Test Kennung:	1.3.6.1.4.1.25623.1.0.101012
Kategorie:	Windows : Microsoft Bulletins
Titel:	Microsoft IIS RCE Vulnerability (MS03-051) - Active Check
Zusammenfassung:	The MS03-051 bulletin addresses two new security vulnerabilities; in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to; run arbitrary code on a user's system.
Beschreibung:	Summary: The MS03-051 bulletin addresses two new security vulnerabilities in Microsoft FrontPage Server Extensions, the most serious of which could enable an attacker to run arbitrary code on a user's system. Vulnerability Insight: The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests. Solution: Microsoft has released a patch to correct these issues. Please see the references for more information. Note: This update replaces the security updates contained in the following bulletins: MS01-035 and MS02-053. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0822 Bugtraq: 20031112 Frontpage Extensions Remote Command Execution (Google Search) http://marc.info/?l=bugtraq&m=106865318904055&w=2 CERT/CC vulnerability note: VU#279156 http://www.kb.cert.org/vuls/id/279156 Microsoft Security Bulletin: MS03-051 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-051 http://marc.info/?l=ntbugtraq&m=106862654906759&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A364 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A366 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A367 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A699 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A743 http://secunia.com/advisories/10195 XForce ISS Database: fpse-debug-bo(13674) https://exchange.xforce.ibmcloud.com/vulnerabilities/13674 Common Vulnerability Exposure (CVE) ID: CVE-2003-0824 CERT/CC vulnerability note: VU#179012 http://www.kb.cert.org/vuls/id/179012 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A308 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A591 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A606 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A625 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A762 XForce ISS Database: fpse-smarthtml-dos(13680) https://exchange.xforce.ibmcloud.com/vulnerabilities/13680
Copyright	Copyright (C) 2009 Christian Eric Edjenguele

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.