Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA07-345A | First vendor Publication | 2007-12-11 |
Vendor | US-CERT | Last vendor Modification | 2007-12-11 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for December 2007. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary commands. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary commands on a vulnerable system. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the December 2007 security bulletins. The security bulletins describe any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA07-345A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
38 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
23 % | CWE-399 | Resource Management Errors |
15 % | CWE-264 | Permissions, Privileges, and Access Controls |
15 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:3622 | |||
Oval ID: | oval:org.mitre.oval:def:3622 | ||
Title: | Windows Media Format Remote Code Execution Vulnerability | ||
Description: | Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0064 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Windows Media Format Runtime 7.1 Windows Media Format Runtime 9.0 Windows Media Format Runtime 9.5 Windows Media Format Runtime 11 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3912 | |||
Oval ID: | oval:org.mitre.oval:def:3912 | ||
Title: | Vulnerability in Windows Kernel Could Allow Elevation of Privilege | ||
Description: | Unspecified vulnerability in the Windows Advanced Local Procedure Call (ALPC) in the kernel in Microsoft Windows Vista allows local users to gain privileges via unspecified vectors involving "legacy reply paths." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5350 | Version: | 3 |
Platform(s): | Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4208 | |||
Oval ID: | oval:org.mitre.oval:def:4208 | ||
Title: | Vulnerability in SMBv2 Could Allow Remote Code Execution | ||
Description: | Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5351 | Version: | 1 |
Platform(s): | Microsoft Windows Vista | Product(s): | SMBv2 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4287 | |||
Oval ID: | oval:org.mitre.oval:def:4287 | ||
Title: | Microsoft DirectX Code Execution Vulnerability | ||
Description: | Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3895 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | DirectX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4332 | |||
Oval ID: | oval:org.mitre.oval:def:4332 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5347 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4474 | |||
Oval ID: | oval:org.mitre.oval:def:4474 | ||
Title: | Vulnerability in Message Queuing Could Allow Remote Code Execution | ||
Description: | Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3039 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4480 | |||
Oval ID: | oval:org.mitre.oval:def:4480 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5344 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4520 | |||
Oval ID: | oval:org.mitre.oval:def:4520 | ||
Title: | Microsoft DirectX Code Execution Vulnerability | ||
Description: | Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3901 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | DirectX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4553 | |||
Oval ID: | oval:org.mitre.oval:def:4553 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3903 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4582 | |||
Oval ID: | oval:org.mitre.oval:def:4582 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3902 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4584 | |||
Oval ID: | oval:org.mitre.oval:def:4584 | ||
Title: | Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege | ||
Description: | Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5587 | Version: | 1 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Macrovision |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Microsoft Message Queuing queue name buffer overflow | More info here |
Microsoft DirectX SAMI parser buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2008-01-08 | Microsoft DirectX SAMI File Parsing - Remote Stack Overflow Exploit |
2007-12-21 | MS Windows 2000 AS SP4 Message Queue Exploit (MS07-065) |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-14 | Name : Vulnerability in SMBv2 Could Allow Remote Code Execution (942624) File : nvt/gb_ms07-063.nasl |
2011-01-14 | Name : Vulnerabilities in DirectX Could Allow Remote Code Execution (941568) File : nvt/gb_ms07-064.nasl |
2011-01-14 | Name : Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078) File : nvt/gb_ms07-066.nasl |
2011-01-14 | Name : Vulnerability in Windows Media File Format Could Allow Remote Code Execution File : nvt/gb_ms07-068.nasl |
2011-01-14 | Name : Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability... File : nvt/gb_ms07-069.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
41429 | Macrovision SafeDisc secdrv.sys Crafted METHOD_NEITHER IOCTL Local Overflow |
39127 | Microsoft Windows DirectX WAV / AVI File Parsing Arbitrary Code Execution |
39126 | Microsoft Windows DirectX SAMI File Parsing Arbitrary Code Execution A buffer overflow exists in DirectX. The DirextShow SAMI parser fails to validate SAMI files resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
39125 | Microsoft Windows Vista SMBv2 Signing Unspecified Remote Code Execution |
39124 | Microsoft Windows Vista Kernel Legacy Reply Path Validation Local Privilege E... Windows Vista contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified in Windows Advanced Local Procedure Call (ALPC). This flaw may lead to a loss of integrity. |
39123 | Microsoft Windows Message Queuing MSMQ Message Handling Arbitrary Code Execution A stack overflow exists in Windows. The Message Queuing Service fails to validate information received via the RPC interface resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
39122 | Microsoft Windows Media Format Runtime ASF Parsing Arbitrary Code Execution A buffer overflow exists in Windows. The Windows Media Player fails to validate ASF files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
39121 | Microsoft IE DHTML Object Memory Corruption An unspecified memory corruption flaw exists in Internet Explorer. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
39120 | Microsoft IE Element Tag Uninitialized Memory Corruption A heap overflow exists in Internet Explorer. The handling of document objects may cause the document model in memory to become unstable resulting in a heap overflow. With a specially crafted web page, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
39119 | Microsoft IE Object cloneNode / nodeValue Function Uninitialized Memory Corru... A memory corruption flaw exists in Internet Explorer. The 'cloneNode' and 'nodeValue' functions are used improperly resulting in memory corruption. With a specially crafted call, an attacker can cause arbitary code execution resulting in a loss of integrity. |
