Executive Summary
| Summary | |
|---|---|
| Title | Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) |
| Informations | |||
|---|---|---|---|
| Name | MS07-031 | First vendor Publication | 2007-06-12 |
| Vendor | Microsoft | Last vendor Modification | 2007-06-12 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/ms07-031.mspx?pubDate=2 (...) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1895 | |||
| Oval ID: | oval:org.mitre.oval:def:1895 | ||
| Title: | Windows Security Channel Remote Execution Vulnerability | ||
| Description: | Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-2218 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 | |
| Os | 2 | |
| Os | 1 |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 35347 | Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitra... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows schannel security package RuleID : 11947 - Revision : 14 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-06-12 | Name : Arbitrary code can be executed on the remote host through the web browser. File : smb_nt_ms07-031.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:41 |
|
| 2014-01-19 21:30:05 |
|
| 2013-05-11 12:22:01 |
|
