected Software/OS:
Microsoft Silverlight 4.0
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 1.1 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-078

References:
http://secunia.com/advisories/46406
http://securitytracker.com/id/1026161
http://securitytracker.com/id/1026162
http://technet.microsoft.com/en-us/security/bulletin/ms11-078

---

Microsoft Windows Media Center Remote Code Execution Vulnerabilities (2604926)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901209
Filename: secpod_ms11-076.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2009
BID: 49943
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Psisdecd.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-076.

Vulnerability Insight:
The flaw is due to Windows Media Player improperly restricting the
path used when loading external libraries.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
in the context of the user running the application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Media Center TV Pack for Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-076

References:
http://secunia.com/advisories/46404
http://support.microsoft.com/kb/2579692
http://support.microsoft.com/kb/2579686
http://technet.microsoft.com/en-us/security/bulletin/ms11-076

---

Windows Kernel-Mode Drivers Remote Code Execution Vulnerabilities (2567053)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902483
Filename: secpod_ms11-077.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-2011 CVE-2011-2003 CVE-2011-2002 CVE-2011-1985
BID: 49981 49975 49973 49968
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-077.

Vulnerability Insight:
Multiple flaws are due to,
- A privilege elevation vulnerability exists in the way that kernel-mode
drivers validate data supplied from user mode to kernel mode.
- A denial of service vulnerability exists in implementations of windows
when the system improperly processes a specially crafted TrueType font
file.
- An remote code execution vulnerability exists in the Windows kernel due
to improper handling of a specially crafted font (.fon) file.
- A privilege elevation vulnerability exists due to the way that Windows
Kernel-mode drivers manage kernel-mode driver objects.

Impact:
Successful exploitation could allow local attackers to gain elevated
privileges or to run arbitrary code in kernel mode and take complete control
of an affected system. An attacker could then install programs view, change,
or delete data or create new accounts with full administrative rights.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-077

References:
http://support.microsoft.com/kb/2567053
http://technet.microsoft.com/en-us/security/bulletin/ms11-077

---

Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902746
Filename: secpod_ms11-075.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1247
BID: 49976
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Oleacc.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-075.

Vulnerability Insight:
The flaw is due to a way that the Microsoft Active Accessibility
component handles the loading of DLL files. This can be exploited to load
arbitrary libraries by tricking a user into opening a file located on a
remote WebDAV or SMB share.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code in the context of the user running the vulnerable application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-075

References:
http://secunia.com/advisories/46403/
http://technet.microsoft.com/en-us/security/bulletin/ms11-075

---

ScriptFTP GETLIST or GETFILE Commands Remote Buffer Overflow Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902571
Filename: secpod_scriptftp_cmd_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-3976
BID: 49707
CVSS: 6.8
Risk factor : High

Summary: Check for the version of ScriptFTP"

Overview: This host is installed with ScriptFTP and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error when processing filenames within
a directory listing. This can be exploited to cause a stack-based buffer
overflow via a specially crafted FTP LIST command response.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code within the context of the application. Failed attacks may cause a
denial of service condition.

Impact Level: System/Application

Affected Software/OS:
ScriptFTP version 3.3 and prior.

Fix: No solution or patch is available as of 23rd September, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.scriptftp.com/download.php

References:
http://secunia.com/advisories/46099/
http://www.exploit-db.com/exploits/17876/
http://www.digital-echidna.org/2011/09/scriptftp-3-3-remote-buffer-overflow-exploit-0day/

---

Colasoft Capsa Malformed SNMP V1 Packet Remote Denial of Service Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902570
Filename: secpod_colasoft_capsa_snmp_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

BID: 49621
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Colasoft Capsa"

Overview: This host is installed with Colasoft Capsa and is prone to denial
of service vulnerability.

Vulnerability Insight:
The flaw is due to an unspecified error within the SNMPv1 protocol
dissector and can be exploited to cause a crash via a specially crafted
packet.

Impact:
Successful exploitation could allow remote attackers to crash the affected
application, denying service to legitimate users.

Impact Level: Application

Affected Software/OS:
Colasoft Capsa Version 7.2.1 and prior.

Fix: No solution or patch is available as of 22rd September, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.colasoft.com/download/products/download_capsa.php

References:
http://secunia.com/advisories/46034
http://www.securityfocus.com/archive/1/519630
http://archives.neohapsis.com/archives/bugtraq/2011-09/0088.html

---

ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902732
Filename: secpod_acdsee_fotoslate_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-2595
BID: 49558
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of ACDSee Fotoslate"

Overview: This host is installed with ACDSee FotoSlate and is prone to
multiple buffer overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to boundary error when processing the 'id' parameter
of a '<String>' or '<Int>' tag in a FotoSlate Project (PLP) file. This can be
exploited to cause a stack-based buffer overflow via an overly long string
assigned to the parameter.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application.

Impact Level: System/Application

Affected Software :
ACDSee Fotoslate version 4.0 Build 146

Fix: No solution or patch is available as of 23rd September 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://store.acdsee.com/store/acd/DisplayProductDetailsPage/productID.69650700/Locale.en_US/Currency.USD?resid=TnsbEQoHArEAAG62J0EAAAAt&rests=1316765102137

References:
http://osvdb.org/show/osvdb/75425
http://secunia.com/advisories/44722

---

Microsoft SharePoint SafeHTML Information Disclosure Vulnerabilities (2412048)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902626
Filename: secpod_ms10-072.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3243 CVE-2010-3324
BID: 42467 43703
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS10-072.

Vulnerability Insight:
Multiple flaws are due to the way SafeHTML function sanitizes HTML content.

Impact:
Successful exploitation could allow remote attackers to gain sensitie
information via a specially crafted script using SafeHTML.

Impact Level: Application

Affected Software/OS:
Microsoft Office SharePoint Server 2007 Service Pack 2
Microsoft Windows SharePoint Services 3.0 Service Pack 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS10-072

References:
http://support.microsoft.com/kb/2412048
http://technet.microsoft.com/en-us/security/bulletin/MS10-072

---

eSignal Version Detection    ->

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802244
Filename: gb_esignal_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of eSignal"

Overview: This script finds the installed eSignal version and saves the
result in KB.

---

Microsoft SharePoint Multiple Privilege Escalation Vulnerabilities (2451858)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902625
Filename: secpod_ms11-074.nasl
Dependencies: secpod_reg_enum.nasl - secpod_office_products_version_900032.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0653 CVE-2011-1252 CVE-2011-1890 CVE-2011-1891 CVE-2011-1892 CVE-2011-1893
BID: 49002 48199 49010 49005 49511 49004
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-074.

Vulnerability Insight:
Multiple flaws are due to the way Microsoft SharePoint validates and
sanitizes user input, parses malicious XML and XSL files and handles
script contained inside of specific request parameter.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code on the system with elevated privileges via a specially crafted URL or
or a crafted Web site.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows SharePoint Services 2.0
Microsoft Groove 2007 Service Pack 2 and prior
Microsoft Office SharePoint Server 2007 Service Pack 2
Microsoft Windows SharePoint Services 3.0 Service Pack 2
Microsoft Office SharePoint Workspace 2010 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-074.mspx

References:
http://support.microsoft.com/kb/2451858
http://www.microsoft.com/technet/security/bulletin/ms11-074.mspx

---

Microsoft Windows WINS Local Privilege Escalation Vulnerability (2571621)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902566
Filename: secpod_ms11-070.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1984
BID: 49523
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Wins.exe' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-070.

Vulnerability Insight:
The flaw is caused by an error in the Windows Internet Name Service (WINS)
when handling handling a series of malformed packets sent over the loopback
interface, leading to arbitrary code execution with elevated privileges.

Impact:
Successful exploits will allow local attackers to execute arbitrary code with
local system privileges and potentially compromise the affected computer.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-070

References:
http://support.microsoft.com/kb/2571621
http://www.exploit-db.com/exploits/17831/
http://technet.microsoft.com/en-us/security/bulletin/ms11-070
http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validation

---

Microsoft Windows Components Remote Code Execution Vulnerabilities (2570947)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901205
Filename: secpod_ms11-071.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1991
BID: 47741
CVSS: 9.3
Risk factor : Critical

Summary: Check for the registry and vulnerable file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-071.

Vulnerability Insight:
The flaw exists when specific Windows components incorrectly restrict the
path used for loading external libraries. An attacker can exploit this
issue by enticing an unsuspecting victim to open a file on a remote SMB
or WebDAV share.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code by enticing an unsuspecting victim to open a file on a remote SMB or
WebDAV share.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-071

References:
http://support.microsoft.com/kb/2570947
http://technet.microsoft.com/en-us/security/bulletin/ms11-071

---

Sunway ForceControl WebServer httpsvr.exe Buffer Overflow Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802156
Filename: gb_sunway_force_control_webserver_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-2960
BID: 48328
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Sunway ForceControl httpsvr.exe"

Overview: This host is installed with Sunway ForceControl and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to an error in the WebServer component (httpsvr.exe) and
can be exploited to cause a heap-based buffer overflow via a specially
crafted URL sent in a web request.

Impact:
Successful exploitation will allow remote attackers to cause denial of
service or execute arbitrary code.

Impact Level: System/Application

Affected Software :
Sunway ForceControl 6.1 SP1, SP2, and SP3.

Fix: No solution or patch is available as of 9th September, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.sunwayland.com.cn/pro.asp

References:
http://osvdb.org/73124
http://secunia.com/advisories/45033
http://www.exploit-db.com/exploits/17721/
http://www.cnvd.org.cn/vulnerability/CNVD-2011-05347
http://www.sunwayland.com.cn/news_info_.asp?Nid=3593
http://www.us-cert.gov/control_systems/pdf/ICSA-11-167-01.pdf

---

Fraudulent Digital Certificates Spoofing Vulnerability (2607712)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801975
Filename: gb_ms_win_fraudulent_digital_cert_spoofing_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 4.3
Risk factor : Medium

Summary: Check for the Microsoft Windows"

This NVT has been superseded by KB2641690 Which is addressed in NVT
gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802403).


Overview: The host is installed with Microsoft Windows operating system and
is prone to spoofing vulnerability.

Vulnerability Insight:
The flaw is due to an error when handling the fraudulent digital
certificates issued by Comodo and it is not properly validating its
identity.

Impact:
Successful exploitation will allow remote attackers to spoof content, perform
phishing attacks or perform man-in-the-middle attacks against all Web browser
users including users of Internet Explorer.

Impact Level: System

Affected Software/OS:
Windows 7 Service Pack 1 and prior
Windows XP Service Pack 3 and prior
Windows Vista Service Pack 2 and prior
Windows Server 2003 Service Pack 2 and prior
Windows Server 2008 Service Pack 2 and prior

Fix: Apply the Patch from below link,
For updates refer to http://support.microsoft.com/kb/2607712

References:
http://support.microsoft.com/kb/2607712
http://www.microsoft.com/technet/security/advisory/2607712.mspx

---

KMPlayer .kpl File Title Field Remote Buffer Overflow Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802154
Filename: gb_kmplayer_kpl_file_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-2594
BID: 49342
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of KMPlayer"

Overview: This host is installed with KMPlayer and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to improper bounds checking when parsing the 'Title'
entry within play list files.

Impact:
Successful exploitation allows attackers to overflow a buffer and execute
arbitrary code on the system or cause the application to crash.

Impact Level: System/Application

Affected Software/OS:
KMPlayer versions 3.0.0.1441 and prior.

Fix: No solution or patch is available as of 8th September, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.kmplayer.com/

References:
http://secunia.com/advisories/45264
http://xforce.iss.net/xforce/xfdb/69451

---

UUSee UUPlayer ActiveX Control Multiple Remote Code Execution Vulnerabilities

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902563
Filename: secpod_uusee_uuplayer_activex_mult_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-2589 CVE-2011-2590
BID: 48975
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of UUSee UUPlayer"

Overview: This host is installed with UUSee UUPlayer and is prone to multiple
remote code execution vulnerabilities.

Vulnerability Insight:
- A boundary error in the UUPlayer ActiveX control when handling the
'SendLogAction()' method can be exploited to cause a heap-based buffer
overflow via an overly long argument.
- An input validation error in the UUPlayer ActiveX control when handling
the 'Play()' method can be exploited to execute an arbitrary program via
a UNC path passed in the 'MPlayerPath' parameter.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code in
the context of the application using the ActiveX control. Failed exploit
attempts will likely result in denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
UUSee UUPlayer 2010 6.11.0609.2

Fix: No solution or patch is available as of 30th August, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://download.uusee.com/

References:
http://osvdb.org/74216
http://osvdb.org/74217
http://secunia.com/advisories/44885
http://xforce.iss.net/xforce/xfdb/68974
http://xforce.iss.net/xforce/xfdb/68975

---

McAfee SaaS Endpoint Protection Version Detection (Windows)    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902561
Filename: secpod_mcafee_saas_endpoint_protection_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of McAfee SaaS Endpoint Protection in KB"

Overview: This script finds the installed McAfee SaaS Endpoint Protection
version and saves the result in KB.

---

WellinTech KingView KVWebSvr.dll ActiveX Control Heap Buffer Overflow Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902724
Filename: secpod_kingview_activex_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-3142
BID: 46757
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of KingView"

Overview: This host is installed with KingView and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw exists due to error in 'KVWebSvr.dll' file, when 'ValidateUser'
method in an ActiveX component called with an specially crafted argument to
cause a stack-based buffer overflow.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application. Failed attacks will cause
denial-of-service conditions.

Impact Level: System/Application

Affected Software :
KingView version 6.53 and 6.52

Fix: Upgrade KVWebSrv.dll file version to 65.30.2010.18019
For updates refer to http://download.kingview.com/software/kingview%20Chinese%20Version/KVWebSvr.rar

*****
NOTE : Ignore this warning, if above mentioned patch is applied already.
*****

References:
http://osvdb.org/show/osvdb/72889
http://www.cnvd.org.cn/vulnerability/CNVD-2011-04541
http://www.kingview.com/news/detail.aspx?contentid=537
http://www.us-cert.gov/control_systems/pdf/ICSA-11-074-01.pdf

---

7-Technologies Interactive Graphical SCADA System Version Detection    ->

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802240
Filename: gb_igss_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of Interactive Graphical SCADA System"

Overview: This script finds the installed Interactive Graphical SCADA System
version and saves the result in KB.

---

Microsoft Windows DNS Server Remote Code Execution Vulnerability (2562485)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900295
Filename: secpod_ms11-058.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1966 CVE-2011-1970
BID: 49019 49012
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Dns.exe' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-058.

Vulnerability Insight:
The flaws are exists when Windows DNS server processing a query for a NAPTR
(Name Authority Pointer) resource record and when processing a query for
a non-existent domain.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code or to cause the DNS server to stop responding.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-058.mspx

References:
http://secunia.com/advisories/45564
http://secunia.com/advisories/45552
http://support.microsoft.com/kb/2562485
http://www.sophos.com/support/knowledgebase/article/113982.html
http://www.microsoft.com/technet/security/bulletin/ms11-058.mspx

---

Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900294
Filename: secpod_ms11-059.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1975
BID: 49026
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Odbcjt32.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-059.

Vulnerability Insight:
The flaws are due when the Windows Data Access Tracing component incorrectly
restricts the path used for loading external libraries.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary code
by tricking a user into opening a Microsoft Excel file (.xlsx) located on a
remote WebDAV or SMB share.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx

References:
http://secunia.com/advisories/45246
http://support.microsoft.com/kb/2560656
http://www.sophos.com/support/knowledgebase/article/113981.html
http://www.microsoft.com/technet/security/bulletin/ms11-059.mspx

---

Microsoft Visio Remote Code Execution Vulnerabilities (2560978)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902464
Filename: secpod_ms11-060.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1972 CVE-2011-1979
BID: 49024
CVSS: 9.3
Risk factor : Critical

Summary: Check for version of vulnerable file 'visio.exe'"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-060.

Vulnerability Insight:
The flaws are due to an error, while validating of Microsoft Visio
objects in memory when parsing specially crafted Visio files.

Impact:
Successful exploitation could allow users to execute arbitrary code via a
specially crafted Visio file.

Impact Level: System/Application

Affected Software/OS:
Microsoft Visio 2003 Service Pack 3 and prior.
Microsoft Visio 2007 Service Pack 2 and prior.
Microsoft Visio 2010 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-060.mspx

References:
http://support.microsoft.com/kb/2553009
http://support.microsoft.com/kb/2553010
http://support.microsoft.com/kb/2553008
http://www.microsoft.com/technet/security/bulletin/MS11-060.mspx

---

MS Windows Remote Access Service NDISTAPI Driver Privilege Elevation Vulnerability (2566454)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900298
Filename: secpod_ms11-062.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1974
BID: 48996
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Ndistapi.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-062.

Vulnerability Insight:
The flaws are due to an input validation error in the Remote Access
Service NDISTAPI driver (NDISTAPI.sys) when passing certain user-mode input
to the kernel.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code with kernel privileges via a specially crafted application.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-062.mspx

References:
http://secunia.com/advisories/45408
http://support.microsoft.com/kb/2566454
http://www.microsoft.com/technet/security/bulletin/ms11-062.mspx

---

Microsoft Windows Client/Server Run-time Subsystem Privilege Escalation Vulnerability (2567680)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902463
Filename: secpod_ms11-063.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1967
BID: 48992
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'winsrv.dll' and 'Kernel32.dll' files version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-063.

Vulnerability Insight:
The flaw is due to error in the Client/Server Run-time Subsystem
(CSRSS) when evaluates inter-process device event message permissions.

Impact:
Successful exploitation could allow attacker to execute arbitrary code with
system-level privileges. Successfully exploiting this issue will result in
the complete compromise of affected computers.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-063.mspx

References:
http://support.microsoft.com/kb/2567680
http://www.microsoft.com/technet/security/bulletin/ms11-063.mspx

---

Microsoft Windows TCP/IP Stack Denial of Service Vulnerability (2563894)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900296
Filename: secpod_ms11-064.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1871 CVE-2011-1965
BID: 48987 48990
CVSS: 7.8
Risk factor : High

Summary: Check for the vulnerable 'tcpip.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-064.

Vulnerability Insight:
The flaws are due to errors the TCP/IP stack,
- when parsing specially crafted URLs.
- when processing a sequence of specially crafted ICMP messages.

Impact:
Successful exploitation could allow remote attacker to cause the system to
stop responding and automatically restart.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-064.mspx

References:
http://secunia.com/advisories/45500
http://support.microsoft.com/kb/2563894
http://www.microsoft.com/technet/security/bulletin/ms11-064.mspx

---

Microsoft Remote Desktop Protocol Denial of Service Vulnerability (2570222)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902708
Filename: secpod_ms11-065.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1968
BID: 48995
CVSS: 7.1
Risk factor : High

Summary: Check for the version of Rdpwd.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-065.

Vulnerability Insight:
The flaw is due to an error in Remote Desktop Protocol, while
accessesing an object in memory that has been improperly initialized
or has been deleted.

Impact:
Successful exploitation causes the target system to stop responding and
automatically restart.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-065.mspx

References:
http://secunia.com/advisories/45562/
http://www.microsoft.com/technet/security/bulletin/ms11-065.mspx

---

Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902552
Filename: secpod_ms11-066.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1977
BID: 48985
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of 'System.web.datavisualization.dll' file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-066.

Vulnerability Insight:
The flaw is due to an error in the ASP.NET Chart controls when
encountering special characters within a URI. This can be exploited to read
the contents of arbitrary files in the web site directory or subdirectories
via a specially crafted GET request to a server hosting the Chart controls.

Impact:
Successful exploitation could allow attacker to gain access to sensitive
information that may aid in further attacks.

Impact Level: Application

Affected Software/OS:
Microsoft .NET Framework 4.0
Microsoft Chart Control for .NET Framework 3.5 SP1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx

References:
http://secunia.com/advisories/45508/
http://support.microsoft.com/kb/2487367
http://support.microsoft.com/kb/2500170
http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx

---

Microsoft Windows Kernel Denial of Service Vulnerability (2556532)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900297
Filename: secpod_ms11-068.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1971
BID: 48997
CVSS: 4.7
Risk factor : Medium

Summary: Check for the vulnerable 'ntoskrnl.exe' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-068.

Vulnerability Insight:
The flaw is due to an error in the kernel when parsing meta data information
in files.

Impact:
Successful exploitation could allow remote attacker to cause the system to
stop responding or system to restart.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-068.mspx

References:
http://secunia.com/advisories/45510
http://support.microsoft.com/kb/2556532
http://www.microsoft.com/technet/security/bulletin/ms11-068.mspx

---

Microsoft .NET Framework Information Disclosure Vulnerability (2567951)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902551
Filename: secpod_ms11-069.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1978
BID: 48991
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of 'System.dll' file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-069.

Vulnerability Insight:
The flaw is due to an error when validating the trust level within
the System.Net.Sockets namespace and can be exploited to bypass CAS (Code
Access Security) restrictions or disclose information via a specially
crafted web page viewed using a browser that supports XBAPs (XAML Browser
Applications).

Impact:
Successful exploitation could allow attacker to bypass certain security
restrictions or gain knowledge of sensitive information.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 2.0 Service Pack 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-069

References:
http://secunia.com/advisories/45517
http://support.microsoft.com/kb/2567951
http://technet.microsoft.com/en-us/security/bulletin/ms11-069

---

Microsoft Windows ActiveX Control Multiple Vulnerabilities (2562937)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801966
Filename: gb_ms_activebar_activex_control_mult_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID and Hotfix"

Overview: This script will list all the vulnerable activex controls installed
on the remote windows machine with references and cause.

Vulnerability Insight:
The flaws are due to error in restricting the SetLayoutData method,
which fails to properly restrict the SetLayoutData method.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code,
and can compromise a vulnerable system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix: Apply the patch from below link,
http://support.microsoft.com/kb/2562937

Workaround:
Set the killbit for the following CLSIDs,
{B4CB50E4-0309-4906-86EA-10B6641C8392},
{E4F874A0-56ED-11D0-9C43-00A0C90F29FC},
{FB7FE605-A832-11D1-88A8-0000E8D220A6}

References:
http://support.microsoft.com/kb/2562937
http://www.microsoft.com/technet/security/advisory/2562937.mspx

---

Microsoft Windows Insecure Library Loading Vulnerability (2269637)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802136
Filename: gb_ms_insecure_lib_loading_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3337
CVSS: 9.3
Risk factor : Critical

Summary: Check for the presence of registry key"

This NVT has been replaced by NVT secpod_ms12-014.nasl
(OID:1.3.6.1.4.1.25623.1.0.902792).

Overview:
This host is missing a critical security update according to Microsoft
Security Advisory (2269637).

Vulnerability Insight:
The flaw is due to the applications installed on windows, passes an
insufficiently qualified path of '.dll' files when loading an external
library.

Impact:
Successful exploitation will allow attacker to remotely execute arbitrary
code in the context of the user running the vulnerable application when the
user opens a file from an untrusted location.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix: No solution or patch is available as of 10th, August, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://technet.microsoft.com/en-us/security/default.aspx

Workaround:
Apply workaround from below link,
http://support.microsoft.com/kb/2264107

References:
http://support.microsoft.com/kb/2264107
http://forums.cnet.com/7723-6132_102-407460.html
http://www.microsoft.com/technet/security/advisory/2269637.mspx

---

Foxit Reader Version Detection    ->

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802226
Filename: gb_ibm_lotus_symphony_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of IBM Lotus Symphony"

Detection of installed version of Foxit Reader.

The script logs in via smb, searches for Foxit Reader in the registry and
gets the version from registry

---

Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802314
Filename: gb_ecava_integraxor_mult_xss_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Web Servers

CVE: CVE-2011-2958
BID: 48958
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of Ecava IntegraXor"

Overview: This host is installed with Ecava IntegraXor and is prone to cross
site scripting vulnerabilities.

Vulnerability Insight:
The flaws are caused by improper validation of user-supplied input passed via
unspecified vectors, which allows attackers to execute arbitrary HTML and
script code on the web server.

Impact:
Successful exploitation will allow attacker to execute arbitrary HTML and
script code in a user's browser session in the context of a vulnerable site.
This may allow an attacker to steal cookie-based authentications and launch
further attacks.

Impact Level: Application

Affected Software/OS:
Ecava IntegraXor versions prior to 3.60 (Build 4080).

Fix: Upgrade to the Ecava IntegraXor version 3.60 (Build 4080) or later,
For updates refer to http://www.ecava.com/index.htm

References:
http://xforce.iss.net/xforce/xfdb/68896
http://www.us-cert.gov/control_systems/pdf/ICSA-11-147-02.pdf

---

AzeoTech DAQFactory Denial of Service Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802129
Filename: gb_azeotech_daqfactory_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2011-2956
CVSS: 7.8
Risk factor : High

Summary: Check for the version of AzeoTech DAQFactory"

Overview: This host is installed with AzeoTech DAQFactory and is prone to
denial of service vulnerability.

Vulnerability Insight:
The flaw exists due to error in application, which fails to perform
authentication for certain signals.

Impact:
Successful exploitation will allow remote attackers to cause a denial of
service (system reboot or shutdown).

Impact Level: Application.

Affected Software :
AzeoTech DAQFactory version prior to 5.85 Build 1842

Fix: Upgrade to the AzeoTech DAQFactory version 5.85 Build 1842 or later
For updates refer to http://www.azeotech.com/downloads.php

References:
http://osvdb.org/show/osvdb/73390
http://www.us-cert.gov/control_systems/pdf/ICSA-11-122-01.pdf

---

IBM Informix Dynamic Server Version Detection (Windows)    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902545
Filename: secpod_ibm_informix_dynamic_server_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of IBM Informix Dynamic Server in KB"

Overview: This script finds the installed IBM Informix Dynamic Server version
and saves the version in KB.

---

LibreOffice Version Detection (Windows)    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902398
Filename: secpod_libre_office_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the version of LibreOffice"

Overview: This script detects the installed version of LibreOffice and sets
the result in KB.

---

Novell File Reporter Engine RECORD Processing Buffer Overflow Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801959
Filename: gb_novell_file_reporter_engine_bof_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-2220
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Novell File Reporter Engine"

Overview: This host is installed with Novell File Reporter engine and is
prone to buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error in the 'NFREngine.exe' when
parsing certain tags inside a RECORD element. This can be exploited to
cause a stack-based buffer overflow via specially crafted packets sent
to TCP port 3035.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with SYSTEM privileges or cause denial of service.

Impact Level: System/Application

Affected Software/OS:
Novell File Reporter Engine version prior to 1.0.2.53

Fix: Upgrade Novell File Reporter Engine 1.0.2.53 or later,
For updates refer to http://download.novell.com/Download?buildid=rCAgCcbPH9s~

References:
http://secunia.com/advisories/45065
http://www.zerodayinitiative.com/advisories/ZDI-11-227/
http://www.securityfocus.com/archive/1/archive/1/518632/100/0/threaded

---

ALZip MIM File Processing Buffer Overflow Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802120
Filename: gb_alzip_mim_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-1336
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of ALZip"

Overview: This host has ALZip installed and is prone to buffer overflow
vulnerability.

Vulnerabilities Insight:
The flaw is due to an error in libETC.dll when processing the
'filename' field within MIM files.

Impact:
Successful exploitation will allow attackers to execute arbitrary code in the
context of the application. Failed attacks will cause denial-of-service
conditions.

Impact Level: System/Application

Affected Software/OS:
ALZip version 8.21 and prior.

Fix: Upgrade to version 8.21 published after June 29th, 2011
For updates refer to http://www.altools.com/ALTools/ALZip.aspx

*****
NOTE: Ignore this warning if above mentioned version is already installed.
*****

References:
http://secunia.com/advisories/45108
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000048.html

---

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2555917)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902538
Filename: secpod_ms11-054.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1874 CVE-2011-1875 CVE-2011-1876 CVE-2011-1877 CVE-2011-1878 CVE-2011-1879 CVE-2011-1880 CVE-2011-1881 CVE-2011-1882 CVE-2011-1883 CVE-2011-1884 CVE-2011-1885 CVE-2011-1886 CVE-2011-1887 CVE-2011-1888
BID: 48587 48589 48590 48591 48592 48593 48597 48599 48594 48595 48596 48600 48607 48601 48603
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-054.

Vulnerability Insight:
The flaws are due to improper Kernel-mode driver object management
and Null pointer de-reference due to the way kernel-mode drivers keep track
of pointers to certain kernel-mode driver objects.

Impact:
Successful exploitation could allow local attackers to gain elevated
privileges.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-054.mspx

References:
http://secunia.com/advisories/45186
http://support.microsoft.com/kb/2555917
http://www.microsoft.com/technet/security/bulletin/ms11-054.mspx

---

Microsoft Visio Remote Code Execution Vulnerability (2560847)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902455
Filename: secpod_ms11-055.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3148
BID: 42681
CVSS: 9.3
Risk factor : Critical

Summary: Check for version of vulnurable file 'Omfc.dll'"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-055.

Vulnerability Insight:
The flaw exists due to the way that Microsoft Office Visio loads external
libraries, when handling specially crafted Visio files.

Impact:
Successful exploitation could allow users to execute arbitrary code via a
specially crafted visio file.

Impact Level: System

Affected Software/OS:
Microsoft Office Visio 2003 SP3 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-055.mspx

References:
http://support.microsoft.com/kb/2493523
http://www.microsoft.com/technet/security/Bulletin/MS11-055.mspx

---

Microsoft Windows CSRSS Privilege Escalation Vulnerabilities (2507938)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902609
Filename: secpod_ms11-056.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1281 CVE-2011-1282 CVE-2011-1283 CVE-2011-1284 CVE-2011-1870
BID: 48588 48598 48604 48606 48605
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'winsrv.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-056.

Vulnerability Insight:
The flaws are due to,
- memory corruption error related to AllocConsole
- memory corruption error related to SrvSetConsoleLocalEUDC
- improper verification by SrvSetConsoleNumberOfCommand
- integer overflow in SrvWriteConsoleOutput

Impact:
Successful exploitation could allow local attacker to execute arbitrary
code on the system with elevated privileges.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-056.mspx

References:
http://support.microsoft.com/kb/2507938
http://www.microsoft.com/technet/security/bulletin/ms11-056.mspx

---

Fraudulent Digital Certificates Spoofing Vulnerability (2524375)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801953
Filename: gb_ms_windows_fraudulent_digital_cert_spoofing_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 4.3
Risk factor : Medium

Summary: Check for the Microsoft Windows"

This NVT has been superseded by KB2641690 Which is addressed in NVT
gb_ms_fraudulent_digital_cert_spoofing_vuln.nasl (OID:1.3.6.1.4.1.25623.1.0.802403)

Overview:
The host is installed with Microsoft Windows operating system and is prone
to spoofing vulnerability.

Vulnerability Insight:
The flaw is due to an error when handling the fraudulent digital
certificates issued by Comodo and it is not properly validating its
identity.

Impact:
Successful exploitation will allow remote attackers to spoof content, perform
phishing attacks or perform man-in-the-middle attacks against all Web browser
users including users of Internet Explorer.

Impact Level: System.

Affected Software/OS:
Windows 7 Service Pack 1 and prior
Windows XP Service Pack 3 and prior
Windows Vista Service Pack 2 and prior
Windows Server 2003 Service Pack 2 and prior
Windows Server 2008 Service Pack 2 and prior

Fix: Apply the Patch from below link,
For updates refer to http://support.microsoft.com/kb/2524375

References:
http://support.microsoft.com/kb/2524375
http://www.microsoft.com/technet/security/advisory/2524375.mspx

---

Citrix Provisioning Services Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802220
Filename: gb_citrix_provisioning_services_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Citrix Provisioning Services"

Detection of installed version of Citrix Provisioning
Services.

The script logs in via smb, searches for Citrix Provisioning Services in the
registry and gets the version from 'DisplayVersion' string in registry

---

SmartFTP Client Version Detection    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902447
Filename: secpod_smartftp_client_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set version of SmartFTP Client in KB"

Overview : This script finds the installed SmartFTP Client version and
saves the result in KB item

---

ejabberd Version Detection (Windows)    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902529
Filename: secpod_ejabberd_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of ejabberd in KB"

Overview: This script finds the installed ejabberd version and saves the
version in KB.

---

Microsoft XML Editor Information Disclosure Vulnerability (2543893)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902445
Filename: secpod_ms11-049.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1280
BID: 48196
CVSS: 4.3
Risk factor : Medium

Summary: Check for the version of sqlservr.exe file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-049.

Vulnerability Insight:
The flaw is due to an error when resolving XML external entities in
a Web Service Discovery file ('.disco') and can be exploited to disclose the
contents of arbitrary files.

Impact:
Successful exploitation could allow attackers to gain access to sensitive
information that may aid in further attacks.

Impact Level: Application

Affected Software/OS:
Microsoft SQL Server 2005/2008
Microsoft Visual Studio 2005/2008/2010
Microsoft SQL Server 2005 Management Studio Express

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms11-049.mspx

References:
http://secunia.com/advisories/44912/
http://www.microsoft.com/technet/security/Bulletin/MS11-049.mspx

---

Symantec Backup Exec Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802105
Filename: gb_symantec_backup_exec_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets Symantec Backup Exec Version in the KB"

Overview: This script detects the installed version of Symantec Backup Exec
and sets the result in KB.

---

KMPlayer .mp3 File Remote Buffer Overflow Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802208
Filename: gb_kmplayer_mp3_file_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

BID: 48112
CVSS: 6.8
Risk factor : High

Summary: Check for the version of KMPlayer"

Overview: This host is installed with KMPlayer and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error when processing MP3 files and can be
exploited to cause a stack-based buffer overflow via a specially crafted
file.

Impact:
Successful exploitation allows attackers to execute arbitrary code in the
context of the application. Failed attacks will cause denial-of-service
conditions.

Impact Level: Application

Affected Software/OS:
KMPlayer versions 3.0.0.1440 and prior.

Fix: No solution or patch is available as of 14th June, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.kmplayer.com/

References:
http://secunia.com/advisories/44825
http://xforce.iss.net/xforce/xfdb/67855
http://www.kmplayer.com/forums/showthread.php?p=87891
http://packetstormsecurity.org/files/view/102196/km_pwn_aslr.py.txt

---

MS Windows Ancillary Function Driver Privilege Elevation Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902442
Filename: secpod_ms11-046.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1249
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Afd.sys' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-046.

Vulnerability Insight:
The flaw is caused by an error in Ancillary Function Driver (AFD) which does
not properly validates input before passing the input from user mode to the
Windows kernel.

Impact:
Successful exploitation could allow elevation of privilege if an attacker
logs on to a user's system and runs a specially crafted application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-046.mspx

References:
http://support.microsoft.com/kb/2503665
http://www.microsoft.com/technet/security/bulletin/MS11-046.mspx

---

Microsoft Windows SMB Server Remote Code Execution Vulnerability (2536275)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902440
Filename: secpod_ms11-048.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1267
CVSS: 7.8
Risk factor : High

Summary: Check for the version of Srvnet.sys file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-048.

Vulnerability Insight:
The flaw is caused when Microsoft Server Message Block (SMB) protocol
software improperly handles SMB packets, including some pre-authentication
scenarios.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
and cause a denial of service or compromise a vulnerable system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows Vista Service Pack 1/2 and prior
Microsoft Windows Server 2008 Service Pack 1/2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-048.mspx

References:
http://support.microsoft.com/kb/2536275
http://www.microsoft.com/technet/security/bulletin/MS11-048.mspx

---

Active Directory Certificate Services Web Enrollment Elevation of Privilege Vulnerability (2518295)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900289
Filename: secpod_ms11-051.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1264
BID: 48175
CVSS: 4.3
Risk factor : Medium

Summary: Check for Registry Entry"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-051.

Vulnerability Insight:
The flaw is caused by improper input validation of a request parameter on an
Active Directory Certificate Services Web Enrollment site.

Impact:
Successful exploitation will allow attacker to execute arbitrary HTML and
script code in a user's browser session in the context of an affected site.

Impact Level: Application

Affected Software/OS:
Active Directory Certificate Services,
- Microsoft Windows 2K3 Service Pack 2 and prior
- Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-051.mspx

References:
http://support.microsoft.com/kb/2518295
http://www.microsoft.com/technet/security/bulletin/MS11-051.mspx

---

MS Windows Threat Management Gateway Firewall Client Remote Code Execution Vulnerability (2520426

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902444
Filename: secpod_ms11-040.nasl
Dependencies: secpod_reg_enum.nasl - smb_registry_access.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1889
BID: 48181
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Fwcmgmt.exe' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-040.

Vulnerability Insight:
The flaw is due to error when setting proper bounds to the
'NSPLookupServiceNext()' function, that allow remote code execution if an
attacker leveraged a client computer to make specific requests on a system
where the TMG firewall client is used.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code in the context of the application. Failed exploit attempts will result
in denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft Forefront Threat Management Gateway 2010 SP1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-040.mspx

References:
http://support.microsoft.com/kb/2520426
http://www.microsoft.com/technet/security/Bulletin/MS11-040.mspx

---

Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900288
Filename: secpod_ms11-042.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1868 CVE-2011-1869
BID: 48180 48187
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable files version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-042.

Vulnerability Insight:
The flaws are due to errors in Microsoft Distributed File System (DFS)
implementation which fails to validates all fields within specially
crafted DFS responses.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code by creating a specially crafted DFS responses.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-042.mspx

References:
http://support.microsoft.com/kb/2535512
http://www.microsoft.com/technet/security/bulletin/MS11-042.mspx

---

Microsoft SMB Client Remote Code Execution Vulnerabilities (2536276)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900287
Filename: secpod_ms11-043.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1268
BID: 48184
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Mrxsmb.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-043.

