Executive Summary
Summary | |
---|---|
Title | Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets |
Informations | |||
---|---|---|---|
Name | VU#505120 | First vendor Publication | 2014-11-13 |
Vendor | VU-CERT | Last vendor Modification | 2014-11-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#505120Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packetsOverviewA critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThis document was written by Joel Land. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/505120 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:27794 | |||
Oval ID: | oval:org.mitre.oval:def:27794 | ||
Title: | Microsoft schannel remote code execution vulnerability - CVE-2014-6321 (MS14-066) | ||
Description: | Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2014-6321 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 1 | |
Os | 3 | |
Os | 2 | |
Os | 1 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2014-11-13 | IAVM : 2014-A-0176 - Microsoft Secure Channel Remote Code Execution Vulnerability (MS14-066) Severity : Category I - VMSKEY : V0057389 |
Snort® IPS/IDS
Date | Description |
---|---|
2019-08-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 50707 - Revision : 1 - Type : OS-WINDOWS |
2019-08-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 50706 - Revision : 1 - Type : OS-WINDOWS |
2019-08-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 50705 - Revision : 1 - Type : OS-WINDOWS |
2019-08-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 50704 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49977 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49976 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49975 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49974 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49973 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49972 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49971 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49970 - Revision : 1 - Type : OS-WINDOWS |
2019-05-30 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 49969 - Revision : 1 - Type : OS-WINDOWS |
2015-05-12 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 34058 - Revision : 2 - Type : OS-WINDOWS |
2015-05-12 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 34057 - Revision : 2 - Type : OS-WINDOWS |
2015-01-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32732 - Revision : 2 - Type : OS-WINDOWS |
2015-01-13 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32731 - Revision : 2 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows DTLSv1.0 hello verify request out of bounds read attempt RuleID : 32423 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows DTLSv1.0 handshake cookie buffer overflow attempt RuleID : 32422 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel ECDH key exchange heap overflow attempt RuleID : 32421 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel ECDH key exchange heap overflow attempt RuleID : 32420 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel ECDH key exchange heap overflow attempt RuleID : 32419 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel ECDH key exchange heap overflow attempt RuleID : 32418 - Revision : 2 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32417 - Revision : 5 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32416 - Revision : 6 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32415 - Revision : 5 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32414 - Revision : 6 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32413 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32412 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32411 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32410 - Revision : 4 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows SChannel CertificateVerify buffer overflow attempt RuleID : 32409 - Revision : 4 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32408 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32407 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32406 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32405 - Revision : 3 - Type : OS-WINDOWS |
2014-12-09 | Microsoft Windows ECDSA certificate validation bypass attempt RuleID : 32404 - Revision : 3 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-12 | Name : The remote Windows host is affected by a remote code execution vulnerability. File : smb_nt_ms14-066.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-11-17 21:21:42 |
|
2014-11-15 13:25:59 |
|
2014-11-15 00:20:40 |
|
2014-11-14 17:22:24 |
|
2014-11-14 00:20:35 |
|