ID CVE-2007-2218
Summary Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
References
Vulnerable Configurations
  • Microsoft Windows 2000 Service Pack 4
    cpe:2.3:o:microsoft:windows_2000:-:sp4
  • cpe:2.3:o:microsoft:windows_2003_server:sp1
    cpe:2.3:o:microsoft:windows_2003_server:sp1
  • cpe:2.3:o:microsoft:windows_2003_server:sp2
    cpe:2.3:o:microsoft:windows_2003_server:sp2
  • Microsoft Windows XP Service Pack 2
    cpe:2.3:o:microsoft:windows_xp:-:sp2
CVSS
Base: 9.3 (as of 13-06-2007 - 16:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS07-031.NASL
description The remote host is running a version of Windows that has a bug in the SSL/TLS server-key exchange handling routine that may allow an attacker to execute arbitrary code on the remote host by luring a user on the remote host into visiting a rogue website. On Windows 2000 and 2003 this vulnerability only results in a crash of the web browser.
last seen 2019-02-21
modified 2018-11-15
plugin id 25484
published 2007-06-12
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=25484
title MS07-031: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
oval via4
accepted 2012-09-10T04:00:42.686-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Chandan S
    organization SecPod Technologies
definition_extensions
  • comment Microsoft Windows 2000 SP4 or later is installed
    oval oval:org.mitre.oval:def:229
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft Windows XP SP1 (64-bit) is installed
    oval oval:org.mitre.oval:def:480
  • comment Microsoft Windows XP x64 Edition SP2 is installed
    oval oval:org.mitre.oval:def:4193
  • comment Microsoft Windows Server 2003 SP1 (x86) is installed
    oval oval:org.mitre.oval:def:565
  • comment Microsoft Windows Server 2003 SP2 (x86) is installed
    oval oval:org.mitre.oval:def:1935
description Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
family windows
id oval:org.mitre.oval:def:1895
status accepted
submitted 2007-06-12T03:29:54.000-04:00
title Windows Security Channel Remote Execution Vulnerability
version 68
refmap via4
bid 24416
cert TA07-163A
cert-vn VU#810073
hp
  • HPSBST02231
  • SSRT071438
ms MS07-031
sectrack 1018226
secunia 25620
vupen ADV-2007-2151
Last major update 07-03-2011 - 21:53
Published 12-06-2007 - 15:30
Last modified 16-10-2018 - 12:42
Back to Top