Vulnerability Insight:
The flaws are due to errors in SMB client implementation which fails to
validate specially crafted SMB responses.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary code
by creating a specially crafted SMB responses.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior
Microsoft Windows Server 2008 Service Pack 1/2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-043.mspx

References:
http://secunia.com/advisories/44898/
http://support.microsoft.com/kb/2536276
http://www.microsoft.com/technet/security/bulletin/MS11-043.mspx

---

Microsoft .NET Framework Remote Code Execution Vulnerability (2538814)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902522
Filename: secpod_ms11-044.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1271
BID: 47834
CVSS: 5.1
Risk factor : High

Summary: Check for the version of 'mscorlib.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-044.

Vulnerability Insight:
The flaw is due to the JIT compiler, when IsJITOptimizerDisabled is
false, does not properly handle expressions related to null strings, which
allows context-dependent attackers to bypass intended access restrictions.

Impact:
Successful exploitation could allow context-dependent attackers to bypass
intended access restrictions in opportunistic circumstances by leveraging
a crafted application.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-044

References:
http://secunia.com/advisories/44899/
http://technet.microsoft.com/en-us/security/bulletin/ms11-044
http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/

---

Windows MHTML Information Disclosure Vulnerability (2544893)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902441
Filename: secpod_ms11-037.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1894
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable 'Inetcomm.dll' file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS11-037.

Vulnerability Insight:
The flaw is caused by an error in the way MHTML (MIME Encapsulation of Aggregate
HTML) interprets MIME-formatted requests for content blocks within a document,
which could allow attackers to inject a client-side script in the response of a
web request run in the context of Internet Explorer by tricking a user into
following a specially crafted 'MHTML:' link.

Impact:
Successful exploitation could allow attackers to gain knowledge of sensitive
information.

Impact Level: Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-037.mspx

References:
http://support.microsoft.com/kb/2544893
http://www.microsoft.com/technet/security/bulletin/MS11-037.mspx

---

Microsoft Windows OLE Automation Remote Code Execution Vulnerability (2476490)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902377
Filename: secpod_ms11-038.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0658
BID: 48174
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Oleaut32.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-038.

Vulnerability Insight:
The flaw is due to an error in Object Linking and Embedding (OLE)
Automation (oleaut32.dll) when parsing a Windows Metafile (WMF) images.

Impact:
Successful exploitation could allow attackers to execute arbitrary code in the
context of the user running the application, which can compromise the
application and possibly the computer.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-038.mspx

References:
http://secunia.com/advisories/44733/
http://support.microsoft.com/kb/2476490
http://www.microsoft.com/technet/security/bulletin/MS11-037.mspx

---

Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902523
Filename: secpod_ms11-039.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_silverlight_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0664
BID: 48212
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'System.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-039.

Vulnerability Insight:
The flaw is due to an input validation error when passing values to
trusted APIs. This can be exploited to access memory in an unsafe manner via
a specially crafted XAML Browser Application or Silverlight application.

Impact:
Successful exploitation could allow attacker to execute arbitrary code within
the context of the application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Silverlight 4.0
Microsoft .NET Framework 4.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-039

References:
http://secunia.com/advisories/44841
http://technet.microsoft.com/en-us/security/bulletin/ms11-039

---

VisiWave Site Survey Arbitrary Code Execution Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.802101
Filename: gb_visiwave_site_survey_code_exec_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-2386
BID: 47948
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of VisiWave Site Survey"

Overview: This host is installed with VisiWave Site Survey and is prone to
arbitrary code execution vulnerability.

Vulnerability Insight:
The flaw exists due to an error when processing report files and can be
exploited to perform a virtual function call into an arbitrary memory location
via a specially crafted 'Type' property.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: Application.

Affected Software :
VisiWave Site Survey version prior to 2.1.9

Fix: Upgrade to VisiWave Site Survey version 2.1.9 or later.
For updates refer to http://www.visiwave.com/index.php/ScrInfoDownload.html

References:
http://secunia.com/advisories/44636
http://www.visiwave.com/blog/index.php?/archives/4-Version-2.1.9-Released.html
http://www.stratsec.net/Research/Advisories/VisiWave-Site-Survey-Report-Trusted-Pointer-(SS-20

---

TigerVNC Version Detection (Windows)    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801897
Filename: gb_tigervnc_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of TigerVNC in KB"

Overview: This script finds the installed TigerVNC version and saves the
version in KB.

---

SecurStar DriveCrypt DCR.sys IOCTL Handling Privilege Escalation Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801799
Filename: gb_drivecrypt_ioctl_priv_esc_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-0513
BID: 45750
CVSS: 7.2
Risk factor : High

Summary: Check for the version of DriveCrypt"

Overview: This host is installed with SecurStar DriveCrypt and is prone to
privilege escalation vulnerability.

Vulnerability Insight:
The flaw exists due to an error in the 'DCR.sys' driver when processing 'IOCTLs'
and can be exploited to corrupt memory via a specially crafted 0x00073800 IOCTL.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: Application.

Affected Software :
SecurStar DriveCrypt version 5.3 and 5.4

Fix: Upgrade to SecurStar DriveCrypt version 5.5 or later
For updates refer to http://www.securstar.com/downloads.php

References:
http://osvdb.org/70426
http://secunia.com/advisories/42881
http://www.exploit-db.com/exploits/15972/

---

Python Version Detection (Windows)    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801795
Filename: gb_python_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the version of Python"

Overview: This script detects the installed version of Python and
sets the result in KB.

---

PHP Version Detection (Windows)    ->

Copyright (c) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902435
Filename: secpod_php_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of PHP"

Detection of installed version of PHP.

The script logs in via smb, searches for PHP in the registry and gets the
version from registry

---

Microsoft .NET Framework Security Bypass Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902518
Filename: secpod_ms_dotnet_security_bypass_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2011-1271
CVSS: 5.1
Risk factor : High

Summary: Check for the version of 'mscorlib.dll' file"

This NVT has been replaced by NVT secpod_ms11-044.nasl
(OID:1.3.6.1.4.1.25623.1.0.902522).

Overview: The host is installed with Microsoft .NET Framework and is prone to
security bypass vulnerability

Vulnerability Insight:
The flaw is due to an error in the JIT compiler, when
'IsJITOptimizerDisabled' is set to false, fails to handle expressions
related to null strings, which allows context-dependent attackers to bypass
intended access restrictions in opportunistic circumstances by leveraging a
crafted application.

Impact:
Successful exploitation could allow context-dependent attackers to bypass
intended access restrictions.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework versions before 4 beta 2.

Fix: Upgrade to Microsoft .NET Framework version 4 beta 2 or later.
For updates refer to http://www.microsoft.com/net/download.aspx

References:
http://stackoverflow.com/questions/2135509/bug-only-occurring-when-compile-optimization-enabled/

---

InduSoft Products Multiple Buffer overflow Vulnerabilities

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902376
Filename: secpod_indusoft_prdts_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-0340
BID: 47596
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Indusoft ThinClient and Web Studio"

Overview: This host is installed with Indusoft products and is prone
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to a buffer overflow error in the ISSymbol ActiveX
control (ISSymbol.ocx) when processing an overly long 'InternationalOrder',
'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which
could be exploited by attackers to execute arbitrary code by tricking a user
into visiting a specially crafted web page.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: Application.

Affected Software:
InduSoft Thin Client version 7.0
InduSoft Web Studio version before 7.0 SP1

Fix: Install the hotfix from below link
http://www.indusoft.com/hotfixes/hotfixes.php

References:
http://secunia.com/advisories/43116
http://www.indusoft.com/hotfixes/hotfixes.php
http://www.vupen.com/english/advisories/2011/1116

---

InduSoft Web Studio Directory Traversal Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902371
Filename: secpod_indusoft_web_studio_dir_trav_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2011-1900
BID: 47842
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Indusoft Web Studio"

Overview: This host is installed with Indusoft Web Studio and is prone to
directory traversal vulnerability.

Vulnerability Insight:
The flaw is due to an error in 'NTWebServer', which allows remote
attackers to execute arbitrary code via an invalid request.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
via an invalid request.

Impact Level: Application

Affected Software:
InduSoft Web Studio version 6.1 and 7.x before 7.0+Patch 1

Fix: Install the hotfix from below link
http://www.indusoft.com/hotfixes/hotfixes.php

References:
http://osvdb.org/73413
http://secunia.com/advisories/42883
http://xforce.iss.net/xforce/xfdb/67419
http://www.indusoft.com/hotfixes/hotfixes.php

---

Advantech Studio Multiple Buffer Overflow Vulnerabilities

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902370
Filename: secpod_advantech_studio_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-0340
BID: 47596
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of ISSymbol.ocx"

Overview: This host is installed with Advantech Studio and is prone multiple
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to a buffer overflow error in the ISSymbol ActiveX
control (ISSymbol.ocx) when processing an overly long 'InternationalOrder',
'InternationalSeparator', 'bstrFileName' or 'LogFileName' property, which
could be exploited by attackers to execute arbitrary code by tricking a user
into visiting a specially crafted web page.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: Application.

Affected Software:
Advantech Advantech Studio 6.1 SP6 Build 61.6.0

Fix: No solution or patch is available as of 20th May, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://support.advantech.com.tw/support/DownloadSearchByProduct.aspx?keyword=Advantech+Studio

References:
http://secunia.com/advisories/42928
http://secunia.com/secunia_research/2011-37/
http://www.vupen.com/english/advisories/2011/1116

---

Microsoft Silverlight Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801934
Filename: gb_ms_silverlight_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the KB for the version of Microsoft Silverlight"

Overview: This script detects the installed version of Microsoft Silverlight
and saves the result in KB.

---

Microsoft Windows WINS Remote Code Execution Vulnerability (2524426)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902516
Filename: secpod_ms11-035.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-1248
BID: 47730
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Wins.exe' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-035.

Vulnerability Insight:
The flaw is caused by a logic error in the Windows Internet Name Service
(WINS) when handling a socket send exception, which could cause certain user
supplied values to remain within a stack frame and to be reused in another
context, leading to arbitrary code execution with elevated privileges.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with elevated privileges or cause a denial-of-service condition.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx

References:
http://support.microsoft.com/kb/2524426
http://www.zerodayinitiative.com/advisories/ZDI-11-167/
http://www.microsoft.com/technet/security/bulletin/MS11-035.mspx

---

Synergy Version Detection (Windows)    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801871
Filename: gb_synergy_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of Synergy in KB"

Overview: This script finds the installed Synergy version and saves the
version in KB.

---

Rsync Multiple Denial of Service Vulnerabilities (Windows)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801772
Filename: gb_rsync_mult_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2011-1097
CVSS: 5.1
Risk factor : High

Summary: Check for the version of rsync"

Overview: This host is installed with Rsync and is prone to multiple denial
of service vulnerabilities.

Vulnerability Insight:
The flaws are due to
- a memory corruption error when processing malformed file list data.
- error while handling directory paths, '--backup-dir', filter/exclude lists.

Impact:
Successful exploitation will allow remote attackers to crash an affected
application or execute arbitrary code by tricking a user into connecting
to a malicious rsync server and using the '--recursive' and '--delete'
options without the '--owner' option.

Impact Level: Application.

Affected Software:
rsync version 3.x before 3.0.8

Fix: Upgrade to rsync version 3.0.8 or later
For updates refer to http://rsync.samba.org/

References:
http://securitytracker.com/id?1025256
http://www.vupen.com/english/advisories/2011/0792

---

Windows Fax Cover Page Editor Remote Code Execution Vulnerability (2527308)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902408
Filename: secpod_ms11-024.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3974
CVSS: 7.6
Risk factor : High

Summary: Check for the vulnerable 'fxscover.exe' and 'Mfc42.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-024.

Vulnerability Insight:
The flaw is due to error in fax cover page editor, when user opened a
specially crafted fax cover page file (.cov) using the windows fax cover page
editor will trigger a memory corruption error in the Fax Cover Page Editor
(fxscover.exe) and execute arbitrary code on the target system.

Impact:
Successful exploitation could allow attackers to gain the same user rights as
the logged-on user. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-024.mspx

References:
http://support.microsoft.com/kb/2491683
http://support.microsoft.com/kb/2506212
http://www.microsoft.com/technet/security/Bulletin/MS11-024.mspx

---

Windows MHTML Information Disclosure Vulnerability (2503658)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902409
Filename: secpod_ms11-026.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0096
CVSS: 4.3
Risk factor : Medium

Summary: Check for the vulnerable 'Inetcomm.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-026.

Vulnerability Insight:
The flaw is caused by an error in the way MHTML (MIME Encapsulation of Aggregate
HTML) interprets MIME-formatted requests for content blocks within a document,
which could allow attackers to inject a client-side script in the response of a
web request run in the context of Internet Explorer by tricking a user into
following a specially crafted 'MHTML:' link.

Impact:
Successful exploitation could allow attackers to gain knowledge of sensitive
information.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-026.mspx

References:
http://support.microsoft.com/kb/2503658
http://www.microsoft.com/technet/security/Bulletin/MS11-026.mspx

---

Microsoft IE Developer Tools WMITools and Windows Messenger ActiveX Control Vulnerability (2508272)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900281
Filename: secpod_ms11-027.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-0811 CVE-2010-3973 CVE-2011-1243
BID: 40490 45546 47197
CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-027.

Vulnerability Insight:
An unspecified error exists in the IE Developer Tools(iedvtool.dll), WMITools
(WBEMSingleView.OCX) and Windows Messenger (msgsc.dll) ActiveX Controls when
used with Internet Explorer. Attackers can execute arbitrary code by tricking
a user into visiting a specially crafted web page.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code.

Impact Level: System.

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior
Microsoft Windows Server 2008 Service Pack 1/2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-027.mspx

Workaround:
Set the killbit for the following CLSIDs,
{1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1}, {2745E5F5-D234-11D0-847A-00C04FD7BB08}
{FB7199AB-79BF-11d2-8D94-0000F875C541}
http://support.microsoft.com/kb/240797

References:
http://secunia.com/advisories/42693
http://www.exploit-db.com/exploits/15809/
http://xforce.iss.net/xforce/xfdb/64250
http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx

---

Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902502
Filename: secpod_ms11-028.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3958
BID: 47223
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'mscorlib.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-028.

Vulnerability Insight:
The flaw is caused by a stack corruption error in the x86 JIT compiler within
the .NET Framework when compiling certain types of function calls, which
could be exploited by remote attackers to execute arbitrary code by tricking
a user into visiting a specially crafted web page.

Impact:
Successful exploitation could allow remote attackers to crash an affected
system or execute arbitrary code by tricking a user into visiting a specially
crafted web page.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms11-028

References:
http://support.microsoft.com/kb/2484015
http://www.vupen.com/english/advisories/2011/0945
http://technet.microsoft.com/en-us/security/bulletin/ms11-028

---

Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900282
Filename: secpod_ms11-030.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0657
BID: 47242
CVSS: 7.5
Risk factor : High

Summary: Check for the vulnerable 'Dnsrslvr.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-030.

Vulnerability Insight:
The flaws are due to the way the DNS client handles specially crafted
LLMNR queries.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code in the context of the NetworkService account.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

References:
http://support.microsoft.com/kb/2509553
http://www.microsoft.com/technet/security/bulletin/ms11-030.mspx

---

Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (2514666)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902501
Filename: secpod_ms11-031.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0663
BID: 47249
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'Vbscript.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-031.

Vulnerability Insight:
The flaw is caused by an integer overflow error in the JScript and VBScript
scripting engines when reallocating memory while decoding a script in order
to run it, which could be exploited by remote attackers to execute arbitrary
code via a malicious web page.

Impact:
Successful exploitation could allow remote attackers to crash an affected
system or execute arbitrary code by tricking a user into visiting a specially
crafted web page.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-031.mspx

References:
http://support.microsoft.com/kb/2510587
http://support.microsoft.com/kb/2510581
http://support.microsoft.com/kb/2510531
http://www.vupen.com/english/advisories/2011/0949
http://www.microsoft.com/technet/security/Bulletin/MS11-031.mspx

---

Windows OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (2507618)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902363
Filename: secpod_ms11-032.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0034
BID: 47179
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable Atmfd.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-032.

Vulnerability Insight:
The flaw is caused by a stack overflow error in the OpenType Compact Font
Format (CFF) driver when handling parameter values of OpenType fonts.

Impact:
Successful exploitation will allow remote attackers execute arbitrary code
via a malicious OpenType font, or by local attackers to gain elevated
privileges.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx

References:
http://secunia.com/advisories/43836/
http://www.vupen.com/english/advisories/2011/0950
http://www.microsoft.com/technet/security/Bulletin/MS11-032.mspx

---

WordPad Text Converters Remote Code Execution Vulnerability (2485663)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900284
Filename: secpod_ms11-033.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0028
BID: 47236
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable file 'Mswrd8.wpc' version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-033.

Vulnerability Insight:
A flaw exists in the Microsoft WordPad text converter, which incorrectly
parses specific fields in a Word document.

Impact:
Successful exploitation of this issue may allow attackers to execute
arbitrary code in the context of a logged-on user by tricking a user to
open specially crafted Word document.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-033.mspx

References:
http://support.microsoft.com/kb/2485663
http://www.microsoft.com/technet/security/Bulletin/MS11-033.mspx

---

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2506223)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900283
Filename: secpod_ms11-034.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0662 CVE-2011-0665 CVE-2011-0666 CVE-2011-0667 CVE-2011-0670 CVE-2011-0671 CVE-2011-0672 CVE-2011-0674 CVE-2011-0675 CVE-2011-1234 CVE-2011-1235 CVE-2011-1236 CVE-2011-1237 CVE-2011-1238 CVE-2011-1239 CVE-2011-1240 CVE-2011-1241 CVE-2011-1242 CVE-2011-0673 CVE-2011-0676 CVE-2011-0677 CVE-2011-1225 CVE-2011-1226 CVE-2011-1227 CVE-2011-1228 CVE-2011-1229 CVE-2011-1230 CVE-2011-1231 CVE-2011-1232 CVE-2011-1233
BID: 47194 47202 47203 47204 47205 47206 47207 47209 47210 47211 47212 47213 47214 47215 47216 47217 47218 47219 47234 47220 47224 47225 47226 47227 47228 47229 47230 47231 47232 47233
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-034.

Vulnerability Insight:
The flaws are due to improper Kernel-mode driver object management
and Null pointer de-reference due to the way kernel-mode drivers keep track
of pointers to certain kernel-mode driver objects.

Impact:
Successful exploitation could allow local attackers to gain elevated
privileges.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx

References:
http://support.microsoft.com/kb/2506223
http://www.microsoft.com/technet/security/bulletin/ms11-034.mspx

---

Microsoft SMB Client Remote Code Execution Vulnerabilities (2511455)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900279
Filename: secpod_ms11-019.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0654 CVE-2011-0660
BID: 46360 47239
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Mrxsmb.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-019.

Vulnerability Insight:
The flaws are due to,
- errors in SMB client implementation which fails to validate specially
crafted SMB responses.
- error in CIFS Browser Protocol implementation which fails to parse
specially crafted Computer Browser messages causing memory corruption.

Impact:
Successful exploitation could allow remote attacker to execute arbitrary
code by creating a specially crafted browser message and sending the message
to an affected system or attacker could perform a man-in-the-middle attack
to respond to a legitimate SMB request with a malformed SMB response.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior
Microsoft Windows Server 2008 Service Pack 1/2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-019.mspx

References:
http://secunia.com/advisories/43299
http://support.microsoft.com/kb/2511455
http://xforce.iss.net/xforce/xfdb/65376
http://www.exploit-db.com/exploits/16166/
http://www.microsoft.com/technet/security/Bulletin/MS11-019.mspx

---

Microsoft Windows SMB Server Remote Code Execution Vulnerability (2508429)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900280
Filename: secpod_ms11-020.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0661
BID: 47198
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Srv.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-020.

Vulnerability Insight:
The flaw is caused when Microsoft Server Message Block (SMB) protocol
software improperly handles SMB packets, including some pre-authentication
scenarios.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
and cause a denial of service or compromise a vulnerable system.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1/2 and prior
Microsoft Windows Server 2008 Service Pack 1/2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-020.mspx

References:
http://support.microsoft.com/kb/2508429
http://www.microsoft.com/technet/security/Bulletin/MS11-020.mspx

---

SAP Crystal Reports Print ActiveX Control Buffer Overflow Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801767
Filename: gb_sap_crystal_reports_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-2590
BID: 45387
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of SAP Crystal Reports"

Overview: This host is installed with SAP Crystal Reports and is prone to
heap-based buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to boundary error in the 'CrystalReports12.CrystalPrintControl.1'
ActiveX control (PrintControl.dll) when processing 'ServerResourceVersion'
which can be exploited to cause a heap-based buffer overflow via an overly
long string.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
in the context of the application using the ActiveX control. Failed exploit
attempts will likely result in denial-of-service condition.

Impact Level: Application.

Affected Software:
Crystal Reports 2008 SP3 Fix Pack 3.2(12.3.2.753)

Fix: No solution or patch is available as of 5th April, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.sap.com/solutions/sapbusinessobjects/sme/freetrials/index.epx

References:
http://secunia.com/advisories/42305
http://www.securitytracker.com/id?1024915

---

Microsoft Windows IPv4 Default Configuration Security Bypass Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801914
Filename: gb_ms_windows_nic_security_bypass_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-0232
CVSS: 7.2
Risk factor : High

Summary: Check for the Microsoft Windows"

This NVT has been replaced by NVT secpod_ms10-015.nasl
(OID:1.3.6.1.4.1.25623.1.0.900740).

Overview:
The host is installed with Microsoft Windows operating system and is prone to
security bypass vulnerability.

Vulnerability Insight:
The default Network Interception Configuration prefers a new IPv6 and DHCPv6
service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6
Router Advertisement (RA), and does not provide an option to ignore an unexpected
RA, which allows remote attackers to conduct man-in-the-middle attacks.

Impact:
Successful exploitation will allow remote attackers to bypass certain security
restrictions and hijack all network traffic without any user.

Impact Level: System.

Affected Software/OS:
Windows 7 Service Pack 1 and prior
Windows Vista Service Pack 2 and prior
Windows Server 2008 Service Pack 2 and prior

Fix: No solution or patch is available as of 08th April, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/technet/security/advisory/979682.mspx

References:
http://resources.infosecinstitute.com/slaac-attack/
https://lists.immunityinc.com/pipermail/dailydave/20110404/000122.html

---

Google Picasa Version Detection (Windows)    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801769
Filename: gb_google_picasa_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of Google Picasa in KB"

Overview: This script detects the installed version of Google Picasa and
sets the result in KB.

---

Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability

Copyright (c) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902403
Filename: secpod_ms_fraudulent_digital_certificates_sooping_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 6.8
Risk factor : High

Summary: Check for the vulnerable version of Microsoft Windows"

Overview:
This NVT has been replaced by NVT gb_ms_windows_fraudulent_digital_cert_spoofing_vuln.nasl
(OID:1.3.6.1.4.1.25623.1.0.801953).

The host is installed with Microsoft Windows operating system and is prone to
Spoofing vulnerability.

Vulnerability Insight:
The flaw is caused by an error related to the use of several revoked and
fraudulent SSL certificates for public web sites, which could allow attackers
to decrypt SSL traffic sent to legitimate web sites by manipulating the DNS
servers and using the fraudulent certificates.

Impact:
Successful exploitation will allow remote attackers to spoof content, perform
phishing attacks, or perform man-in-the-middle attacks against all Web browser
users including users of Internet Explorer.

Impact Level: System.

Affected Software/OS:
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix: Apply the patch from below link,
For updates refer to http://support.microsoft.com/kb/2524375

References:
http://www.microsoft.com/technet/security/advisory/2524375.mspx
http://forums.cnet.com/7723-6132_102-521672.html?messageId=5105699
http://vulnerabilityteam.blogspot.com/2011/03/fraudulent-ssl-certificates.html

---

Microsoft Groove Remote Code Execution Vulnerability (2494047)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902351
Filename: secpod_ms11-016.nasl
Dependencies: secpod_reg_enum.nasl - secpod_office_products_version_900032.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3146
BID: 42695
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'Groove.exe' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-016.

Vulnerability Insight:
The application insecurely loading certain librairies (e.g. 'mso.dll') from
the current working directory.

Impact:
Successful exploitation allows remote attackers to execute arbitrary
code by tricking a user into opening a file *.vcg from a network share.

Impact Level: System/Application

Affected Software/OS:
Microsoft Groove 2007 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-016.mspx

References:
http://secunia.com/advisories/41104/
http://www.vupen.com/english/advisories/2010/2188
http://www.microsoft.com/technet/security/Bulletin/MS11-016.mspx

---

Microsoft Remote Desktop Client Remote Code Execution Vulnerability (2508062)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900273
Filename: secpod_ms11-017.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0029
BID: 46678
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Mstscax.dll' file version"

Overview: This host is missing a critical security update according to Microsoft
Bulletin MS11-017.

Vulnerability Insight:
The flaw is caused by the way Windows Remote Desktop Client handles loading
of DLL files. Remote attacker can execute arbitrary code by tricking a user
to open a legitimate Remote Desktop configuration file (.rdp) that
is located in the same network directory as a specially crafted dynamic
link library (DLL) file.

Impact:
Successful exploitation could allow authenticated attackers to execute
arbitrary code with elevated privileges.

Impact Level: System

Affected Software/OS:
Remote Desktop Connection 5.2 Client
- Windows XP Service Pack 3 and prior

Remote Desktop Connection 6.0/6.1 Client
- Windows XP Service Pack 3
- Windows Vista Service Pack 2 and prior
- Windows Server 2003 Service Pack 2 and prior
- Windows Server 2008 Service Pack 2 and prior

Remote Desktop Connection 7.0 Client
- Windows 7
- Windows XP Service Pack 3 and prior
- Windows Vista Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx

References:
http://secunia.com/advisories/43628
http://www.microsoft.com/technet/security/Bulletin/MS11-017.mspx

---

Microsoft Windows Media Remote Code Execution Vulnerabilities (2510030)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901193
Filename: secpod_ms11-015.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0032 CVE-2011-0042
BID: 46682 46680
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'Sbe.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-015.

Vulnerability Insight:
The flaws are caused by,
- An error in the way DirectShow loads external libraries, which could allow
attackers to load a malicious DLL by tricking a user into opening a file
from a malicious location.
- A memory corruption error in Windows Media Player and Windows Media Center
when parsing '.dvr-ms' media files, which could allow attackers to execute
arbitrary code by tricking a user into opening a malicious '.dvr-ms' file.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
in the context of the user running the application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Micorsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Media Center Edition 2005 Service Pack 3.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx

References:
http://support.microsoft.com/kb/2479943
http://www.vupen.com/english/advisories/2011/0615
http://www.microsoft.com/technet/security/bulletin/ms11-015.mspx

---

Citrix License Server Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801853
Filename: gb_citrix_license_server_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of Citrix License Server in KB"

Overview: This script finds the installed Citrix License Server version and
saves the version in KB.

---

PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902346
Filename: secpod_pipi_player_activex_ctrl_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-1065
BID: 46468
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of PIPI Player"

Overview: This host is installed with PIPI Player and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error when processing the 'PlayURL()' and
'PlayURLWithLocalPlayer()' methods. This can be exploited to cause a
stack-based buffer overflow via an overly long string passed to the methods.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application.

Impact Level: Application.

Affected Software:
PIPI Player version 2.8.0.0

Fix: No solution or patch is available as of 28th Febraury, 2011. Information
regarding this issue will update once the solution details are available.
For updates refer to http://pipi.cn/down/index.html

References:
http://secunia.com/advisories/43394
http://xforce.iss.net/xforce/xfdb/65537
http://www.wooyun.org/bugs/wooyun-2010-01383

---

Foxit Phantom Version Detection    ->

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801754
Filename: gb_foxit_phantom_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set the version of Foxit Phantom in KB"

Overview: This script finds the Foxit Phantom version and saves
the result in KB.

---

Metasploit Framework Version Detection (Windows)    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902293
Filename: secpod_metasploit_framework_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of Metasploit Framework in KB"

Overview: This script finds the installed Metasploit Framework version and
saves the version in KB.

---

MOXA Device Manager MDM Tool Buffer Overflow Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902345
Filename: secpod_moxa_device_manager_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-4741
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Moxa Device Manager"

Overview: This host is installed with MOXA Device Manager and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to a stack-based buffer overflow error in 'strcpy()'
function in 'MDMUtil.dll' within MDM Tool.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code.

Impact Level: Application.

Affected Software:
Moxa Device Manager version prior to 2.3

Fix: Upgrade to the Moxa Device Manager version 2.3 or later,
For updates refer to http://www.moxa.com/support/download.aspx?d_id=2669

References:
http://www.kb.cert.org/vuls/id/237495
http://www.kb.cert.org/vuls/id/MORO-8D9JX8
http://reversemode.com/index.php?option=com_content&task=view&id=70&Itemid=1

---

Hex-Rays IDA Pro Version Detection    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901188
Filename: secpod_ida_pro_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of IDA Pro in KB"

Overview: This script finds the installed Hex-Rays IDA Pro version and saves
the version in KB.

---

Microsoft Windows2k3 Active Directory BROWSER ELECTION Buffer Overflow Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801598
Filename: gb_ms_windows2k3_active_directory_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2011-0654
BID: 46360
CVSS: 10.0
Risk factor : Critical

Summary: Check for the existance of Mrxsmb.sys file"

This NVT has been replaced by NVT secpod_ms11-019.nasl
(OID:1.3.6.1.4.1.25623.1.0.900279).

Overview: This host is installed with Active Directory and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error in Active Directory in 'Mrxsmb.sys', which
fails to perform adequate boundary-checks on user-supplied data in crafted
BROWSER ELECTION request.

Impact:
Successful exploitation allows attackers to execute arbitrary code with
SYSTEM-level privileges or cause a denial of service condition.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K3 Service Pack 2 and prior

Fix: No solution or patch is available as of 17th February, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/

References:
http://www.exploit-db.com/exploits/16166
http://archives.neohapsis.com/archives/fulldisclosure/current/0284.html

---

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902335
Filename: secpod_ms11-007.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0033
BID: 46106
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-007.

Vulnerability Insight:
The flaw is caused by an error in the Windows OpenType Compact Font Format
(CFF) driver that does not properly validate the parameter values of
specially crafted OpenType fonts.

Impact:
Successful exploitation will allow the remote attackers or malicious users to
execute arbitrary code with kernel privileges.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-007.mspx

References:
http://www.vupen.com/english/advisories/2011/0320
http://www.microsoft.com/technet/security/Bulletin/MS11-007.mspx

---

Microsoft Visio Remote Code Execution Vulnerabilities (2451879)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902287
Filename: secpod_ms11-008.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0092 CVE-2011-0093
BID: 46138 46137
CVSS: 9.3
Risk factor : Critical

Summary: Check for version of vulnurable file 'visio.exe'"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-008.

Vulnerability Insight:
The flaws are due to:
- A memory corruption error when handling certain objects while parsing
malformed Visio files, which could be exploited by attackers to execute
arbitrary code.
- A memory corruption error when handling corrupted structures while parsing
malformed Visio files, which could be exploited by attackers to execute
arbitrary code.

Impact:
Successful exploitation could allow users to execute arbitrary code via a
specially crafted Visio file.

Impact Level: System

Affected Software/OS:
Microsoft Visio 2002 Service Pack 2 and prior.
Microsoft Visio 2003 Service Pack 3 and prior.
Microsoft Visio 2007 Service Pack 2 and pripr.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-008.mspx

References:
http://support.microsoft.com/kb/2434737
http://support.microsoft.com/kb/2434733
http://support.microsoft.com/kb/2434711
http://www.vupen.com/english/advisories/2011/0321
http://packetstormsecurity.org/files/cve/CVE-2011-0092
http://packetstormsecurity.org/files/cve/CVE-2011-0093
http://www.microsoft.com/technet/security/bulletin/MS11-008.mspx

---

Windows Client/Server Run-time Subsystem Privilege Elevation Vulnerability (2476687)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901181
Filename: secpod_ms11-010.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0030
BID: 46142
CVSS: 6.9
Risk factor : High

Summary: Check for the vulnerable 'Csrsrv.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-010.

Vulnerability Insight:
The flaw is caused by an error in the Client/Server Run-time Subsystem(CSRSS)
when terminating a process when a user logs off, which could allow malicious
users to monitor the actions of a user who subsequently logged on to the
system, and collect useful information to try to further compromise the
affected system.

Impact:
Successful exploitation could allow local attackers to obtain sensitive
information or gain privileges.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-010.mspx

References:
http://support.microsoft.com/kb/2476687
http://www.vupen.com/english/advisories/2011/0323
http://www.microsoft.com/technet/security/Bulletin/MS11-010.mspx

---

Microsoft Windows Kernel Elevation of Privilege Vulnerability (2393802)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902337
Filename: secpod_ms11-011.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-4398 CVE-2011-0045
BID: 45045 46136
CVSS: 7.2
Risk factor : High

Summary: Check for the version of 'Ntoskrnl.exe' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-011.

Vulnerability Insight:
The flaws are due to
- an integer truncation error in the Windows kernel that does not properly
validate user-supplied data before allocating memory.
- a buffer overflow error in the 'win32k.sys' driver when interacting with
the Windows kernel.

Impact:
Successful exploitation will allow remote attackers or malicious users to
execute arbitrary code with kernel privileges.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-011.mspx

References:
http://secunia.com/advisories/42356
http://www.vupen.com/english/advisories/2011/0324
http://packetstormsecurity.org/files/cve/CVE-2011-0045
http://www.microsoft.com/technet/security/bulletin/ms11-011.mspx

---

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2479628)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901182
Filename: secpod_ms11-012.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0086 CVE-2011-0087 CVE-2011-0088 CVE-2011-0089 CVE-2011-0090
BID: 46141 46148 46147 46149 46150
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Win32k.sys' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-012.

Vulnerability Insight:
The flaws are caused by input validation errors, improper pointer validation,
pointer confusions, and memory corruption errors in the Windows kernel-mode
drivers 'win32k.sys' when processing data supplied from user mode to kernel
mode, which could allow malicious users to execute arbitrary code with kernel
privileges.

Impact:
Successful exploitation could allow local attackers to gain elevated
privileges.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-012.mspx

References:
http://support.microsoft.com/kb/2479628
http://www.vupen.com/english/advisories/2011/0325
http://www.microsoft.com/technet/security/bulletin/ms11-012.mspx

---

Microsoft Kerberos Privilege Escalation Vulnerabilities (2496930)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902288
Filename: secpod_ms11-013.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0043 CVE-2011-0091
BID: 46130 46140
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Kerberos.dll' file version"

Overview: This host is missing a critical security update according to Microsoft
Bulletin MS11-013.

Vulnerability Insight:
The flaws are due to:
- An error in Kerberos implementation supporting weak hashing mechanisms
such as CRC32.
- An error in Kerberos that does not correctly enforce stronger default
encryption standards.

Impact:
Successful exploitation could allow authenticated attackers to obtain a token
with elevated privileges on the affected system and allows a man-in-the-middle
attacker to force a downgrade in Kerberos communication between a client and
server.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-013.mspx

References:
http://support.microsoft.com/kb/2478971
http://support.microsoft.com/kb/2478971
http://www.vupen.com/english/advisories/2011/0326
http://www.microsoft.com/technet/security/bulletin/ms11-013.mspx

---

Microsoft Windows LSASS Privilege Escalation Vulnerability (2478960)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902289
Filename: secpod_ms11-014.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0039
BID: 46152
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable 'Lsasrv.dll' file version"

Overview: This host is missing a critical security update according to Microsoft
Bulletin MS11-014.

Vulnerability Insight:
The flaw is caused by an error in the Local Security Authority Subsystem
Service (LSASS) when processing malformed authentication requests.

Impact:
Successful exploitation could allow authenticated attackers to execute
arbitrary code with elevated privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-014.mspx

References:
http://support.microsoft.com/kb/2478960
http://www.vupen.com/english/advisories/2011/0327
http://www.microsoft.com/technet/security/bulletin/ms11-014.mspx

---

Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901183
Filename: secpod_ms11-004.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3972
BID: 45542
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable 'Ftpsvc.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-004.

Vulnerability Insight:
The flaw is due to a boundary error when encoding Telnet IAC
characters in a FTP response. This can be exploited without authenticating
to the FTP service to cause a heap-based buffer overflow by sending an overly
long, specially crafted FTP request.

Impact:
Successful exploitation could allow remote attackers to cause a denial of
service and possibly execute arbitrary code via a crafted FTP request that
triggers memory corruption.

Impact Level: System/Application

Affected Software/OS:
Microsoft Internet Information Services (IIS) version 7.0
- On Microsoft Windows Vista/2008 server Service Pack 2 and prior
Microsoft Internet Information Services (IIS) version 7.5
- On Microsoft Windows 7 Service Pack 1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx

References:
http://secunia.com/advisories/42713
http://www.kb.cert.org/vuls/id/842372
http://www.exploit-db.com/exploits/15803/
http://www.securitytracker.com/id?1024921
http://www.vupen.com/english/advisories/2010/3305

---

Microsoft Windows Active Directory SPN Denial of Service (2478953)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902290
Filename: secpod_ms11-005.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0040
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of Ntdsa.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-005.

Vulnerability Insight:
The flaw is due to an error in Active Directory that does not properly
process specially crafted requests to update the service principal name (SPN).

Impact:
Successful exploitation will allows attackers to cause a denial of service.

Impact Level: System/Application

Affected Software/OS:
Windows Server 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-005.mspx

References:
http://support.microsoft.com/kb/2478953
http://www.vupen.com/english/advisories/2011/0319
http://www.microsoft.com/technet/security/bulletin/MS11-005.mspx

---

Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902334
Filename: secpod_ms11-006.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3970
BID: 45662
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Shell32.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-006.

