English | Deutsch | Español | Português
 UserID:
 Passwd:
 new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   		     Search 61204 CVE descriptions
and 32582 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.900445
Category:Windows
Title:Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
Summary:Check for the hotfix existence
Description:

Overview: This host is running Windows Operating System and is prone to
Autorun Arbitrary Code Execution Vulnerability.

Vulnerability Insight:
MS Windows OSes are not able to enforce the 'Autorun' and 'NoDriveTypeAutoRun'
registry values. Allows physically proximate attackers to execute malicious
code by inserting CD-ROM media, inserting DVD media, connecting a USB device,
connecting a Firewire device, by mapping a network drive, by clicking on an
icon under My Computer\Devices with Removable Storage and AutoPlay dialog
related to the Autorun.inf file.

Impact:
Successful exploitation will let the attacker execute arbitrary codes in the
context of the affected Windows system and can gain sensitive information or
can make the system resources completely unavailable.

Impact Level: System/Network

Affected Software/OS:
Microsoft Windows 2K SP4 / XP SP2 / 2003 SP2 and prior.
Microsoft Windows Vista Service Pack 1 and prior
Microsoft Windows Server 2008 Service Pack 1 and prior

Fix: Apply the security patch (KB950582).
http://www.microsoft.com/downloads/results.aspx?pocId=7&freetext=KB950582&DisplayLang=en

References:
http://secunia.com/advisories/29458
http://support.microsoft.com/kb/953252
http://isc.sans.org/diary.html?storyid=5695
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
Cross-Ref: BugTraq ID: 28360
Common Vulnerability Exposure (CVE) ID: CVE-2009-0243
http://isc.sans.org/diary.html?storyid=5695
Cert/CC Advisory: TA09-020A
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
http://www.securitytracker.com/id?1021629
Common Vulnerability Exposure (CVE) ID: CVE-2008-0951
Microsoft Security Bulletin: MS08-038
http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
CERT/CC vulnerability note: VU#889747
http://www.kb.cert.org/vuls/id/889747
http://www.securityfocus.com/bid/28360
http://www.vupen.com/english/advisories/2008/0954/references
http://www.securitytracker.com/id?1020446
http://secunia.com/advisories/29458
XForce ISS Database: vista-nodrivetypeautorun-weak-security(41349)
http://xforce.iss.net/xforce/xfdb/41349
CopyrightCopyright (C) 2009 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  
 Forgot userid or passwd?
Email/Userid:



Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.