Executive Summary
Summary | |
---|---|
Title | Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565) |
Informations | |||
---|---|---|---|
Name | MS09-063 | First vendor Publication | 2009-11-10 |
Vendor | Microsoft | Last vendor Modification | 2009-11-10 |
Severity (Vendor) | Critical | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.0 (November 10, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. This security update is rated Critical for all supported editions of Windows Vista and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section. |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-11-25 | Name : Microsoft Web Services on Devices API Remote Code Execution Vulnerability (97... File : nvt/gb_ms09-063.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
59865 | Microsoft Windows Web Services on Devices API (WSDAPI) Message Header Handlin... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-11-12 | IAVM : 2009-A-0115 - Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerabi... Severity : Category I - VMSKEY : V0021938 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-01-06 | Web Service on Devices API WSDAPI URL processing buffer corruption attempt RuleID : 32673 - Revision : 2 - Type : SERVER-OTHER |
2014-01-10 | Web Service on Devices API WSDAPI URL processing buffer corruption attempt RuleID : 16227 - Revision : 9 - Type : SERVER-OTHER |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-11-10 | Name : Arbitrary code can be executed on the remote host through the Web Services fo... File : smb_nt_ms09-063.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:23 |
|
2014-01-19 21:30:24 |
|
2013-11-11 12:41:14 |
|