Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-032 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | 2008-12-09 |
Severity (Vendor) | Critical | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (December 9, 2008): Bulletin updated to add an entry in the section, Frequently asked questions (FAQ) related to this security update, about the removal of the Windows Server 2003 package. Customers who have already successfully applied this update need not take any action.Summary: Customers should install the update at the earliest opportunity. Bulletin is rated Critical. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1751 | |||
Oval ID: | oval:org.mitre.oval:def:1751 | ||
Title: | Windows XP/Server 2003 (64-Bit) VDM Privilege Escalation Vulnerability | ||
Description: | The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0208 | Version: | 1 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | VDM |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1872 | |||
Oval ID: | oval:org.mitre.oval:def:1872 | ||
Title: | Windows XP Enhanced Metafile Image Format Rendering Buffer Overflow | ||
Description: | Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0209 | Version: | 1 |
Platform(s): | Microsoft Windows XP | Product(s): | Enhanced Metafile (EMF) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2114 | |||
Oval ID: | oval:org.mitre.oval:def:2114 | ||
Title: | Windows 2000 Enhanced Metafile Image Format Rendering Buffer Overflow | ||
Description: | Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0209 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Enhanced Metafile (EMF) |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:2428 | |||
Oval ID: | oval:org.mitre.oval:def:2428 | ||
Title: | Windows XP/Server 2003 (64-Bit) Enhanced Metafile Image Format Rendering Buffer Overflow | ||
Description: | Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0209 | Version: | 1 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Enhanced Metafile (EMF) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3161 | |||
Oval ID: | oval:org.mitre.oval:def:3161 | ||
Title: | Windows XP VDM Privilege Escalation Vulnerability | ||
Description: | The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0208 | Version: | 1 |
Platform(s): | Microsoft Windows XP | Product(s): | VDM |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:3953 | |||
Oval ID: | oval:org.mitre.oval:def:3953 | ||
Title: | Windows NT VDM Privilege Escalation Vulnerability | ||
Description: | The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0208 | Version: | 3 |
Platform(s): | Microsoft Windows NT | Product(s): | VDM |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4316 | |||
Oval ID: | oval:org.mitre.oval:def:4316 | ||
Title: | Windows 2000 VDM Privilege Escalation Vulnerability | ||
Description: | The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0208 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | VDM |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4762 | |||
Oval ID: | oval:org.mitre.oval:def:4762 | ||
Title: | Windows NT Terminal Server VDM Privilege Escalation Vulnerability | ||
Description: | The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0208 | Version: | 1 |
Platform(s): | Microsoft Windows NT | Product(s): | VDM |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4893 | |||
Oval ID: | oval:org.mitre.oval:def:4893 | ||
Title: | Microsoft Windows Kernel Local Denial of Service | ||
Description: | The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0211 | Version: | 1 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Windows kernel |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 |
SAINT Exploits
Description | Link |
---|---|
Windows Metafile rendering buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2004-10-20 | MS Windows Metafile (.emf) Heap Overflow Exploit (MS04-032) |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
10693 | Microsoft Windows Unspecified Kernel Local DoS Windows contains a flaw related to the kernel that may allow an attacker to perform a local DoS by running a program. No further details have been provided. |
10692 | Microsoft Windows Metafile Image Format Arbitrary Code Execution A local overflow exists in Windows. The Graphics Rendering Engine fails to validate Windows Metafile (WMF) and Enhanced Metafile (EMF) image files resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
10691 | Microsoft Windows Virtual DOS Machine Subsystem Local Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered within a portion of the Windows kernel that handles 16-bit code within a Virtual DOS Machine will give special opcode byte sequence special treatment during relay to the 32-bit host code. With a specially crafted request, an attacker could use this to leverage increased privileges on the system. |
10690 | Microsoft Windows Management APIs Local Privilege Escalation Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses a flaw in Windows Management APIs which allows programs to modify other programs which run at a higher permission level. This flaw may lead to a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Microsoft emf file download request RuleID : 33740-community - Revision : 2 - Type : FILE-IMAGE |
2015-04-10 | Microsoft emf file download request RuleID : 33740 - Revision : 2 - Type : FILE-IMAGE |
2014-01-10 | Microsoft emf file download request RuleID : 2435-community - Revision : 33 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft emf file download request RuleID : 2435 - Revision : 33 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft Windows graphics rendering engine buffer overflow attempt RuleID : 23110 - Revision : 5 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-10-12 | Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms04-032.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-04-10 21:25:51 |
|
2014-02-17 11:45:03 |
|
2014-01-19 21:29:52 |
|