Vulnerability Insight:
The flaw is due to a signedness error in the 'CreateSizedDIBSECTION()'
function within the Windows Shell graphics processor when parsing thumbnail bitmaps.

Impact:
Successful exploitation will allow attackers to execute arbitrary code by
tricking a user into opening or previewing a malformed Office file or browsing
to a network share, UNC, or WebDAV location containing a specially crafted
thumbnail image.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-006.mspx

References:
http://secunia.com/advisories/42779
http://www.securitytracker.com/id?1024932
http://www.vupen.com/english/advisories/2011/0018

---

Oracle Sun Management Center Information Disclosure Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801587
Filename: gb_oracle_sun_mc_info_disc_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-4436
BID: 45885
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of Sun Management Center"

Overview: The host is installed with Oracle Sun Management Center and is
prone to information disclosure vulnerability.

Vulnerability Insight:
The issue is caused by an unknown error within the Web Console component,
which could allow attackers to disclose certain information.

Impact:
Successful exploitation could allow remote attackers to affect confidentiality
and integrity via unknown vectors.

Impact Level: System/Application

Affected Software/OS:
Oracle SunMC version 4.0

Fix: Apply the security updates.
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html

*****
NOTE: Ignore this warning if above mentioned patch is already applied.
*****

References:
http://secunia.com/advisories/42989
http://xforce.iss.net/xforce/xfdb/64814
http://www.vupen.com/english/advisories/2011/0156

---

FTPGetter PASV Command Remote Stack Buffer Overflow Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801839
Filename: gb_ftpgetter_pasv_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

BID: 46120
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of FTPGetter"

Overview: This host is installed with FTPGetter FTP Client and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error when reading a log file using
fgets() which can be exploited to cause a stack-based buffer overflow by
tricking a user into connecting to a malicious FTP server and sending a
specially crafted 'PWD' or 'PASV' response.

Impact:
Successful exploitation allows execution of arbitrary code.

Impact Level: Application.

Affected Software:
FTPGetter version 3.58.0.21 and prior.

Fix: No solution or patch is available as of 4th February, 2011. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.ftpgetter.com/download.php

References:
https://secunia.com/advisories/41857
http://www.exploit-db.com/exploits/16101/
http://downloads.securityfocus.com/vulnerabilities/exploits/46120.py

---

CA Internet Security Suite Plus KmxSbx.sys Buffer Overflow Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901177
Filename: secpod_ca_internet_security_suite_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-4502
CVSS: 7.2
Risk factor : High

Summary: Check for the version of KmxSbx.sys"

Overview: This host is installed with CA Internet Security Suite Plus and is
prone to buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error in the 'KmxSbx.sys' kernel driver when
processing IOCTLs and can be exploited to cause a buffer overflow via
overly large data buffer sent to the 0x88000080 IOCTL.

Impact:
Successful exploitation allows execution of arbitrary code in the kernel.

Impact Level: Application/System

Affected Software:
CA Internet Security Suite Plus 2010

Fix: No solution or patch is available as of 31st January, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to
http://shop.ca.com/ca/products/internetsecurity/internetsecurity_suite.asp

References:
http://secunia.com/advisories/42267
http://www.exploit-db.com/exploits/15624
http://www.securitytracker.com/id?1024808
http://www.vupen.com/english/advisories/2010/3070

---

Nokia Multimedia Player Playlist Processing Buffer Overflow Vulnerability

Copyright (c) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902331
Filename: secpod_nokia_multimedia_player_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2011-0498
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Nokia Multimedia Player"

Overview: This host is installed with Nokia Multimedia Player and is prone
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw is caused by a buffer overflow error when processing playlists
containing overly long data.

Impact:
Successful exploitation will allow remote attackers to crash an affected
application or compromise a vulnerable system by tricking a user into opening
a malicious playlist file.

Impact Level: Application.

Affected Software:
Nokia Multimedia Player Version 1.00.55.5010 and prior

Fix: No solution or patch is available as of 28th January, 2011. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.nokia.com/

References:
http://osvdb.org/70416
http://secunia.com/advisories/42852
http://www.vupen.com/english/advisories/2011/0083

---

OpenSC Version Detection (Windows)    ->

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901174
Filename: secpod_opensc_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of OpenSC in KB"

Overview: This script detects the version of OpenSC and sets the
result in the KB.

---

Kingsoft Antivirus KisKrnl.sys Driver Denial of Service Vulnerability

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901176
Filename: secpod_kingsoft_antivirus_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2011-0515
BID: 45821
CVSS: 2.1
Risk factor : Medium

Summary: Check for the version of Kingsoft Antivirus"

Overview: This host is installed with Kingsoft Antivirus and is prone to
denial of service vulnerability.

Vulnerability Insight:
The flaw is due to an error when handling system service calls in the
'kisknl.sys' driver which can be exploited to cause a page fault error in
the kernel and crash the system.

Impact:
Successful exploitation will allow local users to cause a denial of service
condition.

Impact Level: Application.

Affected Software:
Kingsoft Antivirus version 2011.1.13.89 and prior.

Fix: No solution or patch is available as of 28th January, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.kingsoftsecurity.com/kingsoft-antivirus.html

References:
http://secunia.com/advisories/42937
http://xforce.iss.net/xforce/xfdb/64723
http://www.exploit-db.com/exploits/15998/

---

MS Windows HID Functionality(Over USB) Code Execution Vulnerability

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801581
Filename: gb_ms_windows_hid_over_usb_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2011-0638
CVSS: 6.9
Risk factor : High

Summary: Check for the existance of hidserv.dll file"

Overview: This host is installed with USB device driver software and is prone
to code execution vulnerability.

Vulnerability Insight:
The flaw is due to error in USB divice driver, which does not properly
warn the user before enabling additional Human Interface Device (HID)
functionality.

Impact:
Successful exploitation will allows user-assisted attackers to execute
arbitrary programs via crafted USB data.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 2 and prior
Microsoft Windows 2k Service Pack 4 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows 2k8 Service Pack 4 and prior
Microsoft Windows Vista service Pack 2 and prior

Fix: No solution or patch is available as of 25th january, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/

References:
http://www.cs.gmu.edu/~astavrou/publications.html
http://news.cnet.com/8301-27080_3-20028919-245.html
http://www.blackhat.com/html/bh-dc-11/bh-dc-11-briefings.html#Stavrou

---

Microsoft Windows Fax Cover Page Editor BOF Vulnerabilities

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801580
Filename: gb_ms_windows_fscpe_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-4701
CVSS: 7.6
Risk factor : High

Summary: Check for the version of fxscover.exe file"

Overview: This host is installed with Fax Cover Page Editor and is prone to
buffer overflow vulnerabilities.

Vulnerability Insight:
The flaw is due to an input validation error and a use-after-free
error in the Fax Cover Page Editor 'fxscover.exe' when a function
'CDrawPoly::Serialize()' reads in data from a Fax Cover Page file ('.cov').

Impact:
Successful exploitation will allow the attacker to cause a heap-based buffer
overflow via a Fax Cover Page file containing specially crafted content.

Impact Level: System/Application

Affected Software/OS:
Fax Services Cover Page Editor 5.2 r2 on,
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Micorsoft Windows 7

Fix: No solution or patch is available as of 24th january, 2011. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/

References:
http://secunia.com/advisories/42747
http://www.securitytracker.com/id?1024925
http://www.exploit-db.com/exploits/15839/
http://www.exploit-db.com/exploits/16024/

---

Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.801725
Filename: gb_ms08-052.nasl
Dependencies: secpod_ms_visual_prdts_detect.nasl - secpod_office_products_version_900032.nasl - secpod_reg_enum.nasl - gb_ms_ie_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-5348 CVE-2008-3012 CVE-2008-3013 CVE-2008-3014 CVE-2008-3015
BID: 31018 31019 31020 31021 31022
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Msv1_0.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-052.

Vulnerability Insight:
The issues are caused by memory corruptions, integer, heap and buffer
overflows, and input validation errors in GDI+ when rendering malformed WMF,
PNG, TIFF and BMP images, or when processing Office Art Property Tables in
Office documents.

Impact:
Successful exploitation could allow attackers to crash an affected application
or execute arbitrary code.

Impact Level: Application

Affected Software/OS:
Microsoft SQL Server 2005 SP 2/3
Microsoft Office Excel Viewer 2007
Microsoft Office XP/2003 SP 3 and prior
Microsoft Office Visio 2002 SP 2 and prior
Microsoft Office Groove 2007 SP1 and prior
Microsoft Excel Viewer 2003 SP 3 and prior
Microsoft Office 2007 System SP 1/2 and prior
Microsoft Office Word Viewer 2003 SP 3 and prior
Microsoft Office Visio Viewer 2007 SP 2 and prior
Microsoft Office PowerPoint Viewer 2007 SP 2 and prior
Microsoft Visual Studio 2008 SP 1 and prior
Microsoft Visual Studio .NET 2003 SP 1 and prior
Microsoft Windows 2000 SP4 with Internet Explorer 6 SP 1
Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats SP 1/2
Microsoft Office PowerPoint Viewer 2003
Microsoft Office PowerPoint Viewer 2007 Service Pack 1

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

References:
http://secunia.com/advisories/32154
http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx

---

Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801723
Filename: gb_ms07-053.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-3036
BID: 25620
CVSS: 6.9
Risk factor : High

Summary: Check for the version of 'posix.exe' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-053.

Vulnerability Insight:
The flaw is due to an unspecified error in Windows Services for UNIX
and the Subsystem for UNIX-based Applications component when handling connection
credentials for setuid binaries.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code with
escalated privileges by running a specially crafted setuid binary.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior.
Microsoft Windows 2000 ervice Pack 4 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

References:
http://osvdb.org/36935
http://secunia.com/advisories/26757
http://securitytracker.com/alerts/2007/Sep/1018678.html
http://www.microsoft.com/technet/security/bulletin/ms07-053.mspx

---

Microsoft Active Directory Denial of Service Vulnerability (953235)

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801721
Filename: gb_ms08-035.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-1445
BID: 29584
CVSS: 7.1
Risk factor : High

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-035.

Vulnerability Insight:
The issue is due to an input validation error in the processing of
LDAP requests. This can be exploited to cause a vulnerable system to stop
responding and automatically restart via a specially crafted LDAP packet sent
to the Active Directory Application Mode (ADAM), Active Directory, or AD LDS server.

Impact:
Successful exploitation will allow attacker to send specially crafted LDAP
packets to cause the target system to stop responding and automatically restart.

Impact Level: System/Application.

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows 2008 server Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx

References:
http://secunia.com/advisories/30586
http://securitytracker.com/alerts/2008/Jun/1020229.html
http://www.microsoft.com/technet/security/bulletin/ms08-035.mspx

---

HP SMH Insight Diagnostics Cross Site Scripting Vulnerability - Windows

Copyright (c) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.800192
Filename: gb_hp_smh_insight_diag_xss_vuln_win.nasl
Dependencies: find_service.nes - secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-4111
CVSS: 4.3
Risk factor : Medium

Summary: Check HP SMH Insight Diagnostics Version"

Overview: The host is running HP SMH with Insight Diagnostics and is prone
to cross-site scripting vulnerability.

Vulnerability Insight:
The flaw is caused due imporper validation of user supplied input via
unspecified vectors, which allows attackers to execute arbitrary HTML
and script code in a user's browser session in the context of an
affected site.

Impact:
Successful exploitation will allow attackers to inject arbitrary HTML
code in the context of an affected site.

Impact Level: Application

Affected Software/OS:
HP Insight Diagnostics Online Edition before 8.5.1.3712 on Windows.

Fix: Upgrade to 8.5.1.3712 or higher versions or refer vendor advisory for
update, http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463

References:
http://marc.info/?l=bugtraq&m=129245189832672&w=2
http://securitytracker.com/alerts/2010/Dec/1024897.html
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02652463

---

Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801709
Filename: gb_ms07-066.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-5350
BID: 26757
CVSS: 7.2
Risk factor : High

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-066.

Vulnerability Insight:
The flaw is due to an unspecified error in the way the Windows Advanced
Local Procedure Call (ALPC) validates certain conditions of legacy reply paths.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code
with kernel privileges.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-066.mspx

References:
http://secunia.com/advisories/28015
http://xforce.iss.net/xforce/xfdb/38729
http://securitytracker.com/alerts/2007/Dec/1019075.html
http://www.microsoft.com/technet/security/bulletin/ms07-066.mspx

---

Vulnerability in Windows Media File Format Could Allow Remote Code Execution

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801708
Filename: gb_ms07-068.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0064
BID: 26776
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-068.

Vulnerability Insight:
The flaws are due to boundary errors when parsing ASF
(Advanced Systems Format) files which can be exploited to cause heap-based
buffer overflows when a user views a specially crafted ASF file.

Impact:
Successful exploitation could allow attackers to execute arbitrary code with
SYSTEM-level privileges. Successfully exploiting this issue will result in
complete compromise of the affected computers.

Impact Level: System

Affected Software/OS: Microsoft Windows 2K/XP/2003/Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx

References:
http://secunia.com/advisories/28034
http://securitytracker.com/alerts/2007/Dec/1019074.html
http://www.microsoft.com/technet/security/bulletin/ms07-068.mspx

---

Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801706
Filename: gb_ms08-001.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0069 CVE-2007-0066
BID: 27100 27139
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of tcpip.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-001.

Vulnerability Insight:
The flaws are due to an errors in the kernel's TCP/IP implementation,
- when handling 'IGMPv3' and 'MLDv2' queries can be exploited to cause a buffer overflow.
- when handling fragmented router advertisement ICMP queries.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
with SYSTEM-level privileges. Successful exploitation will allow an attacker
to compromise the affected system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior.
Microsoft Windows 2000 Service Pack 4 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx

References:
http://secunia.com/advisories/28297
http://xforce.iss.net/xforce/xfdb/39453
http://xforce.iss.net/xforce/xfdb/39452
http://securitytracker.com/alerts/2008/Jan/1019166.html

---

Microsoft Windows TCP/IP Denial of Service Vulnerability (946456)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801705
Filename: gb_ms08-004.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0084
BID: 27634
CVSS: 7.8
Risk factor : High

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-004.

Vulnerability Insight:
The flaw is due to an unspecified error in the 'TCP/IP' processing of
packets received from DHCP (Dynamic Host Configuration Protocol) servers.

Impact:
Successful exploitation leads to stop and automatically restart a vulnerable
system via a specially crafted packet.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx

References:
http://secunia.com/advisories/28828
http://securitytracker.com/alerts/2008/Feb/1019383.html
http://www.microsoft.com/technet/security/bulletin/ms08-004.mspx

---

Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801704
Filename: gb_ms08-005.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_iis_detect_win.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0074
BID: 27101
CVSS: 7.2
Risk factor : High

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-005.

Vulnerability Insight:
The flaw is due to an error within the handling of file change
notifications in the 'FTPRoot', 'NNTPFileRoot', and 'WWWRoot' folders.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with SYSTEM-level privileges.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista
Microsoft Internet Information Services (IIS) version 5.0
Microsoft Internet Information Services (IIS) version 5.1
Microsoft Internet Information Services (IIS) version 6.0
Microsoft Internet Information Services (IIS) version 7.0

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/ms08-005

References:
http://secunia.com/advisories/28849
http://securitytracker.com/alerts/2008/Feb/1019384.html
http://technet.microsoft.com/en-us/security/bulletin/ms08-005

---

Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801703
Filename: gb_ms08-008.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0065
BID: 27661
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-008.

Vulnerability Insight:
The flaw is due to an error in the VBScript and JScript scripting
engines during handling of certain script requests when using OLE.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2000 Service Pack 4 and prior
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista
Microsoft Visual Basic 6.0 Service Pack 6

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx

References:
http://secunia.com/advisories/28902
http://securitytracker.com/alerts/2008/Feb/1019373.html
http://www.microsoft.com/technet/security/bulletin/ms08-008.mspx

---

Vulnerabilities in GDI Could Allow Remote Code Execution (925902)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801720
Filename: gb_ms07-017.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0038 CVE-2007-1211 CVE-2007-1212 CVE-2007-1213 CVE-2007-1215
BID: 23275 23278 23276 23273
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 'win32k.sys' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-017.

Vulnerability Insight:
The flaw is due to
- A boundary error within the handling of animated cursors
- Invalid memory reference.
- Privilege-escalation vulnerability when rendering malformed 'EMF'
image files.
- Error in Windows TrueType Font Rasterizer.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior.
Microsoft Windows 2000 ervice Pack 4 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx

References:
http://secunia.com/advisories/24659
http://xforce.iss.net/xforce/xfdb/33258
http://xforce.iss.net/xforce/xfdb/33301
http://securitytracker.com/alerts/2007/Apr/1017845.html
http://www.microsoft.com/technet/security/bulletin/ms07-017.mspx

---

Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability (930178)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801719
Filename: gb_ms07-021.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2006-6696 CVE-2007-1209
BID: 23338
CVSS: 7.2
Risk factor : High

Summary: Check for the version of 'winsrv.dll' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-021.

Vulnerability Insight:
The flaw is due to
- A double-free error in the Client/Server Run-time Subsystem (CSRSS) within
'WINSRV.DLL' when handling HardError messages.
- Incorrect marshaling of system resources in the Client/Server Run-time
Subsystem (CSRSS) when handling connections during the startup and stopping
of processes.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code with
SYSTEM privileges by establishing and closing multiple connections to the
subsystem's ApiPort.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior.
Microsoft Windows 2000 ervice Pack 4 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx

References:
http://secunia.com/advisories/23491/
http://securitytracker.com/alerts/2007/Apr/1017897.html
http://www.microsoft.com/technet/security/bulletin/ms07-021.mspx

---

Microsoft Windows Vista Information Disclosure Vulnerability (931213)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801718
Filename: gb_ms07-032.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-2229
BID: 24411
CVSS: 7.2
Risk factor : High

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-032.

Vulnerability Insight:
The flaw is due to certain user information data being stored in the
registry and the local file system with insecure permissions.

Impact:
Successful exploitation allows remote attacker to obtain sensitive information
that may allow them to gain unauthorized access to the affected computer.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-032.mspx

References:
http://secunia.com/advisories/25623
http://securitytracker.com/alerts/2007/Jun/1018225.html
http://www.microsoft.com/technet/security/bulletin/ms07-032.mspx

---

Microsoft Outlook Express/Windows Mail MHTML URI Handler Information Disclosure Vulnerability (929123)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801716
Filename: gb_ms07-034.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2006-2111 CVE-2007-1658 CVE-2007-2225 CVE-2007-2225
BID: 17717
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Inetcomm.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-034.

Vulnerability Insight:
The flaw is due to
- Error in Windows because the 'MHTML' protocol handler incorrectly interprets
the MHTML URL redirections that could potentially bypass Internet Explorer
domain restrictions.
- The way local or UNC navigation requests are handled in Windows Mail.
- Error in Windows because the 'MHTML' protocol handler incorrectly interprets
HTTP headers when returning MHTML content.
- MHTML protocol handler, which passes Content-Disposition notifications back to
Internet Explorer.

Impact:
Successful exploitation allows remote attackers to gain access to sensitive
information that is associated with the external domain.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx

References:
http://secunia.com/advisories/22477
http://xforce.iss.net/xforce/xfdb/26281
http://securitytracker.com/alerts/2006/Apr/1016005.html
http://www.microsoft.com/technet/security/bulletin/ms07-034.mspx

---

Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801717
Filename: gb_ms07-038.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-3038
BID: 24779
CVSS: 7.8
Risk factor : High

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-038.

Vulnerability Insight:
The flaw is due to an error in the handling of the Teredo transport
mechanism resulting in network traffic being handled incorrectly though the
Teredo interface. This may result in certain firewall rules being bypassed.

Impact:
Successful exploitation allows remote attacker to bypass firewall settings
and possibly obtain sensitive information about the system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx

References:
http://secunia.com/advisories/26001
http://securitytracker.com/alerts/2007/Jul/1018354.html
http://www.microsoft.com/technet/security/bulletin/ms07-038.mspx

---

Microsoft XML Core Services Remote Code Execution Vulnerability (936227)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801715
Filename: gb_ms07-042.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-2223
BID: 25301
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of vulnerable file file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-042.

Vulnerability Insight:
The flaw is due to an integer overflow error in the 'substringData()'
method of an XMLDOM/TextNode JavaScript object.

Impact:
Successful exploitation will allow the attacker to execute arbitrary code in
the context of the user running the application.

Impact Level: System/Application

Affected Software/OS:
Microsoft XML Core Services 3.0/4.0/5.0/6.0
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista
Microsoft Office 2003 Service Pack 2.
Microsoft Office 2007
Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx

References:
http://secunia.com/advisories/26447/
http://securitytracker.com/alerts/2007/Aug/1018559.html
http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx

---

Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801714
Filename: gb_ms07-047.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-3037 CVE-2007-3035
BID: 25307 25305
CVSS: 7.6
Risk factor : High

Summary: Check for the version of Wmp.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-047.

Vulnerability Insight:
The flaws are due to an errors in the parsing of header information
in skin files.

Impact:
Successful exploitation will allow the attacker to execute arbitrary code in
the context of the user running the application.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Media Player 7.1
Microsoft Windows Media Player 9
Microsoft Windows Media Player 10

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx

References:
http://osvdb.org/36385
http://secunia.com/advisories/26433
http://xforce.iss.net/xforce/xfdb/35895
http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx

---

Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability (941202)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801713
Filename: gb_ms07-056.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-3897
BID: 25908
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Inetcomm.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-056.

Vulnerability Insight:
The flaw is due to a boundary error in 'inetcomm.dll' when processing
NNTP (Network News Transfer Protocol) responses.

Impact:
Successful exploitation leads to cause a heap-based buffer overflow by
returning more data than requested by the client.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior.
Microsoft Windows 2000 ervice Pack 4 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx

References:
http://secunia.com/advisories/27112
http://securitytracker.com/alerts/2007/Oct/1018786.html
http://securitytracker.com/alerts/2007/Oct/1018785.html
http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx

---

Vulnerability in RPC Could Allow Denial of Service (933729)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801712
Filename: gb_ms07-058.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-2228
BID: 25974
CVSS: 7.8
Risk factor : High

Summary: Check for the version of rpcrt4.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-058.

Vulnerability Insight:
The flaw is due to windows RPC code, that does not properly communicate
with the 'NTLM' security provider when performing authentication of RPC requests.

Impact:
Successful exploitation could allow remote attackers to send a specially
crafted RPC authentication request to a computer over the network and cause
the computer to stop responding and automatically restart.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 2 and prior
Microsoft Windows 2000 ervice Pack 4 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx

References:
http://secunia.com/advisories/27134
http://securitytracker.com/alerts/2007/Oct/1018787.html
http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx

---

Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801711
Filename: gb_ms07-063.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-5351
BID: 26777
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of vulnerable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-063.

Vulnerability Insight:
The flaw is due to an improper implementation of SMBv2 signing and can
be exploited to execute arbitrary code by spoofing the signature in a SMBv2
packet to a trusted host.

Impact:
Successful exploitation allows remote attackers to execute arbitrary code
in the context of logged-in users.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-063.mspx

References:
http://secunia.com/advisories/27997
http://xforce.iss.net/xforce/xfdb/38725
http://securitytracker.com/alerts/2007/Dec/1019072.html
http://www.microsoft.com/technet/security/bulletin/ms07-063.mspx

---

Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801710
Filename: gb_ms07-064.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-3901 CVE-2007-3895
BID: 26789 26804
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Directx and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS07-064.

Vulnerability Insight:
The flaw is due to,
- A boundary error in quartz.dll when parsing 'SAMI' files which can be
exploited to cause a stack-based buffer overflow when opening a
specially crafted file.
- An error within the DirectShow technology when parsing 'AVI' and 'WAV'
files.

Impact:
Successful exploitation could allow arbitrary code execution and can
potentially compromise a user's system.

Impact Level: System

Affected Software/OS:
DirectX 7.0, 8.1 and 9.0 on Microsoft Windows 2000
DirectX 9.0 on Microsoft Windows XP and 2003
DirectX 10.0 on Microsoft Windows vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

References:
http://secunia.com/advisories/28010
http://xforce.iss.net/xforce/xfdb/38721
http://xforce.iss.net/xforce/xfdb/38722
http://securitytracker.com/alerts/2007/Dec/1019073.html
http://www.microsoft.com/technet/security/bulletin/ms07-064.mspx

---

Windows Backup Manager Remote Code Execution Vulnerability (2478935)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901173
Filename: secpod_ms11-001.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3145
BID: 42763
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Sdclt.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-001.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain
librairies from the current working directory, which could allow attackers
to execute arbitrary code and conduct DLL hijacking attacks via a Trojan
horse fveapi.dll which is located in the same folder as a .wbcat file.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code and conduct DLL hijacking attacks.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx

References:
http://support.microsoft.com/kb/2478935
http://xforce.iss.net/xforce/xfdb/63788
http://www.exploit-db.com/exploits/14751/
http://www.microsoft.com/technet/security/bulletin/MS11-001.mspx

---

Microsoft Windows Data Access Components Remote Code Execution Vulnerabilities (2451910)

Copyright (C) 2011 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902281
Filename: secpod_ms11-002.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2011-0026 CVE-2011-0027
BID: 45698 45695
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Msadco.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS11-002.

Vulnerability Insight:
The flaws are due to:
- A buffer overflow error in the Data Source Name (DSN) argument of an Open
Database Connectivity (ODBC) API that may be used by third-party applications,
which could allow attackers to execute arbitrary code by convincing a user to
visit a specially crafted web page.
- A memory corruption error in the Microsoft Data Access Components (MDAC) when
handling internal data structures, which could be exploited by remote attackers
to execute arbitrary code via a specially crafted web page.

Impact:
Successful exploitation will allow the attacker to execute arbitrary code on
the targeted system.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS11-002.mspx

References:
http://support.microsoft.com/kb/2419632
http://support.microsoft.com/kb/2419635
http://support.microsoft.com/kb/2419640
http://www.vupen.com/english/advisories/2011/0075

---

Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability (950762)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.801485
Filename: gb_ms08-036.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-1440 CVE-2008-1441
BID: 29509 29508
CVSS: 7.1
Risk factor : High

Summary: Check for the version of Rmcast.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-036.

Vulnerability Insight:
The flaw is due to the errors in Pragmatic General Multicast
(PGM) protocol when handling PGM packets with an invalid option length
field or fragment option.

Impact:
Successful exploitation could allow remote attackers to cause a
vulnerable system to become non-responsive.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx

References:
http://secunia.com/advisories/30587
http://www.vupen.com/english/advisories/2008/1783
http://www.microsoft.com/technet/security/bulletin/ms08-036.mspx

---

Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability (950760)

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801486
Filename: gb_ms08-032.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0675
BID: 22359
CVSS: 7.6
Risk factor : High

Summary: Check for the CLSID and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-032.

Vulnerability Insight:
The flaw is caused by an error in the the Speech Components 'sapi.dll' when
playing audio files in Internet Explorer, which could allow attackers to issue
certain commands via a malicious audio file and execute arbitrary code on a
system with the speech recognition feature activated and configured.

Impact:
Successful exploitation will let the remote attackers execute commands on
a victim user's computer.

Impact Level: System.

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx

Workaround:
Set the killbit for the following CLSIDs,
{47206204-5eca-11d2-960f-00c04f8ee628}, {3bee4890-4fe9-4a37-8c1e-5e7e12791c1f}
http://support.microsoft.com/kb/240797

References:
http://secunia.com/advisories/30578
http://www.vupen.com/english/advisories/2008/1779/references
http://www.microsoft.com/technet/security/bulletin/ms08-032.mspx

---

Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801701
Filename: gb_ms08-020.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0087
BID: 28553
CVSS: 8.8
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-020.

Vulnerability Insight:
The flaws are due to the Windows DNS client using predictable
transaction IDs in outgoing queries and can be exploited to poison the DNS
cache when the transaction ID is guessed.

Impact:
Successful exploitation could allow remote attackers to spoof DNS replies,
allowing them to redirect network traffic and to launch man-in-the-middle attacks.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K/XP/2003/Vista

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx

References:
http://secunia.com/advisories/29696
http://securitytracker.com/alerts/2008/Apr/1019802.html
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx

---

Microsoft hxvz.dll ActiveX Control Memory Corruption Vulnerability (948881)

Copyright (C) 2011 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801491
Filename: gb_ms08-023.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-1086
BID: 28606
CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-023.

Vulnerability Insight:
The flaw is due to an error in 'hxvz.dll' ActiveX control.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code.

Impact Level: System.

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 2 and prior
Microsoft Windows 2K3 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http: http://www.microsoft.com/technet/security/bulletin/ms08-023.mspx

Workaround:
Set the killbit for the following CLSIDs,
{314111b8-a502-11d2-bbca-00c04f8ec294}, {314111c6-a502-11d2-bbca-00c04f8ec294}

References:
http://secunia.com/advisories/29714
http://xforce.iss.net/xforce/xfdb/41464
http://securitytracker.com/alerts/2008/Apr/1019800.html
http://www.microsoft.com/technet/security/bulletin/MS10-023.mspx

---

Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerability (941693)

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801487
Filename: gb_ms08-025.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-1084
BID: 28554
CVSS: 7.2
Risk factor : High

Summary: Check for the version of 'Win32k.sys' file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-025.

Vulnerability Insight:
The flaw is due to input validation error in the Windows kernel when
processing user-supplied data.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
with elevated privileges and take complete control of an affected system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx

References:
http://secunia.com/advisories/29720
http://www.vupen.com/english/advisories/2008/1149/references
http://www.microsoft.com/technet/security/bulletin/ms08-025.mspx

---

Microsoft SharePoint Could Allow Remote Code Execution Vulnerability (2455005)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902324
Filename: secpod_ms10-104.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3964
BID: 45264
CVSS: 7.5
Risk factor : High

Summary: Check for the version of vulnarable file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-104

Vulnerability Insight:
The flaws are due an error in the 'Document Conversions Launcher Service'
when handling specially crafted 'Simple Object Access Protocol (SOAP)'
requests in a SharePoint server environment that is using the Document
Conversions Load Balancer Service.

Impact:
Successful exploitation could allow attackers to execute arbitrary code in
the security context of a guest account.

Impact Level: System/Application

Affected Software/OS:
Microsoft Office SharePoint Server 2007 Service Pack 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx

References:
http://secunia.com/advisories/42631
http://www.vupen.com/english/advisories/2010/3226
http://www.microsoft.com/technet/security/Bulletin/MS10-104.mspx

---

Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801677
Filename: gb_ms_wmi_admin_tools_activex_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-3973 CVE-2010-4588
BID: 45546
CVSS: 9.3
Risk factor : Critical

Summary: Check for the CLSID"

Overview: This host is installed with Microsoft WMI Administrative Tools
and is prone to multiple remote code execution vulnerabilities.

Vulnerability Insight:
The flaws are due to the 'AddContextRef()' and 'ReleaseContext()'
methods in the WMI Object Viewer Control using a value passed in the
'lCtxHandle' parameter as an object pointer.

Impact:
Successful exploitation will let the remote attackers execute arbitrary code
and can compromise a vulnerable system.

Impact Level: System

Affected Software/OS:
Microsoft WMI Administrative Tools 1.1

Fix: No solution or patch is available as of 27th December, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6430f853-1120-48db-8cc5-f2abdc3ed314

Workaround:
Set the killbit for the following CLSID:
{2745E5F5-D234-11D0-847A-00C04FD7BB08}

References:
http://secunia.com/advisories/42693
http://www.kb.cert.org/vuls/id/725596
http://www.vupen.com/english/advisories/2010/3301
http://www.wooyun.org/bug.php?action=view&id=1006

---

Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerability (953733)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801484
Filename: gb_ms08-047.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-2246
BID: 30634
CVSS: 7.8
Risk factor : High

Summary: Check for the version 'Ipsecsvc.dll' of file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-047.

Vulnerability Insight:
The flaw is caused by an error when the default IPsec policy is imported from
a Windows Server 2003 domain to a Windows Server 2008 domain, which could
cause all IPsec rules to be ignored and network traffic to be transmitted
in clear text.

Impact:
Successful exploitation will result in systems ignoring IPsec policies and
thus transmit data otherwise intended to be encrypted in clear text.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx

References:
http://secunia.com/advisories/31411
http://www.vupen.com/english/advisories/2008/2351
http://www.microsoft.com/technet/security/bulletin/ms08-047.mspx

---

Consent User Interface Privilege Escalation Vulnerability (2442962)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900265
Filename: secpod_ms10-100.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3961
BID: 45318
CVSS: 7.2
Risk factor : High

Summary: Check for the version of Consent.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-100.

Vulnerability Insight:
Consent UI does not properly process a registry key that has been set to a
specific value.

Impact:
Successful exploitation could allow an attacker to bypass security
restrictions and gain the privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx

References:
http://support.microsoft.com/kb/2442962
http://www.microsoft.com/technet/security/bulletin/MS10-100.mspx

---

Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902277
Filename: secpod_ms10-101.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2742
CVSS: 5.4
Risk factor : High

Summary: Check for the version of Netlogon.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-101.

Vulnerability Insight:
The issue is caused by an error in the Netlogon RPC Service when processing
user-supplied data, which could allow attackers to crash an affected server
that is configured as a domain controller.

Impact:
Successful exploitation will allows attackers to cause a denial of service.

Impact Level: System/Application

Affected Software/OS:
Windows Server 2003 Service Pack 2 and prior.
Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-101.mspx

References:
http://support.microsoft.com/kb/2305420
http://www.microsoft.com/technet/security/bulletin/MS10-101.mspx

---

Microsoft Media Decompression Remote Code Execution Vulnerability (2447961)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900267
Filename: secpod_ms10-094.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3965
BID: 42855
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Windows Media Encoder and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-094.

Vulnerability Insight:
The flaw is present when the Windows Media Encoder incorrectly restricts
the path used for loading external libraries. An attacker could convince
a user to open a legitimate '.prx' file that is located in the same network
directory as a specially crafted dynamic link library (DLL) file.

Impact:
Successful exploitation will allow remote attackers to load crafted DLL
file and execute any code it contained.

Impact Level: System

Affected Software/OS:
Windows Media Encoder 9 with
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-094.mspx

References:
http://support.microsoft.com/kb/2447961
http://www.microsoft.com/technet/security/bulletin/MS10-094.mspx

---

Microsoft Windows BranchCache Remote Code Execution Vulnerability (2385678)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902280
Filename: secpod_ms10-095.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3966
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Webio.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-095.

Vulnerability Insight:
The issue is caused by an error when loading librairies from the current
working directory on platforms that do not support the BranchCache
functionality.

Impact:
Successful exploitation will allows attackers to execute arbitrary code by
tricking a user into opening a file from a network share.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-095.mspx

References:
http://www.vupen.com/english/advisories/2010/3218
http://www.microsoft.com/technet/security/bulletin/MS10-095.mspx

---

Microsoft Windows Address Book Remote Code Execution Vulnerability (2423089)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901169
Filename: secpod_ms10-096.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3147
BID: 42648
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable wab.exe file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-096.

Vulnerability Insight:
The Address Book (wab.exe) application insecurely loads certain librairies
from the current working directory, which could allow attackers to execute
arbitrary code by tricking a user into opening a vCard file from a network
share.

Impact:
Successful exploitation could allow attackers to execute arbitrary code.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx

References:
http://secunia.com/advisories/41050
http://support.microsoft.com/kb/2423089
http://www.attackvector.org/new-dll-hijacking-exploits-many/
http://www.microsoft.com/technet/security/bulletin/MS10-096.mspx

---

MS Windows ICSW Remote Code Execution Vulnerability (2443105)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902278
Filename: secpod_ms10-097.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3144
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Isign32.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-097.

Vulnerability Insight:
The issue is caused by an error in the Internet Connection Signup Wizard
when loading librairies from the current working directory.

Impact:
Successful exploition allows attackers to execute arbitrary code by tricking
a user into opening a file from a network share.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Server 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-097.mspx

References:
http://support.microsoft.com/kb/2443105
http://www.microsoft.com/technet/security/bulletin/MS10-097.mspx

---

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2436673)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902275
Filename: secpod_ms10-098.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3939 CVE-2010-3940 CVE-2010-3941 CVE-2010-3942 CVE-2010-3943 CVE-2010-3944
CVSS: 7.2
Risk factor : High

Summary: Check for the version of Win32k.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-098.

Vulnerability Insight:
The flaws are due to the way windows kernel-mode driver,
- improperly allocate memory when copying data from user mode
- frees objects that are no longer in use
- manage kernel-mode driver objects
- validate input passed from user mode.

Impact:
Successful exploitation could allow remote attackers to run arbitrary
code in the kernel mode.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-098.mspx

References:
http://support.microsoft.com/kb/2436673
http://www.microsoft.com/technet/security/bulletin/MS10-098.mspx

---

Routing and Remote Access Privilege Escalation Vulnerability (2440591)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900264
Filename: secpod_ms10-099.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3963
BID: 45269
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable Ndproxy.sys file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS10-099.

Vulnerability Insight:
The flaw is due to Routing and Remote Access NDProxy component which
does not properly validate user-supplied input when passing data from user
mode to the kernel.

Impact:
Successful exploitation could allow remote attackers to bypass security
restrictions and gain the privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx

References:
http://support.microsoft.com/kb/2440591
http://www.microsoft.com/technet/security/bulletin/ms10-099.mspx

---

Microsoft Windows OpenType Compact Font Format Driver Privilege Escalation Vulnerability (2296199)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900263
Filename: secpod_ms10-091.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3956 CVE-2010-3957 CVE-2010-3959
BID: 45311 45315 45316
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable DLL file version"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS10-091.

