Windows : Microsoft Bulletins : Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.901140

Categoría: Windows : Microsoft Bulletins

Título: Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)

Resumen: This host is missing a critical security update according to; Microsoft Bulletin MS10-054.

Descripción: Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS10-054.

Vulnerability Insight:
- A pool overflow error within the Server Message Block (SMB) implementation
when processing malformed messages.

- An error in the Server Message Block (SMB) Protocol software that does not
properly validate an internal variable when parsing specially crafted SMB
packets.

- An error in the Server Message Block (SMB) Protocol implementation that
does not properly handle specially crafted compounded requests.

Vulnerability Impact:
Successful exploitation could allow remote attackers to execute arbitrary code
and cause a denial of service or compromise a vulnerable system.

Affected Software/OS:
- Microsoft Windows 7

- Microsoft Windows XP Service Pack 3 and prior

- Microsoft Windows 2K3 Service Pack 2 and prior

- Microsoft Windows Vista Service Pack 1/2 and prior

- Microsoft Windows Server 2008 Service Pack 1/2 and prior

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2550
Cert/CC Advisory: TA10-222A
http://www.us-cert.gov/cas/techalerts/TA10-222A.html
Microsoft Security Bulletin: MS10-054
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11106
Common Vulnerability Exposure (CVE) ID: CVE-2010-2551
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12015
Common Vulnerability Exposure (CVE) ID: CVE-2010-2552
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12072

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.901140
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows SMB Code Execution and DoS Vulnerabilities (982214)
Resumen:	This host is missing a critical security update according to; Microsoft Bulletin MS10-054.
Descripción:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS10-054. Vulnerability Insight: - A pool overflow error within the Server Message Block (SMB) implementation when processing malformed messages. - An error in the Server Message Block (SMB) Protocol software that does not properly validate an internal variable when parsing specially crafted SMB packets. - An error in the Server Message Block (SMB) Protocol implementation that does not properly handle specially crafted compounded requests. Vulnerability Impact: Successful exploitation could allow remote attackers to execute arbitrary code and cause a denial of service or compromise a vulnerable system. Affected Software/OS: - Microsoft Windows 7 - Microsoft Windows XP Service Pack 3 and prior - Microsoft Windows 2K3 Service Pack 2 and prior - Microsoft Windows Vista Service Pack 1/2 and prior - Microsoft Windows Server 2008 Service Pack 1/2 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2550 Cert/CC Advisory: TA10-222A http://www.us-cert.gov/cas/techalerts/TA10-222A.html Microsoft Security Bulletin: MS10-054 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-054 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11106 Common Vulnerability Exposure (CVE) ID: CVE-2010-2551 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12015 Common Vulnerability Exposure (CVE) ID: CVE-2010-2552 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12072
Copyright	Copyright (C) 2010 Greenbone AG