Summary
Detail | |||
---|---|---|---|
Vendor | Microsoft | First view | 1999-12-29 |
Product | Systems Management Server | Last view | 2012-09-11 |
Version | 2007 | Type | |
Update | sp2 | ||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
4.3 | 2012-09-11 | CVE-2012-2536 | Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability." |
5 | 2004-07-27 | CVE-2004-0728 | The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. |
7.5 | 2000-12-19 | CVE-2000-0885 | Buffer overflows in Microsoft Network Monitor (Netmon) allow remote attackers to execute arbitrary commands via a long Browser Name in a CIFS Browse Frame, a long SNMP community name, or a long username or filename in an SMB session, aka the "Netmon Protocol Parsing" vulnerability. NOTE: It is highly likely that this candidate will be split into multiple candidates. |
7.2 | 1999-12-29 | CVE-2000-0100 | The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
100% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:15781 | Reflected XSS Vulnerability - MS12-062 |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
13482 | Microsoft Network Monitor (Netmon) Protocol Parsing Remote Overflow |
8243 | Microsoft SMS Port 2702 DoS |
1207 | Microsoft SMS Remote Control Weak Permission Privilege Escalation |
OpenVAS Exploits
id | Description |
---|---|
2012-09-12 | Name : Microsoft System Center Configuration Manager XSS Vulnerability (2741528) File : nvt/secpod_ms12-062.nasl |
2005-11-03 | Name : Denial of Service (DoS) in Microsoft SMS Client File : nvt/mssms_dos.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2012-B-0089 | Microsoft System Center Configuration Manager Cross Site Scripting Vulnerability Severity: Category II - VMSKEY: V0033786 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft SMS remote control client DoS overly long length attempt RuleID : 3673 - Type : OS-WINDOWS - Revision : 5 |
2014-01-10 | Microsoft SCCM ReportChart xss attempt RuleID : 24128 - Type : OS-WINDOWS - Revision : 9 |
2014-01-10 | Microsoft SMS remote control client message length denial of service attempt RuleID : 15148 - Type : SERVER-OTHER - Revision : 4 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2012-09-11 | Name: The remote Windows host has a system management application installed that is... File: smb_nt_ms12-062.nasl - Type: ACT_GATHER_INFO |