|
Test ID: | 1.3.6.1.4.1.25623.1.0.900445 |
Category: | Windows |
Title: | Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038) |
Summary: | This host is running Windows Operating System and is prone to; Autorun Arbitrary Code Execution Vulnerability. |
Description: | Summary: This host is running Windows Operating System and is prone to Autorun Arbitrary Code Execution Vulnerability. Vulnerability Insight: MS Windows OSes are not able to enforce the 'Autorun' and 'NoDriveTypeAutoRun' registry values. Allows physically proximate attackers to execute malicious code by inserting CD-ROM media, inserting DVD media, connecting a USB device, connecting a Firewire device, by mapping a network drive, by clicking on an icon under My Computer\Devices with Removable Storage and AutoPlay dialog related to the Autorun.inf file. Vulnerability Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the affected Windows system and can gain sensitive information or can make the system resources completely unavailable. Affected Software/OS: Microsoft Windows 2K SP4 / XP SP2 / 2003 SP2 and prior. Microsoft Windows Vista Service Pack 1 and prior Microsoft Windows Server 2008 Service Pack 1 and prior Solution: Apply the security patch (KB950582). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
Cross-Ref: |
BugTraq ID: 28360 Common Vulnerability Exposure (CVE) ID: CVE-2009-0243 http://isc.sans.org/diary.html?storyid=5695 Cert/CC Advisory: TA09-020A http://www.us-cert.gov/cas/techalerts/TA09-020A.html http://www.securitytracker.com/id?1021629 Common Vulnerability Exposure (CVE) ID: CVE-2008-0951 Microsoft Security Bulletin: MS08-038 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-038 CERT/CC vulnerability note: VU#889747 http://www.kb.cert.org/vuls/id/889747 http://www.securityfocus.com/bid/28360 http://www.vupen.com/english/advisories/2008/0954/references http://www.securitytracker.com/id?1020446 http://secunia.com/advisories/29458 XForce ISS Database: vista-nodrivetypeautorun-weak-security(41349) https://exchange.xforce.ibmcloud.com/vulnerabilities/41349 |
Copyright | Copyright (C) 2009 SecPod |
This is only one of 71225 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|