Windows : Microsoft Bulletins : Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900052

Kategorie: Windows : Microsoft Bulletins

Titel: Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155)

Zusammenfassung: This host is missing a critical security update according to; Microsoft Bulletin MS08-062.

Beschreibung: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS08-062.

Vulnerability Insight:
The flaw is due to an integer overflow error within the IPP
(Internet Printing Protocol) ISAPI extension for IIS when processing
specially crafted IPP responses.

Vulnerability Impact:
Successful exploitation result in execution of arbitrary code by
tricking Web Server into visiting to a malicious IPP server via a specially
crafted HTTP POST request.

Affected Software/OS:
- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2003 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1 and prior

- Microsoft Windows 2008 Server Service Pack 1 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-1446
BugTraq ID: 31682
http://www.securityfocus.com/bid/31682
Cert/CC Advisory: TA08-288A
http://www.us-cert.gov/cas/techalerts/TA08-288A.html
CERT/CC vulnerability note: VU#793233
http://www.kb.cert.org/vuls/id/793233
HPdes Security Advisory: HPSBST02379
http://marc.info/?l=bugtraq&m=122479227205998&w=2
HPdes Security Advisory: SSRT080143
Microsoft Security Bulletin: MS08-062
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764
http://www.securitytracker.com/id?1021048
http://secunia.com/advisories/32248
http://www.vupen.com/english/advisories/2008/2813
XForce ISS Database: win-ipp-service-code-execution(45545)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45545
XForce ISS Database: win-ms08kb953155-update(45548)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45548

Copyright Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900052
Kategorie:	Windows : Microsoft Bulletins
Titel:	Windows Internet Printing Service Allow Remote Code Execution Vulnerability (953155)
Zusammenfassung:	This host is missing a critical security update according to; Microsoft Bulletin MS08-062.
Beschreibung:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-062. Vulnerability Insight: The flaw is due to an integer overflow error within the IPP (Internet Printing Protocol) ISAPI extension for IIS when processing specially crafted IPP responses. Vulnerability Impact: Successful exploitation result in execution of arbitrary code by tricking Web Server into visiting to a malicious IPP server via a specially crafted HTTP POST request. Affected Software/OS: - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2003 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1 and prior - Microsoft Windows 2008 Server Service Pack 1 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-1446 BugTraq ID: 31682 http://www.securityfocus.com/bid/31682 Cert/CC Advisory: TA08-288A http://www.us-cert.gov/cas/techalerts/TA08-288A.html CERT/CC vulnerability note: VU#793233 http://www.kb.cert.org/vuls/id/793233 HPdes Security Advisory: HPSBST02379 http://marc.info/?l=bugtraq&m=122479227205998&w=2 HPdes Security Advisory: SSRT080143 Microsoft Security Bulletin: MS08-062 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5764 http://www.securitytracker.com/id?1021048 http://secunia.com/advisories/32248 http://www.vupen.com/english/advisories/2008/2813 XForce ISS Database: win-ipp-service-code-execution(45545) https://exchange.xforce.ibmcloud.com/vulnerabilities/45545 XForce ISS Database: win-ms08kb953155-update(45548) https://exchange.xforce.ibmcloud.com/vulnerabilities/45548
Copyright	Copyright (C) 2008 Greenbone AG