39118 | Microsoft IE Object setExpression Function Memory Corruption Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when theCRecalcProperty function in mshtml.dll references memory that has already been freed. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2007-12-13 | IAVM : 2007-A-0056 - Microsoft Windows Media File Format Vulnerability Severity : Category II - VMSKEY : V0015588 |
2007-12-13 | IAVM : 2007-T-0049 - Microsoft Windows SMBv2 Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0015589 |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-01 | Microsoft Internet Explorer clone object memory corruption attempt RuleID : 43398 - Revision : 1 - Type : BROWSER-IE |
2017-07-25 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 43270 - Revision : 1 - Type : FILE-MULTIMEDIA |
2017-07-25 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 43269 - Revision : 1 - Type : FILE-MULTIMEDIA |
2016-07-08 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 39156 - Revision : 1 - Type : BROWSER-IE |
2016-07-08 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 39155 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 21775 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 21774 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 21773 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 21772 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 21771 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 21770 - Revision : 5 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows ASF parsing memory corruption attempt RuleID : 17711 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | VMware Workstation DHCP service integer overflow attempt RuleID : 17662 - Revision : 13 - Type : SERVER-OTHER |
2014-01-10 | Microsoft Internet Explorer object reference memory corruption attempt RuleID : 17622 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 17554 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer clone object memory corruption attempt RuleID : 17303 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 16067 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer location.replace memory corruption attempt RuleID : 16065 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal object call overflow attempt RuleID : 14627 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal object call overflow attempt RuleID : 14626 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian object call ove... RuleID : 14625 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal little endian object call ove... RuleID : 14624 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP v4 mqqm QMCreateObjectInternal overflow attempt RuleID : 14623 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt RuleID : 14622 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat little endian object call... RuleID : 14621 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian object call... RuleID : 14620 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat object call overflow attempt RuleID : 14619 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat object call overflow attempt RuleID : 14618 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat little endian overflow at... RuleID : 14617 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat overflow attempt RuleID : 14616 - Revision : 5 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat little endian overflow at... RuleID : 13215 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP v4 mqqm QMObjectPathToObjectFormat overflow attempt RuleID : 13214 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP v4 mqqm QMObjectPathToObjectFormat little endian overflow... RuleID : 13213 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt RuleID : 13212 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMObjectPathToObjectFormat overflow attempt RuleID : 13211 - Revision : 19 - Type : OS-WINDOWS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMObjectPathToObjectFormat overflow attempt RuleID : 13210 - Revision : 19 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Media Player asf streaming audio spread error correction data lengt... RuleID : 13160 - Revision : 9 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Media Player asf streaming format audio error masking integer overf... RuleID : 13159 - Revision : 8 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Media Player asf streaming format interchange data integer overflow... RuleID : 13158 - Revision : 8 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX SAMI file CRawParser buffer overflow attempt RuleID : 12983 - Revision : 17 - Type : FILE-MULTIMEDIA |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt RuleID : 12982 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal little endian overflow attempt RuleID : 12981 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal overflow attempt RuleID : 12980 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCACN-IP-TCP v4 mqqm QMCreateObjectInternal little endian overflow att... RuleID : 12979 - Revision : 9 - Type : NETBIOS |
2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMCreateObjectInternal overflow attempt RuleID : 12978 - Revision : 18 - Type : OS-WINDOWS |
2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMCreateObjectInternal overflow attempt RuleID : 12977 - Revision : 20 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DirectX directshow wav file overflow attempt RuleID : 12971 - Revision : 14 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows SMB SMBv2 protocol negotiation attempt RuleID : 12947 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB-DS SMBv2 protocol negotiation attempt RuleID : 12946 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-01-07 | Name : It is possible to execute arbitrary code on the remote host. File : smb_kb942624.nasl - Type : ACT_GATHER_INFO |
2007-12-12 | Name : Arbitrary code can be executed on the remote host. File : msmqs_overflow2.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : It is possible to execute code on the remote host. File : smb_nt_ms07-063.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : A vulnerability in DirectX could allow remote code execution. File : smb_nt_ms07-064.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms07-065.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : A local user can elevate privileges on the remote host. File : smb_nt_ms07-066.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : The remote Windows host contains a kernel driver that is prone to a local pri... File : smb_nt_ms07-067.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : Arbitrary code can be executed on the remote host through the Media File Format. File : smb_nt_ms07-068.nasl - Type : ACT_GATHER_INFO |
2007-12-11 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-069.nasl - Type : ACT_GATHER_INFO |
2007-11-13 | Name : The remote Windows host contains a kernel driver that is prone to a local pri... File : macrovision_secdrv_priv_escalation.nasl - Type : ACT_GATHER_INFO |