Executive Summary
Summary | |
---|---|
Title | Microsoft Windows Secure Channel integer underflow |
Informations | |||
---|---|---|---|
Name | VU#810073 | First vendor Publication | 2007-06-14 |
Vendor | VU-CERT | Last vendor Modification | 2007-06-14 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#810073Microsoft Windows Secure Channel integer underflowOverviewA vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code.I. DescriptionMicrosoft Windows Secure Channel (Schannel) security package implements standard network authentication protocols Secure Sockets Layer (SSL) and Transport Layer Security (TLS). A vulnerability exists in the way Schannel handles specially crafted digital signatures from the server during the SSL handshake, which can result in an integer underflow and heap memory corruption. According to Microsoft Security Bulletin ms07-031:Schannel performs insufficient checks for specially crafted server-sent digital signatures during the SSL handshake. II. ImpactAccording to Microsoft Security Bulletin ms07-031 this vulnerability affects different versions of Microsoft Windows differently:On Windows XP... An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system. On Windows 2000 this vulnerability could cause the affected system to stop accepting SSL and TLS connections. On Windows 2003, the vulnerability could cause the affected system to automatically restart. See Microsoft Security Bulletin ms07-031 for more detailed information. III. SolutionUpdateMicrosoft has released an update to address this issue. See Microsoft Security Bulletin ms07-031 for more details.
References
This vulnerability was reported in Microsoft Security Bulletin ms07-031. Microsoft credits Thomas Lim of COSEINC with reporting this issue. This document was written by Chris Taschner.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/810073 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1895 | |||
Oval ID: | oval:org.mitre.oval:def:1895 | ||
Title: | Windows Security Channel Remote Execution Vulnerability | ||
Description: | Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-2218 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 | |
Os | 2 | |
Os | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
35347 | Microsoft Windows Schannel Security Package Crafted Digital Signature Arbitra... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Windows schannel security package RuleID : 11947 - Revision : 14 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-06-12 | Name : Arbitrary code can be executed on the remote host through the web browser. File : smb_nt_ms07-031.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-05-08 13:28:08 |
|
2013-05-11 12:26:45 |
|