Vulnerability Insight:
The flaw is due to OpenType Font (OTF) driver which does not properly,
- index an array when parsing OpenType fonts
- parse the CMAP table when rendering a specially crafted OpenType font
- reset a pointer when freeing memory, which results in a 'double free'
condition.

Impact:
Successful exploitation could allow an attacker to run arbitrary code in
kernel mode.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx

References:
http://support.microsoft.com/kb/2296199
http://www.microsoft.com/technet/security/bulletin/MS10-091.mspx

---

Microsoft Windows Task Scheduler Elevation of Privilege Vulnerability (2305420)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902276
Filename: secpod_ms10-092.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3338
CVSS: 7.2
Risk factor : High

Summary: Check for the version of Taskeng.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-092.

Vulnerability Insight:
The flaw is caused by an error in task scheduler when performing integrity
checks to validate tasks run with the intended user privilege.

Impact:
Successful exploition will allows elevation of privilege.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-092.mspx

References:
http://support.microsoft.com/kb/2305420
http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx

---

Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (2424434)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900266
Filename: secpod_ms10-093.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3967
BID: 42659
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Moviemk.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-093.

Vulnerability Insight:
The flaw is due to Windows Movie Maker incorrectly restricting the path
used for loading external libraries.

Impact:
Successful exploitation will allow remote attackers to load crafted DLL
file and execute any code it contained.

Impact Level: Application/System

Affected Software/OS:
Movie Maker 2.6 on Microsoft Windows Vista Service Pack 1/2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-093.mspx

References:
http://support.microsoft.com/kb/2424434
http://www.microsoft.com/technet/security/bulletin/MS10-093.mspx

---

Microsoft Windows Search Remote Code Execution Vulnerability (959349)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801483
Filename: gb_ms08-075.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4268 CVE-2008-4269
BID: 32651 32652
CVSS: 8.5
Risk factor : Critical

Summary: Check for the version of Explorer.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-075.

Vulnerability Insight:
The flaws are due to
- an error in Windows Explorer that does not correctly free memory when
saving Windows Search files.
- an error in Windows Explorer that does not correctly interpret
parameters when parsing the search-ms protocol.

Impact:
Successful exploitation will let the remote attackers attackers to execute
arbitrary code.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx

References:
http://secunia.com/advisories/33053/
http://www.vupen.com/english/advisories/2008/3387
http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx

---

Microsoft Windows ASP.NET Denial of Service Vulnerability(970957)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801482
Filename: gb_ms09-036.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-1536
BID: 35985
CVSS: 2.6
Risk factor : Medium

Summary: Check for the version of System.web.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-036.

Vulnerability Insight:
The flaws is caused by caused by an error in ASP.NET when managing request
scheduling, which could allow attackers to create specially crafted anonymous
HTTP requests and cause the web server with ASP.NET in integrated mode to
become non-responsive.

Impact:
Successful exploitation will allow remote attackers to cause the application
pool on the affected web server to become unresponsive, denying service to
legitimate users.

Impact Level: System/Application

Affected Software/OS:
Microsoft .NET Framework 3.5/SP 1
Microsoft .NET Framework 2.0 SP 1/SP 2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS09-036

References:
http://secunia.com/advisories/36127/
http://www.vupen.com/english/advisories/2009/2231
http://technet.microsoft.com/en-us/security/bulletin/MS09-036

---

Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801481
Filename: gb_ms09-049.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-1132
BID: 36223
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of L2sechc.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-049.

Vulnerability Insight:
The flaw is caused by a heap overflow error in the Windows Wireless LAN
AutoConfig Service (wlansvc) when processing malformed frames.

Impact:
Successful exploitation will let the remote attackers attackers to crash an
affected system or execute arbitrary code via a malicious wireless transmitter.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-049.mspx

References:
http://secunia.com/advisories/36599/
http://www.vupen.com/english/advisories/2009/2565
http://www.microsoft.com/technet/security/bulletin/ms09-049.mspx

---

Get all Windows Shares over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96026
Filename: GSHB_WMI_get_Shares.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get all Windows Shares over WMI (win)"

Overview: Get all Windows Shares over WMI.

and check the Networkaccess for Anonymous (IPC$ NullSession)

---

Last Username (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96005
Filename: GSHB_WMI_Loginscreen.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check if Last Login Username and Loginwarning Displayed."

Overview: The script detects if Last Login Username an Loginwarning is displayed.

---

Novell ZENworks Handheld Management Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801644
Filename: gb_novell_zhm_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of Novell ZENworks Handheld Management in KB"

Overview: This script finds the installed Novell ZENworks Handheld Management
version and saves the version in KB.

---

OpenTTD Multiple use-after-free Denial of Service vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.800184
Filename: gb_openttd_mult_use_after_free_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2010-4168
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of OpenTTD"

Overview: This host is installed with OpenTTD and is prone to multiple
denial of service vulnerability.

Vulnerability Insight:
The flaw is due to a use-after-free error, when a client disconnects
without sending the 'quit' or 'client error' message. This could cause a
vulnerable server to read from or write to freed memory leading to a denial
of service or it can also lead to arbitrary code execution.

Impact:
Successful exploitation will allow remote attackers to deny service to
legitimate users or arbitrary code execution.

Impact Level: System/Application

Affected Software/OS:
OpenTTD version before 1.0.5

Fix: Upgrade to the latest version of OpenTTD 1.0.5 or later,
For updates refer to http://www.openttd.org

References:
http://security.openttd.org/en/CVE-2010-4168
http://security.openttd.org/en/patch/28.patch

---

Microsoft Windows TCP/IP Could Allow Remote Code Execution (974145)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801479
Filename: gb_ms10-009.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-0239 CVE-2010-0240 CVE-2010-0241 CVE-2010-0242
BID: 38061 38062 38063 38064
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Tcpip.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-009.

Vulnerability Insight:
The flaws are due to Windows TCP/IP stack,
- not performing the appropriate level of bounds checking on specially crafted
'ICMPv6' Router Advertisement packets.
- fails to properly handle malformed Encapsulating Security Payloads (ESP) over
UDP datagram fragments while running a custom network driver that splits the
UDP header into multiple MDLs, which could be exploited by remote attackers
to execute arbitrary code by sending specially crafted IP datagram fragments
to a vulnerable system.
- not performing the appropriate level of bounds checking on specially crafted
ICMPv6 Route Information packets, which could be exploited by remote
attackers to execute arbitrary code by sending specially crafted ICMPv6
packets to a vulnerable system.
- not properly handling TCP packets with a malformed selective acknowledgment
(SACK) value.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code with system privileges. Failed exploit attempts will likely result in
denial-of-service conditions.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

References:
http://secunia.com/advisories/38506/
http://www.vupen.com/english/advisories/2010/0342
http://www.microsoft.com/technet/security/bulletin/ms10-009.mspx

---

Microsoft Web Services on Devices API Remote Code Execution Vulnerability (973565)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801480
Filename: gb_ms09-063.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-2512
BID: 36919
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Wsdapi.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-063.

Vulnerability Insight:
The flaws is caused by a memory corruption error in the Web Services on Devices
API (WSDAPI), on both clients and servers, when processing a WSD message
with malformed headers.

Impact:
Successful exploitation will let the remote attackers attackers to execute
arbitrary code by sending a specially crafted message to the WSD TCP ports
5357 or 5358.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-063.mspx

References:
http://secunia.com/advisories/37314/
http://www.vupen.com/english/advisories/2009/3189
http://www.microsoft.com/technet/security/bulletin/ms09-063.mspx

---

TeamSpeak Client Arbitrary command execution vulnerability (Win)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801537
Filename: gb_team_speak_client_command_exe_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVSS: 4.0
Risk factor : Medium

Summary: Check for the version of Teamspeak"

Overview: This host is installed with TeamSpeak client and is prone to
arbitrary command execution vulnerability.

Vulnerability Insight:
The specific flaw exists within the 'TeamSpeak.exe' module, teardown procedure
responsible for freeing dynamically allocated application handles.

Impact:
Successful exploitation could allow an attacker to execute arbitrary code in
the context of the user running the application.

Impact Level: Application.

Affected Software:
Teamspeak 2 version 2.0.32.60

Fix: Upgrade to the Teamspeak 3 or later
For updates refer to http://www.tsviewer.com/index.php?page=teamspeak

References:
http://seclists.org/fulldisclosure/2010/Oct/439
http://www.nsense.fi/advisories/nsense_2010_002.txt
http://archives.free.net.ph/message/20101028.062014.2328daac.ja.html

---

FreshWebMaster Fresh FTP Filename Directory Traversal Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801535
Filename: gb_fresh_ftp_client_dir_traversal_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

CVE: CVE-2010-4149
BID: 44072
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Fresh FTP Client"

Overview: This host is installed with Fresh FTP Client and is prone to directory
traversal vulnerability.

Vulnerability Insight:
The flaw is due to an input validation error when downloading
directories containing files with directory traversal specifiers in the
filename.

Impact:
Successful exploitation will allow attackers to download files to an arbitrary
location on a user's system.

Impact Level: Application.

Affected Software:
FreshWebMaster Fresh FTP version 5.37 and prior

Fix: No solution or patch is available as of 03rd November, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.freshwebmaster.com/

References:
http://osvdb.org/68667
http://secunia.com/advisories/41798/
http://packetstormsecurity.org/1010-exploits/freshftp-traversal.txt
http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_freshftp.html

---

FTP Voyager Directory Traversal Vulnerability

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801627
Filename: gb_ftp_voyager_dir_trav_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-4154
BID: 43869
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of FTP Voyager"

Overview: This host is installed with FTP Voyager and is prone to directory
traversal vulnerability.

Vulnerability Insight:
The flaw is due to an input validation error when downloading
directories containing files with directory traversal specifiers in the
filename. This can be exploited to download files to an arbitrary location
on a user's system.

Impact:
Successful exploitation will allow attacker to download or upload arbitrary
files. This may aid in further attacks.

Impact Level: Application

Affected Software/OS:
FTP Voyager 15.2.0.11 and prior.

Fix: No solution or patch is available as of 4th November, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.ftpvoyager.com/download/

References:
http://secunia.com/advisories/41719
http://xforce.iss.net/xforce/xfdb/62392
http://packetstormsecurity.org/1010-exploits/ftpvoyager-traversal.txt

---

Microsoft Windows Address Book Insecure Library Loading Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801457
Filename: gb_ms_address_book_insecure_lib_load_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-3143
CVSS: 9.3
Risk factor : Critical

Summary: Check for the Windows Contacts Address Book Existence"

Overview: This host is installed with Microsoft Address Book and is prone to
insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to the way Microsoft Address Book loads libraries in an
insecure manner.

Impact:
Successful exploitation will allow attackers to load arbitrary libraries by
tricking a user into opening a vCard (.vcf).

Impact Level: System

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows XP SP3 and prior.
Microsoft Windows Vista SP 2 and prior.
Microsoft Windows Server 2008 SP 2 and prior.
Microsoft Windows Server 2003 SP 2 and prior.

Fix: No solution or patch is available as of 18th October, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/en/us/default.aspx

References:
http://www.exploit-db.com/exploits/14778/
http://www.attackvector.org/new-dll-hijacking-exploits-many/

---

Lhaplus Untrusted search path Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801462
Filename: gb_lhaplus_untrusted_search_path_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-2368 CVE-2010-3158
CVSS: 6.9
Risk factor : High

Summary: Check for the version of Lhaplus"

Overview: This host is installed with Lhaplus and is prone to
untrusted search path vulnerability.

Vulnerability Insight:
The flaw exists because the application loading libraries and executable in
an insecure manner.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
with the privilege of the running application.

Impact Level: Application.

Affected Software:
Lhaplus version 1.57 and prior

Fix: Upgrade to the Lhaplus version 1.58
For updates refer to http://www7a.biglobe.ne.jp/~schezo/

References:
http://secunia.com/advisories/41742
http://jvn.jp/en/jp/JVN82752978/index.html
http://www.ipa.go.jp/about/press/20101012.html
http://www7a.biglobe.ne.jp/~schezo/dll_vul.html

---

Lhasa Untrusted search path vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801461
Filename: gb_lhasa_untrusted_search_path_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-2369
CVSS: 6.9
Risk factor : High

Summary: Check for the version of Lhasa"

Overview: This host is installed with Lhasa and is prone to untrusted search
path vulnerability.

Vulnerability Insight:
The flaw exists due to Lhasa, which loads certain executables (.exe) when
extracting files.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
with the privilege of the running application.

Impact Level: Application

Affected Software:
Lhasa version 0.19 and prior

Fix: Upgrade to the Lhasa version 0.20 0r later
For updates refer to http://www.digitalpad.co.jp/~takechin/download.html#lhasa

References:
http://jvn.jp/en/jp/JVN88850043/index.html
http://jvndb.jvn.jp/ja/contents/2010/JVNDB-2010-000038.html

---

Microsoft Windows 32-bit Platforms Unspecified vulnerabilities

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801527
Filename: gb_ms_windows_stuxnet_unspecified_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-3888 CVE-2010-3889
CVSS: 7.2
Risk factor : High

Summary: Copyright (c) 2010 Greenbone Networks GmbH"

Overview: This host is prone to multiple unspecified vulnerabilities.

Vulnerability Insight:
Unspecified privilege elevation vulnerabilities that are used by variants of
the 'Stuxnet malware' family. Each of these vulnerabilities allow the malware
to elevate its privileges to higher than normal user levels in order to embed
itself into the operating system and prevent disinfection and/or detection.

Impact:
Successful exploitation could allow local attackers to gain privileges or
compromise the vulnerable system via unknown vectors.

Impact Level: Application

Affected Software/OS:
All Windows platforms

Fix:
Remove all Stuxnet related files found.

References:
http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute8.xml
http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml
http://www.securelist.com/en/blog/2291/Myrtus_and_Guava_Episode_MS10_061
http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_
http://www.symantec.com/connect/blogs/stuxnet-using-three-additional-zero-day-vulnerabilities

---

OpenType Font (OTF) Format Driver Privilege Elevation Vulnerabilities (2279986)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902320
Filename: secpod_ms10-078.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2740 CVE-2010-2741
BID: 43779 43778
CVSS: 7.2
Risk factor : High

Summary: Check for version of vulnurable file 'Atmfd.dll'"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-078.

Vulnerability Insight:
The flaws are due to an error in the OpenType Font (OTF) format
driver,
- It does not properly allocate memory when parsing a specially crafted font.
- It does not properly perform an integer calculation when processing specially
crafted OpenType fonts.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with kernel privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx

References:
http://www.vupen.com/english/advisories/2010/2625
http://www.microsoft.com/technet/security/bulletin/MS10-078.mspx

---

Windows Common Control Library Remote Code Execution Vulnerability (2296011)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901165
Filename: secpod_ms10-081.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2746
CVSS: 7.6
Risk factor : High

Summary: Check for the version of Comctl32.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-081.

Vulnerability Insight:
The flaw is caused by a heap overflow error in the Windows common control
library 'Comctl32.dll' when handling certain messages while rendering scalable
vector graphics passed from a third-party scalable vector graphics viewer,
which could allow attackers to execute arbitrary code by tricking into
rendering malformed scalable vector graphics via a third-party application.

Impact:
Successful exploitation will allow the attacker to execute arbitrary code on
the targeted system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-081.mspx

References:
http://support.microsoft.com/kb/2296011
http://www.vupen.com/english/advisories/2010/2628
http://www.microsoft.com/technet/security/bulletin/MS10-081.mspx

---

Microsoft Windows Media Player Remote Code Execution Vulnerability (2378111))

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901163
Filename: secpod_ms10-082.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2745
BID: 43772
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Wmp.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-082.

Vulnerability Insight:
The flaw is caused by a memory corruption error in Windows Media Player when
deallocating objects during a reload operation via a web browser, which could
allow attackers to execute arbitrary code by convincing a user to visit a
specially crafted web page.

Impact:
Successful exploitation will allow the attacker to execute arbitrary code in
the context of the user running the application, which can compromise the
application and possibly the system.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows Media Player 10
Microsoft Windows Media Player 11
Microsoft Windows Media Player 12
Microsoft Windows Media Player 9 Series
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-082.mspx

References:
http://support.microsoft.com/kb/2378111
http://www.vupen.com/english/advisories/2010/2629
http://www.microsoft.com/technet/security/bulletin/MS10-082.mspx

---

Microsoft Windows Shell and WordPad COM Validation Vulnerability (2405882)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902262
Filename: secpod_ms10-083.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1263
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of wordpad.exe and structuredquery.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-083.

Vulnerability Insight:
The flaw is caused by an error in the way Windows Shell and WordPad
validate COM object instantiation, which could allow attackers to execute
arbitrary code.

Impact:
Successful exploitation will allow remote attacker to arbitrary code by
convincing a user to open a specially crafted WordPad file, or open or select
a shortcut file that is present on a network or a WebDAV share.

Impact Level: System/Application.

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Vista Service Pack 2 and prior
Microsoft Windows Server 2003 Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-083.mspx

References:
http://support.microsoft.com/kb/979687
http://support.microsoft.com/kb/979688
http://www.vupen.com/english/advisories/2010/2630

---

Windows Local Procedure Call Privilege Elevation Vulnerability (2360937)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902322
Filename: secpod_ms10-084.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3222
BID: 43777
CVSS: 7.2
Risk factor : High

Summary: Check for the vulnerable file version Rpcrt4.dll"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-084.

Vulnerability Insight:
The flaw is due to a stack overflow error in the Remote Procedure Call
Subsystem (RPCSS) when exchanging port messages between LPC and the LRPC
Server (RPC EndPoint Mapper).

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with NetworkService privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2003 Service Pack 2.
Microsoft Windows XP Service Pack 3 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-084.mspx

References:
http://support.microsoft.com/kb/2360937
http://www.vupen.com/english/advisories/2010/2631
http://www.microsoft.com/technet/security/bulletin/MS10-084.mspx

---

Microsoft Windows SChannel Denial of Service Vulnerability (2207566)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901164
Filename: secpod_ms10-085.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3229
CVSS: 7.1
Risk factor : High

Summary: Check for the version of Schannel.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-085.

Vulnerability Insight:
The flaw is caused by an error in SChannel when processing client certificates
in implementations of Internet Information Services, which could allow remote
attackers to cause the LSASS service to stop responding and the system to
restart by sending malformed packets to a server with SSL enabled.

Impact:
Successful exploits will allow attacker to execute arbitrary code in the
context of the user running the application or cause a denial of service
condition.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-085.mspx

References:
http://support.microsoft.com/kb/2207566
http://www.vupen.com/english/advisories/2010/2632
http://www.microsoft.com/technet/security/bulletin/MS10-085.mspx

---

Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (981957)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902323
Filename: secpod_ms10-073.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2549 CVE-2010-2743 CVE-2010-2744
BID: 41280 43774 43773
CVSS: 7.2
Risk factor : High

Summary: Check for the version of Win32k.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-073.

Vulnerability Insight:
The flaw is due to an error in the kernel-mode device driver 'Win32k.sys'
- when handling the reference count for an object.
- which fails to properly index a table of function pointers when loading a
keyboard layout from disk.
- which fails to properly manage a window class.

Impact:
Successful exploitation could allow remote attackers to run arbitrary
code in the kernel mode.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx

References:
http://www.vupen.com/english/advisories/2010/2620
http://www.microsoft.com/technet/security/bulletin/MS10-073.mspx

---

Microsoft Foundation Classes Could Allow Remote Code Execution Vulnerability (2387149)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902319
Filename: secpod_ms10-074.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3227
BID: 41333
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Mfc40.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-074.

Vulnerability Insight:
The flaw is due to a buffer overflow error in the Microsoft Foundation
Class (MFC) Library when handling application requests to rename window titles.

Impact:
Successful exploitation could allow remote attackers to run arbitrary code in
the security context of the current user.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-074.mspx

References:
http://www.vupen.com/english/advisories/2010/2621
http://www.microsoft.com/technet/security/bulletin/MS10-074.mspx

---

Microsoft Windows Media Player Network Sharing Remote Code Execution Vulnerability (2281679)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902263
Filename: secpod_ms10-075.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-3225
CVSS: 7.6
Risk factor : High

Summary: Check for the vulnerable Wmpmde.dll file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-075.

Vulnerability Insight:
The flaw is caused by a use-after-free error in the Windows Media Player
Network Sharing Service 'wmpnetwk.exe' when processing Real Time Streaming
Protocol (RTSP) packets.

Impact:
Successful exploitation could allow remote attackers to take control of a
vulnerable system via specially crafted packets.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows Vista Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-075.mspx

References:
http://support.microsoft.com/kb/2281679
http://www.vupen.com/english/advisories/2010/2622

---

Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902321
Filename: secpod_ms10-076.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1883
BID: 43775
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of T2embed.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-076.

Vulnerability Insight:
The flaw is due to an integer overflow error in the Embedded OpenType
Font Engine when parsing certain tables within specially crafted files and
content containing embedded fonts.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code by tricking a user into visiting a malicious web page or opening a
specially crafted email or Office document.

Impact Level: System/Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx

References:
http://www.vupen.com/english/advisories/2010/2623
http://www.microsoft.com/technet/security/bulletin/MS10-076.mspx

---

Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801456
Filename: gb_ms_win_pgc_insecure_lib_load_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-3139
CVSS: 9.3
Risk factor : Critical

Summary: Check for the existance of file grpconv.exe)"

Overview: The host is installed Microsoft Windows Progman Group Converter and
is prone to insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to Windows Progman Group Converter (grpconv.exe) which
loads libraries in an insecure manner.

Impact:
Successful exploitation could allow attackers to execute arbitrary code and
conduct DLL hijacking attacks via a Trojan horse 'imm.dll'.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 23 Service Pack 2 and prior
Microsoft Windows 2000 Service Pack 4 and prior

Fix: No solution or patch is available as of 04th October, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/en/us/default.aspx.

References:
http://secunia.com/advisories/41136
http://www.exploit-db.com/exploits/14758/
http://www.vupen.com/english/advisories/2010/2200

---

Microsoft Windows win32k.sys Driver CreateDIBPalette() BOF Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.902256
Filename: secpod_ms_win_kernel_win32k_sys_bof_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2010-2739
CVSS: 7.2
Risk factor : High

Summary: Check for the Windows win32k.sys Existence"

Overview: This host is prone to buffer ovreflow vulnerability.

Vulnerability Insight:
The flaw is due to a buffer overflow error in the 'CreateDIBPalette()'
function within the kernel-mode device driver 'Win32k.sys', when using the
'biClrUsed' member value of a 'BITMAPINFOHEADER' structure as a counter while
retrieving Bitmap data from the clipboard.

Impact:
Successful exploitation will allow attackers to crash an affected system or
potentially execute arbitrary code with kernel privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows XP SP3 and prior.
Microsoft Windows Vista SP 2 and prior.
Microsoft Windows Server 2008 SP 2 and prior.
Microsoft Windows Server 2003 SP 2 and prior.

Fix: No solution or patch is available as of 27th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.microsoft.com/en/us/default.aspx

References:
http://secunia.com/advisories/40870
http://www.ragestorm.net/blogs/?p=255
http://www.vupen.com/english/advisories/2010/2029

---

uTorrent File Opening Insecure Library Loading Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902240
Filename: secpod_utorrent_insecure_lib_load_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3129
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of uTorrent"

Overview: This host is installed with uTorrent and is prone to insecure library
loading vulnerability.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain librairies
from the current working directory, which could allow attackers to execute
arbitrary code by tricking a user into opening a Torrent file.

Impact:
Successful exploitation will allow the attackers to execute arbitrary code and
conduct DLL hijacking attacks.

Impact Level: Application.

Affected Software:
uTorrent version 2.0.3 and prior

Fix: Upgrade to uTorrent version 2.0.4 or later,
For updates refer to http://www.utorrent.com/downloads

References:
http://secunia.com/advisories/41051
http://www.exploit-db.com/exploits/14726/
http://www.vupen.com/english/advisories/2010/2164

---

UltraEdit Insecure Library Loading Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902307
Filename: secpod_ultra_edit_insecure_library_loading_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3402
BID: 43183
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of UltraEdit"

Overview: This host is installed with UltraEdit and is prone
to insecure library loading vulnerability.

Vulnerability Insight:
The flaw exists due to the application loading libraries in an insecure manner.
This can be exploited to load arbitrary libraries by tricking a user into
opening a UENC file located on a remote WebDAV or SMB share.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: Application.

Affected Software:
UltraEdit version 16.20.0.1009 and prior.

Fix: No solution or patch is available as of 20th September, 2010. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.ultraedit.com/

References:
http://osvdb.org/67995
http://secunia.com/advisories/41403
http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0227.html

---

Microsoft Internet Information Services Remote Code Execution Vulnerabilities (2267960)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901151
Filename: secpod_ms10-065.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_iis_detect_win.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1899 CVE-2010-2730 CVE-2010-2731
BID: 43140 43138 41314
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Asp.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-065.

Vulnerability Insight:
- a stack overflow error in the ASP script processing code when processing
specially crafted URL requests sent to active server pages, which could be
exploited to cause a denial of service.
- a buffer overflow error in the FastCGI module when processing malformed
HTTP headers, which could be exploited by remote attackers to take complete
control of the affected system via a specially crafted request.
- an error when processing specially crafted URLs, which could be exploited
to bypass authentication.

Impact:
Successful exploitation could allow remote attackers to bypass restrictions,
create a denial of service condition or compromise a vulnerable web server.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Microsoft Internet Information Services (IIS) version 5.1
Microsoft Internet Information Services (IIS) version 6.0
Microsoft Internet Information Services (IIS) version 7.0
Microsoft Internet Information Services (IIS) version 7.5


Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS10-065

References:
http://support.microsoft.com/kb/2124261
http://www.vupen.com/english/advisories/2010/2386
http://technet.microsoft.com/en-us/security/bulletin/MS10-065

---

Vulnerability in Remote Procedure Call Could Allow Remote Code Execution (982802)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902300
Filename: secpod_ms10-066.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2567
BID: 43119
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable file version Rpcrt4.dll"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-066.

Vulnerability Insight:
The flaw is due to the way that the Remote Procedure Call (RPC) client
implementation allocates memory when parsing specially crafted RPC responses.

Impact:
Successful exploitation could allow attackers to execute arbitrary code and
take complete control of an affected system. Failed exploit attempts will
likely result in a denial-of-service condition.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-066.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms10-066.mspx

---

WordPad Text Converters Remote Code Execution Vulnerability (2259922)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902245
Filename: secpod_ms10-067.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2563
BID: 43122
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-067.

Vulnerability Insight:
A flaw exists in the Microsoft WordPad text converter, which incorrectly
parses specific fields in a Word 97 document.

Impact:
Successful exploitation of this issue may allow attackers to execute
arbitrary code in the context of a logged-on user by tricking a user to
open specially crafted Word 97 document.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-067.mspx

References:
http://secunia.com/advisories/41416
http://support.microsoft.com/kb/2259922

---

MS Local Security Authority Subsystem Service Privilege Elevation Vulnerability (983539)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902244
Filename: secpod_ms10-068.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-0820
CVSS: 9.0
Risk factor : Critical

Summary: Check for the version of Adamdsa.dll and Ntdsa.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-068.

Vulnerability Insight:
The flaw is caused by a heap overflow error in the Local Security Authority
Subsystem Service (LSASS) when handling Lightweight Directory Access Protocol
(LDAP) messages in certain implementations of Active Directory, Active
Directory Application Mode (ADAM), and Active Directory Lightweight Directory
Service (AD LDS).

Impact:
Successful exploitation will allow the remote attacker who has previously
authenticated with the LSASS server to execute arbitrary code with SYSTEM
privileges.

Impact Level: System/Application.

Affected Software/OS:
Microsoft Windows 7
Microsoft Windows Vista Service Pack 2
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows Server 2003 Service Pack 2 and prior
Microsoft Windows Server 2008 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-068.mspx

References:
http://support.microsoft.com/kb/981550
http://support.microsoft.com/kb/982000
http://www.vupen.com/english/advisories/2010/2389

---

Windows Client/Server Runtime Subsystem Privilege Elevation Vulnerability (2121546)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902301
Filename: secpod_ms10-069.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1891
BID: 43121
CVSS: 6.9
Risk factor : High

Summary: Check for the vulnerable file version Winsrv.dll"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-069.

Vulnerability Insight:
The flaw is caused by a heap overflow error in the
'Windows Client/Server Runtime Subsystem (CSRSS)' which does not always
allocate sufficient memory when handling specific user transactions.

Impact:
Successful exploitation could allow attackers to execute arbitrary code with
SYSTEM privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

References:
http://www.vupen.com/english/advisories/2010/2390
http://www.microsoft.com/technet/security/bulletin/MS10-069.mspx

---

Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability(2347290)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901150
Filename: secpod_ms10-061.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2729
BID: 43073
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Spoolsv.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-061.

Vulnerability Insight:
The flaw is due to the Windows Print Spooler insufficiently
restricting user permissions to access print spoolers, which could allow
remote unauthenticated attackers to create a malicious file in a Windows
system directory by sending a specially crafted print request to a shared
printer.

Impact:
Successful exploitation could allow remote attackers to take complete control
of an affected system.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx

References:
http://support.microsoft.com/kb/2347290
http://www.vupen.com/english/advisories/2010/2382
http://www.microsoft.com/technet/security/bulletin/ms10-061.mspx

---

MPEG-4 Codec Remote Code Execution Vulnerability (975558)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900250
Filename: secpod_ms10-062.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-0818
BID: 43039
CVSS: 9.3
Risk factor : Critical

Summary: Check for version of vulnurable file MPEG-4 Codec files"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-062.

Vulnerability Insight:
The flaws exists in MPEG-4 codec included with Windows Media codecs, which
does not properly handle specially crafted media files that use MPEG-4 video
encoding.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with elevated privileges on vulnerable systems.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

NOTE: This vulnerability does not affect supported editions of Windows
Server 2008, when installed using the Server Core installation option.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-062.mspx

References:
http://secunia.com/advisories/41395
http://support.microsoft.com/kb/975558

---

Kingsoft Antivirus kavfm.sys Buffer overflow Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902302
Filename: secpod_kingsoft_antivirus_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-3396
BID: 43173
CVSS: 7.2
Risk factor : High

Summary: Check for the version of Kingsoft Antivirus"

Overview: This host is installed with Kingsoft Antivirus and is prone
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to an error in the 'kavfm.sys' driver when processing
'IOCTLs'. This can be exploited to corrupt kernel memory and potentially
execute arbitrary code with escalated privileges via a specially crafted
0x80030004 IOCTL.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
with SYSTEM-level privileges and completely compromise the affected computer.
Failed exploit attempts will result in a denial-of-service condition.

Impact Level: Application.

Affected Software:
Kingsoft Antivirus 2010.04.26.648 and prior

Fix: No solution or patch is available as of 16th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.kingsoftsecurity.com/kingsoft-antivirus.html

References:
http://secunia.com/advisories/41393
http://www.exploit-db.com/exploits/14987/

---

FreeType Version Detection (Windows)    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901144
Filename: secpod_freetype_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of FreeType in KB"

Overview: This script finds the installed FreeType version and saves
the version in KB.

---

BlackBerry Desktop Software Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902311
Filename: secpod_blackberry_desktop_software_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of BlackBerry Desktop Software in KB"

Overview: This script detects the installed version of BlackBerry Desktop
Software and sets the result in KB.

---

Adobe Dreamweaver Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901148
Filename: secpod_adobe_dreamweaver_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of Adobe Dreamweaver in KB"

Overview: This script finds the installed Adobe Dreamweaver version and saves
the version in KB.

---

TeamViewer File Opening Insecure Library Loading Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801436
Filename: gb_teamviewer_insecure_lib_load_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3128
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of TeamViewer"

Overview: This host is installed with TeamViewer and is prone to insecure
library loading vulnerability.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain
librairies from the current working directory.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located
in the same folder as a .tvs or .tvc file.

Impact Level: Application.

Affected Software:
TeamViewer version 5.0.8703 and prior

Fix: No solution or patch is available as of 06th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.teamviewer.com/index.aspx

References:
http://secunia.com/advisories/41112
http://www.exploit-db.com/exploits/14734/
http://www.vupen.com/english/advisories/2010/2174

---

TechSmith Snagit Insecure Library Loading Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801274
Filename: gb_techsmith_snagit_insecure_lib_load_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3130
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of TechSmith Snagit"

Overview: This host is installed with TechSmith Snagit and is prone to
insecure library loading vulnerability.

Vulnerability Insight:
This flaw is due to the application insecurely loading certain
librairies from the current working directory, which could allow attackers
to execute arbitrary code by tricking a user into opening a file from a
network share.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code and conduct DLL hijacking attacks.

Impact Level: Application

Affected Software/OS:
TechSmith Snagit Version 10 (Build 788)

Fix: No solution or patch is available as of 7th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.techsmith.com/download/default.asp

References:
http://secunia.com/advisories/41124
http://www.exploit-db.com/exploits/14764/

---

TortoiseSVN Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801289
Filename: gb_tortoise_svn_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of TortoiseSVN in KB"

Overview: This script finds the installed TortoiseSVN version and saves
the version in KB.

---

Trend Micro Internet Security Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801263
Filename: gb_trendmicro_internet_security_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of Trend Micro Internet Security in KB"

Overview: This script finds the installed Trend Micro Internet Security
version and saves the version in KB.

---

Stuxnet Detection

This script is Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.100815
Filename: gb_stuxnet_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 10.0
Risk factor : Critical

Summary: Checks for the presence of Stuxnet"

Overview:
The remote Host seems to be infected by the Stuxnet worm.
The Scanner found files on the remote host that indicate that this host is
infected by the Stuxnet worm.

Solution:
Remove all Stuxnet related files found.

See also:
http://vil.nai.com/vil/Content/v_268468.htm
http://www.stuxnet.net/

---

MS Windows Insecure Library Loading Remote Code Execution Vulnerabilities (2269637)

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801399
Filename: gb_ms_windows_library_code_exec_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 9.3
Risk factor : Critical

Summary: Check for version of vulnurable file 'Ntdll.dll'"

Overview: This host is prone to Remote Code Execution vulnerabilities.

Vulnerability Insight:
The flaws are due to:
- An error in the loading of dynamic link libraries (DLLs). If an application
does not securely load DLL files, an attacker may be able to cause the
application to load an arbitrary library.
- A specific insecure programming practices that allow so-called
'binary planting' or 'DLL preloading attacks', which allows the attacker to
execute arbitrary code in the context of the user running the vulnerable
application when the user opens a file from an untrusted location.

Impact:
Successful exploitation will allow attackers to execute arbitrary code or to
elevate privileges.

Impact Level: Application.

Affected Software:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
htttp://www.microsoft.com/technet/security/advisory/2269637.mspx

References:
http://secunia.com/blog/120/
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://www.network-box.com/aboutus/news/microsoft-advises-insecure-library-loading-vulnerability

---

Google Earth Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801272
Filename: gb_google_earth_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of Google Earth in KB"

Overview: This script finds the installed Google Earth version and saves
the version in KB.

---

Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801510
Filename: gb_adobe_estk_insecure_lib_load_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3155
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Adobe ExtendedScript Toolkit"

Overview: This host is installed with Adobe ExtendedScript Toolkit (ESTK)
and is prone to insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain librairies
from the current working directory, which could allow attackers to execute
arbitrary code by tricking a user into opening a file from a network share.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
conduct DLL hijacking attacks.

Impact Level: Application.

Affected Software:
Adobe ExtendedScript Toolkit (ESTK) CS5 3.5.0.52 on windows.

Fix: No solution or patch is available as of 08th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.adobe.com/downloads/

References:
https://launchpad.net/bugs/cve/2010-3155
http://www.exploit-db.com/exploits/14785/

---

Adobe Extension Manager CS5 Insecure Library Loading Vulnerability (Win)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801509
Filename: gb_adobe_ext_manager_insecure_lib_load_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3154
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Adobe Extension Manager"

Overview: This host is installed with Adobe Extension Manager CS5 and is prone to
insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain librairies
from the current working directory, which could allow attackers to execute
arbitrary code by tricking a user into opening a file from a network share.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
conduct DLL hijacking attacks.

Impact Level: Application.

Affected Software:
Adobe Extension Manager CS5 5.0.0.298 on windows.

Fix: No solution or patch is available as of 08th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.adobe.com/downloads/

References:
http://www.exploit-db.com/exploits/14784/
https://launchpad.net/bugs/cve/2010-3154

---

Adobe On Location Insecure Library Loading Vulnerability (Win)

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801511
Filename: gb_adobe_on_location_lib_load_vuln_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2010-3151
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Adobe On Location"

Overview: This host is installed with Adobe On Location and is prone to
insecure library loading vulnerability.

Vulnerability Insight:
The flaw is due to the application insecurely loading certain librairies
from the current working directory, which could allow attackers to execute
arbitrary code by tricking a user into opening a file from a network share.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
conduct DLL hijacking attacks.

Impact Level: Application.

Affected Software:
Adobe On Location CS4 Build 315 on windows.

Fix: No solution or patch is available as of 08th September, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.adobe.com/downloads/

References:
http://www.exploit-db.com/exploits/14772/
http://www.securityfocus.com/archive/1/513332/2010-08-20/2

---

Adobe Captivate Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801266
Filename: gb_adobe_captivate_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the version of Adobe Captivate in KB"

Overview: This script finds the installed Adobe Captivate version and saves
the version in KB.

---

Microsoft Windows TCP/IP Privilege Elevation Vulnerabilities (978886)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902232
Filename: secpod_ms10-058.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1892 CVE-2010-1893
CVSS: 7.8
Risk factor : High

Summary: Check for the vulnerable Tcpip.sys file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-058.

