This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Microsoft First view 1999-12-29
Product Systems Management Server Last view 2012-09-11
Version 2007 Type
Update sp2  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:microsoft:systems_management_server:2.0:*:*:*:*:*:*:* 3
cpe:2.3:a:microsoft:systems_management_server:1.2:*:*:*:*:*:*:* 2
cpe:2.3:a:microsoft:systems_management_server:2.50.2726:*:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:systems_management_server:1.2:sp3:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:systems_management_server:1.2:sp4:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:systems_management_server:1.2:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:systems_management_server:1.2:sp2:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:systems_management_server:2.0:sp1:*:*:*:*:*:* 1
cpe:2.3:a:microsoft:systems_management_server:2003:sp2:*:*:*:*:*:* 1

Related : CVE

  Date Alert Description
4.3 2012-09-11 CVE-2012-2536

Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
5 2004-07-27 CVE-2004-0728

The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
7.5 2000-12-19 CVE-2000-0885

Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates.
7.2 1999-12-29 CVE-2000-0100

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')

Oval Markup Language : Definitions

OvalID Name
oval:org.mitre.oval:def:15781 Reflected XSS Vulnerability - MS12-062

Open Source Vulnerability Database (OSVDB)

id Description
13482 Microsoft Network Monitor (Netmon) Protocol Parsing Remote Overflow
8243 Microsoft SMS Port 2702 DoS
1207 Microsoft SMS Remote Control Weak Permission Privilege Escalation

OpenVAS Exploits

id Description
2012-09-12 Name : Microsoft System Center Configuration Manager XSS Vulnerability (2741528)
File : nvt/secpod_ms12-062.nasl
2005-11-03 Name : Denial of Service (DoS) in Microsoft SMS Client
File : nvt/mssms_dos.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2012-B-0089 Microsoft System Center Configuration Manager Cross Site Scripting Vulnerability
Severity: Category II - VMSKEY: V0033786

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft SMS remote control client DoS overly long length attempt
RuleID : 3673 - Type : OS-WINDOWS - Revision : 5
2014-01-10 Microsoft SCCM ReportChart xss attempt
RuleID : 24128 - Type : OS-WINDOWS - Revision : 9
2014-01-10 Microsoft SMS remote control client message length denial of service attempt
RuleID : 15148 - Type : SERVER-OTHER - Revision : 4

Nessus® Vulnerability Scanner

id Description
2012-09-11 Name: The remote Windows host has a system management application installed that is...
File: smb_nt_ms12-062.nasl - Type: ACT_GATHER_INFO