Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в реализации TCP/IP и TCP/IPv6 в Microsoft Windows
дополнено с 9 февраля 2010 г.
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10601
Тип:удаленная
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти в ICMPv6, IPSec, TCP.
Затронутые продукты:MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability.")
 CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability.")
 CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability.")
 CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-009 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145) (09.02.2010)
Файлы:Microsoft Security Bulletin MS10-009 - Critical Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (974145)

Целочисленное переполнение в Microsoft Paint
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10603
Тип:локальная
Уровень опасности:
4/10
Описание:Целочисленное переполнение при разборе JPEG.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-005 - Moderate Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-005 - Moderate Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)

Повреждение памяти в ActiveX Microsoft Data Analyzer
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10606
Тип:клиент
Уровень опасности:
7/10
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-008 - Critical Cumulative Security Update of ActiveX Kill Bits (978262) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-008 - Critical Cumulative Security Update of ActiveX Kill Bits (978262)

DoS против Microsoft Hyper-V
дополнено с 10 февраля 2010 г.
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10607
Тип:локальная
Уровень опасности:
5/10
Описание:Недостаточная проверка использования привилегированных инструкций в виртуальной машине.
Затронутые продукты:MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-010 - Important Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-010 - Important Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)

Повышение привилегий в Client/Server Run-time Subsystem Microsoft Windows
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10608
Тип:локальная
Уровень опасности:
6/10
Описание:Некорректное завершение процесса при выходе пользователя.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-011 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-011 - Important Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)

Многочисленные уязвимости в SMB-сервере Microsoft Windows
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10609
Тип:удаленная
Уровень опасности:
7/10
Описание:Повреждения памяти, переполнения буфера, DoS-условия, криптографические уязвимости.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability.")
 CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability.")
 CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability.")
 CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability.")
Оригинальный текстdocumentHernan Ochoa, [Full-disclosure] Windows SMB NTLM Authentication Weak Nonce Vulnerability (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-012 - Important Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)

Переполнение буфера в Microsoft DirectShow
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10610
Тип:удаленная
Уровень опасности:
6/10
Описание:Переполнение буфера при разборе AVI.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability.")
Оригинальный текстdocumentZDI, ZDI-10-015: Microsoft Windows RLE Video Decompressor Remote Code Execution Vulnerability (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-013 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-013 - Critical Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)

DoS против Kerberos в Microsoft Windows
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10611
Тип:удаленная
Уровень опасности:
5/10
Описание:Обращение по нулевому указателю при обработке запроса на обновление TGT.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows 2008 Server
CVE:CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-014 - Important Vulnerability in Kerberos Could Allow Denial of Service (977290) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-014 - Important Vulnerability in Kerberos Could Allow Denial of Service (977290)

Повышение привилегий в ядре Microsoft Windows
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10612
Тип:локальная
Уровень опасности:
6/10
Описание:Двойное освобождение памяти, ошибка обработчика исключительных ситуаций.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability.")
 CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-015 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-015 - Important Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)

Внедрение данных в SSL
дополнено с 9 ноября 2009 г.
Опубликовано:10 февраля 2010 г.
Источник:
SecurityVulns ID:10388
Тип:m-i-t-m
Уровень опасности:
8/10
Описание:Возможность подмены данных связанная с пересогласованием протокола без переустановки соединения.
Затронутые продукты:OPENSSL : OpenSSL 0.9
 PROFTPD : ProFTPD 1.3
 APACHE : Apache 2.2
 ARUBANETWORKS : ArubaOS 2.4
 ARUBANETWORKS : ArubaOS 2.5
 ARUBANETWORKS : ArubaOS 3.1
 ARUBANETWORKS : ArubaOS 3.3
 GNU : GnuTLS 2.8
 ARUBANETWORKS : ArubaOS 3.4
 MOZILLA : Mozilla Network Security Services 3.12
CVE:CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.)
Оригинальный текстdocumentARUBANETWORKS, Aruba Advisory ID: AID-020810 TLS Protocol Session Renegotiation Security Vulnerability (10.02.2010)
 documentRedTeam Pentesting, TLS Renegotiation Vulnerability: Proof of Concept Code (Python) (22.12.2009)
 documentRedTeam Pentesting, msgid:[email protected][email protected]&from=RedTeam%20Pentesting%20GmbH&folder=\\3APA3A\Bugtraq&subject=TLS%20Renegotiation%20Vulnerability:%20Proof (22.12.2009)
 documentMANDRIVA, [ MDVSA-2009:337 ] proftpd (22.12.2009)
 documentThierry Zoller, TLS / SSLv3 vulnerability explained (New ways to leverage the vulnerability) (30.11.2009)
 documentThierry Zoller, TLS / SSLv3 vulnerability explained (DRAFT) (18.11.2009)
 documentCISCO, Cisco Security Advisory: Transport Layer Security Renegotiation Vulnerability (11.11.2009)
 documentMANDRIVA, [ MDVSA-2009:295 ] apache (09.11.2009)
Файлы:PoC exploit for the TLS renegotiation vulnerability (CVE-2009-3555)