Vulnerability Insight:
The multiple flaws are due to,
- An integer overflow error in the Windows 'TCP/IP' stack when handling data
copied from user mode, which could be exploited by malicious users to execute
arbitrary code with elevated privileges.
- An error in the Windows Networking stack when processing malformed packets,
which could be exploited by remote attackers to cause an affected system
to stop responding.

Impact:
Successful exploitation could allow remote attackers to cause a denial of service
or by local attackers to gain elevated privileges.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS10-058

References:
http://support.microsoft.com/kb/978886
http://www.vupen.com/english/advisories/2010/2055
http://technet.microsoft.com/en-us/security/bulletin/MS10-058

---

Microsoft Windows Tracing Feature Privilege Elevation Vulnerabilities (982799)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902231
Filename: secpod_ms10-059.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2555 CVE-2010-2554
CVSS: 6.8
Risk factor : High

Summary: Check for the vulnerable Rtutils.dll file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-059.

Vulnerability Insight:
The multiple flaws are due to,
- Windows placing incorrect access control lists (ACLs) on registry keys for
the Tracing Feature for Services.
- A memory corruption error in the Tracing Feature for Services when handling
certain strings read from the registry.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
with elevated privileges.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-059.mspx

References:
http://support.microsoft.com/kb/982799
http://xforce.iss.net/xforce/xfdb/60681
http://www.vupen.com/english/advisories/2010/2056

---

FTPGetter FTP Client Directory Traversal Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902233
Filename: secpod_ftpgetter_ftp_client_dir_traversal_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

CVE: CVE-2010-3103
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of FTPGetter FTP Client"

Overview: This host is installed with FTPGetter FTP Client and is prone to
directory traversal vulnerability.

Vulnerability Insight:
The flaw exists due to error in handling of certain crafted file names.
It does not properly sanitise filenames containing directory traversal
sequences that are received from an FTP server.

Impact:
Successful exploitation will allow attackers to write files into a user's
Startup folder to execute malicious code when the user logs on.

Impact Level: Application.

Affected Software:
FTPGetter FTP Client 3.51.0.05 and prior.

Fix: No solution or patch is available as of 25th August, 2010. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.ftpgetter.com/download.php

References:
http://secunia.com/advisories/41069
http://www.htbridge.ch/advisory/directory_traversal_in_ftpgetter.html

---

FTPx Corp FTP Explorer Directory Traversal Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902235
Filename: secpod_ftp_explore_dir_traversal_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

CVE: CVE-2010-3101
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of FTPx Corp FTP Explorer"

Overview: This host is installed with FTPx Corp FTP Explorer and is prone to
directory traversal vulnerability.

Vulnerability Insight:
The flaw exists due to error in handling of file names. It does not properly
sanitise filenames containing directory traversal sequences that are received
from an FTP server.

Impact:
Successful exploitation will allow attackers to write files into a user's Startup
folder to execute malicious code when the user logs on.

Impact Level: Application.

Affected Software:
FTPx Corp FTP Explore version 10.5.19.1 and prior.

Fix: No solution or patch is available as of 25th August, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.ftpx.com/download.aspx

References:
http://secunia.com/advisories/40901
http://seclists.org/bugtraq/2010/Aug/51
http://securityreason.com/wlb_show/WLB-2010080016
http://osdir.com/ml/bugtraq.security/2010-08/msg00054.html
http://www.htbridge.ch/advisory/directory_traversal_in_ftp_explorer.html

---

3D FTP Client Directory Traversal Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902234
Filename: secpod_3d_ftp_client_dir_traversal_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

CVE: CVE-2010-3102
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of 3D FTP Client"

Overview: This host is installed with 3D FTP Client and is prone to directory
traversal vulnerability.

Vulnerability Insight:
The flaw exists due to an error in handling of certain crafted file names.
It does not properly sanitise filenames containing directory traversal
sequences that are received from an FTP server.

Impact:
Successful exploitation will allow attackers to write files into a user's
Startup folder to execute malicious code when the user logs on.

Impact Level: Application.

Affected Software:
3D FTP Client 9.0 build 2 (9.0.2) and prior.

Fix: No solution or patch is available as of 25th August, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://3dftp.com/download_3dftp.htm

References:
http://vuln.sg/3dftp801-en.html
http://seclists.org/bugtraq/2010/Aug/227
http://www.securityfocus.com/archive/1/513244
http://osdir.com/ml/bugtraq.security/2010-08/msg00226.html
http://www.htbridge.ch/advisory/directory_traversal_in_3d_ftp_client.html

---

Adersoft VbsEdit .vbs File Denial Of Service Vulnerability

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801440
Filename: gb_vbsedit_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

BID: 42525
CVSS: 7.5
Risk factor : High

Summary: Check for the version of VbsEdit"

Overview: This host is installed with VbsEdit and is prone to Denial Of Service
vulnerability.

Vulnerability Insight:
The flaw exists due to an error in handling '.vbs' file which allows the
user to crash the affected application.

Impact:
Successful exploitation will allow remote attackers to crash the affected
application, resulting in a denial-of-service condition.

Impact Level: Application.

Affected Software:
Adersoft VbsEdit 4.6.1 and prior

Fix: No solution or patch is available as of 20th August, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.vbsedit.com/

References:
http://inj3ct0r.com/exploits/13733
http://www.expbase.com/Dos/12737.html
http://www.0daynet.com/2010/0819/995.html
http://www.securityfocus.com/bid/42525/discuss

---

AutoFTP Manager FTP Client Directory Traversal Vulnerability

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801398
Filename: gb_afm_ftp_client_dir_traversal_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

CVE: CVE-2010-3104
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of AutoFTP Manager FTP Client"

Overview: This host is installed with AutoFTP Manager FTP Client and is prone
to directory traversal vulnerability.

Vulnerability Insight:
The flaw exists due to error in handling of certain crafted file names.
It does not properly sanitise filenames containing directory traversal
sequences that are received from an FTP server.

Impact:
Successful exploitation will allow attackers to write files into a user's
Startup folder to execute malicious code when the user logs on.

Impact Level: Application.

Affected Software:
AutoFTP Manager FTP Client 4.31(4.3.1.0) and prior.

Fix: Upgrade AutoFTP Manager FTP Client to recent versions,
For updates refer to http://www.deskshare.com/download.aspx

References:
http://en.securitylab.ru/nvd/396970.php
http://www.htbridge.ch/advisory/directory_traversal_in_autoftp_manager.html

---

Subtitle Translation Wizard .srt File Stack Based Buffer Overflow Vulnerability

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801426
Filename: gb_subtitle_translation_wizard_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-2440
BID: 41026
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Subtitle Translation Wizard"

Overview: This host is installed with Subtitle Translation Wizard and is
prone to buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to a boundary error when processing subtitle files in
'st-wizard.exe', which causes a stack-based buffer overflow via '.srt' file
containing an overly long string.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code. Failed exploit attempts will result in denial-of-service conditions.

Impact Level: Application.

Affected Software:
Subtitle Translation Wizard 3.0

Fix: No solution or patch is available as of 13th, August 2010 . Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.upredsun.com/subtitle-translation/subtitle-translation.html

References:
http://osvdb.org/65678
http://secunia.com/advisories/40303
http://www.exploit-db.com/exploits/13965/

---

Microsoft Windows Movie Maker Could Allow Remote Code Execution Vulnerability (981997)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900248
Filename: secpod_ms10-050.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2564
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Moviemk.exe file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-050.

Vulnerability Insight:
The application fails to perform adequate boundary checks when parsing
strings in imported project files (.MSWMM), which leads to buffer overflow.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code with the privileges of the user running the application.

Impact Level: Application/System

Affected Software/OS:
Movie Maker 2.1 on Microsoft Windows XP Service Pack 3 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx

References:
http://secunia.com/advisories/38931/
http://support.microsoft.com/kb/981997
http://www.microsoft.com/technet/security/bulletin/MS10-050.mspx

---

Microsoft Windows LSASS Denial of Service Vulnerability (975467)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902227
Filename: secpod_ms10-051.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2561
BID: 42300
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Msxml3.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-051.

Vulnerability Insight:
The issue is caused by a memory corruption error in the Microsoft 'XML'
Core Services (MSXML) when handling HTTP responses via the Msxml2.XMLHTTP.3.0
ActiveX control.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code by tricking a user into visiting a specially crafted web page.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-051.mspx

References:
http://support.microsoft.com/kb/2079403
http://www.vupen.com/english/advisories/2010/2048
http://www.microsoft.com/technet/security/bulletin/MS10-051.mspx

---

Microsoft Window MPEG Layer-3 Remote Code Execution Vulnerability (2115168)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902229
Filename: secpod_ms10-052.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1882
BID: 42298
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of L3codecx.ax file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-052.

Vulnerability Insight:
This issue is caused by a buffer overflow error in the Microsoft MPEG Layer-3
audio codecs (l3codecx.ax) when processing malformed media files containing an
MPEG Layer-3 audio stream.

Impact:
Successful exploitation will let remote attackers to execute arbitrary
code by tricking a user into visiting a specially crafted web page.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms10-052.mspx

References:
http://support.microsoft.com/kb/2115168
http://www.vupen.com/english/advisories/2010/2049
http://www.microsoft.com/technet/security/bulletin/MS10-052.mspx

---

Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901140
Filename: secpod_ms10-054.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2550 CVE-2010-2551 CVE-2010-2552
BID: 42224
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Srv.sys file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-054.

Vulnerability Insight:
- A pool overflow error within the Server Message Block (SMB) implementation
when processing malformed messages.
- An error in the Server Message Block (SMB) Protocol software that does not
properly validate an internal variable when parsing specially crafted SMB
packets.
- An error in the Server Message Block (SMB) Protocol implementation that
does not properly handle specially crafted compounded requests.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
and cause a denial of service or compromise a vulnerable system.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-054.mspx

References:
http://support.microsoft.com/kb/982214
http://www.vupen.com/english/advisories/2010/2051
http://www.microsoft.com/technet/security/Bulletin/MS10-054.mspx

---

Remote Code Execution Vulnerability in Cinepak Codec (982665)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900249
Filename: secpod_ms10-055.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2553
BID: 42256
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Iccvid.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-055.

Vulnerability Insight:
The Cinepak Codec applications fails to perform adequate boundary checks
while handling supported format files.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code with the privileges of the user running the application.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Vista service Pack 2 and prior.
Microsoft Windows 7

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-055.mspx

References:
http://secunia.com/advisories/40936
http://support.microsoft.com/kb/982665
http://www.microsoft.com/technet/security/Bulletin/MS10-055.mspx

---

Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902230
Filename: secpod_ms10-060.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1898 CVE-2010-0019
BID: 42138 42295
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of mscorlib.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-060.

Vulnerability Insight:
This flaw is caused by an error in the way the Common Language Runtime (CLR)
handles delegates to virtual methods, which could be exploited to execute
arbitrary code by tricking a user into visiting a malicious web page
containing a specially crafted XBAP (XAML browser application).

Impact:
Successful exploitation will let remote attackers to execute arbitrary
code by tricking a user into visiting a specially crafted web page.

Impact Level: System

Affected Software/OS:
Microsoft .NET Framework 3.5/SP 1
Microsoft .NET Framework 2.0 SP1/SP2

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS10-060

References:
http://support.microsoft.com/kb/983583/
http://www.vupen.com/english/advisories/2010/2057
http://technet.microsoft.com/en-us/security/bulletin/MS10-060

---

Microsoft Windows Kernel Mode Drivers Privilege Elevation Vulnerabilities (2160329)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902094
Filename: secpod_ms10-048.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1887 CVE-2010-1894 CVE-2010-1895 CVE-2010-1896 CVE-2010-1897
BID: 42250 39630 42245 42210 42206
CVSS: 6.6
Risk factor : High

Summary: Check for version of vulnurable file 'Win32k.sys'"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-048.

Vulnerability Insight:
The flaws exists in the kernel-mode device driver due to:
- Improper validation of an argument passed to a system call.
- An error in handling certain exceptions.
- Improper allocation of memory when making a copy from user mode.
- Improper validation of input passed from user mode.
- An error in validating all parameters when creating a new window.

Impact:
Successful exploitation could allow attackers to execute arbitrary code
with kernel privileges.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-048.mspx

References:
http://secunia.com/advisories/40878
http://www.microsoft.com/technet/security/Bulletin/MS10-048.mspx

---

Remote Code Execution Vulnerabilities in SChannel (980436)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900247
Filename: secpod_ms10-049.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-3555
BID: 36935
CVSS: 5.8
Risk factor : High

Summary: Check for the vulnerable file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-049.

Vulnerability Insight:
A flaw exists in the Microsoft Windows SChannel (Secure Channel)
authentication component when using certificate based authentication, which
allows spoofing.

Impact:
Successful exploitation of this issue may allow attackers to perform limited
man-in-the-middle attacks to inject data into the beginning of the
application protocol stream to execute HTTP transactions, bypass
authentication.

Impact Level: Application

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx

References:
http://xforce.iss.net/xforce/xfdb/54158
http://www.microsoft.com/technet/security/bulletin/MS10-049.mspx

---

Microsoft Windows Kernel Privilege Elevation Vulnerabilities (981852)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902093
Filename: secpod_ms10-047.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1888 CVE-2010-1889 CVE-2010-1890
BID: 42211 42213 42221
CVSS: 6.8
Risk factor : High

Summary: Check for the version of ntoskrnl.exe file"

Overview: This host is missing an important security update according to
Microsoft Bulletin MS10-047.

Vulnerability Insight:
Multiple error exists due to,
- The way kernal deals with specific thread creation attempts.
- An error in initializing the objects while handling certain exceptions.
- An error in validating access control lists on kernel objects.

Impact:
Successful exploitation could allow attackers to run arbitrary code in
kernel level privileges.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/MS10-047.mspx

References:
http://securitytracker.com/alerts/2010/Aug/1024307.html
http://www.microsoft.com/technet/security/bulletin/MS10-047.mspx

---

SigPlus Pro ActiveX Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801251
Filename: gb_sigplus_pro_activex_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of SigPlus Pro ActiveX in KB"

Overview: This script finds the installed SigPlus Pro ActiveX version and
saves the version in KB.

---

BarCodeWiz Barcode Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801394
Filename: gb_barcode_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the version of BarCodeWiz Barcode"

Overview: This script detects the installed version of BarCodeWiz Barcode
and sets the result in KB.

---

Microsoft Windows Shell Remote Code Execution Vulnerability (2286198)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902226
Filename: secpod_ms10-046.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-2568
BID: 41732
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable Shell32.dll file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-046.

Vulnerability Insight:
The flaw is due to an error in Windows 'Shell' when parsing shortcuts
(.lnk or .pif), certain parameters are not properly validated when attempting
to load the icon.

Impact:
Successful exploitation could allow remote attackers to automatically execute
a malicious binary by tricking a user into browsing a remote network or WebDAV
share, or opening in Windows Explorer a removable drive containing a specially
crafted shortcut file.

Impact Level: System

Affected Software/OS:
Micorsoft Windows 7
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-046.mspx

References:
http://secunia.com/advisories/40647
http://www.kb.cert.org/vuls/id/940193
http://www.ivanlef0u.tuxfamily.org/?p=411
http://isc.sans.edu/diary.html?storyid=9190
http://isc.sans.edu/diary.html?storyid=9181
http://community.websense.com/blogs/securitylabs/archive/2010/07/20/microsoft-lnk-vulnerability-brief-technical-analysis-cve-2010-2568.aspx

---

OpenTTD NetworkSyncCommandQueue() Denial of Service Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901136
Filename: secpod_openttd_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2010-2534
BID: 41804
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of OpenTTD"

Overview: This host is installed with OpenTTD and is prone to denial of
service vulnerability.

Vulnerability Insight:
The flaw is due to the 'NetworkSyncCommandQueue()' function in
'src/network/network_command.cpp' not properly resetting the 'next' pointer,
which can be exploited to trigger an endless loop and exhaust CPU resources
when joining a server.

Impact:
Successful exploitation will allow remote attackers to cause the application
to fall into an infinite loop, denying service to legitimate users.

Impact Level: Application

Affected Software/OS:
OpenTTD version 1.0.2 and prior.

Fix: Upgrade to the latest version of OpenTTD 1.0.3 or later,
For updates refer to http://www.openttd.org

References:
http://secunia.com/advisories/40630
http://xforce.iss.net/xforce/xfdb/60568
http://security.openttd.org/en/CVE-2010-2534
http://www.vupen.com/english/advisories/2010/1888

---

Qt Version Detection    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801234
Filename: gb_qt_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set the Version of Qt in KB"

Overview: This script finds the installed Qt version and saves the version
in KB.

---

Groovy Media Player .m3u File Remote Stack Buffer Overflow Vulnerability

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801405
Filename: gb_groovy_media_player_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2009-4931
BID: 34621
CVSS: 6.8
Risk factor : High

Summary: Check for the version of Groovy Media Player"

Overview: This host is installed with Groovy Media Player and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The flaw is caused by improper bounds checking when parsing malicious '.M3U'
files.

Impact:
Successful exploitation will allows remote attackers to cause a denial of
service or possibly execute arbitrary code.

Impact Level: Application.

Affected Software :
Groovy Media Player 1.1.0

Fix: No solution or patch is available as of 13th July, 2010. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.bestwebsharing.com/groovy-media-player

References:
http://en.securitylab.ru/nvd/395659.php
http://xforce.iss.net/xforce/xfdb/49965

---

FathFTP ActiveX Control Multiple Buffer Overflow Vulnerabilities

Copyright (C) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.801379
Filename: gb_fathftp_client_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-2701
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of FathFTP"

Overview: This host is installed with FathFTP and is prone to multiple buffer
overflow vulnerabilities.

Vulnerability Insight:
The flaws are due to errors in the handling of 'GetFromURL' member and
long argument to the 'RasIsConnected' method, which allow remote attackers
to execute arbitrary code.

Impact:
Successful exploitation will allows remote attackers to cause a denial of
service or possibly execute arbitrary code.

Impact Level: Application.

Affected Software :
FathFTP version 1.7

Fix: No solution or patch is available as of 15th July, 2010. Information
regarding this issue will updated once the solution details are available.
For updates refer to http://www.fathsoft.com/download.html

References:
http://xforce.iss.net/xforce/xfdb/60200
http://www.exploit-db.com/exploits/14269/

---

Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902080
Filename: secpod_ms10-042.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2010-1885
BID: 40725
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable Helpsvc.exe file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS10-042.

Vulnerability Insight:
The flaw is due to the error in 'MPC::HTML::UrlUnescapeW()' function
within the Help and Support Center application (helpctr.exe) that does not
properly check the return code of 'MPC::HexToNum()' when escaping URLs.

Impact:
Successful exploitation could allow remote attackers to inject malicious code
in the Help and Support Center and execute arbitrary commands on a vulnerable
system by tricking a user into visiting a specially crafted web page.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/Bulletin/MS10-042.mspx

References:
http://xforce.iss.net/xforce/xfdb/59267
http://www.vupen.com/english/advisories/2010/1417
http://www.microsoft.com/technet/security/Bulletin/MS10-042.mspx

---

Adobe InDesign Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902084
Filename: secpod_adobe_indesign_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set Version of Adobe InDesign Version in KB"

Overview: This host is installed with Adobe InDesign and sets the
result in KB.

---

Symantec Sygate Personal Firewall ActiveX Buffer Overflow Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901125
Filename: secpod_symantec_sygate_personal_firewall_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-2305
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable version of Symantec Sygate Personal Firewall"

Overview: This host is installed with Symantec Sygate Personal Firewall and
is prone to Buffer overflow vulnerability.

Vulnerability Insight:
The flaw is caused by an error in ActiveX control in SSHelper.dll
allows remote attackers to execute arbitrary code via a long third
argument to the SetRegString method.

Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code on the system or cause the application to crash.

Impact Level: Application/System

Affected Software/OS:
Symantec Sygate Personal Firewall 5.6 build 2808

Fix: No solution or patch is available as of 18th June, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.symantec.com/norton/sygate/index.jsp

References:
http://xforce.iss.net/xforce/xfdb/59408
http://www.exploit-db.com/exploits/13834
http://www.corelan.be:8800/index.php/forum/security-advisories/10-050-sygate-personal-firewall-5-6-build-2808-activex/

---

Rosoft Audio Converter Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902078
Filename: secpod_rosoft_audio_converter_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set Version of Rosoft Audio Converter in KB"

Overview: This host is installed with Rosoft Audio Converter and sets the
result in KB.

---

CursorArts ZipWrangler ZIP Processing Buffer Overflow Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902071
Filename: secpod_cursorarts_zipwrangler_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-1685
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of CursorArts ZipWrangler"

Overview: This host is installed with CursorArts ZipWrangler and is prone
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to boundary error when processing certain ZIP files, which
leads to stack-based buffer overflow by tricking a user into opening a
specially crafted ZIP file.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code
with a specially crafted ZIP file.

Impact Level: Application.

Affected Software:
CursorArts ZipWrangler version 1.20.

Fix: No solution or patch is available as of 15th June, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.cursorarts.com/ca_zw.html.

References:
http://osvdb.org/64079
http://secunia.com/advisories/39575
http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-031-zip-wrangler-1-20-buffer-overflow/

---

Search in LDAP, Users with conf. LogonHours    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96055
Filename: GSHB_LDAP_User_w_LogonHours.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Search in LDAP, Users with conf. LogonHours"

Overview: This script search in LDAP, Users who have configurated
Login Timeslots (logonHours in Windows LDAP).

---

Reading Apache Config (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96020
Filename: GSHB_Read_Apache_Config.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_Apache.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Reading Apache Config (win)"

Reading Apache Config

---

Reading Apache CustomLogfiles (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96022
Filename: GSHB_Read_Apache_Customlogfile.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_Apache.nasl - GSHB_Read_Apache_Config.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Reading Apache CustomLogfiles (win)"

Reading Apache CustomLogfiles

---

Reading Apache htaccess Files (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96021
Filename: GSHB_Read_Apache_htaccessfiles.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_Apache.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Reading Apache htaccess Files (win)"

Reading Apache htaccess Files

Overview: This script get the AuthUserFile configuration of an list
of Apache htaccess files.

---

File and Folder ACL (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96041
Filename: GSHB_SMB_SDDL.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: File and Folder ACL (Win)"

Overview: The script List File and Folder ACL (Win).

---

Removable Storage access on remote sessions (Win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96048
Filename: GSHB_WMI_AllowRemoteDASD.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Removable Storage access on remote sessions (Win)"

Overview: The script Read Status of: Policy All Removable Storage: Allow direct access in remote sessions.

---

WMI Antivirus Status (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96011
Filename: GSHB_WMI_Antivir.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read the WMI Antivirus Status (win)"

Overview: Tests WMI AntiVirus Status.

---

Check over WMI if Apache is installed (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96019
Filename: GSHB_WMI_Apache.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check over WMI if Apache is installed (win)"

Overview: Check over WMI if Apache is installed

and Report the path and Version of the installation

---

List Files in Apache Script Alias Directorys over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96023
Filename: GSHB_WMI_Apache_ScriptAlias.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_Apache.nasl - GSHB_Read_Apache_Config.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: List Files in Apache Script Alias Directorys over WMI (win)"

List Files in Apache Script Alias Directorys over WMI

---

WMI Drives Status (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96012
Filename: GSHB_WMI_BootDrive.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read the WMI Drives Status (win)"

Overview: Tests WMI Drives Status.

---

CD-ROM Autostart (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96001
Filename: GSHB_WMI_CD-Autostart.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check for CD-ROM Autostart activation."

Overview: The script detects if CD-ROM Autostart is activated.

---

CD-ROM and FDDlocal User only access (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96002
Filename: GSHB_WMI_CD-FD-User-only-access.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check for CD-ROM and FDD local User only access."

Overview: The script detects whether only local users on CD-ROM and FDD can access.

---

List Windows AD ClientSiteName (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96039
Filename: GSHB_WMI_DomContrTest.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: List Windows AD ClientSiteName (Win)"

Overview: The script List Windows AD ClientSiteName (Win).

---

Get EFS Encrypted Files, Dirs and EFS-Encryption AlgorithmID (win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96043
Filename: GSHB_WMI_EFS.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get EFS Encrypted Files, Dirs and EFS-Encryption AlgorithmID (win)"

Overview: GGet EFS Encrypted Files, Dirs and EFS-Encryption AlgorithmID (win)

---

Read all EventLog Config Policy(ELCP) Settings (Win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96050
Filename: GSHB_WMI_EventLogPolSet.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read all EventLog Config Policy(ELCP) Settings (Win)"

Overview: The script read all, Vista and above, EventLog Config Policy Settings.

---

Get all Windows Admin Users and Groups over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96030
Filename: GSHB_WMI_get_AdminUsers.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get all Windows Admin Users and Groups over WMI (win)"

Overview: Get all Windows non System Services

and Eventlog Servicestate over WMI.

---

List all Installed ODBC Driver over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96024
Filename: GSHB_WMI_get_ODBCINST.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_IIS_OpenPorts.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: List all Installed ODBC Driver over WMI if IIS installed(win)"

Overview: List all Installed ODBC Driver over WMI if IIS installed(win)

---

Get GnuPG and PGP Version and User they have an pubring (win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96045
Filename: GSHB_WMI_GnuPGandPGP.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get GnuPG and PGP Version and User they have an pubring (win)"

Overview: Get GnuPG and PGP Version and User they have an pubring (win)

---

Checks over WMI, if hiberfile.sys exists (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96051
Filename: GSHB_WMI_Hibernate.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Checks over WMI, if hiberfile.sys exists (win)"

Overview: Checks over WMI, if hiberfile.sys exists (win).

---

Check for SSIEnableCmdDirective at IIS (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96010
Filename: GSHB_WMI_IIS_exec_cmd.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check for SSIEnableCmdDirective at IIS (Win)"

Overview: The script detects if the SSI enable Cmd Directive is activated
for the IIS.

---

Test over WMI, if Microsoft IIS installed an list open Ports (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96029
Filename: GSHB_WMI_IIS_OpenPorts.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Test over WMI, if Microsoft IIS installed an list open Ports (win)"

Test over WMI, if Microsoft IIS installed an list open Ports:

---

Tests if all Registry entrys set to prevent SYN-Attacks at an IIS Server (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96027
Filename: GSHB_WMI_IIS_Protect_SynAttack.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Tests if all Registry entrys set to prevent SYN-Attacks at an IIS Server (win)"

Overview: Tests if all Registry entrys set to prevent SYN-Attacks at an IIS Server.

---

Remote Data Service on InternetInformationServer (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96003
Filename: GSHB_WMI_IIS_RDS.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check for Remote Data Service on InternetInformationServer."

Overview: The script detects if Remote Data Service installed on InternetInformationServer.

---

IIS Samplefiles and Scripte (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96008
Filename: GSHB_WMI_IIS_Samplefiles.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check if IIS Samplefiles and Scripte are installed."

Overview: The script detects if IIS Samplefiles and Scripte are installed.

---

Test if Microsoft Url scan filter is installed(win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96025
Filename: GSHB_WMI_IIS_UrlScanFilter.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Test if Microsoft Url scan filter is installed(win)"

Overview: If IIS installed,

Test over WMI if Microsoft Url scan filter is installed:

---

Check over WMI if IPSec Policy used for Windows (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96042
Filename: GSHB_WMI_IPSec_Policy.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check over WMI if IPSec Policy used for Windows"

Overview: The script detects over WMI if IPSec Policy used under Windows 2000 and XP.

---

Read the status of NTFS MAC Last Access Timestamp over WMI (Win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96047
Filename: GSHB_WMI_LastAccessTimestamp.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read the status of NTFS MAC 'Last Access Timestamp' over WMI (Win)"

Overview: Read the status of NTFS MAC 'Last Access Timestamp' over WMI (Win).

---

Get all Windows non System Services, Service start modes and Eventlog Servicestate over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96028
Filename: GSHB_WMI_list_Services.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get all Windows non System Services, Service start modes and Eventlog Servicestate over WMI (win)"

Overview: Get all Windows non System Services,

Service start modes and Eventlog Servicestate over WMI.

---

WMI NTP Server (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96015
Filename: GSHB_WMI_NtpServer.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read over WMI the NTP Server (win)"

Overview: Tests WMI NTP Server.

---

Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96999
Filename: GSHB_WMI_OSInfo.nasl
Dependencies: smb_login.nasl - secpod_reg_enum.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win)"

Overview: Get OS Version, OS Type, OS Servicepack and OS Name over WMI (win)

---

Test if passfilt.dll is installed (win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96052
Filename: GSHB_WMI_Passfilt.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Test if passfilt.dll is installed (win)"

Overview: Test over WMI if passfilt.dll is installed and the
neccesary Registry entry set

---

Read over WMI the Windows Password Policie (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96033
Filename: GSHB_WMI_PasswdPolicie.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read over WMI the Windows Password Policie"

Overview: This scipt read over WMI the Windows Password Policie configuration

---

Windows Path Variable over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96032
Filename: GSHB_WMI_PathVariables.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Windows Path Variable over WMI (win)"

Overview: Read the Windows System Path Varibles over WMI.

---

Read all Windows Policy Security Settings (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96036
Filename: GSHB_WMI_PolSecSet.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read all Windows Policy Security Settings (Win)"

Overview: The script read all Windows Policy Security Settings.

---

Pre-Windows 2000 Compatible Access (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96040
Filename: GSHB_WMI_pre2000comp.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Pre-Windows 2000 Compatible Access (win)"

Overview: The scripte check, if
Everyone in the Usergroup Pre-Windows 2000 Compatible Access.

---

Checks InternetExplorer Policy for Protected Mode over WMI (Win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96049
Filename: GSHB_WMI_ProtectedMode.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read the config of the User Account Control feature over WMI. (Win)"

Overview: Checks InternetExplorer Policy for Protected Mode over WMI.

---

Removable media deaktivated (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96006
Filename: GSHB_WMI_removable-media.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Checks whether drives disables that containing removable media."

Overview: This Script checks whether drives disables that containing removable media, such as USB ports, CD-ROM drives, Floppy Disk drives and high capacity LS-120 floppy drives.

---

Get Screensaver Status for ALL Users (Win)    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96058
Filename: GSHB_WMI_ScreenSaver_Status.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check for Get Screensaver Status for ALL Users."

Overview: The script detects if Screensaver is activated and secured.

---

List Valid SNMP Communities (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96037
Filename: GSHB_WMI_SNMP_Communities.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: List Valid SNMP Communities (Win)"

Overview: The script List Valid SNMP Communities (Win).

---

Read the config of the User Account Control feature over WMI    ->

Copyright (c) 2010 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96046
Filename: GSHB_WMI_UAC_config.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Read the config of the User Account Control feature over WMI. (Win)"

Overview: Read the config of the User Account Control feature over WMI.

---

Find Windows 2003 Client Funktionality over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96018
Filename: GSHB_WMI_W2K3_ClientFunk.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Find Windows 2003 Client Funktionality over WMI (win)"

Overview: Find Windows 2003 Client Funktionality over WMI:

Nettmeeting
OutlookExpress
Windows Media Player

---

Find OS/2 and Posix Subsystem over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96007
Filename: GSHB_WMI_WIN_Subsystem.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Find OS/2 and Posix Subsystem over WMI (win)"

Overview: Find OS/2 and Posix Subsystem over WMI (win)

---

Find Windows Admin Tools over WMI if IIS installed (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96016
Filename: GSHB_WMI_WinAdminTools.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_IIS_OpenPorts.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Find Windows Admin Tools over WMI if IIS installed(win)"

Overview: If IIS installed, find Windows Admin Tools over WMI:

arp.exe, at.exe, atsvc.exe, cacls.exe, cmd.exe,
cscript.exe, debug.exe, edit.com, edlin.exe, ftp.exe, finger.exe,
ipconfig.exe, net.exe, netsh.exe, netstat.exe, nslookup.exe,
ping.exe, poledit.exe, posix.exe, qbasic.exe, rcp.exe, rdisk.exe,
regedit.exe, regedt32.exe, regini.exe, regsrv3.exe, rexec.exe,
route.exe, rsh.exe, runonce.exe, secfixup.exe, syskey.exe,
telnet.exe, tftp.exe, tracert.exe, tskill.exe, wscript.exe,
xcopy.exe

---

Get Windows Firewall Profile Status over WMI (win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96017
Filename: GSHB_WMI_WinFirewallStat.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Get Windows Firewall Profile Status over WMI (win)"

Overview: Get Windows Firewall Profile Status over WMI.
In this Test is currently only an Registry Test for the Microsoft Firewall
realized.

Later we will test over WMI the Namespace SecurityCenterFirewallProduct and
SecurityCenter2FirewallProduct for third party Firewall Products. The WMI
test can only used for Microsoft Client and not for Server Systems.

---

Checks XP Internetcommunication of some Programs (Win)    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96038
Filename: GSHB_WMI_XP-InetComm.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Checks XP Internetcommunication of some Programs."

---

.NET JIT Compiler Vulnerability

Copyright (C) 2008 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.90010
Filename: win_CVE-2007-0043.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0043
BID: 24811
CVSS: 9.3
Risk factor : Critical

Summary: Test for .NET JIT Compiler Vulnerability"

The remote host is affected by the vulnerabilitys described in
CVE-2007-0043

Checking if System.web.dll version is less than 2.0.50727.832

Impact:
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1,
and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted
remote attackers to execute arbitrary code via unspecified vectors involving
an unchecked buffer, probably a buffer overflow, aka .NET JIT Compiler
Vulnerability. Checking if System.web.dll version is less than 2.0.50727.832

Affected Software/OS:
Microsoft .NET Framework 1.1 SP 1
Microsoft .NET Framework 1.0 SP 3
Microsoft .NET Framework 2.0 SP 1/SP 2

References:
http://secunia.com/advisories/26003
http://securitytracker.com/alerts/2007/Jul/1018356.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0043
http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx

Solution:
All Users should upgrade to the latest version.
http://www.microsoft.com/technet/security/Bulletin/ms07-040.mspx

---

Windows Vulnerability in Microsoft Jet Database Engine

Copyright (C) 2008 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.90024
Filename: win_CVE-2007-6026.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-6026
BID: 28398
CVSS: 9.3
Risk factor : Critical

Summary: Windows Vulnerability in Microsoft Jet Database Engine"

The remote host is probably affected by the vulnerability described in
CVE-2007-6026

Impact
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0
(aka Microsoft Jet Engine), as used by Access 2003 in Microsoft
Office 2003 SP3, allows user-assisted attackers to execute arbitrary
code via a crafted MDB file database file containing a column
structure with a modified column count. NOTE: this might be the
same issue as CVE-2005-0944.

References:
http://www.us-cert.gov/cas/techalerts/TA08-134A.html
http://securitytracker.com/alerts/2007/Nov/1018976.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6026
http://www.microsoft.com/technet/security/bulletin/ms08-028.mspx

Solution:
All Users should upgrade to the latest version.

---

Mini-Redirector Heap Overflow Vulnerability

Copyright (C) 2008 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.90015
Filename: win_CVE-2008-0080.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0080
BID: 27670
CVSS: 10.0
Risk factor : Critical

Summary: Mini-Redirector Heap Overflow Vulnerability"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS008-007

Vulnerability Insight:
A boundary error occurs in the WebDAV Mini-Redirector when handling long
pathnames in WebDAV responses.

Impact:
Successful exploitation will allow attackers to execute arbitrary code and
completely compromise the affected computer.

References:
http://secunia.com/advisories/28894
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0080
http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx

Workarounds:
Disable the WebClient Service.

Solution:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-007.mspx

---

Windows vulnerability in DNS Client Could Allow Spoofing (945553)

Copyright (C) 2008 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.90020
Filename: win_CVE-2008-0087.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0087
BID: 28553
CVSS: 8.8
Risk factor : Critical

Summary: Windows vulnerability in DNS Client Could Allow Spoofing (945553)"

The remote host is probably affected by the vulnerability described in
CVE-2008-0087

Impact:
The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2,
and Vista uses predictable DNS transaction IDs, which allows remote attackers
to spoof DNS responses.

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0087
http://www.microsoft.com/technet/security/bulletin/ms08-020.mspx

Solution:
All Users should upgrade to the latest version.

---

WS_FTP client weak stored password

This script is Copyright (C) 2004 David Maciejak
OID: 1.3.6.1.4.1.25623.1.0.14597
Filename: ws_ftp_client_weak_stored_pass.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-1999-1078
BID: 547
CVSS: 7.5
Risk factor : High

Summary: Check IPSWITCH WS_FTP version"

The remote host has a version of the WS_FTP client which use a weak
encryption method to store site password.

Solution : Upgrade to the newest version of the WS_FTP client
See also : http://www.ipswitch.com/

---

ZoneAlarm Pro local DoS    ->

This script is Copyright (C) 2004 David Maciejak
OID: 1.3.6.1.4.1.25623.1.0.14726
Filename: zone_alarm_local_dos.nasl
Dependencies: secpod_reg_enum.nasl

Family: Firewalls

CVE: CVE-2004-2713
CVSS: 1.9
Risk factor : Low

Summary: Check ZoneAlarm Pro version"

ZoneAlarm Pro firewall runs on this host.

This version contains a flaw that may allow a local denial of service. To
exploit this flaw, an attacker would need to temper with the files located in
%windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm
to start up properly.

Solution : Upgrade to the latest version of this software

---

IIS Metabase    ->

Copyright (c) 2009 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.96009
Filename: GSHB_IIS_metabase.nasl
Dependencies: secpod_reg_enum.nasl - GSHB_WMI_OSInfo.nasl

Family: IT-Grundschutz

Risk factor : None

Summary: Check the IIS Metabase for AspEnableParentPaths"

Check the IIS Metabase for AspEnableParentPaths

Overview: This script reads the IIS Metabase an get the
AspEnableParentPaths configuration.

