Windows : Windows Messenger is installed

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11429

Categoría: Windows

Título: Windows Messenger is installed

Resumen: This host is installed with Microsoft Windows Messenger and;is prone to multiple vulnerabilities.

Descripción: Summary:
This host is installed with Microsoft Windows Messenger and
is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Buffer overflow in Setup ActiveX control (setupbbs.ocx), allows
attacker to execute commands via the methods vAddNewsServer or
bIsNewsServerConfigured.

- An error in 'ActiveX' object allows attacker to disclosure
information.

- An error in the authentication mechanisms, allows remote attacker
to spoof messages.

- An error in 'Font' tag and in 'Invite' request allows remote attacker
to cause denial of service.

Vulnerability Impact:
Successful exploitation could allow attackers to bypass certain
security restrictions, execute arbitrary code in the context of the browser or
cause a denial of service.

Affected Software/OS:
- Microsoft MSN Messenger Service 1.x, 2.0.x, 2.2.x, 3.0.x, 3.6.x

- Microsoft MSN Messenger Service 4.0.x to 4.6.x

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: BugTraq ID: 4028
BugTraq ID: 4316
BugTraq ID: 4675
BugTraq ID: 4827
BugTraq ID: 668
Common Vulnerability Exposure (CVE) ID: CVE-1999-1484
http://www.securityfocus.com/bid/668
Bugtraq: 19990924 Several ActiveX Buffer Overruns (Google Search)
http://www.securityfocus.com/archive/1/28719
XForce ISS Database: msn-setup-bbs-activex-bo(3310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/3310
Common Vulnerability Exposure (CVE) ID: CVE-2002-0228
http://www.securityfocus.com/bid/4028
Bugtraq: 20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too) (Google Search)
http://online.securityfocus.com/archive/1/254021
http://www.iss.net/security_center/static/8084.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0472
http://www.securityfocus.com/bid/4316
Bugtraq: 20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging (Google Search)
http://www.securityfocus.com/archive/1/262906
http://www.encode-sec.com/esp0202.pdf
http://www.iss.net/security_center/static/8582.php

Copyright This script is Copyright (C) 2003 Xue Yong Zhi

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11429
Categoría:	Windows
Título:	Windows Messenger is installed
Resumen:	This host is installed with Microsoft Windows Messenger and;is prone to multiple vulnerabilities.
Descripción:	Summary: This host is installed with Microsoft Windows Messenger and is prone to multiple vulnerabilities. Vulnerability Insight: The flaws are due to - Buffer overflow in Setup ActiveX control (setupbbs.ocx), allows attacker to execute commands via the methods vAddNewsServer or bIsNewsServerConfigured. - An error in 'ActiveX' object allows attacker to disclosure information. - An error in the authentication mechanisms, allows remote attacker to spoof messages. - An error in 'Font' tag and in 'Invite' request allows remote attacker to cause denial of service. Vulnerability Impact: Successful exploitation could allow attackers to bypass certain security restrictions, execute arbitrary code in the context of the browser or cause a denial of service. Affected Software/OS: - Microsoft MSN Messenger Service 1.x, 2.0.x, 2.2.x, 3.0.x, 3.6.x - Microsoft MSN Messenger Service 4.0.x to 4.6.x Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 4028 BugTraq ID: 4316 BugTraq ID: 4675 BugTraq ID: 4827 BugTraq ID: 668 Common Vulnerability Exposure (CVE) ID: CVE-1999-1484 http://www.securityfocus.com/bid/668 Bugtraq: 19990924 Several ActiveX Buffer Overruns (Google Search) http://www.securityfocus.com/archive/1/28719 XForce ISS Database: msn-setup-bbs-activex-bo(3310) https://exchange.xforce.ibmcloud.com/vulnerabilities/3310 Common Vulnerability Exposure (CVE) ID: CVE-2002-0228 http://www.securityfocus.com/bid/4028 Bugtraq: 20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too) (Google Search) http://online.securityfocus.com/archive/1/254021 http://www.iss.net/security_center/static/8084.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0472 http://www.securityfocus.com/bid/4316 Bugtraq: 20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging (Google Search) http://www.securityfocus.com/archive/1/262906 http://www.encode-sec.com/esp0202.pdf http://www.iss.net/security_center/static/8582.php
Copyright	This script is Copyright (C) 2003 Xue Yong Zhi