Windows : Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 94899 CVE descriptions and 51984 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.900445

Category: Windows

Title: Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)

Summary: Check for the hotfix existence

Description: Description:

Overview: This host is running Windows Operating System and is prone to
Autorun Arbitrary Code Execution Vulnerability.

Vulnerability Insight:
MS Windows OSes are not able to enforce the 'Autorun' and 'NoDriveTypeAutoRun'
registry values. Allows physically proximate attackers to execute malicious
code by inserting CD-ROM media, inserting DVD media, connecting a USB device,
connecting a Firewire device, by mapping a network drive, by clicking on an
icon under My Computer\Devices with Removable Storage and AutoPlay dialog
related to the Autorun.inf file.

Impact:
Successful exploitation will let the attacker execute arbitrary codes in the
context of the affected Windows system and can gain sensitive information or
can make the system resources completely unavailable.

Impact Level: System/Network

Affected Software/OS:
Microsoft Windows 2K SP4 / XP SP2 / 2003 SP2 and prior.
Microsoft Windows Vista Service Pack 1 and prior
Microsoft Windows Server 2008 Service Pack 1 and prior

Fix: Apply the security patch (KB950582).
http://www.microsoft.com/downloads/results.aspx?pocId=7&freetext=KB950582&DisplayLang=en

References:
http://secunia.com/advisories/29458
http://support.microsoft.com/kb/953252
http://isc.sans.org/diary.html?storyid=5695
http://www.us-cert.gov/cas/techalerts/TA09-020A.html

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 28360
Common Vulnerability Exposure (CVE) ID: CVE-2009-0243
http://isc.sans.org/diary.html?storyid=5695
Cert/CC Advisory: TA09-020A
http://www.us-cert.gov/cas/techalerts/TA09-020A.html
http://www.securitytracker.com/id?1021629
Common Vulnerability Exposure (CVE) ID: CVE-2008-0951
Microsoft Security Bulletin: MS08-038
http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx
CERT/CC vulnerability note: VU#889747
http://www.kb.cert.org/vuls/id/889747
http://www.securityfocus.com/bid/28360
http://www.vupen.com/english/advisories/2008/0954/references
http://www.securitytracker.com/id?1020446
http://secunia.com/advisories/29458
XForce ISS Database: vista-nodrivetypeautorun-weak-security(41349)
http://xforce.iss.net/xforce/xfdb/41349

Copyright Copyright (C) 2009 SecPod

This is only one of 51984 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.900445
Category:	Windows
Title:	Microsoft Autorun Arbitrary Code Execution Vulnerability (08-038)
Summary:	Check for the hotfix existence
Description:	Description: Overview: This host is running Windows Operating System and is prone to Autorun Arbitrary Code Execution Vulnerability. Vulnerability Insight: MS Windows OSes are not able to enforce the 'Autorun' and 'NoDriveTypeAutoRun' registry values. Allows physically proximate attackers to execute malicious code by inserting CD-ROM media, inserting DVD media, connecting a USB device, connecting a Firewire device, by mapping a network drive, by clicking on an icon under My Computer\Devices with Removable Storage and AutoPlay dialog related to the Autorun.inf file. Impact: Successful exploitation will let the attacker execute arbitrary codes in the context of the affected Windows system and can gain sensitive information or can make the system resources completely unavailable. Impact Level: System/Network Affected Software/OS: Microsoft Windows 2K SP4 / XP SP2 / 2003 SP2 and prior. Microsoft Windows Vista Service Pack 1 and prior Microsoft Windows Server 2008 Service Pack 1 and prior Fix: Apply the security patch (KB950582). http://www.microsoft.com/downloads/results.aspx?pocId=7&freetext=KB950582&DisplayLang=en References: http://secunia.com/advisories/29458 http://support.microsoft.com/kb/953252 http://isc.sans.org/diary.html?storyid=5695 http://www.us-cert.gov/cas/techalerts/TA09-020A.html CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	BugTraq ID: 28360 Common Vulnerability Exposure (CVE) ID: CVE-2009-0243 http://isc.sans.org/diary.html?storyid=5695 Cert/CC Advisory: TA09-020A http://www.us-cert.gov/cas/techalerts/TA09-020A.html http://www.securitytracker.com/id?1021629 Common Vulnerability Exposure (CVE) ID: CVE-2008-0951 Microsoft Security Bulletin: MS08-038 http://www.microsoft.com/technet/security/bulletin/ms08-038.mspx CERT/CC vulnerability note: VU#889747 http://www.kb.cert.org/vuls/id/889747 http://www.securityfocus.com/bid/28360 http://www.vupen.com/english/advisories/2008/0954/references http://www.securitytracker.com/id?1020446 http://secunia.com/advisories/29458 XForce ISS Database: vista-nodrivetypeautorun-weak-security(41349) http://xforce.iss.net/xforce/xfdb/41349
Copyright	Copyright (C) 2009 SecPod