---

Trillian is installed

This script is Copyright (C) 2003 Xue Yong Zhi
OID: 1.3.6.1.4.1.25623.1.0.11428
Filename: trillian_installed.nasl
Dependencies: secpod_reg_enum.nasl

Family: Peer-To-Peer File Sharing

CVE: CVE-2002-2162
BID: 5677 5733 5755 5765 5769 5775 5776 5777 5783
CVSS: 4.6
Risk factor : Medium

Summary: Determines if Trillian is installed

The remote host is using Trillian - a p2p software,
which may not be suitable for a business environment.

Solution : Uninstall this software

---

SonicWall Global VPN Client Detection

This script is Copyright (C) 2008 Ferdy Riphagen
OID: 1.3.6.1.4.1.25623.1.0.80044
Filename: sonicwall_vpn_client_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Detects the presence and version of the SNWL Global VPN Client

Overview: This script detects the installed version of
SonicWall Global VPN Client and sets the result in KB.

---

Sophos Anti Virus Check

This script is Copyright (C) 2004 Jason Haar
OID: 1.3.6.1.4.1.25623.1.0.12215
Filename: sophos_installed.nasl
Dependencies: secpod_reg_enum.nasl - smb_enum_services.nasl

Family: Windows

CVSS: 10.0
Risk factor : Critical

Summary: Checks that the remote host has Sophos Antivirus installed and then makes sure the latest Vdefs are loaded.

This plugin checks that the remote host has the Sophos Antivirus installed
and that it is running.

Solution : Make sure Sophos is installed and using the latest VDEFS.

---

Spybot Search & Destroy Detection

This script is Copyright (C) 2006 Josh Zlatin-Amishav and Tenable Network Security
OID: 1.3.6.1.4.1.25623.1.0.80045
Filename: spybot_detection.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Checks whether Spybot Search & Destroy is installed

Synopsis :

The remote Windows host has a spyware detection program installed on it.

Description :

The remote Windows host is running Spybot Search & Destroy, a privacy
enhancing application that can detect and remove spyware of different
kinds from your computer.

See also :
http://www.safer-networking.org/

---

Webroot SpySweeper Enterprise Check

This script is Copyright (C) 2004-2005 Jeff Adams / Tenable Network Security
OID: 1.3.6.1.4.1.25623.1.0.80046
Filename: spysweeper_corp_installed.nasl
Dependencies: secpod_reg_enum.nasl - smb_enum_services.nasl

Family: Windows

CVSS: 7.5
Risk factor : High

Summary: Checks that SpySweeper is installed and then makes sure the latest Vdefs are loaded.

This plugin checks that the remote host has Webroot Spy Sweeper
Enterprise installed and properly running, and makes sure that the latest
Vdefs are loaded.

Solution : Make sure Spy Sweeper Ent is installed, running and using the
latest VDEFS.

---

ADODB.Stream object from Internet Explorer (KB870669)

This script is Copyright (C) 2004 Noam Rathaus
OID: 1.3.6.1.4.1.25623.1.0.12298
Filename: smb_nt_kb870669.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

BID: 10514
CVSS: 7.6
Risk factor : High

Summary: Checks for KB870669

An ADO stream object represents a file in memory. The stream object contains
several methods for reading and writing binary files and text files.
When this by-design functionality is combined with known security
vulnerabilities in Microsoft Internet Explorer, an Internet Web site could
execute script from the Local Machine zone.

This behavior occurs because the ADODB.Stream object permits
access to the hard disk when the ADODB.Stream object is hosted
in Internet Explorer.

Solution : http://support.microsoft.com/?kbid=870669

---

IE 5.01 5.5 6.0 Cumulative patch (890923)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10861
Filename: smb_nt_ms02-005.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2004-0842 CVE-2004-0727 CVE-2004-0216 CVE-2004-0839 CVE-2004-0844 CVE-2004-0843 CVE-2004-0841 CVE-2004-0845 CVE-2003-0814 CVE-2003-0815 CVE-2003-0816 CVE-2003-0817 CVE-2003-0823 CVE-2004-0549 CVE-2004-0566 CVE-2003-1048 CVE-2001-1325 CVE-2001-0149 CVE-2001-0727 CVE-2001-0875 CVE-2001-1325 CVE-2001-0149 CVE-2001-0727 CVE-2001-0875 CVE-2001-0339 CVE-2001-0002 CVE-2002-0190 CVE-2002-0026 CVE-2003-1326 CVE-2002-0027 CVE-2002-0022 CVE-2003-1328 CVE-2002-1262 CVE-2002-0193 CVE-1999-1016 CVE-2003-0344 CVE-2003-0233 CVE-2003-0309 CVE-2003-0113 CVE-2003-0114 CVE-2003-0115 CVE-2003-0116 CVE-2003-0531 CVE-2003-0809 CVE-2003-0530 CVE-2003-1025 CVE-2003-1026 CVE-2003-1027 CVE-2005-0554 CVE-2005-0554 CVE-2005-0555
BID: 11388 11385 11383 11381 11377 11367 11366 10473 8565 9009 9012 9013 9014 9015 9182 9663 9798 12477 12475 12473 12530 13123 13117 13120
CVSS: 10.0
Risk factor : Critical

Summary: Determines whether the hotfix 890923 is installed

The July 2004 Cumulative Patch for IE is not applied on the remote host.

Impact of vulnerability: Run code of attacker's choice.

Recommendation: Customers using IE should install the patch immediately.

See http://www.microsoft.com/technet/security/bulletin/ms05-020.mspx

---

Checks for MS HOTFIX for snmp buffer overruns

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10865
Filename: smb_nt_ms02-006.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0053
CVSS: 7.5
Risk factor : High

Summary: Determines whether the hotfix Q314147 is installed

Synopsis :

There is an Unchecked Buffer in SNMP Service and this
checks to see if the Microsoft Patch has been applied
(only checks NT/Win2k and XP PRo).

Impact of vulnerability: Run code of attacker's choice
and denial of service attacks.

Also may run snmp detect to see if snmp is running on
this host.

Solution :

http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx

---

XML Core Services patch (Q318203)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10866
Filename: smb_nt_ms02-008.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0057
BID: 3699
CVSS: 5.0
Risk factor : Medium

Summary: Determines whether the XML Core Services patch Q318202/Q318203 is installed

XMLHTTP Control Can Allow Access to Local Files.

A flaw exists in how the XMLHTTP control applies IE security zone
settings to a redirected data stream returned in response to a
request for data from a web site. A vulnerability results because
an attacker could seek to exploit this flaw and specify a data
source that is on the user's local system. The attacker could
then use this to return information from the local system to the
attacker's web site.

Impact of vulnerability: Attacker can read files on client system.

Affected Software:

Microsoft XML Core Services versions 2.6, 3.0, and 4.0.
An affected version of Microsoft XML Core Services also
ships as part of the following products:

Microsoft Windows XP
Microsoft Internet Explorer 6.0
Microsoft SQL Server 2000

(note: versions earlier than 2.6 are not affected
files affected include msxml[2-4].dll and are found
in the system32 directory. This might be false
positive if you have earlier version)

See http://www.microsoft.com/technet/security/bulletin/ms02-008.mspx

---

IE VBScript Handling patch (Q318089)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10926
Filename: smb_nt_ms02-009.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0052
BID: 4158
CVSS: 5.0
Risk factor : Medium

Summary: Determines whether the IE VBScript Handling patch (Q318089) is installed

Incorrect VBScript Handling in IE can Allow Web
Pages to Read Local Files.

Impact of vulnerability: Information Disclosure

Affected Software:

Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0

See
http://www.microsoft.com/technet/security/bulletin/ms02-009.mspx
and: Microsoft Article
Q319847 MS02-009 May Cause Incompatibility Problems Between
VBScript and Third-Party Applications

---

Opening Group Policy Files (Q318089)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10945
Filename: smb_nt_ms02-016.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0051
BID: 4438
CVSS: 4.6
Risk factor : Medium

Summary: Determines whether the Group Policy patch (Q318593) is installed

Windows 2000 allows local users to prevent the application
of new group policy settings by opening Group Policy files
with exclusive-read access.

Attacker could block application of Group Policy

Affected Software:

Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server

See
http://www.microsoft.com/technet/security/bulletin/ms02-016.mspx

---

MUP overlong request kernel overflow Patch (Q311967)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10944
Filename: smb_nt_ms02-017.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0151
BID: 4426
CVSS: 7.2
Risk factor : High

Summary: checks for Multiple UNC Provider Patch (Q311967)

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft
Windows operating systems allows local users to cause a
denial of service or possibly gain SYSTEM privileges via a
long UNC request.

Affected Software:

Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4 Terminal Server Edition
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows XP Professional

See
http://www.microsoft.com/technet/security/bulletin/ms02-017.mspx

---

Cumulative Patch for Internet Information Services (Q327696)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10943
Filename: smb_nt_ms02-018.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0147 CVE-2002-0149 CVE-2002-0150 CVE-2002-0224 CVE-2002-0869 CVE-2002-1182 CVE-2002-1180 CVE-2002-1181
BID: 4006 4474 4476 4478 4490 6069 6070 6071 6072
CVSS: 7.5
Risk factor : High

Summary: Determines whether October 30, 2002 IIS Cumulative patches (Q327696) are installed

Cumulative Patch for Microsoft IIS (Q327696)

Impact of vulnerability: Ten new vulnerabilities, the most
serious of which could enable code of an attacker's choice
to be run on a server.

Recommendation: Users using any of the affected
products should install the patch immediately.

Maximum Severity Rating: Critical

Affected Software:

Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1

See
http://www.microsoft.com/technet/security/bulletin/ms02-062.mspx

Supersedes

http://www.microsoft.com/technet/security/bulletin/ms02-018.mspx

---

Windows Debugger flaw can Lead to Elevated Privileges (Q320206)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10964
Filename: smb_nt_ms02-024.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0367
BID: 4287
CVSS: 7.2
Risk factor : High

Summary: Checks for MS Hotfix Q320206, Elevated Privilege

Authentication Flaw in Windows Debugger can Lead to Elevated
Privileges (Q320206)

Impact of vulnerability: Elevation of Privilege

Affected Software:

Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows 2000

Recommendation: Users using any of the affected
products should install the patch immediately.

Maximum Severity Rating: Critical (locally)

See
http://www.microsoft.com/technet/security/bulletin/ms02-024.mspx

---

Exchange 2000 Exhaust CPU Resources (Q320436)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.11143
Filename: smb_nt_ms02-025.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0368
BID: 4881
CVSS: 5.0
Risk factor : Medium

Summary: Checks for MS Hotfix Q320436, DOS on Exchange 2000

Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU
Resources (Q320436)

Impact of vulnerability: Denial of Service

Affected Software:

Recommendation: Users using any of the affected
products should install the patch immediately.

Maximum Severity Rating: Critical

See
http://www.microsoft.com/technet/security/bulletin/ms02-025.mspx

(note: requires admin level netbios login account to check)

---

Windows Network Manager Privilege Elevation (Q326886)

This script is Copyright (C) 2002 SECNAP Nework Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11091
Filename: smb_nt_ms02-042.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0720
BID: 5480
CVSS: 7.2
Risk factor : High

Summary: Checks for MS Hotfix Q326886, Network Elevated Privilege

A flaw in the Windows 2000 Network Connection Manager
could enable privilege elevation.

Impact of vulnerability: Elevation of Privilege

Affected Software:

Microsoft Windows 2000

Recommendation: Users using any of the affected
products should install the patch immediately.

Maximum Severity Rating: Critical

See
http://www.microsoft.com/technet/security/bulletin/ms02-042.mspx

---

Flaw in Certificate Enrollment Control (Q323172)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11144
Filename: smb_nt_ms02-048.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0699
CVSS: 5.0
Risk factor : Medium

Summary: Checks for MS Hotfix Q323172, Certificate Enrollment Flaw

A vulnerability in the Certificate Enrollment
ActiveX Control in Microsoft Windows 98, Windows 98
Second Edition, Windows Millennium, Windows NT 4.0,
Windows 2000, and Windows XP allows remote attackers
to delete digital certificates on a user's system
via HTML.

Impact of vulnerability: Denial of service

Maximum Severity Rating: Critical

Recommendation: Customers should install the patch immediately

Affected Software:

Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium
Microsoft Windows NT 4.0
Microsoft Windows 2000
Microsoft Windows XP

See
http://www.microsoft.com/technet/security/bulletin/ms02-048.mspx

---

Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11145
Filename: smb_nt_ms02-050.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-1183 CVE-2002-0862
BID: 5410
CVSS: 7.5
Risk factor : High

Summary: Checks for MS Hotfix Q328145, Certificate Validation Flaw

Hotfix to fix Certificate Validation Flaw (Q329115)
is not installed.

The vulnerability could enable an attacker who had
a valid end-entity certificate to issue a
subordinate certificate that, although bogus,
would nevertheless pass validation. Because
CryptoAPI is used by a wide range of applications,
this could enable a variety of identity spoofing
attacks.
Impact of vulnerability: Identity spoofing.

Maximum Severity Rating: Critical

Recommendation: Administrators should install the patch immediately.

Affected Software:

Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac

See
http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx

---

Microsoft RDP flaws could allow sniffing and DOS(Q324380)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11146
Filename: smb_nt_ms02-051.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0863 CVE-2002-0864
BID: 5410 5711 5712
CVSS: 5.0
Risk factor : Medium

Summary: Checks for MS Hotfix Q324380, Flaws in Microsoft RDP

Remote Data Protocol (RDP) version 5.0 in Microsoft
Windows 2000 and RDP 5.1 in Windows XP does not
encrypt the checksums of plaintext session data,
which could allow a remote attacker to determine the
contents of encrypted sessions via sniffing, and
Remote Data Protocol (RDP) version 5.1 in Windows
XP allows remote attackers to cause a denial of
service (crash) when Remote Desktop is enabled via a
PDU Confirm Active data packet that does not set the
Pattern BLT command.

Impact of vulnerability: Two vulnerabilities:
information disclosure, denial of service.

Maximum Severity Rating: Moderate.

Recommendation: Administrators of Windows
2000 terminal servers and Windows XP users
who have enabled Remote Desktop should apply
the patch.

Affected Software:

Microsoft Windows 2000
Microsoft Windows XP

Solution : http://www.microsoft.com/technet/security/bulletin/ms02-051.mspx

---

Flaw in Microsoft VM Could Allow Code Execution (810030)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11177
Filename: smb_nt_ms02-052.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-1257 CVE-2002-1258 CVE-2002-1183 CVE-2002-0862
BID: 6371 6372
CVSS: 10.0
Risk factor : Critical

Summary: Checks for MS Hotfix Q329077, Flaw in Microsoft VM JDBC

Hotfix to fix Flaw in Microsoft VM
could Allow Code Execution (810030)

Impact of vulnerability: Three vulnerabilities, the most
serious of which could enable an attacker to gain complete
control over a user's system.

Maximum Severity Rating: Critical

Recommendation: Administrators should install the patch immediately.

Affected Software:

Versions of the Microsoft virtual machine (Microsoft VM) are
identified by build numbers, which can be determined using the
JVIEW tool as discussed in the FAQ. All builds of the Microsoft
VM up to and including build 5.0.3805 are affected by these
vulnerabilities.

Supersedes :

http://www.microsoft.com/technet/security/bulletin/ms02-052.mspx

See :
http://www.microsoft.com/technet/security/bulletin/ms02-069.mspx

Also Note: Requires full registry access (Administrator)
to run the test.

---

Unchecked Buffer in Decompression Functions(Q329048)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11148
Filename: smb_nt_ms02-054.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0370 CVE-2002-1139
BID: 5873 5876
CVSS: 7.5
Risk factor : High

Summary: Checks for MS Hotfix Q329048, Unchecked Buffer in Decompression functions

Two vulnerabilities exist in the Compressed Folders function:

An unchecked buffer exists in the programs that handles
the decompressing of files from a zipped file. A
security vulnerability results because attempts to open
a file with a specially malformed filename contained in
a zipped file could possibly result in Windows Explorer
failing, or in code of the attacker's choice being run.

The decompression function could place a file in a
directory that was not the same as, or a child of, the
target directory specified by the user as where the
decompressed zip files should be placed. This could
allow an attacker to put a file in a known location on
the users system, such as placing a program in a
startup directory

Impact of vulnerability: Two vulnerabilities, the most serious
of which could run code of attacker's choice

Maximum Severity Rating: Moderate

Recommendation: Consider applying the patch to affected systems

Affected Software:

Microsoft Windows 98 with Plus! Pack
Microsoft Windows Me
Microsoft Windows XP

See
http://www.microsoft.com/technet/security/bulletin/ms02-054.mspx

---

Unchecked Buffer in Windows Help(Q323255)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11147
Filename: smb_nt_ms02-055.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-0693 CVE-2002-0694
BID: 4387 5874
CVSS: 7.5
Risk factor : High

Summary: Checks for MS Hotfix Q323255, Unchecked Buffer in Windows Help facility

An unchecked buffer in Windows help could allow an attacker to
could gain control over user's system.

Maximum Severity Rating: Critical

Recommendation: Customers should install the patch immediately.

Affected Software:

Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP

See
http://www.microsoft.com/technet/security/bulletin/ms02-055.mspx

---

Unchecked Buffer in PPTP Implementation Could Enable DOS Attacks (Q329834)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11178
Filename: smb_nt_ms02-063.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-1214
BID: 5807 6067
CVSS: 7.5
Risk factor : High

Summary: Checks for MS Hotfix Q329834, Unchecked Buffer in PPTP DOS

Hotfix to fix Unchecked Buffer in PPTP Implementation
(Q329834) is not installed.

A security vulnerability results in the Windows 2000 and
Windows XP implementations because of an unchecked buffer
in a section of code that processes the control data used
to establish, maintain and tear down PPTP connections. By
delivering specially malformed PPTP control data to an
affected server, an attacker could corrupt kernel memory
and cause the system to fail, disrupting any work in progress
on the system.

Impact of vulnerability: Denial of service
Maximum Severity Rating: Critical

Recommendation: Administrators should install the patch immediately.

Affected Software:

Microsoft Windows 2000
Microsoft Windows XP

See
http://www.microsoft.com/technet/security/bulletin/ms02-063.mspx

---

Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)

This script is Copyright (C) 2003 SECNAP Network Security
OID: 1.3.6.1.4.1.25623.1.0.11215
Filename: smb_nt_ms02-070.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-1256
BID: 6367
CVSS: 5.0
Risk factor : Medium

Summary: Checks for MS Hotfix 329170

The SMB signing capability in the Server Message Block
protocol in Microsoft Windows 2000 and Windows XP allows
attackers to disable the digital signing settings in an
SMB session to force the data to be sent unsigned, then
inject data into the session without detection, e.g. by
modifying group policy information sent from a domain
controller.

Maximum Severity Rating: Moderate

Recommendation: Administrators should install the patch immediately.

Affected Software:

Microsoft Windows 2000
Microsoft Windows XP

See
http://www.microsoft.com/technet/security/bulletin/ms02-070.mspx

---

WM_TIMER Message Handler Privilege Elevation (Q328310)

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.11191
Filename: smb_nt_ms02-071.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-1230
BID: 5927
CVSS: 4.6
Risk factor : Medium

Summary: Checks Registry for WM_TIMER Privilege Elevation Hotfix (Q328310)

A security issue has been identified in WM_TIMER that
could allow an attacker to compromise a computer running
Microsoft Windows and gain complete control over it.

Recommendation: Users using any of the affected
products should install the patch immediately.

Maximum Severity Rating: Critical

Affected Software:

Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP

See
http://www.microsoft.com/technet/security/bulletin/ms02-071.mspx

---

Unchecked Buffer in XP Shell Could Enable System Compromise (329390)

This script is Copyright (C) 2002 SECNAP Network Security, LLC
OID: 1.3.6.1.4.1.25623.1.0.11194
Filename: smb_nt_ms02-072.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2002-1327
BID: 6427
CVSS: 7.5
Risk factor : High

Summary: Checks for MS Hotfix 329390, Flaw in Microsoft XP Shell

It is possible for a malicious user to mount a buffer
overrun attack using windows XP shell.

A successful attack could have the effect of either causing
the Windows Shell to fail, or causing an attacker's code to run on
the user's computer in the security context of the user.

Maximum Severity Rating: Critical

Recommendation: Administrators should install the patch immediately.

Affected Software:

Microsoft Windows XP.

See
http://www.microsoft.com/technet/security/bulletin/ms02-072.mspx

---

Unchecked Buffer in XP Redirector (Q810577)

This script is Copyright (C) 2003 SECNAP Network Security
OID: 1.3.6.1.4.1.25623.1.0.11231
Filename: smb_nt_ms03-005.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0004
BID: 6778
CVSS: 7.2
Risk factor : High

Summary: Checks for MS Hotfix Q810577

The remote host is vulnerable to a flaw in the RPC redirector
which can allow a local attacker to run code of its choice
with the SYSTEM privileges.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-005.mspx

---

Unchecked Buffer in ntdll.dll (Q815021)

This script is Copyright (C) 2003 Trevor Hemsley
OID: 1.3.6.1.4.1.25623.1.0.11413
Filename: smb_nt_ms03-007.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0109
BID: 7116
CVSS: 7.5
Risk factor : High

Summary: Checks for MS Hotfix Q815021

The remote host is vulnerable to a flaw in ntdll.dll
which may allow an attacker to gain system privileges,
by exploiting it thru, for instance, WebDAV in IIS5.0
(other services could be exploited, locally and/or remotely)

Note : Microsoft recommends (quoted from advisory) that:
If you have not already applied the MS03-007 patch from
this bulletin, Microsoft recommends you apply the MS03-013
patch as it also corrects an additional vulnerability.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-007.mspx
or http://www.microsoft.com/technet/security/bulletin/MS03-013.mspx

---

Buffer Overrun In HTML Converter Could Allow Code Execution (823559)

Copyright (C) 2004 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11878
Filename: smb_nt_ms03-023.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0469
BID: 8016
CVSS: 7.5
Risk factor : High

Summary: Checks for hotfix Q823559

There is a flaw in the way the HTML converter for Microsoft Windows handles a
conversion request during a cut-and-paste operation. This flaw causes a
security vulnerability to exist. A specially crafted request to the HTML
converter could cause the converter to fail in such a way that it could
execute code in the context of the currently logged-in user. Because this
functionality is used by Internet Explorer, an attacker could craft a
specially formed Web page or HTML e-mail that would cause the HTML converter
to run arbitrary code on a user's system. A user visiting an attacker's Web
site could allow the attacker to exploit the vulnerability without any other
user action.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-023.mspx

---

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

This script is Copyright (C) 2003 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11886
Filename: smb_nt_ms03-041.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0660
BID: 8830
CVSS: 7.5
Risk factor : High

Summary: Checks for hotfix Q823182

There is a vulnerability in Authenticode that, under certain low memory
conditions, could allow an ActiveX control to download and install without
presenting the user with an approval dialog. To exploit this vulnerability,
an attacker could host a malicious Web Site designed to exploit this
vulnerability. If an attacker then persuaded a user to visit that site an
ActiveX control could be installed and executed on the user's system.
Alternatively, an attacker could create a specially formed HTML e-mail and
send it to the user.

Exploiting the vulnerability would grant the attacker with the same privileges
as the user.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-041.mspx

---

Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)

This script is Copyright (C) 2003 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11887
Filename: smb_nt_ms03-042.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0661
CVSS: 5.0
Risk factor : Medium

Summary: Checks for hotfix Q826232

A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control in
Windows 2000. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains
a buffer overflow that could allow an attacker to run code of their choice on a user's system.
To exploit this vulnerability, the attacker would have to create a specially formed HTML based
e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site that contained a Web page
designed to exploit this vulnerability.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx

---

Buffer Overrun in Messenger Service (828035)

This script is Copyright (C) 2003 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11888
Filename: smb_nt_ms03-043.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0717
BID: 8826
CVSS: 7.5
Risk factor : High

Summary: Checks for hotfix Q828035

A security vulnerability exists in the Messenger Service that could allow
arbitrary code execution on an affected system. An attacker who successfully
exploited this vulnerability could be able to run code with Local System
privileges on an affected system, or could cause the Messenger Service to fail.
Disabling the Messenger Service will prevent the possibility of attack.

This plugin determined by reading the remote registry that the patch
MS03-043 has not been applied.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-043.mspx

---

Buffer Overrun in the ListBox and in the ComboBox (824141)

This script is Copyright (C) 2003 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11885
Filename: smb_nt_ms03-045.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0659
BID: 8827
CVSS: 7.2
Risk factor : High

Summary: Checks for hotfix Q824141

A vulnerability exists because the ListBox control and the ComboBox control
both call a function, which is located in the User32.dll file, that contains
a buffer overrun. An attacker who had the ability to log on to a system
interactively could run a program that could send a specially-crafted Windows
message to any applications that have implemented the ListBox control or the
ComboBox control, causing the application to take any action an attacker
specified. An attacker must have valid logon credentials to exploit the
vulnerability. This vulnerability could not be exploited remotely.


Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-045.mspx

---

Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)

This script is Copyright (C) 2004 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.11992
Filename: smb_nt_ms04-001.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2003-0819
BID: 9408
CVSS: 10.0
Risk factor : Critical

Summary: Checks for hotfix Q816458

A security vulnerability exists in the H.323 filter for Microsoft Internet
Security and Acceleration Server 2000 that could allow an attacker
to overflow a buffer in the Microsoft Firewall Service in Microsoft Internet
Security and Acceleration Server 2000.

An attacker who successfully exploited this vulnerability could try to run
code of their choice in the security context of the Microsoft Firewall Service.
This would give the attacker complete control over the system.
The H.323 filter is enabled by default on servers running ISA Server 2000
computers that are installed in integrated or firewall mode.

Impact of vulnerability: Remote code execution

Affected Software:

Microsoft Internet Security and Acceleration Server 2000 Gold, SP1

Solution: Users using any of the affected
products should install the patch immediately.

Maximum Severity Rating: Critical

See http://www.microsoft.com/technet/security/bulletin/ms04-001.mspx

---

Vulnerability in DirectPlay Could Allow Denial of Service (839643)

This script is Copyright (C) 2004 Noam Rathaus
OID: 1.3.6.1.4.1.25623.1.0.12267
Filename: smb_nt_ms04-016.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2004-0202
BID: 10487
CVSS: 5.0
Risk factor : Medium

Summary: Checks for ms04-016 over the registry

A denial of service vulnerability exists in the implementation of the
IDirectPlay4 application programming interface (API) of Microsoft DirectPlay
because of a lack of robust packet validation.

If a user is running a networked DirectPlay application,
an attacker who successfully exploited this vulnerability could
cause the DirectPlay application to fail. The user would have
to restart the application to resume functionality.

Solution : http://www.microsoft.com/technet/security/bulletin/ms04-016.mspx

---

Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350)

This script is Copyright (C) 2004 Noam Rathaus
OID: 1.3.6.1.4.1.25623.1.0.15467
Filename: smb_nt_ms04-029.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2004-0569
BID: 11380
CVSS: 7.5
Risk factor : High

Summary: Determines if hotfix 873350 has been installed

An information disclosure and denial of service vulnerability exists when
the RPC Runtime Library processes specially crafted messages.

An attacker who successfully exploited this vulnerability could potentially
read portions of active memory or cause the affected system to stop responding.

Solution : http://www.microsoft.com/technet/security/bulletin/MS04-029.mspx

---

ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)

This script is Copyright (C) 2004 Jeff Adams
OID: 1.3.6.1.4.1.25623.1.0.15714
Filename: smb_nt_ms04-039.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2004-0892
CVSS: 7.5
Risk factor : High

Summary: Checks for hotfix Q888258

The ISA Server 2000 and Proxy Server 2.0 have been found to be vulnerable to
a spoofing vulnerability that could enable an attacker to spoof trusted Internet
content. Users could believe they are accessing trusted Internet content when
in reality they are accessing malicious Internet content, for example a
malicious Web site. However, an attacker would first have to persuade a user to
visit the attacker's to attempt to exploit this vulnerability.

See http://www.microsoft.com/technet/security/bulletin/ms04-039.mspx

---

Potentially unwanted software

This script is Copyright (C) 2005 David Maciejak and Tenable Network Security
OID: 1.3.6.1.4.1.25623.1.0.80042
Filename: smb_suspicious_files.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 7.5
Risk factor : High

Summary: Checks for the presence of differents dll on the remote host

This script checks for the presence of files and programs which
might have been installed without the consent of the user of the
remote host.

Verify each of the applications found to see if they are compliant
with your organization's security policy.

Solution : See the URLs which will appear in the report

---

The remote host is infected by a virus

This script is Copyright (C) 2005 Tenable Network Security
OID: 1.3.6.1.4.1.25623.1.0.80043
Filename: smb_virii.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVSS: 7.6
Risk factor : High

Summary: Checks for the presence of different virii on the remote host

This script checks for the presence of different virii on the remote
host, by using the SMB credentials you provide OpenVAS with.

- W32/Badtrans-B
- JS_GIGGER.A@mm
- W32/Vote-A
- W32/Vote-B
- CodeRed
- W32.Sircam.Worm@mm
- W32.HLLW.Fizzer@mm
- W32.Sobig.B@mm
- W32.Sobig.E@mm
- W32.Sobig.F@mm
- W32.Sobig.C@mm
- W32.Yaha.J@mm
- W32.mimail.a@mm
- W32.mimail.c@mm
- W32.mimail.e@mm
- W32.mimail.l@mm
- W32.mimail.p@mm
- W32.Welchia.Worm
- W32.Randex.Worm
- W32.Beagle.A
- W32.Novarg.A
- Vesser
- NetSky.C
- Doomran.a
- Beagle.m
- Beagle.j
- Agobot.FO
- NetSky.W
- Sasser
- W32.Wallon.A
- W32.MyDoom.M
- W32.MyDoom.AI
- W32.MyDoom.AX
- W32.Aimdes.B
- W32.Aimdes.C
- W32.ahker.D
- Hackarmy.i
- W32.Erkez.D/Zafi.d
- Winser-A
- Berbew.K
- Hotword.b
- W32.Backdoor.Ginwui.B
- W32.Wargbot
- W32.Randex.GEL
- W32.Fujacks.B

Solution : See the URLs which will appear in the report

---

Unchecked Buffer in XP upnp

This script is Copyright (C) 2002 Michael Scheidell
OID: 1.3.6.1.4.1.25623.1.0.10835
Filename: smb_xp_ms01-059.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2001-0876
BID: 3723
CVSS: 7.5
Risk factor : High

Summary: Determines whether the hotfix Q315000 is installed

Unchecked Buffer in Universal Plug and Play Can
Lead to System Compromise for Windows XP (Q315000)

By sending a specially-malformed NOTIFY directive,
it would be possible for an attacker to cause code
to run in the context of the UPnP service, which
runs with system privileges on Windows XP.

The UPnP implementations do not adequately
regulate how it performs this operation, and this
gives rise to two different denial-of-service
scenarios. (CVE-2001-0877)

See http://www.microsoft.com/technet/security/bulletin/ms01-059.mspx

---

Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)

Copyright (C) 2008 Greenbone Networks GmbH
OID: 1.3.6.1.4.1.25623.1.0.90019
Filename: smbcl_flash_player_CB-A08-0059.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2007-5275 CVE-2007-6019 CVE-2007-6243 CVE-2007-6637 CVE-2008-1654 CVE-2008-1655
BID: 26930 28694 26966 27034 28696 28697
CVSS: 9.3
Risk factor : Critical

Summary: Determine the version of Flashplayer"

The remote host is probably affected by the vulnerabilities described in
CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654,
CVE-2008-1655.

Impact:
- CVE 2007-5275
The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause a
victim machine to establish TCP sessions with arbitrary hosts via a Flash
(SWF) movie, related to lack of pinning of a hostname to a single IP address
after receiving an allow-access-from element in a cross-domain-policy XML
document, and the availability of a Flash Socket class that does not use
the browser's DNS pins, aka DNS rebinding attacks, a different issue than
CVE-2002-1467 and CVE-2007-4324.
- CVE 2007-6019
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows
remote attackers to execute arbitrary code via an SWF file with a modified
DeclareFunction2 Actionscript tag, which prevents an object from being
instantiated properly.
- CVE 2007-6243
Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to
7.0.70.0 does not sufficiently restrict the interpretation and usage of
cross-domain policy files, which makes it easier for remote attackers to
conduct cross-domain and cross-site scripting (XSS) attacks.
- CVE 2007-6637
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash Player
allow remote attackers to inject arbitrary web script or HTML via a crafted
SWF file, related to 'pre-generated SWF files' and Adobe Dreamweaver CS3 or
Adobe Acrobat Connect. NOTE: the asfunction: vector is already covered by
CVE-2007-6244.1.
- CVE 2008-1654
Interaction error between Adobe Flash and multiple Universal Plug and Play
(UPnP) services allow remote attackers to perform Cross-Site Request Forgery
(CSRF) style attacks by using the Flash navigateToURL function to send a SOAP
message to a UPnP control point, as demonstrated by changing the primary DNS
server.
- CVE 2008-1655
Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, and
8.0.39.0 and earlier, makes it easier for remote attackers to conduct DNS
rebinding attacks via unknown vectors.

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655

Solution:
All Adobe Flash Player users should upgrade to the latest version:
http://get.adobe.com/flashplayer/

---

Sun VirtualBox Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901053
Filename: secpod_sun_virtualbox_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Set KB for the version of Sun/Oracle VirtualBox"

Detection of installed version of Sun/Oracle VirtualBox.

The script logs in via smb, searches for Sun/Oracle VirtualBox in the registry
and gets the version from 'Version' string in registry

---

Symantec Product(s) Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900332
Filename: secpod_symantec_prdts_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Product detection

Risk factor : None

Summary: Detection of installed version of Symantec Product(s)"

cpe:/a:symantec:endpoint_protection

---

SyncBack Profile Import Buffer Overflow Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902057
Filename: secpod_syncback_freeware_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-1688
BID: 40311
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of SyncBack Freeware"

Overview: This host is installed with SyncBack Freeware and is prone
to buffer overflow vulnerability.

Vulnerability Insight:
The flaw exists due to boundary error when importing 'SyncBack' profiles,
which leads to stack-based buffer overflow when a user opens a specially
crafted '.sps' file.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary code.

Impact Level: Application.

Affected Software:
SyncBack Freeware version prior to 3.2.21

Fix: Upgrade to the SyncBack Freeware version 3.2.21
For updates refer to http://www.2brightsparks.com/downloads.html#freeware

References:
http://osvdb.org/64752
http://secunia.com/advisories/39865
http://xforce.iss.net/xforce/xfdb/58727

---

TFM MMPlayer Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900596
Filename: secpod_tfm_mmplayer_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB for the version of TFM MMPlayer"

Overview: This script detects the version of TFM MMPlayer and
sets the result in KB.

---

TheGreenBow IPSec VPN Client Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900921
Filename: secpod_thegreenbow_ipsec_vpn_client_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB for the version of TheGreenBow IPSec VPN Client"

Overview: This script detects the version of TheGreenBow IPSec VPN Client
and sets the result in KB.

---

TightVNC Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900472
Filename: secpod_tightvnc_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set Version of TightVNC in KB"

Overview : This script finds the installed version of TightVNC and
saves the version in KB.

---

TOR Privilege Escalation Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900423
Filename: secpod_tor_privilege_escalation_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Privilege escalation

CVE: CVE-2008-5397 CVE-2008-5398
BID: 32648
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Tor"

Overview: This host is installed with TOR and is prone to Privilege
Escalation vulnerability.

Vulnerability Insight:
The flaws are due to
- an application does not properly drop privileges to the primary groups of
the user specified by the User Parameter.
- a ClientDNSRejectInternalAddresses configuration option is not always
enforced which weaknesses the application security.

Impact:
Successful exploitation will let the attacker gain privileges and escalate
the privileges in malicious ways.

Affected Software/OS:
Tor version 0.2.0.31 or prior.

Fix:
Upgrade to the latest version 0.2.0.32
http://www.torproject.org/download.html.en

References:
http://www.torproject.org
http://secunia.com/advisories/33025

---

Trellian FTP Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901108
Filename: secpod_trellian_ftp_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: FTP

Risk factor : None

Summary: Set the version of Trellian FTP in KB"

Overview: This script finds the installed Trellian FTP version and saves the
result in KB.

---

Trend Micro Web Management Authentication Bypass Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900205
Filename: secpod_trendmicro_officescan_auth_bypass_vuln_900205.nasl
Dependencies: secpod_reg_enum.nasl

Family: Privilege escalation

CVE: CVE-2008-2433
BID: 30792
CVSS: 7.5
Risk factor : High

Summary: Check for the version of Trend Micro OfficeScan"

Overview : This Remote host is installed with Trend Micro OfficeScan, which
is prone to Authentication Bypass Vulnerability.

Vulnerability Insight :

The flaw is due to insufficient entropy in a random session
token used to identify an authenticated manager using the web console.

Impact : Remote users can gain administrative access on the target
application and allow arbitrary code execution.

Impact Level : Application.

Affected Software/OS :
Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6
Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3
Trend Micro OfficeScan Corporate Edition version 8.0
Trend Micro Worry-Free Business Security (WFBS) version 5.0

Fix : Partially Fixed.

