Executive Summary
Summary | |
---|---|
Title | Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426) |
Informations | |||
---|---|---|---|
Name | MS09-015 | First vendor Publication | 2009-04-14 |
Vendor | Microsoft | Last vendor Modification | 2009-04-15 |
Severity (Vendor) | Moderate | Revision | 1.1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Revision Note: V1.1 (April 15, 2009): Added FAQs in the section, Frequently Asked Questions (FAQ) Related to This Security Update as well as in the Vulnerability section for CVE-2008-2540 to explain the relationship between CVE-2008-2540 in this bulletin and in MS09-014. Also added Microsoft Knowledge Base Article 959426 as a reference for instructions in implementing SetSearchPathMode in Microsoft Windows 2000.Summary: This security update resolves a publicly disclosed vulnerability in the Windows SearchPath function that could allow elevation of privilege if a user downloaded a specially crafted file to a specific location, then opened an application that could load the file under certain circumstances. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/MS09-015.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5782 | |||
Oval ID: | oval:org.mitre.oval:def:5782 | ||
Title: | Blended Threat Elevation of Privilege Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6108 | |||
Oval ID: | oval:org.mitre.oval:def:6108 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8509 | |||
Oval ID: | oval:org.mitre.oval:def:8509 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
2009-04-15 | Name : Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege... File : nvt/secpod_ms09-015.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53623 | Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code ... |
45892 | Apple Safari on Mac OS X Default Download Location Unspecified Arbitrary Code... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-16 | IAVM : 2009-T-0021 - Microsoft Windows SearchPath Blended Threat Vulnerability Severity : Category II - VMSKEY : V0018776 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat attempt RuleID : 16319 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat dll request RuleID : 15468 - Revision : 17 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2009-04-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-014.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : The remote host may allow remote code execution. File : smb_nt_ms09-015.nasl - Type : ACT_GATHER_INFO |
2008-06-20 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_1_2.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:46:12 |
|
2014-01-19 21:30:18 |
|
2013-11-11 12:41:11 |
|