9.3 - MS08-001

Executive Summary

Summary
Title	Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (941644)

Informations
Name	MS08-001	First vendor Publication	2008-01-08
Vendor	Microsoft	Last vendor Modification	2008-01-08
Severity (Vendor)	Critical	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This critical security update resolves two privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms08-001.mspx

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5271

Oval ID:	oval:org.mitre.oval:def:5271
Title:	Windows Kernel TCP/IP/ICMP Vulnerability
Description:	The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-0066	Version:	5
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
Win 2K SP4 and vulnerable version of file Microsoft Windows 2000 SP4 or later is installed AND the version of tcpip.sys is less than 5.0.2195.7147 OR Win XP X86 SP2 and vulnerable version Microsoft Windows XP (x86) SP2 is installed AND the version of tcpip.sys is less than 5.1.2600.3244 OR Win XP X64 SP1 or Win 2K3 SP1 and vulnerable version Win XP 64 SP1 / Win 2k3 SP1 Microsoft Windows XP Professional x64 Edition SP1 is installed AND Microsoft Windows Server 2003 SP1 (x86) is installed AND Microsoft Windows Server 2003 SP1 (x64) is installed AND Microsoft Windows Server 2003 SP1 for Itanium is installed AND the version of tcpip.sys is less than 5.2.3790.3036 OR Win XP X64 SP2 / Win 2K3 SP2 and vulnerable version of file the version of tcpip.sys is less than 5.2.3790.4179 AND Win 2K3 Sp2 / Win XP X64 SP2 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed

Definition Id: oval:org.mitre.oval:def:5370

Oval ID:	oval:org.mitre.oval:def:5370
Title:	Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability
Description:	Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2007-0069	Version:	5
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista	Product(s):
Definition Synopsis:
Win XP X86 SP2 and vulnerable version Microsoft Windows XP (x86) SP2 is installed AND the version of tcpip.sys is less than 5.1.2600.3244 OR Win XP X64 SP1 or Win 2K3 SP1 and vulnerable version Win XP 64 SP1 / Win 2k3 SP1 Microsoft Windows XP Professional x64 Edition SP1 is installed AND Microsoft Windows Server 2003 SP1 (x86) is installed AND Microsoft Windows Server 2003 SP1 (x64) is installed AND Microsoft Windows Server 2003 SP1 for Itanium is installed AND the version of tcpip.sys is less than 5.2.3790.3036 OR Win XP X64 SP2 / Win 2K3 SP2 and vulnerable version of file the version of tcpip.sys is less than 5.2.3790.4179 AND Win 2K3 Sp2 / Win XP X64 SP2 Microsoft Windows XP x64 Edition SP2 is installed AND Microsoft Windows Server 2003 SP2 (x86) is installed AND Microsoft Windows Server 2003 SP2 (x64) is installed AND Microsoft Windows Server 2003 (ia64) SP2 is installed OR Vista and vulnerable range Microsoft Windows Vista is installed AND Check for LDR / GDR the version of tcpip.sys is less than 6.0.6000.16567 OR Check for LDR the version of Tcpip.sys is greater than or equal 6.0.6000.20000 AND Check if the version of tcpip.sys is less than 6.0.6000.20689

CPE : Common Platform Enumeration

Type	Description	Count
Application	Microsoft Home Server cpe:2.3:a:microsoft:home_server::::::::	1
Application	Microsoft Small Business Server cpe:2.3:a:microsoft:small_business_server:2003::sp1:::::	1
Os	Microsoft Windows 2000 cpe:2.3:o:microsoft:windows_2000::sp4::::::*	1
Os	Microsoft Windows 2003 Server cpe:2.3:o:microsoft:windows_2003_server:::::::: cpe:2.3:o:microsoft:windows_2003_server::sp2::::::* cpe:2.3:o:microsoft:windows_2003_server::sp1::::::* cpe:2.3:o:microsoft:windows_2003_server::gold:itanium:::::	4
Os	Microsoft Windows Server 2003 cpe:2.3:o:microsoft:windows_server_2003::sp2::::::* cpe:2.3:o:microsoft:windows_server_2003::::::::	2
Os	Microsoft Windows Vista cpe:2.3:o:microsoft:windows_vista::::::::	1
Os	Microsoft Windows Xp cpe:2.3:o:microsoft:windows_xp::sp2::::::* cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::* cpe:2.3:o:microsoft:windows_xp:-:sp1::::::	3

OpenVAS Exploits

Date	Description
2011-01-13	Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerabilities (941644) File : nvt/gb_ms08-001.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
40070	Microsoft Windows TCP/IP IGMPv3 / MLDv2 Packet Handling Remote Code Execution A buffer overflow exists in Windows. The TCP/IP implementation fails to validate IGMPv3 and MLDv2 packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbtrary code execution resulting in a loss of integrity.
40069	Microsoft Windows TCP/IP ICMP RDP Packet Handling Remote DoS Windows contains a flaw that may allow a remote denial of service. The issue is triggered when handling fragmented router advertisement ICMP queries, and will result in loss of availability for the platform.

Snort® IPS/IDS

Date	Description
2014-01-10	Microsoft Windows remote kernel tcp/ip icmp vulnerability exploit attempt RuleID : 13288 - Revision : 15 - Type : OS-WINDOWS
2014-01-10	Microsoft Windows remote kernel tcp/ip igmp vulnerability exploit attempt RuleID : 13287 - Revision : 13 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date	Description
2008-01-08	Name : It is possible to execute code on the remote host. File : smb_nt_ms08-001.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:45:50	Multiple Updates
2014-01-19 21:30:09	Multiple Updates
2013-05-11 00:49:17	Multiple Updates

Global Informations

Type	Count
Oval ID(s)	2
CPE ID(s)	13
osvdb(s)	2
Openvas Exploit(s)	1
Snort® Rule(s)	2
Nessus® Exploit(s)	1

	Related
9.4	MS08-037
9.3	VU#115083
9.3	CVE-2007-0069
7.1	CVE-2007-0066
0	HPSBST02304 SSR...
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)

9.3 - MS08-001

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

OVAL Definitions

CPE : Common Platform Enumeration

OpenVAS Exploits

Open Source Vulnerability Database (OSVDB)

Snort® IPS/IDS

Nessus® Vulnerability Scanner

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU