Executive Summary
| Summary | |
|---|---|
| Title | Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723) |
| Informations | |||
|---|---|---|---|
| Name | MS09-048 | First vendor Publication | 2009-09-08 |
| Vendor | Microsoft | Last vendor Modification | 2009-09-10 |
| Severity (Vendor) | Critical | Revision | 2.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Revision Note: V2.1 (September 10, 2009): Updated the Microsoft Windows 2000 and Windows XP entries to the section, Frequently Asked Questions (FAQ) Related to This Security Update, to clarify the scope of the vulnerability and list recommended actions.Summary: This security update resolves several privately reported vulnerabilities in Transmission Control Protocol/Internet Protocol (TCP/IP) processing. The vulnerabilities could allow remote code execution if an attacker sent specially crafted TCP/IP packets over the network to a computer with a listening service. Firewall best practices and standard default firewall configurations can help protect networks from attacks that originate outside the enterprise perimeter. Best practices recommend that systems that are connected to the Internet have a minimal number of ports exposed. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/MS09-048.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 50 % | CWE-16 | Configuration |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:18890 | |||
| Oval ID: | oval:org.mitre.oval:def:18890 | ||
| Title: | CRITICAL PATCH UPDATE JULY 2012 | ||
| Description: | The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2008-4609 | Version: | 3 |
| Platform(s): | Sun Solaris 10 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-09-10 | Name : Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability... File : nvt/secpod_ms09-046.nasl |
| 2009-09-10 | Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723) File : nvt/secpod_ms09-048.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 62144 | F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St... |
| 61133 | Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC... |
| 59482 | Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation... |
| 58614 | McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio... |
| 58321 | Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati... |
| 58189 | Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC... |
| 57993 | Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem... |
| 57797 | Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a series of TCP sessions with pending data, and will result in loss of availability for the platform. |
| 57796 | Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution |
| 57795 | Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State... |
| 57794 | Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl... |
| 57793 | Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta... |
| 50286 | Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot... |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-09-10 | IAVM : 2009-A-0077 - Multiple Microsoft TCP/IP Remote Code Execution Vulnerabilities Severity : Category I - VMSKEY : V0019917 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Windows TCP stack zero window size exploit attempt RuleID : 16294 - Revision : 15 - Type : OS-WINDOWS |
| 2014-01-10 | TCP window closed before receiving data RuleID : 15912 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2014-10-10 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL10509.nasl - Type : ACT_GATHER_INFO |
| 2010-09-01 | Name : The remote device is missing a vendor-supplied security patch. File : cisco-sa-20090908-tcp24http.nasl - Type : ACT_GATHER_INFO |
| 2009-09-08 | Name : Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d... File : smb_nt_ms09-048.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-04-26 22:57:06 |
|
| 2014-02-17 11:46:20 |
|
| 2014-01-19 21:30:22 |
|
| 2013-11-11 12:41:13 |
|
