Windows : Microsoft Bulletins : Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.801704

Category: Windows : Microsoft Bulletins

Title: Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)

Summary: This host is missing a critical security update according to; Microsoft Bulletin MS08-005.

Description: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS08-005.

Vulnerability Insight:
The flaw is due to an error within the handling of file change
notifications in the 'FTPRoot', 'NNTPFile\Root', and 'WWWRoot' folders.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary
code with SYSTEM-level privileges.

Affected Software/OS:
- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K Service Pack 4 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista

- Microsoft Internet Information Services (IIS) version 5.0

- Microsoft Internet Information Services (IIS) version 5.1

- Microsoft Internet Information Services (IIS) version 6.0

- Microsoft Internet Information Services (IIS) version 7.0

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0074
BugTraq ID: 27101
http://www.securityfocus.com/bid/27101
Cert/CC Advisory: TA08-043C
http://www.us-cert.gov/cas/techalerts/TA08-043C.html
HPdes Security Advisory: HPSBST02314
http://marc.info/?l=bugtraq&m=120361015026386&w=2
HPdes Security Advisory: SSRT080016
Microsoft Security Bulletin: MS08-005
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389
http://www.securitytracker.com/id?1019384
http://secunia.com/advisories/28849
http://www.vupen.com/english/advisories/2008/0507/references

Copyright Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.801704
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Information Services Privilege Elevation Vulnerability (942831)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS08-005.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS08-005. Vulnerability Insight: The flaw is due to an error within the handling of file change notifications in the 'FTPRoot', 'NNTPFile\Root', and 'WWWRoot' folders. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Affected Software/OS: - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K Service Pack 4 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista - Microsoft Internet Information Services (IIS) version 5.0 - Microsoft Internet Information Services (IIS) version 5.1 - Microsoft Internet Information Services (IIS) version 6.0 - Microsoft Internet Information Services (IIS) version 7.0 Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0074 BugTraq ID: 27101 http://www.securityfocus.com/bid/27101 Cert/CC Advisory: TA08-043C http://www.us-cert.gov/cas/techalerts/TA08-043C.html HPdes Security Advisory: HPSBST02314 http://marc.info/?l=bugtraq&m=120361015026386&w=2 HPdes Security Advisory: SSRT080016 Microsoft Security Bulletin: MS08-005 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-005 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5389 http://www.securitytracker.com/id?1019384 http://secunia.com/advisories/28849 http://www.vupen.com/english/advisories/2008/0507/references
Copyright	Copyright (C) 2011 Greenbone AG