Symantec product detections for Microsoft monthly Security Advisories - August 2009

Article:TECH138057  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138057
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



August 11, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-0015

 

BID:

35558

 

Microsoft ID:

MS09-037

 

MSKB:

973908

 

Microsoft Rating:

Critical

Microsoft Active Template Library Header Data Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP Media Center Edition 2005

Microsoft Windows XP SP2

Microsoft Windows XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) in the ‘CComVariant::ReadFromStream’ function.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page that instantiates an ActiveX control affected by this issue.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer)

Sig ID: 23407

 

Detected as: "HTTP MS MPEG2TuneRequestControl ActiveX BO"

AV:

Bloodhound.Exploit.259

 

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0020

 

BID:

35585

 

Microsoft ID:

MS09-037

 

MSKB:

973908

 

Microsoft Rating:

Critical

Microsoft Active Template Library 'IPersistStreamInit' Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP Media Center Edition 2005

Microsoft Windows XP SP2

Microsoft Windows XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista, Vista SP1, and Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) in the ‘Load’ method of the ‘IPersistStreamInit’ interface.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page that instantiates an ActiveX control affected by this issue.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

 

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2493

 

BID:

35828

 

Microsoft ID:

MS09-037

 

MSKB:

973908

 

Microsoft Rating:

Critical

VulnTracker: Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP Media Center Edition 2005

Microsoft Windows XP SP2 and SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) due to unsafe usage of ‘OleLoadFromStream’.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page that instantiates an ActiveX control affected by this issue.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: 23406

 

Detected as "HTTP MS MPEG2TuneRequestControl ActiveX"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2494

 

BID:

35982

 

Microsoft ID:

MS09-037

 

MSKB:

973908

 

Microsoft Rating:

Critical

Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP Media Center Edition 2005

Microsoft Windows XP SP2 and SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista, Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) due to errors in variant handling.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page that instantiates an ActiveX control affected by this issue.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1545

 

BID:

35967

 

Microsoft ID:

MS09-038

 

 

MSKB:

971557

 

Microsoft Rating:

Critical

Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP SP2

Microsoft Windows XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2\

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects Microsoft Windows because of how it handles AVI files with malformed headers.

An attacker can exploit this issue by sending a specially crafted AVI file to a victim.

When the file is processed, attacker-supplied code will run in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1546

 

BID:

35970

 

Microsoft ID:

MS09-038

 

 

MSKB:

971557

 

Microsoft Rating:

Critical

Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP SP2

Microsoft Windows XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects Microsoft Windows because it does not properly validate data when handling AVI files.

An attacker can exploit this issue by sending a specially crafted AVI file to a victim.

When the file is processed, attacker-supplied code will run in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.268

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1923

 

BID:

35980

 

Microsoft ID:

MS09-039

 

MSKB:

969883

 

Microsoft Rating:

Critical

Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability

 

Buffer Overflow Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

A remote code execution vulnerability affects the Windows Internet Name System (WINS) when handling specially crafted WINS network packets.

A remote attacker can exploit this issue by sending a malformed packet to a vulnerable server.

A successful exploit will result in the execution of attacker-supplied code in the context of SYSTEM.

This could facilitate a complete system compromise.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1924

 

BID:

35981

 

Microsoft ID:

MS09-039 

 

MSKB:

969883

 

Microsoft Rating:

Critical

Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

A remote code execution vulnerability affects the Windows Internet Name System (WINS) when validating specially crafted WINS network packets.

A remote attacker can exploit this issue by sending a malformed packet to a vulnerable server.

A successful exploit will result in the execution of attacker-supplied code in the context of SYSTEM.

This could facilitate a complete system compromise.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0562

 

BID:

35990

 

Microsoft ID:

MS09-043

 

MSKB:

957638

 

Microsoft Rating:

Critical

Microsoft Office Web Components ActiveX Control  Memory Allocation Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office XP SP3

Microsoft Office 2003 SP3

Microsoft Office XP Web Components SP3

Microsoft Office 2003 Web Components SP3

Microsoft Office 2003 Web Components for the 2007 Office system SP1

Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3

Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition SP3

Microsoft Internet Security and Acceleration Server 2006

Microsoft Internet Security and Acceleration Server 2006 Supportability Update

Microsoft Internet Security and Acceleration Server 2006 SP1

Microsoft Office Small Business Accounting 2006

A remote code-execution vulnerability affects Office Web Components ActiveX control due to a failure to properly allocate memory.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious Web page.

A successful attack will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: 50226

 

Detected as "MSIE Microsoft Office Web Components Code Exec"

AV:

Bloodhound.Exploit.263

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1136

 

BID:

35642

 

Microsoft ID:

MS09-043

 

MSKB:

9957638

 

Microsoft Rating:

Critical

Microsoft Office Web Components Control Could Allow Remote Code Execution

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office XP SP3

Microsoft Office 2003 SP3

Microsoft Office XP Web Components SP3

Microsoft Office 2003 Web Components SP3

Microsoft Office 2003 Web Components for the 2007 Office system SP1

Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3

Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition SP3

Microsoft Internet Security and Acceleration Server 2006

Microsoft Internet Security and Acceleration Server 2006 Supportability Update

Microsoft Internet Security and Acceleration Server 2006 SP1

Microsoft Office Small Business Accounting 2006

A remote code-execution vulnerability affects Office Web Components ActiveX control because it does not properly handle parameter values.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious Web page.

