CERTA-2003-AVI-168
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans le service d'envoi de messages Microsoft (Microsoft Messenger Service) permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance avec les privilèges Local System.
Description
Microsoft Messenger Service est un service permettant l'envoi de messages via NetBIOS ou RPC. Une vulnérabilité dans le service permet à un utilisateur mal intentionné de réaliser un débordement de tampon et ainsi exécuter du code arbitraire à distance avec les privilèges Local System.
Contournement Provisoire
- Filtrer les ports UDP 135, 137 et 138 et les ports TCP 135, 139 et 445 ;
- Désactiver le service Microsoft Messenger Service.
Solution
Appliquer le correctif fourni par Microsoft suivant la version du système d'exploitation (cf. Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Microsoft Windows 2000, Service Pack 2 ; | ||
| Microsoft | Windows | Microsoft Windows Server 2003 ; | ||
| Microsoft | Windows | Microsoft Windows NT Workstation 4.0, Service Pack 6a ; | ||
| Microsoft | Windows | Microsoft Windows XP 64-bit Edition Version 2003 ; | ||
| Microsoft | Windows | Microsoft Windows 2000, Service Pack 3, Service Pack 4 ; | ||
| Microsoft | Windows | Microsoft Windows XP 64-bit Edition ; | ||
| Microsoft | Windows | Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 ; | ||
| Microsoft | Windows | Microsoft Windows NT Server 4.0, Service Pack 6a ; | ||
| Microsoft | Windows | Microsoft Windows Server 2003 64-bit Edition. | ||
| Microsoft | Windows | Microsoft Windows XP Gold, Service Pack 1 ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Windows 2000, Service Pack 2 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows Server 2003 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT Workstation 4.0, Service Pack 6a ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-bit Edition Version 2003 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows 2000, Service Pack 3, Service Pack 4 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-bit Edition ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT Server 4.0, Service Pack 6a ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows Server 2003 64-bit Edition.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP Gold, Service Pack 1 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nMicrosoft Messenger Service est un service permettant l\u0027envoi de\nmessages via NetBIOS ou RPC. Une vuln\u00e9rabilit\u00e9 dans le service permet \u00e0\nun utilisateur mal intentionn\u00e9 de r\u00e9aliser un d\u00e9bordement de tampon et\nainsi ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges Local\nSystem.\n\n## Contournement Provisoire\n\n- Filtrer les ports UDP 135, 137 et 138 et les ports TCP 135, 139 et\n 445 ;\n- D\u00e9sactiver le service Microsoft Messenger Service.\n\n## Solution\n\nAppliquer le correctif fourni par Microsoft suivant la version du\nsyst\u00e8me d\u0027exploitation (cf. Documentation).\n",
"cves": [],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 MS03-043 de Microsoft :",
"url": "http://www.microsoft.com/technet/security/bulletin/MS03-043.asp"
}
],
"reference": "CERTA-2003-AVI-168",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans le service d\u0027envoi de messages Microsoft\n(Microsoft Messenger Service) permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges Local\nSystem.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Messenger Service",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS03-043",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…