Fix is available for Trend Micro OfficeScan 8.0 and Worry-Free Business Security 5.0.
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2402.exe
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1351.exe
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3037.exe
http://www.trendmicro.com/ftp/products/patches/WFBS_50_WIN_EN_CriticalPatch_B1404.exe

*****
NOTE : Ignore this warning if above mentioned patch is applied already.
*****

References : http://secunia.com/advisories/31373/
http://securitytracker.com/alerts/2008/Aug/1020732.html

---

Trend Micro OfficeScan ObjRemoveCtrl ActiveX Control BOF Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900016
Filename: secpod_trendmicro_officescan_bof_vuln_900016.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2008-3364
BID: 30407
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Trend Micro OfficeScan"

Overview : This Remote host is installed with Trend Micro OfficeScan, which
is prone to ActiveX control buffer overflow vulnerability.

Vulnerability Insight :
The flaws are due to an error in objRemoveCtrl control, which is used to display
certain properties (eg., Server, ServerIniFile etc..) and their values when it is embedded
in a web page. These property values can be overflowed to cause stack based overflow.

Impact : Successful exploitation could allow remote attackers to
execute arbitrary code.

Impact Level : Application.

Affected Software/OS :
OfficeScan 7.3 build 1343 (Patch 4) and prior on Windows (All).
Trend Micro Worry-Free Business Security (WFBS) version 5.0
Trend Micro Client Server Messaging Security (CSM) versions 3.5 and 3.6

Quick Fix : Set killbits for the following clsid's
{5EFE8CB1-D095-11D1-88FC-0080C859833B}
To set kill-bit refer, http://support.microsoft.com/kb/240797

Fix : Upgrade to OfficeScan 10 or later,
For updates refer to http://uk.trendmicro.com/uk/downloads/enterprise/index.html

References : http://www.milw0rm.com/exploits/6152
http://archives.neohapsis.com/archives/fulldisclosure/2008-07/0509.html

---

Trend Micro OfficeScan Server cgiRecvFile.exe Buffer Overflow Vulnerability.

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900220
Filename: secpod_trendmicro_officescan_bof_vuln_sept08_900220.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2008-2437
BID: 31139
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Trend Micro OfficeScan"

Overview : This Remote host is installed with Trend Micro OfficeScan, which
is prone to Buffer Overflow Vulnerability.

Vulnerability Insight :

The flaw is due to error in cgiRecvFile.exe can be exploited
to cause a stack based buffer overflow by sending a specially crated
HTTP request with a long ComputerName parameter.

Impact : Remote exploitation could allow execution of arbitrary code to
cause complete compromise of system and failed attempt leads to denial
of service condition.

Impact Level : Application/System.

Affected Software/OS :
Trend Micro OfficeScan Corporate Edition version 8.0
Trend Micro OfficeScan Corporate Edition versions 7.0 and 7.3
Trend Micro Client Server Messaging Security (CSM) for SMB versions 2.x and 3.x

Fix : Partially Fixed.
Fix is available for Trend Micro OfficeScan 8.0, 7.3 and
Client Server Messaging Security (CSM) 3.6.

Apply patch Trend Micro OfficeScan Corporate Edition 8.0 from
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_Win_EN_CriticalPatch_B1361.exe
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Win_EN_CriticalPatch_B2424.exe
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3060.exe

Apply patch Trend Micro OfficeScan Corporate Edition 7.3 from
http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1367.exe

Apply patch Trend Micro Client Server Messaging Security (CSM) 3.6 from
http://www.trendmicro.com/ftp/products/patches/CSM_3.6_OSCE_7.6_Win_EN_CriticalPatch_B1195.exe

References : http://secunia.com/advisories/31342/
http://securitytracker.com/alerts/2008/Sep/1020860.html
http://www.juniper.net/security/auto/vulnerabilities/vuln31139.html

---

Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900164
Filename: secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2008-3862
BID: 31859
CVSS: 10.0
Risk factor : Critical

Summary: Check for vulnerable version of Trend Micro OfficeScan"

Overview: This host is installed with Trend Micro OfficeScan and is prone to
stack based buffer overflow vulnerability.

The vulnerability is due to boundary error in the CGI modules when
processing specially crafted HTTP request.

Impact:
Allows an attacker to execute arbitrary code, which may facilitate a complete
compromise of vulnerable system.

Impact Level: Application

Affected Software/OS:
TrendMicro OfficeScan Corporate Edition 7.3 Build prior to 1374.
TrendMicro OfficeScan Corporate Edition 8.0 Build prior to 3110.

Fix: Apply patch
Apply patch Trend Micro OfficeScan Corporate Edition 8.0 from,
http://www.trendmicro.com/ftp/products/patches/OSCE_8.0_SP1_Patch1_Win_EN_CriticalPatch_B3110.exe

Apply patch Trend Micro OfficeScan Corporate Edition 7.3 from,
http://www.trendmicro.com/ftp/products/patches/OSCE_7.3_Win_EN_CriticalPatch_B1374.exe

*****
NOTE: Ignore this warning, if above mentioned patch is already applied.
*****

References:
http://secunia.com/advisories/32005/
http://seclists.org/bugtraq/2008/Oct/0169.html
http://www.trendmicro.com/ftp/documentation/readme/OSCE_7.3_CriticalPatch_B1374_readme.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_8.0_sp1p1_CriticalPatch_B3110_readme.txt

---

Trend Micro OfficeScan Client Denial Of Service Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900634
Filename: secpod_trendmicro_officescan_dos_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2009-1435
BID: 34642
CVSS: 2.1
Risk factor : Medium

Summary: Check for the version of Trend Micro OfficeScan"

Overview:
This host is installed with Trend Micro OfficeScan Client and is prone to
Denial of Service Vulnerability.

Vulnerability Insight:
This flaw is due to an error while scanning directories as it fails to
handle nested directories with excessively long names.

Impact:
Successful exploitation will let the attacker terminate 'NTRtScan.exe' process
and temporarily disable the real time scanning protection for the system by
crafting a directory.

Impact Level: System/Application

Affected Software/OS:
Trend Micro OfficeScan 8.0 Service Pack 1

Fix: Upgrade to Trend Micro OfficeScan 10 or later,
For updates refer to http://www.trendmicro.com/download/engine.asp

References:
http://osvdb.org/53890
http://secunia.com/advisories/34737
http://www.vupen.com/english/advisories/2009/1146
http://www.securityfocus.com/archive/1/archive/1/502847/100/0/threaded

---

Trend Micro OfficeScan URL Filtering Engine Buffer Overflow Vulnerability

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900231
Filename: secpod_trendmicro_officescan_url_filt_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-0564
BID: 38083
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of Trend Micro OfficeScan"

Overview: This host has Trend Micro OfficeScan running which is prone to
Buffer Overflow vulnerability.

Vulnerability Insight:
The flaw is due to an unspecified error in the Trend Micro URL
filtering (TMUFE) engine while processing malformed data which can be
exploited to cause a buffer overflow and crash or hang the application.

Impact:
Successful exploitation lets the attackers to cause a denial of service
or execute arbitrary code via HTTP request that lacks a method token or
format string specifiers in PROPFIND request.

Impact Level: Application/System

Affected Software/OS:
Trend Micro OfficeScan 8.0 before SP1 Patch 5 - Build 3510
Trend Micro OfficeScan 10.0 before Build 1224

Fix:
Apply Critical Patch Build 1224 for Trend Micro OfficeScan v10.0, and
Patch 5 Build 3510 for Trend Micro OfficeScan v8.0 Service Pack 1,
For updates refer to http://www.trendmicro.com/Download/product.asp?productid=5

References:
http://secunia.com/advisories/38396
http://xforce.iss.net/xforce/xfdb/56097
http://www.vupen.com/english/advisories/2010/0295
http://www.trendmicro.com/ftp/documentation/readme/readme_1224.txt
http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch_5_en_readme.txt

---

Total Video Player Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900453
Filename: secpod_tvp_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Sets the KB for the version of Total Video Player"

Overview: This script detects the installed version of Total Video Player
and sets the result in KB.

---

Total Video Player TVP type Tag Handling Remote BOF Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900409
Filename: secpod_tvp_taghandling_bof_vuln_900409.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

BID: 32456
CVSS: 8.3
Risk factor : Critical

Summary: Check for vulnerable version of Total Video Player"

Overview:
This host is installed with Total Video Player and is prone to remote Buffer
Overflow vulnerability.

Vulnerability Insight:
The vulnerability is caused when the application parses a '.au' file containing
specially crafted 'TVP type' tags containing overly long strings. These can be
exploited by lack of bound checking in user supplied data before copying it to
an insufficiently sized memory buffer.

Impact:
Successful exploitation will let the attacker execute malicious arbitrary
codes and can cause denial of service.

Impact Level: Application

Affected Software/OS:
EffectMatrix Software, Total Video Player version 1.31 and prior on Windows.

Fix: No solution or patch is available as of 10th December, 2008.

References:
http://milw0rm.com/exploits/7219
http://www.juniper.net/security/auto/vulnerabilities/vuln32456.html

---

Ultra Office ActiveX Control Multiple Vulnerabilities

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900208
Filename: secpod_ultra_office_activex_control_mult_vuln_900208.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-3878
BID: 30861
CVSS: 9.3
Risk factor : Critical

Summary: Check for Vulnerable Version of Ultra Office"

Overview : This host is running Ultra Office Control, which is prone to
multiple vulnerabilities.

Vulnerability Insight :

Error exists when handling parameters received by the HttpUpload()
and Save() methods in OfficeCtrl.ocx file.

Impact : Successful exploitation will allow execution of arbitrary
code, stack-based buffer overflow, can overwrite arbitrary files
on the vulnerable system by tricking a user into visiting a
malicious website.

Impact Level : Application

Affected Software/OS :
Ultra Office Control 2.x and prior versions on Windows (All).

Fix : No solution or patch is available as of 01st September, 2008. Information
regarding this issue will be update once the solution details are available.
For updates refer to http://www.ultrashareware.com/Ultra-Office-Control.htm

Quick Fix: Set a kill bit for the CLSID's
{00989888-BB72-4E31-A7C6-5F819C24D2F7}

Refer to following link to set kill-bit,
http://support.microsoft.com/kb/240797

References : http://secunia.com/advisories/31632/
http://www.juniper.net/security/auto/vulnerabilities/vuln30861.html

---

UltraVNC Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900470
Filename: secpod_ultravnc_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set Version of UltraVNC in KB"

Overview : This script finds the installed version of UltraVNC and
saves the version in KB.

---

Vim Shell Command Injection Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900411
Filename: secpod_vim_shell_cmd_injection_vuln_win_900411.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2008-2712 CVE-2008-3074 CVE-2008-3075 CVE-2008-3076
BID: 32462
CVSS: 9.3
Risk factor : Critical

Summary: Check for vulnerable version of Vim"

Overview: This host is installed with Vim and is prone to Command Injection
Vulnerability.

Vulnerability Insight:
This error is due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim',
'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts which are insufficiently
filtering escape characters.

Impact:
Successful exploitation will let the attacker execute arbitrary shell commands
to compromise the system.

Impact Level: Application

Affected Software/OS:
Vim version prior to 7.2 on Windows.

Fix: Upgrade to version 7.2
http://www.vim.org/download.php

References:
http://secunia.com/advisories/30731/
http://www.rdancer.org/vulnerablevim-shellescape.html

---

URUWorks ViPlay Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900360
Filename: secpod_viplay_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the version of ViPlay Media Player"

Overview: This script is detects the installed version of ViPlay Media
Player and sets the result in KB.

---

Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900407
Filename: secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2008-5256
BID: 32444
CVSS: 4.4
Risk factor : Medium

Summary: Check for vulnerable version of Sun xVM VirtualBox"

Overview: This host is installed with Sun xVM VirtualBox and is prone to
Insecure Temporary Files vulnerability.

Vulnerability Insight:
Error is due to insecured handling of temporary files in the 'AcquireDaemonLock'
function in ipcdUnix.cpp. This allows local users to overwrite arbitrary
files via a symlink attack on a TMP/.vbox-$USER-ipc/lock temporary file.

Impact:
Successful exploitation will let the attacker perform malicious actions
with the escalated previleges.

Impact Level: Application

Affected Software/OS:
Sun xVM VirutalBox version prior to 2.0.6 versions on all Windows platforms.

Fix:
Upgrade to the latest version 2.0.6 or above.
http://www.virtualbox.org/wiki/Downloads

References:
http://secunia.com/Advisories/32851

---

VLC Media Player Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900528
Filename: secpod_vlc_media_player_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set KB for the version of VLC Media Player"

Overview: This script detects the installed version of VLC Media Player
and sets the result in KB.

---

VLC Media Player TTA Processing Integer Overflow Vulnerability

Copyright 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900112
Filename: secpod_vlc_media_player_intgr_overflow_vuln_900112.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-3732
BID: 30718
CVSS: 9.3
Risk factor : Critical

Summary: Check for vulnerable version of VLC Media Player"

Overview : The host is running VLC Media Player, which is prone to a integer
overflow vulnerability.

Vulnerability Insight :

The flaw is due to an overflow error when processing TTA data in Open()
method in modules/demux/tta.c file.

Impact : Remote exploitation will cause application to crash or allow
execution of arbitrary code or deny the service.

Impact Level : Application

Affected Software/OS :
VLC Media Player version 0.8.6i and prior on Windows (All).

Fix : Upgrade to VLC Media Player version 1.0 or later,
For updates refer to http://www.videolan.org/

References :
http://www.orange-bat.com/adv/2008/adv.08.16.txt
http://www.frsirt.com/english/advisories/2008/2394

---

VUPlayer Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900191
Filename: secpod_vuplayer_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set the KB for the version of VUPlayer"

Overview: This script detect the installed version of VUPlayer and set the
result in KB.

---

Microsoft Windows NSlookup.exe Remote Code Execution Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900108
Filename: secpod_win_nslookup_remote_code_exe_vuln_900108.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2008-3648
BID: 30636
CVSS: 9.3
Risk factor : Critical

Summary: Check for vulnerable version of Microsoft Windows"

Overview : The host is running Windows XP SP2, which prone to remote code
execution vulnerability.

Vulnerability Insight :

The flaw is due to an unspecified error in 'NSlookup.exe' file,
which could be exploited by attackers.

Impact : Successfull exploitation causes remote code execution, and
Denial-of-Service.

Impact Level : System

Affected Software/OS :
Microsoft Windows 2K and XP.

Fix : No solution or patch is available as of 14th August, 2008. Information
regarding this issue will be updated soon once the details are available.
For update refer, http://www.microsoft.com/en/us/default.aspx

References :
http://www.securityfocus.com/bid/30636/solution
http://www.nullcode.com.ar/ncs/crash/nsloo.htm

---

Winamp Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900196
Filename: secpod_winamp_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Sets the KB for the version of Winamp"

Overview: This script detects the installed version of Winamp and sets the
version in KB.

---

WinAsm Studio Buffer Overflow Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900532
Filename: secpod_winasm_studio_wap_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2009-1040
BID: 34132
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of WinAsm Studio"

Overview: This host is running WinAsm Studio and is prone to Heap Overflow
Vulnerability.

Vulnerability Insight:
Improper boundary checking while handling project files which leads to
heap overflow while processing crafted '.wap' files.

Impact:
Successful exploitation will let the attacker execute arbitrary codes in
the context of the application to cause heap overflow.

Impact level: System/Application

Affected Software/OS:
WinAsm Studio version 5.1.5.0 and prior.

Fix: No solution or patch is available as of 26th March, 2009. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.winasm.net

References:
http://secunia.com/advisories/34309
http://www.milw0rm.com/exploits/8224
http://xforce.iss.net/xforce/xfdb/49266

---

WinFTP Server PASV Command Denial of Service Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900450
Filename: secpod_winftp_server_dos_vuln.nasl
Dependencies: find_service.nes - secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-5666
BID: 31686
CVSS: 3.5
Risk factor : Medium

Summary: Check for the version of Win FTP Server"

Overview: This host is running WinFTP Server and is prone to Denial of
Service Vulnerability.

Vulnerability Insight:
The flaw is due to an error when handling the PASV and NLST commands. These can
be exploited through sending multiple login request ending with PASV command.

Impact:
Successful exploitation will let the user crash the application to cause
denial of service.

Affected Software/OS:
Win FTP Server version 2.3.0 or prior.

Fix:
Solution/Patch not available as on 19th December 2008. For updates
refer, http://www.wftpserver.com/wftpserver.htm

References:
http://secunia.com/advisories/32209
http://www.milw0rm.com/exploits/6717

---

Qbik WinGate Version Detection    ->

Copyright (C) 2009 SecPOd
OID: 1.3.6.1.4.1.25623.1.0.900324
Filename: secpod_wingate_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set KB for the version of WinGate"

Overview: This script detects the version of WinGate and sets the
result in KB.

---

WinGate IMAP Server Buffer Overflow Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900201
Filename: secpod_wingate_imap_dos_vuln_900201.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-3606
BID: 30606
CVSS: 6.5
Risk factor : High

Summary: Check for the version of WinGate"

Overview : This host is running Qbik WinGate, which is prone to Denial of
Service Vulnerability.

Vulnerability Insight :
The vulnerability is due to a boundary error in the processing
of IMAP commands. This can be exploited by issuing an IMAP LIST command
with an overly long argument.

Impact : Exploiting this issue will consume computer resources and deny
access to legitimate users or to potentially compromise a vulnerable
system or may allow execution of arbitrary code.

Impact Level : Application

Affected Software/OS :
WinGate 6.2.2 and prior versions on Windows (All).

Fix : No solution or patch is available as of 14th August, 2008. Information
regarding this issue will update once the solution details are available.
For updates refer to http://www.wingate.com/download/wingate/download.php

References : http://secunia.com/advisories/31442/
http://www.securityfocus.com/archive/1/495264

---

WinRAR Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.901021
Filename: secpod_winrar_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set version of WinRAR in KB"

Overview : This script finds the installed WinRAR and saves the
version in KB.

---

Wireshark Multiple Vulnerabilities - July08 (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900010
Filename: secpod_wireshark_mult_vuln_july08_win_900010.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2008-1561 CVE-2008-1562 CVE-2008-1563
BID: 28485
CVSS: 5.0
Risk factor : Medium

Summary: Check for vulnerable version of Wireshark/Ethereal"

Overview : The host is running Wireshark/Ethereal, which is prone to multiple
vulnerabilities.

Vulnerability Insight:

The flaws exists due to errors in GSM SMS dissector, PANA and KISMET
dissectors, RTMPT dissector, RMI dissector, and in syslog dissector.

Impact : Successful exploitation could result in application crash,
disclose of system memory, and an incomplete syslog encapsulated
packets.

Impact Level : SYSTEM

Affected Software/OS :
Wireshark versions prior to 1.0.1 on Windows (All).

Quick Fix : Disable the following dissectors,
GSM SMS, PANA, KISMET, RTMPT, and RMI

Fix: Upgrade to wireshark to 1.0.1 or later.
http://www.wireshark.org/download.html

---

Wireshark Multiple Vulnerabilities - Sept-08 (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900212
Filename: secpod_wireshark_mult_vuln_sept08_win_900212.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-3146 CVE-2008-3932 CVE-2008-3933
BID: 31009
CVSS: 10.0
Risk factor : Critical

Summary: Check for vulnerable version of Wireshark/Ethereal"

Impact : Successful exploitation could result in denial of service
condition or application crash by injecting a series of malformed
packets or by convincing the victim to read a malformed packet.

Impact Level : Application

Affected Software/OS :
Wireshark versions 1.0.2 and prior on Windows (All).

Fix : Upgrade to wireshark 1.0.3 or later.
http://www.wireshark.org/download.html

References : http://secunia.com/advisories/31674
http://www.frsirt.com/english/advisories/2008/2493
http://www.wireshark.org/security/wnpa-sec-2008-05.html

---

Iswitch WS-FTP Client Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.902170
Filename: secpod_ws_ftp_client_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set version of WS-FTP Client in KB"

Overview : This script finds the installed WS-FTPP Client version and saves
the result in KB item.

---

Ipswitch WS FTP Client Format String Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900206
Filename: secpod_wsftp_client_format_string_vuln_900206.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-3734
BID: 30720
CVSS: 9.3
Risk factor : Critical

Summary: Check for WS FTP Client version"

Overview : This host is running WS FTP Client, which is prone to Format String
Vulnerability.

Vulnerability Insight :

Issue is due to a format string error when processing responses
of the FTP server.

Impact : Successful exploitation will allow execution of arbitrary code
on the vulnerable system or cause the application to crash by tricking
a user into connecting to a malicious ftp server.

Impact Level : Application

Affected Software/OS :
Ipswitch WS FTP Home/Professional 2007 and prior versions.

Fix : Upgrade to Ipswitch WS FTP Home/Professional version 12 or later,
For updates refer to http://www.ipswitchft.com/products/

References :
http://secunia.com/advisories/31504/
http://xforce.iss.net/xforce/xfdb/44512

---

Xilisoft Video Converter Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900629
Filename: secpod_xilisoft_video_conv_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB for the version of Xilisoft Video Converter"

Overview: The script will detects the Xilisoft Video Converter installed
on this host and sets the version in KB.

---

XnView Version Detection    ->

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900751
Filename: secpod_xnview_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the version of XnView"

Overview: This script detects the installed version of XnView and
sets the result in KB.

---

ZoneAlarm Internet Security Suite Buffer Overflow Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900126
Filename: secpod_zonealarm_net_sec_suite_bof_vuln_900126.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2008-7009
BID: 31124
CVSS: 6.9
Risk factor : High

Summary: Check for vulnerable version of ZoneAlarm Internet Security Suite"

Overview : The host has ZoneAlarm Internet Security Suite installed, which
is prone to buffer overflow vulnerability.

Vulnerability Insight :

The vulnerability is due to inadequate boundary checks on
user-supplied input in multiscan.exe file when performing virus scans
on long paths or file names. This can be exploited by tricking into
scanning malicious directory or file names.

Impact : Exploitation could allow attackers to execute arbitrary code
on the affected system or cause denial of service.

Impact Level : Application

Affected Software/OS :
ZoneAlarm Internet Security Suite 8.x and prior on Windows (All).

Fix : Upgrade to ZoneAlarm Internet Security Suite 9 or later.
For updates refer to
http://www.zonealarm.com/store/content/dotzone/freeDownloads.jsp

References :
http://secunia.com/advisories/31832/
http://www.securityfocus.com/archive/1/496226
http://www.frsirt.com/english/advisories/2008/2556

---

SecureCRT SSH1 protocol version string overflow

This script is Copyright (C) 2004 David Maciejak
OID: 1.3.6.1.4.1.25623.1.0.15822
Filename: securecrt_remote_overflow.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2002-1059
BID: 5287
CVSS: 7.5
Risk factor : High

Summary: Determines the version of SecureCRT"

The remote host is using a vulnerable version of SecureCRT, a
SSH/Telnet client built for Microsoft Windows operation systems.

It has been reported that SecureCRT contain a remote buffer overflow
allowing an SSH server to execute arbitrary command via a specially
long SSH1 protocol version string.

Solution : Upgrade to SecureCRT 3.2.2, 3.3.4, 3.4.6, 4.1 or newer

---

Novell eDirectory Multiple Vulnerabilities (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900209
Filename: secpod_novell_edir_mult_vuln_win_900209.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

BID: 30947
CVSS: 9.3
Risk factor : Critical

Summary: Check for Novell eDirectory version"

Overview : This host is running Novell eDirectory, which is prone to XSS,
Denial of Service, and Remote Code Execution Vulnerabilities.

Vulnerability Insight :

Multiple flaw are due to,
- errors in HTTP Protocol Stack that can be exploited to cause heap
based buffer overflow via a specially crafted language/content-length
headers.
- input passed via unspecified parameters to the HTTP Protocol Stack is
not properly sanitzed before being returned to the user.
- Multiple unknown error exist in LDAP and NDS services.

Impact : Successful Remote exploitation will allow execution of
arbitrary code, heap-based buffer overflow, Cross Site Scripting
attacks, or cause memory corruption.

Impact Level : System

Affected Software/OS :
Novell eDirectory 8.8 SP2 and prior versions on Windows 2000/2003.

Fix : Apply 8.8 Service Pack 3.
http://download.novell.com/Download?buildid=RH_B5b3M6EQ~

References : http://secunia.com/advisories/31684
http://securitytracker.com/alerts/2008/Aug/1020788.html
http://securitytracker.com/alerts/2008/Aug/1020787.html
http://securitytracker.com/alerts/2008/Aug/1020786.html
http://securitytracker.com/alerts/2008/Aug/1020785.html

---

Novell iPrint Client ActiveX Control Buffer Overflow Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900852
Filename: secpod_novell_iprint_client_actvx_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2009-3176
BID: 36231
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Novell iPrint Client"

Overview: This host has Novell iPrint Client installed and is prone to Buffer
Overflow vulnerability.

Vulnerability Insight:
The flaw is due to an unspecified buffer-overflow errors, because the
application fails to perform boundary checks on user-supplied data.

Impact:
Successful exploits allow remote attackers to execute arbitrary code in the
context of the application using the ActiveX control (typically Internet
Explorer). Failed exploit attempts will likely result in denial-of-service
conditions.

Impact Level: System/Application

Affected Software/OS:
Novell iPrint Client version 4.38 and prior on Windows.

Fix: Upgrade to Novell iPrint Client version 5.40 or later,
For updates refer to http://download.novell.com/index.jsp

References:
http://intevydis.com/vd-list.shtml
http://secunia.com/advisories/36579/

---

Novell iPrint Client ActiveX Control Multiple Vulnerabilities

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900040
Filename: secpod_novell_iprint_client_actvx_mult_vuln_900040.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2008-2431 CVE-2008-2432
BID: 30813
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable version of Novell iPrint"

Overview : This host has Novell iPrint Client installed, which is prone
to activex control vulnerabilities.

Vulnerability Insight :

The flaws are due to,
- boundary errors in ienipp.ocx file when processing GetDriverFile(),
GetFileList(), ExecuteRequest(), UploadPrinterDriver(),
UploadResource(), UploadResource(), UploadResourceToRMS(),
GetServerVersion(), GetResourceList(), or DeleteResource() methods.
- a boundary error in nipplib.dll when processing IppGetDriverSettings()
while creating a server reference or interpreting a URI.
- an error in the GetFileList() method returns a list of images
(eg., .jpg, .jpeg, .gif, and .bmp) in a directory specified as
argument to the method.

Impact : Remote exploitation could allow execution of arbitrary code to
cause the server to crash or denying the access to legitimate users.

Impact Level : Application

Affected Software/OS :
Novell iPrint Client version 4.36 and prior on Windows (All).

Affected Platform : Windows (Any).

Fix: Upgrade to Novell iPrint Client version 5.40 or later,
For updates refer to http://download.novell.com/index.jsp

References : http://www.frsirt.com/english/advisories/2008/2429

---

Novell Multiple Products Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900340
Filename: secpod_novell_prdts_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the Version of Novell Products"

Overview : This script detects the installed version of Novell Products
and sets the result in KB.

---

MS Office Products Version Detection    ->

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900032
Filename: secpod_office_products_version_900032.nasl
Dependencies: secpod_reg_enum.nasl - secpod_ms_office_detection_900025.nasl

Family: Windows

Risk factor : None

Summary: Determines the version of Microsoft Office products"

Overview : Retrieve the version of MS Office products from file and
sets KB.

---

OpenOffice rtl_allocateMemory() Remote Code Execution Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900042
Filename: secpod_openoffice_code_exec_vuln_win_900042.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2008-3282
BID: 30866
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable version of OpenOffice.org"

Overview : This host has OpenOffice.Org installed, which is prone to remote
code execution vulnerability.

Vulnerability Insight :

The issue is due to a numeric truncation error within the rtl_allocateMemory()
method in alloc_global.c file.

Impact : Attackers can cause an out of bounds array access by tricking a
user into opening a malicious document, also allow execution of arbitrary
code.

Impact Level : System

Affected Software/OS :
OpenOffice.org 2.4.1 and prior on Windows.

Fix : Upgrade to OpenOffice.org Version 3.2.0 or later,
For updates refer to http://download.openoffice.org/index.html

References : http://secunia.com/advisories/31640/
http://www.frsirt.com/english/advisories/2008/2449

---

OpenOffice Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900072
Filename: secpod_openoffice_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set the KB for the version of OpenOffice"

Overview: The script detects the version of OpenOffice and sets the
result in KB.

---

Opera Version Detection for Windows    ->

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900036
Filename: secpod_opera_detection_win_900036.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set file version of Opera in KB"

Overview : This script finds the Opera Web browser installed version on
windows through the Opera.exe file and saves the version in KB.

---

Opera Web Browser Multiple Security Vulnerabilities Aug-08 (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900038
Filename: secpod_opera_mult_vuln_aug08_win_900038.nasl
Dependencies: secpod_reg_enum.nasl - secpod_opera_detection_win_900036.nasl

Family: General

CVE: CVE-2008-4195
BID: 30768
CVSS: 5.0
Risk factor : Medium

Summary: Check for Opera Web Browser Version"

Overview : The remote host is running Opera Web Browser, which is prone
to multiple vulnerabilities.

Vulnerability Insight :

Multiple vulnerabilities exists in Opera Browser,
- Sites can change framed content on other sites
- Startup crash can allow execution of arbitrary code
- Custom shortcuts can pass the wrong parameters to applications
- Insecure pages can show incorrect security information
- Feed links can link to local files
- Feed subscription can cause the wrong page address to be displayed

Impact : Remote exploitation will allow browser to crash, can potentially
execute arbitrary code, cross site scripting attacks, and can even change
the address field to the address of the malicious web page to mislead a user.

Impact Level : Application

Affected Software/OS :
Opera Version 9.51 and prior versions on Windows (All)

Fix : Upgrade to Opera version 9.52,
http://www.opera.com/download/

References :
http://www.opera.com/support/search/view/892/
http://www.opera.com/support/search/view/893/
http://www.opera.com/support/search/view/894/
http://www.opera.com/support/search/view/895/
http://www.opera.com/support/search/view/896/
http://www.opera.com/support/search/view/897/
http://www.opera.com/docs/changelogs/windows/952/

---

Orbit Downloader File Deletion ActiveX Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900489
Filename: secpod_orbit_downloader_activex_ctrl_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows

CVE: CVE-2009-1064
BID: 34200
CVSS: 5.8
Risk factor : High

Summary: Check for the 'Orbitmxt.dll' Version and Killbit"

Overview: This host is installed with Orbit Downloader and is prone to
File Deletion ActiveX Vulnerability.

Vulnerability Insight:
Bug in the 'download()' function method which lets the attacker to delete
arbitrary files in the victim's computer.

Impact:
Successful exploitation will let the attacker execute arbitrary codes in a
crafted webpage and trick the victim to visit the malicious link which lets
the attacker execute the vulnerable code into the context of the affected
remote system.

Impact Level: Application

Affected Software/OS:
Orbit Downloader 'Orbitmxt.dll' version 2.1.0.2 and prior.

Workaround:
Set the Killbit for the vulnerable CLSID {3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
http://support.microsoft.com/kb/240797

Fix: Upgrade to Orbit Downloader Version 3.0 or later,
For updates refer tohttp://www.orbitdownloader.com

References:
http://www.milw0rm.com/exploits/8257
http://xforce.iss.net/xforce/xfdb/49353

---

Orbital Viewer File Processing Buffer Overflow Vulnerabilities

Copyright (C) 2010 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900755
Filename: secpod_orbital_viewer_mult_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2010-0688
BID: 38436
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Orbital Viewer"

Overview: This host has Orbital Viewer installed and is prone to buffer
overflow vulnerabilities.

Vulnerabilities Insight:
The flaw is due to error within the processing of '.orb' and '.ov' files,
which can be exploited to cause a stack-based buffer overflow when a user is
tricked into opening a specially crafted '.orb' or '.ov' file.

Impact:
Successful exploitation will allow attackers to cause buffer overflow
and execute arbitrary code on the system by tricking a user into opening
a malicious file or cause the affected application to crash.

Impact Level: Application

Affected Software/OS:
Orbital Viewer version 1.04

Fix: No solution or patch is available as of 24th March, 2010. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.orbitals.com/orb/index.html

References:
http://www.osvdb.org/62580
http://secunia.com/advisories/38720
http://www.vupen.com/english/advisories/2010/0478
http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-011-orbital-viewer-orb-buffer-overflow/

---

Personal FTP Server RETR Command Remote Denial of Service Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900127
Filename: secpod_personal_ftp_server_dos_vuln_900127.nasl
Dependencies: secpod_reg_enum.nasl - find_service.nes

Family: Denial of Service

CVE: CVE-2008-4136
BID: 31173
CVSS: 5.0
Risk factor : Medium

Summary: Check for vulnerable version of Personal FTP Server"

Overview : The host is running Personal FTP Server, which is prone to denial
of service vulnerability.

Vulnerability Insight :

This issue is due to an error when handling the RETR command.

Impact : Successful exploitation will deny the service by sending
multiple RETR commands with an arbitrary argument.

Impact Level : Application

Affected Software/OS :
Michael Roth Personal FTP Server 6.0f and prior on Windows (all).

Fix : No solution or patch is available as of 16th September, 2008. Information
regarding this issue will be updated once the solution details are available.
For updates check, http://www.michael-roth-software.de/new/Produkte.html

References : http://shinnok.evonet.ro/vulns_html/pftp.html
http://downloads.securityfocus.com/vulnerabilities/exploits/31173.c

---

Pidgin Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900662
Filename: secpod_pidgin_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB for the version of Pidgin"

Overview: This script detects the installed version Pidgin and sets
the result in KB.

---

Pidgin MSN SLP Message Integer Overflow Vulnerabilities (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900008
Filename: secpod_pidgin_intgr_overflow_win_900008.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

CVE: CVE-2008-2927
BID: 29956
CVSS: 6.8
Risk factor : High

Summary: Check for vulnerable version of Pidgin"

Overview : The host is running Pidgin, which is prone to integer
overflow vulnerability.

Vulnerability Insight:

The flaw is due to errors in the msn_slplink_process_msg
function in libpurple/protocols/msnp9/slplink.c and
libpurple/protocols/msn/slplink.c files, which fails to perform
adequate boundary checks on user-supplied data.

Impact : Remote attacker can execute arbitrary code by sending
specially crafted SLP message with the privilege of a user.

Impact Level : SYSTEM

Affected Software/OS:
- Pidgin Version prior to 2.4.3 on Windows (All).

Fix : Upgrade to Pidgin Version 2.4.3,
http://www.pidgin.im/download/

References : http://www.pidgin.im/news/security/?id=24

---

Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900020
Filename: secpod_pidgin_ssl_sec_bypass_vuln_win_900020.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

BID: 30553
CVSS: 7.8
Risk factor : High

Summary: Check for vulnerable version of Pidgin"

Overview : The host is running Pidgin, which is prone to Security Bypass
Vulnerability

Vulnerability Insight:

The application fails to properly validate SSL (Secure Sockets Layer)
certificate from a server.

Impact : Man-in-the-middle attacks or identity impersonation attacks are possible.

Impact Level : Network

Affected Software/OS:
Pidgin Version 2.4.3 and prior on Windows (All).

Fix : Apply the patch from,
http://developer.pidgin.im/attachment/ticket/6500/nss-cert-verify.patc h

References : http://developer.pidgin.im/ticket/6500

---

PostgreSQL Version Detection (Windows)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900479
Filename: secpod_postgresql_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set the KB for the Version of PostgreSQL"

Overview: This script detects the installed version of PostgreSQL and
saves the result in KB.

---

PowerZip Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900490
Filename: secpod_powerzip_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set Version of PowerZip in KB"

Overview : This script finds the installed version of PowerZip and
saves the version in KB.

---

PPLive Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900535
Filename: secpod_pplive_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: General

Risk factor : None

Summary: Set KB for the version of PPLive"

Overview: This script detects the installed version of PPLive and sets
the reuslt in KB.

---

PumpKIN TFTP Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900647
Filename: secpod_pumpkin_tftp_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB of PumpKIN TFTP Version"

Overview: This script is detects installed version of PumpKIN TFTP and
sets the result in KB.

---

putty Version Detection    ->

Copyright (C) 2009 SecPod.
OID: 1.3.6.1.4.1.25623.1.0.900618
Filename: secpod_putty_version.nasl
Dependencies: find_service.nes - secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB of puTTY version"

Overview: This script determines the putty version on
the remote host and sets the result in the KB.

---

Python Multiple Vulnerabilities (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900105
Filename: secpod_python_mult_vuln_win_900105.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2008-2315 CVE-2008-2316 CVE-2008-3142 CVE-2008-3143 CVE-2008-3144
BID: 30491
CVSS: 7.5
Risk factor : High

Summary: Check for vulnerable version of Pyhton"

Overview : The host is installed with Python, which is prone to multiple
vulnerabilities.

Vulnerability Insight :

The flaws exists due to integer overflow in,
- hashlib module, which can lead to an unreliable cryptographic digest
results.
- the processing of unicode strings.
- the PyOS_vsnprintf() function on architectures that do not have a
vsnprintf() function.
- the PyOS_vsnprintf() function when passing zero-length strings can
lead to memory corruption.

Impact : Successful exploitation could potentially causes attackers to
execute arbitrary code or create a denial of service condition.

Impact Level : Application

Affected Software/OS :
Python 2.5.2 and prior on Linux (All).

Fix : Fix is available in the SVN repository,
http://svn.python.org

References :
http://bugs.python.org/issue2588
http://bugs.python.org/issue2589
http://bugs.python.org/issue2620

---

RaidenFTPD Server Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900510
Filename: secpod_raidenftpd_server_detect.nasl
Dependencies: find_service.nes - secpod_reg_enum.nasl

Family: FTP

Risk factor : None

Summary: Set KB for the version of RaidenFTPD Server"

Overview: This script finds the installed version of RaidenFTPD Server
and sets the result in KB.

---

RealPlayer SWF Frame Handling Buffer Overflow Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900015
Filename: secpod_realplayer_swf_bof_vuln_900015.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2007-5400
BID: 30370
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable version of RealPlayer"

Overview : This Remote host is running with RealPlayer, which is prone to
buffer overflow vulnerability.

