Windows : Buffer Overrun in Messenger Service (real test)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 45310 CVE descriptions and 24975 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 11890

Category: Windows

Title: Buffer Overrun in Messenger Service (real test)

Summary: Checks for hotfix Q828035

Description:
A security vulnerability exists in the Messenger Service that could allow
arbitrary code execution on an affected system. An attacker who successfully
exploited this vulnerability could be able to run code with Local System
privileges on an affected system, or could cause the Messenger Service to fail.
Disabling the Messenger Service will prevent the possibility of attack.

This plugin actually checked for the presence of this flaw.

Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-043.mspx

Risk factor : High

Cross-Ref: BugTraq ID: 8826
Common Vulnerability Exposure (CVE) ID: CVE-2003-0717
Microsoft Security Bulletin: MS03-043
http://www.microsoft.com/technet/security/bulletin/ms03-043.asp
http://www.cert.org/advisories/CA-2003-27.html
Bugtraq: 20031016 MS03-043 Popup Messenger Servce buffer-overflow (Google Search)
http://marc.theaimsgroup.com/?l=ntbugtraq&m=106632188709562&w=2
Bugtraq: 20031018 Proof of concept for Windows Messenger Service overflow (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=106666713812158&w=2
CERT/CC vulnerability note: VU#575892
http://www.kb.cert.org/vuls/id/575892
http://www.securityfocus.com/bid/8826
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:213
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:268

Copyright This script is Copyright (C) 2003 Tenable Network Security

This is only one of 24975 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	11890
Category:	Windows
Title:	Buffer Overrun in Messenger Service (real test)
Summary:	Checks for hotfix Q828035
Description:	A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. Disabling the Messenger Service will prevent the possibility of attack. This plugin actually checked for the presence of this flaw. Solution : see http://www.microsoft.com/technet/security/bulletin/ms03-043.mspx Risk factor : High
Cross-Ref:	BugTraq ID: 8826 Common Vulnerability Exposure (CVE) ID: CVE-2003-0717 Microsoft Security Bulletin: MS03-043 http://www.microsoft.com/technet/security/bulletin/ms03-043.asp http://www.cert.org/advisories/CA-2003-27.html Bugtraq: 20031016 MS03-043 Popup Messenger Servce buffer-overflow (Google Search) http://marc.theaimsgroup.com/?l=ntbugtraq&m=106632188709562&w=2 Bugtraq: 20031018 Proof of concept for Windows Messenger Service overflow (Google Search) http://marc.theaimsgroup.com/?l=bugtraq&m=106666713812158&w=2 CERT/CC vulnerability note: VU#575892 http://www.kb.cert.org/vuls/id/575892 http://www.securityfocus.com/bid/8826 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:213 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:268
Copyright	This script is Copyright (C) 2003 Tenable Network Security