CERTA-2004-AVI-242
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité présente dans l'interpréteur de commandes de Microsoft Windows permet à un utilisateur distant mal intentionné d'exécuter du code arbitraire à distance.
Description
Un concepteur de site mal intentionné peut, en attirant un utilisateur sur une page judicieusement composée, exploiter une vulnérabilité présente dans l'interpréteur de commandes lors du lancement d'une application. Cette vulnérabilité entraîne l'exécution de code arbitraire avec les privilèges de l'utilisateur.
Solution
Se référer au bulletin de sécurité Microsoft pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Windows | Microsoft Windows Server 2003 ; | ||
| Microsoft | Windows | Microsoft Windows Millennium Edition ; | ||
| Microsoft | Windows | Microsoft Windows NT Workstation 4.0 Service Pack 6a ; | ||
| Microsoft | Windows | Microsoft Windows Server 2003 64-Bit Edition ; | ||
| Microsoft | Windows | Microsoft Windows 98 et 98 SE ; | ||
| Microsoft | Windows | Microsoft Windows XP 64-Bit Edition Service Pack 1 ; | ||
| Microsoft | Windows | Microsoft Windows NT Terminal Server Edition 4.0 Service Pack 6a ; | ||
| Microsoft | Windows | Internet Explorer 6.0 Service Pack 1 installé sur Windows NT 4.0 SP6a. | ||
| Microsoft | Windows | Microsoft Windows XP 64-Bit Edition Version 2003 ; | ||
| Microsoft | Windows | Microsoft Windows NT Server 4.0 Service Pack 6a ; | ||
| Microsoft | Windows | Microsoft Windows 2000 Service Pack 2, Service Pack 3 et Service Pack 4 ; | ||
| Microsoft | Windows | Microsoft Windows XP et XP Service Pack 1 ; |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Windows Server 2003 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows Millennium Edition ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT Workstation 4.0 Service Pack 6a ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows Server 2003 64-Bit Edition ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows 98 et 98 SE ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-Bit Edition Service Pack 1 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT Terminal Server Edition 4.0 Service Pack 6a ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Internet Explorer 6.0 Service Pack 1 install\u00e9 sur Windows NT 4.0 SP6a.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-Bit Edition Version 2003 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT Server 4.0 Service Pack 6a ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows 2000 Service Pack 2, Service Pack 3 et Service Pack 4 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP et XP Service Pack 1 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn concepteur de site mal intentionn\u00e9 peut, en attirant un utilisateur\nsur une page judicieusement compos\u00e9e, exploiter une vuln\u00e9rabilit\u00e9\npr\u00e9sente dans l\u0027interpr\u00e9teur de commandes lors du lancement d\u0027une\napplication. Cette vuln\u00e9rabilit\u00e9 entra\u00eene l\u0027ex\u00e9cution de code arbitraire\navec les privil\u00e8ges de l\u0027utilisateur.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"links": [],
"reference": "CERTA-2004-AVI-242",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2004-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans l\u0027interpr\u00e9teur de commandes de Microsoft\nWindows permet \u00e0 un utilisateur distant mal intentionn\u00e9 d\u0027ex\u00e9cuter du\ncode arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9teur de commandes Windows",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS04-024",
"url": "http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…