Vulnerability Insight :

The flaw exist due to a design error in handling/parsing of frames
in Shockwave Flash (SWF) files.

Impact : Successful exploitation could allow remote attackers to
execute arbitrary code on a user's system.

Impact Level : Application/System.

Affected Software/OS :
RealPlayer Version 10, 10.5 and 11 on Windows (All).

Fix : Upgrade to the latest version available,
http://service.real.com/realplayer/security/07252008_player/en/

References : http://secunia.com/advisories/27620/

---

Realtek Media Player Playlist Buffer Overflow Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900067
Filename: secpod_realtek_media_player_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Denial of Service

CVE: CVE-2008-5664
BID: 32860
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Realtek Media Player"

Overview: This host has Realtek Media Player installed and is prone to
buffer overflow vulnerability.

Vulnerability Insight:
The issue is due to improper bounds checking when processing
playlist files.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code to cause buffer overflow and can lead to application crash.

Impact Level: Application

Affected Software/OS:
Realtek Media Player A4.06 (5.36) and prior on Windows.

Fix: No solution or patch is available as of 26th December, 2008. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.realtek.com.tw/downloads/

References:
http://www.milw0rm.com/exploits/7492
http://xforce.iss.net/xforce/xfdb/47380

---

RealVNC vncviewer.exe Remote DoS Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900019
Filename: secpod_realvnc_dos_vuln_win_900019.nasl
Dependencies: secpod_reg_enum.nasl - find_service.nes

Family: Denial of Service

CVE: CVE-2008-3493
BID: 30499
CVSS: 5.0
Risk factor : Medium

Summary: Check for the version of RealVNC"

Overview : This host is installed with RealVNC product, which is prone to
denial of service vulnerability.

Vulnerability Insight :

The flaw is due to lack of adequate boundary check while
parsing user supplied data.

Impact : Remote attacker can cause application to crash,
denying the service, and also can execute arbitrary code.

Impact Level : Application.

Affected Software/OS :
RealVNC 4.1.2 and prior on Windows (All).

Fix : Upgrade to RealVNC Version 4.5.3 or later
For updates refer to http://www.realvnc.com/

References : http://www.securityfocus.com/bid/30499/discuss

---

RealVNC VNC Viewer Remote Code Execution Vulnerability (Win)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900162
Filename: secpod_realvnc_remote_code_exe_vuln_win_900162.nasl
Dependencies: secpod_reg_enum.nasl - find_service.nes

Family: Denial of Service

CVE: CVE-2008-4770
BID: 31832
CVSS: 10.0
Risk factor : Critical

Summary: Check for vulnerable version of RealVNC"

Overview: This host has RealVNC VNC Viewer installed and is prone to security
vulnerability.

The flaw is due to error in 'CMsgReader::readRect()' function in
common/rfb/CMsgReader.cxx processing encoding types, and is exploited by
sending specially crafted messages to the application.

Impact:
Successful exploitation will allow execution of arbitrary code when user
connects to a malicious server.

Impact Level: Application

Affected Software/OS:
RealVNC VNC Free Edition version prior to 4.1.3

Fix: Update to version 4.1.3
http://www.realvnc.com/products/download.html

References:
http://secunia.com/advisories/32317/
http://www.realvnc.com/products/free/4.1/release-notes.html

---

Serv-U File Renaming Directory Traversal and STOU DoS Vulnerabilities

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900149
Filename: secpod_rhinosoft_serv-u_dir_trav_and_dos_vuln_900149.nasl
Dependencies: secpod_reg_enum.nasl - find_service.nes

Family: Denial of Service

BID: 31563
CVSS: 7.5
Risk factor : High

Summary: Check for vulnerable version of Serv-U FTP Server"

Overview : The host is running Serv-U FTP Server, which is prone to Directory
Traversal and Denial of Service Vulnerabilities.

The flaws are due to,
- error in handling 'STOU' FTP command. It can exhaust available CPU
resources when exploited through a specially crafted argument vaule.
- input validation error in the FTP service when renaming files which can be
exploited to overwrite or rename files via directory traversal attacks.

Impact :
Successful exploitation allows an attacker to write arbitrary files to
locations outside of the application's current directory, and deny the service.

Impact Level : Application

Affected Software/OS :
RhinoSoft Serv-U FTP Server 7.3.0.0 and prior

Fix : Upgrade to RhinoSoft Serv-U FTP Server 10 or later,
For updates refer to http://www.serv-u.com/dn.asp

References :
http://milw0rm.com/exploits/6660
http://secunia.com/advisories/32150/
http://xforce.iss.net/xforce/xfdb/45653

---

RhinoSoft Serv-U SFTP Remote Denial of Service Vulnerability

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900113
Filename: secpod_rhinosoft_serv-u_sftp_dos_vuln_900113.nasl
Dependencies: secpod_reg_enum.nasl - find_service.nes

Family: Denial of Service

CVE: CVE-2008-3731
BID: 30739
CVSS: 4.0
Risk factor : Medium

Summary: Check for vulnerable version and prior of Serv-U"

Overview: The host is running RhinoSoft Serv-U SFTP, which is prone to denial
of service vulnerability.

Vulnerability Insight :

The flaw is due to an error within the logging functionality, when
creating directories via SFTP or when handling certain SFTP commands.

Impact: Remote exploitation will allow attackers to cause the server crash
or denying the service.

Impact Level : Application

Affected Software/OS :
RhinoSoft Serv-U versions prior to 7.2.0.1 on Windows (All).

Fix: Update to version 7.2.0.1.
http://www.serv-u.com/dn.asp

References:
http://www.serv-u.com/releasenotes/
http://secunia.com/advisories/31461/

---

Ruby Interpreter Version Detection (Windows)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900799
Filename: secpod_ruby_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set version of Ruby Interpreter in KB"

Overview : This script finds the installed Ruby Interpreter and saves the
version in KB.

---

SDP Downloader Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900641
Filename: secpod_sdp_downloader_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB for the Version of SDP Downloader"

Overview: This script detects the installed version of SDP Downloader
and sets the result in KB.

---

Rhinosoft Serv-U FTP Server Version Detection    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900482
Filename: secpod_servu_ftp_server_detect.nasl
Dependencies: secpod_reg_enum.nasl - find_service.nes

Family: General

Risk factor : None

Summary: Set Version of Rhinosoft Serv-U FTP Server in KB"

Overview : This script finds the installed Rhinosoft Serv-U FTP Server and
saves the version in KB.

---

SolarWinds TFTP Server Version Detection

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900930
Filename: secpod_solarwinds_tftp_server_detect.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Sets KB of SolarWinds TFTP Server Version"

Overview: This script detects installed version of SolarWinds TFTP Server
and sets the result in KB.

---

Sorinara Streaming Audio Player Stack Overflow Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900649
Filename: secpod_sorinara_audio_player_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2009-1644 CVE-2009-2568
BID: 34861 34842
CVSS: 9.3
Risk factor : Critical

Summary: Check for version of Sorinara Streaming Audio Player"

Overview: This host is running Sorinara Streaming Audio Player and is prone
to Stack Overflow Vulnerability.

Vulnerability Insight:
This vulnerability is due to an improper boundary checks when processing
playlist 'pla' and '.m3u' files.

Impact:
Successful exploitation will let the attacker execute arbitrary codes in
the context of the affected system and cause the application to crash by
overflowing the stack memory location.

Affected Software/OS:
Sorinara Streaming Audio Player version 0.9 and prior

Fix: No solution or patch is available as of 29th May, 2009. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.sorinara.com/sap/download.html

References:
http://www.milw0rm.com/exploits/8640
http://www.milw0rm.com/exploits/8625
http://xforce.iss.net/xforce/xfdb/50369
http://www.milw0rm.com/exploits/8620
http://www.milw0rm.com/exploits/8617
http://xforce.iss.net/xforce/xfdb/50339

---

Sorinara Soritong MP3 Player Stack Overflow Vulnerability

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900650
Filename: secpod_sorinara_mp3_player_bof_vuln.nasl
Dependencies: secpod_reg_enum.nasl

Family: Buffer overflow

CVE: CVE-2009-1643
BID: 34863
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Sorinara Soritong MP3 Player"

Overview: This host is running Sorinara Soritong MP3 Player and is prone to
Stack Overflow Vulnerability.

Vulnerability Insight:
This flaw is due to an improper boundary checking when processing
'.m3u' files.

Impact:
Successful exploitation will let the attacker craft a malicious m3u playlist
file and trick the user to open the application which will cause stack overflow
in the affected system and will crash the application.

Affected Software/OS:
Soritong MP3 Player version 1.0 and prior

Fix: No solution or patch is available as of 29th May, 2009. Information
regarding this issue will be updated once the solution details are available.
For updates refer to http://www.sorinara.com/soritong

References:
http://www.milw0rm.com/exploits/8624
http://xforce.iss.net/xforce/xfdb/50398

---

Sun Java Directory Server Version Detection (Win)    ->

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900492
Filename: secpod_sun_java_dir_server_detect_win.nasl
Dependencies: secpod_reg_enum.nasl

Family: Service detection

Risk factor : None

Summary: Set KB for the version of Java Directory Server"

Overview: This script detects the version of Directory Server and sets
the reuslt in KB.

---

Windows Messenger Could Allow Information Disclosure Vulnerability (955702)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900034
Filename: secpod_ms08-050_900034.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0082
BID: 30551
CVSS: 10.0
Risk factor : Critical

Summary: Check for the Hotfix and version of Winndows Messenger"

MS08-050

Overview : This host is missing a critical security update according to
Microsoft Bulletin MS08-050.

Vulnerability Insight :

Issue is in the Messenger.UIAutomation.1 ActiveX control being marked
safe-for-scripting, which allows changing state, obtain contact information
and a user's login ID.

Impact : Remote attackers can log on to a user's Messenger client as a user,
and can initiate audio and video chat sessions without user interaction.

Impact Level : Network

Affected Software/OS :
Windows Messenger 4.7 on MS Windows 2K/XP
Windows Messenger 5.1 on MS Windows 2K/XP/2003

Fix : Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

References : http://www.microsoft.com/technet/security/bulletin/ms08-050.mspx

---

Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900033
Filename: secpod_ms08-051_900033.nasl
Dependencies: secpod_reg_enum.nasl - secpod_office_products_version_900032.nasl - secpod_ms_office_detection_900025.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-0120 CVE-2008-0121 CVE-2008-1455
BID: 30552 30554 30579
CVSS: 9.3
Risk factor : Critical

Summary: Check for Microsoft PowerPoint file version"

MS08-051

Overview : This host is missing critical security update according to
Microsoft Bulletin MS08-051.

Vulnerability Insight :
Multiple flaw are due to,
- an integer overflow error when handling CString objects.
- a memory calculation error when processing malformed picture
indexes and list values.

Impact : Remote attackers could be able to corrupt memory locations via
a specially crafted PowerPoint files.

Impact Level : System

Affected Software/OS :
Microsoft PowerPoint 2002/XP/2003/2007 on Windows (All).
Microsoft PowerPoint Viewer 2003/2007 on Windows (All).

Fix : Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx

References : http://www.microsoft.com/technet/security/bulletin/ms08-051.mspx

---

Windows Media Encoder 9 Remote Code Execution Vulnerability (954156)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900044
Filename: secpod_ms08-053_900044.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-3008
BID: 31065
CVSS: 9.3
Risk factor : Critical

Summary: Check for Hotfix and version of Windows Media Encoder"

MS08-053

Overview : This host is missing a critical security update according to
Microsoft Bulletin MS08-053.

Vulnerability Insight :

The flaw is due to a boundary error in the WMEX.DLL ActiveX
control.

Impact : Remote attackers can execute arbitrary code, if a user views
a specially crafted web page, and can successfully exploit to
take complete control of an affected system to view, change, or
delete, or create new accounts with full user rights.

Impact Level : Application/System

Affected Software/OS :
Windows Media Encoder 9 on Windows 2K/XP/2003

Fix : Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

References : http://www.microsoft.com/technet/security/bulletin/ms08-053.mspx

---

Windows Media Player 11 Remote Code Execution Vulnerability (954154)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900045
Filename: secpod_ms08-054_900045.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-2253
BID: 30550
CVSS: 9.3
Risk factor : Critical

Summary: Check for Hotfix and version of Windows Media Player"

MS08-054

Overview : This host is missing a critical security update according to
Microsoft Bulletin MS08-054.

Vulnerability Insight :

The flaw is due to an error when handling sampling rates
in Windows Media Player.

Impact : Remote attackers can exploit via specially crafted audio
file stream from a server side playlist (SSPL) that could allow
arbitrary code execution when streamed from windows media server.
This allow attacker to compromise a user's system.

Impact Level : System

Affected Software/OS :
Windows Media Player 11 on Windows XP

Fix : Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx

References : http://www.microsoft.com/technet/security/bulletin/ms08-054.mspx

---

Microsoft Office Remote Code Execution Vulnerabilities (955047)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900046
Filename: secpod_ms08-055_900046.nasl
Dependencies: secpod_reg_enum.nasl - secpod_ms_office_detection_900025.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-3007
BID: 31067
CVSS: 9.3
Risk factor : Critical

Summary: Check for Microsoft Office file version"

MS08-055

Overview : This host is missing critical security update according to
Microsoft Bulletin MS08-055.

Vulnerability Insight :

The issue is due to an error in the parsing of a URI using
the onenote:// protocol handler.

Impact : Remote attackers could be able to execute arbitrary code
via a specially crafted OneNote URI referencing a specially crafted
One Note file.

Impact Level : Application

Affected Software/OS :
Microsoft Office XP/2003/2007 on Windows (All).

Fix : Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-055.mspx

References : http://www.microsoft.com/technet/security/bulletin/ms08-055.mspx

---

Cumulative Security Update for Internet Explorer (956390)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900054
Filename: secpod_ms08-058_900054.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-2947 CVE-2008-3472 CVE-2008-3473 CVE-2008-3474 CVE-2008-3475 CVE-2008-3476
BID: 29960 31615 31616 31617 31618 31654
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable version of Internet Explorer"

MS08-058

Overview: This host is missing critical security update according to
Microsoft Bulletin MS08-058.

Vulnerability Insight:
Multiple flaws are due to,
- the browser incorrectly interpreting the origin of scripts when setting the
Window location object.
- the browser incorrectly interpreting the origin of scripts when handling
certain HTML elements.
- the browser incorrectly interpreting the origin of scripts when handling
certain events.
- a memory corruption error when the browser attempts to access an object
which has not been initialized or has been deleted.
- a memory corruption error when the browser attempts to access uninitialized
memory while processing certain HTML objects.

Impact: Successful exploitation could allow attackers to execute arbitrary
code via a malicious web page and can gain access to a browser window in
another domain leading read cookies or cross domain scripting attacks.

Impact Level: System

Affected Software/OS:
Internet Explorer 5.01 & 6 on MS Windows 2000
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 and Vista

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx

References: http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx

---

Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900049
Filename: secpod_ms08-059_900049.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-3466
BID: 31620
CVSS: 10.0
Risk factor : Critical

Summary: Check for Hotfix and version of Host Integration Server"

MS08-059

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-059.

Vulnerability Insight:
The issue is due to an error in the SNA Remote Procedure Call (RPC) service.

Impact: Successful exploitation could allow local attackers to bypass the
authentication mechanism and can access administrative functionalities via
a specially crafted RPC request.

Impact Level: System

Affected Software/OS:
Microsoft Host Integration Server 2000/2004/2006 (Server) on Windows.
Microsoft Host Integration Server 2000/2004 (Client) on Windows.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-059.mspx

References: http://www.microsoft.com/technet/security/bulletin/ms08-059.mspx

---

Active Directory Could Allow Remote Code Execution Vulnerability (957280)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900050
Filename: secpod_ms08-060_900050.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4023
BID: 31609
CVSS: 10.0
Risk factor : Critical

Summary: Check for Hotfix and version of Active Directory"

MS08-060

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-060.

Vulnerability Insight:
The flaw is due to an incorrect memory allocation when processing LDAP
and LDAPS requests.

Impact: Successful exploitation could result in buffer overflow via a
specially crafted request.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2000 Server Service Pack 4 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-060.mspx

References: http://www.microsoft.com/technet/security/bulletin/ms08-060.mspx

---

Windows Kernel Elevation of Privilege Vulnerability (954211)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900051
Filename: secpod_ms08-061_900051.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-2250 CVE-2008-2251 CVE-2008-2252
BID: 31651 31652 31653
CVSS: 7.2
Risk factor : High

Summary: Check for Hotfix and version of Windows Kernel File"

MS08-061

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-061.

Vulnerability Insight:
Multiple flaws are due to,
- an error within the processing of window properties passed from
a parent to a child window when a new window is created.
- an error while processing unspecified user mode input.
- a double-free error within the handling of system calls from multiple
threads.

Impact: Successfull local exploitation could result in denial of service
condition due to memory corruption and can execute arbitrary code with
elevated privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows 2008 Server Service Pack 1 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-061.mspx

References: http://www.microsoft.com/technet/security/bulletin/ms08-061.mspx

---

Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900052
Filename: secpod_ms08-062_900052.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-1446
BID: 31682
CVSS: 9.0
Risk factor : Critical

Summary: Check for version of Internet Printing Service"

MS08-062

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-062.

Vulnerability Insight:
The flaw is due to an integer overflow error within the IPP
(Internet Printing Protocol) ISAPI extension for IIS when processing
specially crafted IPP responses.

Impact: Successful exploitation result in execution of arbitrary code by
tricking Web Server into visiting to a malicious IPP server via a specially
crafted HTTP POST request.

Impact Level: System/Application

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2003 Service Pack 2 and prior
Microsoft Windows Vista Service Pack 1 and prior
Microsoft Windows 2008 Server Service Pack 1 and prior

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-062.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-062.mspx

---

SMB Remote Code Execution Vulnerability (957095)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900053
Filename: secpod_ms08-063_900053.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4038
BID: 31647
CVSS: 10.0
Risk factor : Critical

Summary: Check for Hotfix and version of SMB"

MS08-063

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-063.

Vulnerability Insight:
The issue is due to an input validation error in the handling of
file names in the Microsoft SMB (Server Message Block) protocol.

Impact: Successful exploitation could allow remote attackers to cause
a buffer underflow.

Impact Level: System/Network

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-063.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-063.mspx
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

---

Virtual Address Descriptor Manipulation Elevation of Privilege Vulnerability (956841)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900225
Filename: secpod_ms08-064_900225.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4036
BID: 31675
CVSS: 7.2
Risk factor : High

Summary: Check for the Hotfix and version of MS08-064"

MS08-064

Overview: This host is missing important security update according to
Microsoft Bulletin MS08-064.

Vulnerability Insight:
The flaw exists due to the way that Memory Manager handles memory allocation
and Virtual Address Descriptors (VADs).

Impact: Successful exploitation could allow elevation of privilege and can
cause a memory allocation mapping error and corrupt memory on affected system.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Server 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx

References : http://www.microsoft.com/technet/security/Bulletin/MS08-064.mspx

---

Message Queuing Remote Code Execution Vulnerability (951071)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900224
Filename: secpod_ms08-065_900224.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-3479
BID: 31637
CVSS: 10.0
Risk factor : Critical

Summary: Check for the Hotfix and version of Message Queue component"

MS08-065

Overview: This host is missing important security update according to
Microsoft Bulletin MS08-065.

Vulnerability Insight:
The flaw exists due to a boundary error when parsing RPC requests to the
Message Queuing (MSMQ).

Impact: Successful exploitation could allow remote code execution by
sending a specially crafted RPC request and can take complete control
of an affected system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2000 Service Pack 4 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx

References: http://www.microsoft.com/technet/security/Bulletin/MS08-065.mspx

---

Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900223
Filename: secpod_ms08-066_900223.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-3464
BID: 31673
CVSS: 7.2
Risk factor : High

Summary: Check for the Hotfix and version of MS08-066"

MS08-066

Overview: This host is missing important security update according to
Microsoft Bulletin MS08-066.

Vulnerability Insight:
The flaw exists due to the Ancillary Function Driver (afd.sys) not properly
checking user supplied memory ranges before writing to them into location.

Impact: Successful exploitation could allow an attacker to run arbitrary
code in kernal mode with elevated privileges and take complete control of
an affected system.

Impact Level: System

Affected Software/OS:
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows Server 2003 Service Pack 2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

References: http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

---

Server Service Could Allow Remote Code Execution Vulnerability (958644)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900055
Filename: secpod_ms08-067_900055.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4250
BID: 31874
CVSS: 10.0
Risk factor : Critical

Summary: Check for Hotfix and version of Server Service"

MS08-067

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-067.

Vulnerability Insight:
Flaw is due to an error in the Server Service, that does not properly
handle specially crafted RPC requests.

Impact: Successful exploitation could allow remote attackers to take
complete control of an affected system.

Variants of Conficker worm are based on the above described vulnerability.
More details regarding the worm and means to resolve this can be found at,
http://technet.microsoft.com/en-us/security/dd452420.aspx

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows 2008 Service Pack 1 and prior.

Fix: Run Windows Update and update the listed hotfixes or download
and update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

---

Vulnerability in Server Service Could Allow Remote Code Execution (958644)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900056
Filename: secpod_ms08-067_900056.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4250
BID: 31874
CVSS: 10.0
Risk factor : Critical

Summary: Check for Remote Code Execution (Exploit)"

MS08-067

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-067.

Vulnerability Insight:
Flaw is due to an error in the Server Service, that does not properly
handle specially crafted RPC requests.

Impact: Successful exploitation could allow remote attackers to take
complete control of an affected system.

Variants of Conficker worm are based on the above described vulnerability.
More details regarding the worm and means to resolve this can be found at,
http://technet.microsoft.com/en-us/security/dd452420.aspx

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download
and update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

References:
http://secunia.com/advisories/32326
http://www.kb.cert.org/vuls/id/827267
http://xforce.iss.net/xforce/xfdb/46040
http://www.securitytracker.com/id?1021091
http://blogs.securiteam.com/index.php/archives/1150
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

---

SMB Could Allow Remote Code Execution Vulnerability (957097)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900057
Filename: secpod_ms08-068_900057.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4037
BID: 7385
CVSS: 9.3
Risk factor : Critical

Summary: Check for Hotfix and version of SMB"

MS08-068

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-068.

Vulnerability Insight:
Issue exists due to the way that Server Message Block (SMB) Protocol handles
NTLM credentials when a user connects to an attacker's SMB server.

Impact: Successful exploitation could allow attacker to replay the user's
credentials back to them and execute code in the context of the logged-on
user. They can get complete control of an affected system to view, change,
or delete data or creating new accounts with full user rights.
complete control of an affected system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows 2008 Server Service Pack 1 and prior.

Fix: Run Windows Update and update the listed hotfixes or download
and update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-068.mspx

---

Microsoft XML Core Services Remote Code Execution Vulnerability (955218)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900058
Filename: secpod_ms08-069_900058.nasl
Dependencies: secpod_reg_enum.nasl - secpod_ms_office_detection_900025.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2007-0099 CVE-2008-4029 CVE-2008-4033
BID: 21872 32204
CVSS: 9.3
Risk factor : Critical

Summary: Check for Hotfix and version of XML File"

MS08-069

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-069.

Vulnerability Insight:
The flaws are due to,
- a memory corruption error when parsing malformed XML content.
- the way MSXML handles error checks for external document type definitions
(DTDs).
- an error in the way MSXML handles transfer-encoding headers.

Impact: Successful exploitation could allow attacker to conduct cross domain
scripting attacks and read data from another domain in IE and also execute
arbitrary code by tricking a user into visiting a malicious web page.

Impact Level: System

Affected Software/OS:
Microsoft XML Core Services 3.0/4.0/5.0/6.0
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Office 2003 & 2007.
Microsoft Office Compatibility Pack for Word/Excel/PowerPoint 2007 File Formats.

Fix: Run Windows Update and update the listed hotfixes or download
and update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-069.mspx

---

Vulnerabilities in GDI Could Allow Remote Code Execution (956802)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900059
Filename: secpod_ms08-071.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-2249 CVE-2008-3465
BID: 32634 32637
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-071.

Vulnerability Insight:
The flaw is due to,
- an overflow error in GDI when processing headers in Windows Metafile (WMF)
files.
- an error in the the way the GDI handles file size parameters in WMF files.

Impact:
Successful exploitation could allow execution of arbitrary code on the remote
system and cause heap based buffer overflow via a specially crafted WMF file.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K/XP/2003/Vista/2008 Server

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-071.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-071.mspx

---

Cumulative Security Update for Internet Explorer (958215)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900062
Filename: secpod_ms08-073.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4258 CVE-2008-4259 CVE-2008-4260 CVE-2008-4261
BID: 32586 32593 32595 32596
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable 'mshtml.dll' file version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-073.

Vulnerability Insight:
The flaws are due to
- error when handling parameters passed to unspecified navigation methods.
- error when fetching a file with an overly long path from a WebDAV share.
- unspecified use-after-free error.
- a boundary error when processing an overly long filename extension
specified inside an EMBED tag.

Impact:
Successful exploitation could result in stack based buffer overflow by
sending overly long specially crafted file via web page to corrupt heap
memory.

Impact Level: System/Application

Affected Software/OS:
Internet Explorer 7 on MS Windows Vista
Internet Explorer 6 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows 2008 Server
Internet Explorer 5.01 and 6 on MS Windows 2000

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://technet.microsoft.com/en-us/security/bulletin/MS08-073

References:
http://technet.microsoft.com/en-us/security/bulletin/MS08-073

---

Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900060
Filename: secpod_ms08-076.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-3009 CVE-2008-3010
BID: 32653 32654
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-076.

Vulnerability Insight:
The flaws are due to
- an error within the Service Principal Name (SPN) implementation when
handling NTLM credentials.
- an error when handling ISATAP URLs.

Impact:
Successful exploitation could allow attackers to disclose NTLM credentials
to gain access with the privileges of a target user via replay attacks.

Impact Level: System

Affected Software/OS: Microsoft Windows 2K/XP/2003

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx

---

Vulnerability in Microsoft Office SharePoint Server Could Cause Elevation of Privilege (957175)

Copyright (C) 2008 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900064
Filename: secpod_ms08-077.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4032
BID: 32638
CVSS: 7.5
Risk factor : High

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS08-077.

Vulnerability Insight:
The flaw is due to SharePoint Server does not properly restrict
access to administrative portions of the application.

Impact:
Successful attack result in bypassing certain security restrictions by using
web browser to directly access the vulnerable administrative functionality.

Impact Level: Application

Affected Software/OS:
Microsoft Search Server 2008
Microsoft Office SharePoint Server

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms08-077.mspx

---

Vulnerabilities in SMB Could Allow Remote Code Execution (958687)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900069
Filename: secpod_ms09-001.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-4114 CVE-2008-4834 CVE-2008-4835
BID: 31179
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-001.

Vulnerability Insight:
The issue is due to the way Server Message Block (SMB) Protocol software
handles specially crafted SMB packets.

Impact: Successful exploitation could allow remote unauthenticated attackers
to cause denying the service by sending a specially crafted network message
to a system running the server service.

Impact Level: System/Network

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.

Fix: Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

References:
http://www.milw0rm.com/exploits/6463
http://www.microsoft.com/technet/security/bulletin/ms09-001.mspx

---

Cumulative Security Update for Internet Explorer (961260)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900078
Filename: secpod_ms09-002.nasl
Dependencies: secpod_reg_enum.nasl - gb_ms_ie_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0075 CVE-2009-0076
BID: 33627 33628
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-002.

Vulnerability Insight:
- An error occurs when IE browser tries to use a previously deleted object
related to CFunctionPointer.
- An error exists when XHTML strict mode is used in the zoom style directive
in conjunction with other directives within the Cascading Style Sheets (CSS)
stylesheet in a crafted HTML document.

Impact:
Successful exploitation results in memory corruption by executing
arbitrary code when user visits a specially crafted web page.

Impact Level: System

Affected Software/OS:
Internet Explorer 7/8 on MS Windows 2003 and XP
Internet Explorer 7 on MS Windows vista SP1 and prior
Internet Explorer 7 on MS Windows 2008 server SP1 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://technet.microsoft.com/en-us/security/bulletin/MS09-002

References:
http://technet.microsoft.com/en-us/security/bulletin/MS09-002

---

Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900079
Filename: secpod_ms09-003.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0098 CVE-2009-0099
BID: 33134 33136
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-003.

Vulnerability Insight:
- Error exists within the decoding of Transport Neutral Encapsulation
Format (TNEF) data that causes memory corruption when a user opens or
previews a specially crafted e-mail message sent in TNEF format.
- Error exists within the processing of MAPI commands in the EMSMDB2.

Impact:
Successful exploitation allows remote arbitrary code execution sending
a specially crafted MAPI command using the EMSMDB32 provider.

Impact Level: System

Affected Software/OS:
Microsoft Exchange Server 2000/2003/2007 on Windows Servers

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-003.mspx

---

Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (957634)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900080
Filename: secpod_ms09-005.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0095 CVE-2009-0096 CVE-2009-0097
BID: 33659 33660 33661
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-005.

Vulnerability Insight:
- Error exists when parsing object data during opening of Visio files.
- Pop-Up error while copying object data in memory.
- Error while handling of memory when opening Visio files.

Impact:
Successful exploitation could lead to memory corruption by sending
a specially crafted Visio file.

Impact Level: System

Affected Software/OS:
Microsoft Office Visio 2002/2003/2007 on Windows

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-005.mspx

References:
http://support.microsoft.com/kb/957634
http://technet.microsoft.com/en-us/security/bulletin/MS09-005

---

Vulnerabilities in Windows Kernel Could Allow Remote Code Execution (958690)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900086
Filename: secpod_ms09-006.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0081 CVE-2009-0082 CVE-2009-0083
BID: 34012 34025 34027
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-006.

Vulnerability Insight:
- Input validation error when passing input from user-mode through the
kernel component of GDI. e.g. tricking a user into viewing a specially
crafted Enhanced MetaFile (EMF) or Windows MetaFile (WMF) image file
hosted on a malicious website.
- Error in the kernel when validating handles and while handling certain
invalid pointers.

Impact:
Successful exploitation may lead users to run arbitrary code with escalated
privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx

---

Vulnerability in SChannel Could Allow Spoofing (960225)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900087
Filename: secpod_ms09-007.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0085
BID: 34015
CVSS: 7.1
Risk factor : High

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-007.

Vulnerability Insight:
Spoofing flaw exists in the Microsoft Windows SChannel (Secure Channel)
authentication component when using certificate based authentication.

Impact:
Attacker who successfully exploited would be able to authenticate to a
server using only an authorized user's digital certificate and without
the associated private key.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-007.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-007.mspx

---

Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900088
Filename: secpod_ms09-008.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0233 CVE-2009-0234 CVE-2009-0093 CVE-2009-0094
BID: 33982 33988 33989 34013
CVSS: 6.4
Risk factor : High

Summary: Check for the vulnerable File Version"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-008.

Vulnerability Insight:
- Error in the Windows DNS server may cause it to not properly reuse cached
responses.
- Error in the Windows DNS server may cause it to not properly cache
responses to specifially crafted DNS queries.
- Failure in access validation to restrict access when defining WPAD and
ISATAP entries.

Impact:
Successful exploitation could allow attacker to execute specially crafted
DNS queries to poison the DNS cache and can redirect traffic by registering
WPAD or ISATP in the WINS database pointing to any desired IP address.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Server Service Pack 4 and prior.
Microsoft Windows 2003 Server Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-008.mspx

---

Microsoft DirectShow Remote Code Execution Vulnerability (961373)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900093
Filename: secpod_ms09-011.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0084
BID: 34460
CVSS: 9.3
Risk factor : Critical

Summary: Check for the version of Directx and Hotfix"

Overview: This host has critical security update missing according to
Microsoft Bulletin MS09-011.

Vulnerability Insight:
DirectX application throws an an error when decompressing MJPEG content,
and can be exploited via a specially crafted MJPEG file.

Impact:
Successful exploitation on remote vulnerable system allow arbitrary code
execution and can potentially compromise a user's system.

Impact Level: System

Affected Software/OS:
DirectX 8.1 and 9.0 on Microsoft Windows 2000
DirectX 9.0 on Microsoft Windows XP and 2003

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-011.mspx

---

Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900094
Filename: secpod_ms09-012.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-1436 CVE-2009-0078 CVE-2009-0079 CVE-2009-0080
BID: 28833 34442 34443 34444
CVSS: 9.0
Risk factor : Critical

Summary: Check for the vulnerable File Version and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-012.

Vulnerability Insight:
- Microsoft Distributed Transaction Coordinator (MSDTC) transaction facility
allowing the NetworkService token to be obtained and used when making an
RPC call.
- Windows Management Instrumentation (WMI) provider improperly isolating
processes that run under the NetworkService or LocalService accounts.
- RPCSS service improperly isolating processes that run under the
NetworkService or LocalService accounts.
- Windows placing incorrect access control lists (ACLs) on threads in the
current ThreadPool.

Impact:
Successful exploitation could allow attackers to execute arbitrary code by
gaining elevated privileges.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx

References:
http://support.microsoft.com/kb/959454
http://www.microsoft.com/technet/security/bulletin/ms09-012.mspx

---

Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900092
Filename: secpod_ms09-013.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0086 CVE-2009-0089 CVE-2009-0550
BID: 34435 34437 34439
CVSS: 10.0
Risk factor : Critical

Summary: Check for the vulnerable File Version and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-013.

Vulnerability Insight:
- Integer underflow error in Windows HTTP Services allow to execute arbitrary
code via a specially crafted parameter returned by a malicious web server.
- Error in Windows HTTP Services while validating the distinguished name
of a certificate can leads to spoof a valid certificate.
Successful exploitation requires the ability to perform DNS spoofing attacks.
- Error in Windows HTTP Services reflect NTLM credentials and execute arbitrary
code by tricking a user into connecting to a malicious web server.

Impact:
Attacker who successfully exploited could allow malicious people to conduct
spoofing attacks and compromise a user's system.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-013.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-013.mspx

---

Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900533
Filename: secpod_ms09-015.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2008-2540
BID: 29445
CVSS: 9.3
Risk factor : Critical

Summary: Check for the vulnerable File Version and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-015.

Vulnerability Insight:
The flaw is due to an error in the way SearchPath function in
Windows locates and opens files on the system.

Impact:
Remote attackers could execute arbitrary code by convincing a user to
download a crafted file to a specific location, and then open an
application that loads the file.

Impact Level: System

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2003 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1 and prior.
Microsoft Windows Server 2008 Service Pack 1 and prior.

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://technet.microsoft.com/en-us/security/bulletin/ms09-015

References:
http://support.microsoft.com/kb/959426
http://technet.microsoft.com/en-us/security/bulletin/ms09-015

---

Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerability (961759)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900095
Filename: secpod_ms09-016.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-0077 CVE-2009-0237
BID: 34414 34416
CVSS: 5.0
Risk factor : Medium

Summary: Check for the vulnerable File Version and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-016.

Vulnerability Insight:
- Pop error in the firewall engine when handling the session state for
Web proxy or Web publishing listeners.
- An input validation error in the HTML forms authentication component
(cookieauth.dll).

Impact:
Exploitation could allow remote user's to cause a web listener to stop
responding to new requests and can also conduct cross site attacks.

Impact Level: System/Network.

Affected Software/OS:
Microsoft Internet Security and Acceleration Server 2004 (Ent and Std).
Microsoft Internet Security and Acceleration Server 2006 and with SP1.
Microsoft Internet Security and Acceleration Server 2006 with Update

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link,
http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx

References:
http://www.microsoft.com/technet/security/bulletin/ms09-016.mspx

---

Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900566
Filename: secpod_ms09-018.nasl
Dependencies: secpod_reg_enum.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-1138 CVE-2009-1139
BID: 35226 35225
CVSS: 10.0
Risk factor : Critical

Summary: Check for the version of Adamdsa.dll and Ntdsa.dll file"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-018.

Vulnerability Insight:
The flaw is due to
- Incorrect freeing of memory when processing specially crafted LDAP or
LDAPS requests.
- Improperly memory management while executing LDAP or LDAPS requests
that contain specific OID filters.

Impact:
Remote attackers could execute arbitrary code on the affected system thus
taking complete control of that system and may cause denial od service.

Impact Level: System/Application.

Affected Software/OS:
Microsoft Windows 2K Service Pack 4 and prior
Microsoft Windows XP Service Pack 3 and prior
Microsoft Windows 2K3 Service Pack 2 and prior

Fix:
Run Windows Update and update the listed hotfixes or download and
update mentioned hotfixes in the advisory from the below link.
http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx

References:
http://secunia.com/advisories/35355
http://support.microsoft.com/kb/971055
http://www.microsoft.com/technet/security/bulletin/ms09-018.mspx

---

Microsoft IIS Security Bypass Vulnerability (970483)

Copyright (C) 2009 SecPod
OID: 1.3.6.1.4.1.25623.1.0.900567
Filename: secpod_ms09-020.nasl
Dependencies: secpod_reg_enum.nasl - secpod_ms_iis_detect.nasl

Family: Windows : Microsoft Bulletins

CVE: CVE-2009-1122 CVE-2009-1535
BID: 34993 35232
CVSS: 7.6
Risk factor : High

Summary: Check for the vulnerable file version and Hotfix"

Overview: This host is missing a critical security update according to
Microsoft Bulletin MS09-020.

Vulnerability Insight:
The flaw is due to,
- WebDAV extension does not properly decode requested URLs, which could
cause an incorrect configuration to be applied.
- WebDav fails to verify credentials before accessing password-protected
resources when handling HTTP GET or PROPFIND requests containig a Unicode
encoded character