A successful attack will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: 23415

 

Detected as "HTTP MS Office Web Components Code Exec 1"

AV:

Bloodhound.Exploit.263

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1534

 

BID:

35992

 

Microsoft ID:

MS09-043

 

MSKB:

957638

 

Microsoft Rating:

Critical

Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office 2000 SP3

Microsoft Office XP SP3

Microsoft Office 2000 Web Components SP3

Microsoft Office XP Web Components SP3

Microsoft BizTalk Server 2002

Microsoft Visual Studio .NET 2003 SP1

A remote code-execution vulnerability affects Office Web Components ActiveX control due to a buffer overflow.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious Web page.

A successful attack will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: N/A

AV: Bloodhound.Exploit.263

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2496

 

BID:

35991

 

Microsoft ID:

MS09-043

 

MSKB:

957638

 

Microsoft Rating:

Critical

Microsoft Office Web Components ActiveX Control Heap Corruption Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office XP SP3

Microsoft Office 2003 SP3

Microsoft Office XP Web Components SP3

Microsoft Office 2003 Web Components SP3

Microsoft Office 2003 Web Components for the 2007 Office system SP1

Microsoft Internet Security and Acceleration Server 2004 Standard Edition SP3

Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition SP3

Microsoft Internet Security and Acceleration Server 2006

Microsoft Internet Security and Acceleration Server 2006 Supportability Update

Microsoft Internet Security and Acceleration Server 2006 SP1

Microsoft Office Small Business Accounting 2006

A remote code-execution vulnerability affects Office Web Components ActiveX control due to improper parameter validation.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious Web page.

A successful attack will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: N/A

 

AV: N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1133

 

BID:

35971

 

Microsoft ID:

MS09-044

 

MSKB:

970927

 

Microsoft Rating:

Critical

Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP SP2 and SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems RDP 5.1

Microsoft Windows Server 2008 for Itanium-based Systems RDP 5.2

Microsoft Windows Server 2008 for Itanium-based Systems RDP 6.0

Microsoft Windows Server 2008 for Itanium-based Systems RDP 6.1

A remote code execution vulnerability affects Microsoft Remote Desktop Connection when handling specific parameters returned by the RDP server.

An attacker must trick an unsuspecting victim into connecting to a malicious RDP server or perform a man-in-the-middle attack to exploit this issue.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1929

 

BID:

35973

 

Microsoft ID:

MS09-044

 

MSKB:

970927

 

Microsoft Rating:

Critical

Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows XP SP3

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2 RDP 6.0

Microsoft Windows Server 2008 for Itanium-based Systems SP2 RDP 6.1

A remote code execution vulnerability affects the Microsoft Remote Desktop Connection ActiveX control because it does not perform adequate validation of user-supplied input.

An attacker must trick an unsuspecting victim into viewing a web page containing malicious content to exploit this issue.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23450

 

Detected as "HTTP MS RDP Client ActiveX Code Exec"

AV:

Bloodhound.Exploit.267

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1536

 

BID:

35985

 

Microsoft ID:

MS09-036

 

MSKB:

970957

 

Microsoft Rating

Important

Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Microsoft .NET Framework 2.0 SP1

Microsoft .NET Framework 2.0 SP2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 SP1 

A remote denial-of-service vulnerability affects ASP.NET because of incorrect management of request scheduling.

A remote attacker can exploit this issue by sending a series of specific requests to a vulnerable server.

A successful attack will result the affected server becoming unresponsive, effectively denying service to legitimate users.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1922

 

BID:

35969

 

Microsoft ID:

MS09-040

 

MSKB:

971032

 

Microsoft Rating

Important

Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability 

 

Local Elevation of  Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP SP2

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista x64 Edition

A local privilege-escalation vulnerability affects Windows Message Queuing service (MSMQ) due to a flaw when parsing an IOCTL request.

A local attacker can exploit this issue to execute arbitrary code in the context of LOCAL SYSTEM.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1544

 

BID:

35972

 

Microsoft ID:

MS09-041

 

MSKB:

971657

 

Microsoft Rating

Important

Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows XP SP2

Microsoft Windows XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

A remote code execution vulnerability affects Windows Workstation service because it does not properly allocate and free memory when handling specially crafted RPC messages.

A remote authenticated attacker can exploit this issue to execute arbitrary code with elevated privileges.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1930

 

BID:

35993

 

Microsoft ID:

MS09-042

 

MSKB:

960859

 

Microsoft Rating

Important

Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP SP2

Microsoft Windows XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Windows Vista

Microsoft Windows Vista SP1

Microsoft Windows Vista SP2

Microsoft Windows Vista x64 Edition

Microsoft Windows Vista x64 Edition SP1

Microsoft Windows Vista x64 Edition SP2

Microsoft Windows Server 2008 for 32-bit Systems

Microsoft Windows Server 2008 for 32-bit Systems SP2

Microsoft Windows Server 2008 for x64-based Systems

Microsoft Windows Server 2008 for x64-based Systems SP2

Microsoft Windows Server 2008 for Itanium-based Systems

Microsoft Windows Server 2008 for Itanium-based Systems SP2

Microsoft Windows 7 for 32-bit Systems

Microsoft Windows 7 for x64-based Systems

Microsoft Windows 7 for Itanium-based Systems

A remote code-execution vulnerability affects the Microsoft Telnet service protocol.

The problem occurs because the protocol does not opt in to NTLM credential-reflection protections.

An attacker can exploit this issue to reflect a victim’s credentials back and use them to gain access to the victim’s computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138057


Terms of use for this information are found in Legal Notices