Многочисленные уязвимости безопасности в продуктах Microsoft Office
дополнено с 10 февраля 2010 г.
Опубликовано:12 февраля 2010 г.
Источник:
SecurityVulns ID:10602
Тип:клиент
Уровень опасности:
7/10
Описание:Переполнение буфера при разборе всех форматов Microsoft Office, многочисленные повреждения памяти при разборе PowerPoint.
Затронутые продукты:MICROSOFT : Office XP
 MICROSOFT : Office 2003
 MICROSOFT : Office 2004 for Mac
CVE:CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow.")
 CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability.")
 CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability.")
 CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability.")
 CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability.")
 CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability.")
 CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability.")
Оригинальный текстdocumentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Invalid Array Indexing Vulnerability (12.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint LinkedSlideAtom Heap Overflow Vulnerability (12.02.2010)
 documentIDEFENSE, iDefense Security Advisory 02.09.10: Microsoft PowerPoint OEPlaceholderAtom Use-After-Free Vulnerability (12.02.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010)
 documentZDI, ZDI-10-017: Microsoft Office PowerPoint Viewer TextBytesAtom Record Remote Code Execution Vulnerability (10.02.2010)
 documentZDI, TPTI-10-02: Microsoft Office PowerPoint Viewer TextCharsAtom Record Code Execution Vulnerability (10.02.2010)
 documentCORE SECURITY TECHNOLOGIES ADVISORIES, CORE-2009-0827: Microsoft Office Excel / Word OfficeArtSpgr Container Pointer Overwrite Vulnerability (10.02.2010)
 documentSECUNIA, Secunia Research: Microsoft PowerPoint File Path Handling Buffer Overflow (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-003 - Important Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
 Microsoft Security Bulletin MS10-004 - Important Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)

Выполнение кода в Microsoft Windows
дополнено с 10 февраля 2010 г.
Опубликовано:17 февраля 2010 г.
Источник:
SecurityVulns ID:10605
Тип:клиент
Уровень опасности:
7/10
Описание:Внедрение кода в URL.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
CVE:CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability.")
Оригинальный текстdocumentBrett Moore, Insomnia : ISVA-100216.1 - Windows URL Handling Vulnerability (17.02.2010)
 documentZDI, ZDI-10-016: Microsoft Windows ShellExecute Improper Sanitization Code Execution Vulnerability (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-007 - Critical Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-007 - Critical Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)

Многочисленные уязвимости в SMB-клиенте Microsoft
дополнено с 10 февраля 2010 г.
Опубликовано:15 апреля 2010 г.
Источник:
SecurityVulns ID:10604
Тип:клиент
Уровень опасности:
7/10
Описание:Повреждения памяти, кратковременные условия.
Затронутые продукты:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability.")
 CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability.")
 CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability.")
 CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability.")
 CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability.")
 CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability.")
 CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-020 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232) (15.04.2010)
 documentstratsec Research, stratsec Security Advisory SS-2010-003 - Microsoft SMB Client Pool Overflow (10.02.2010)
 documentMICROSOFT, Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251) (10.02.2010)
Файлы:Microsoft Security Bulletin MS10-006 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
 Microsoft Security Bulletin MS10-020 - Critical Vulnerabilities in SMB Client Could Allow Remote Code Execution (980232)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород