ID de Prueba:	1.3.6.1.4.1.25623.1.0.902588
Categoría:	Windows : Microsoft Bulletins
Título:	Microsoft Windows Internet Protocol Validation Remote Code Execution Vulnerability
Resumen:	The host is running Microsoft Windows and is prone to remote code; execution vulnerability.
Descripción:	Summary: The host is running Microsoft Windows and is prone to remote code execution vulnerability. Vulnerability Insight: The flaw is due to insufficient validation of IP options and can be exploited to cause a vulnerable system to stop responding and restart or may allow execution of arbitrary code by sending a specially crafted IP packet to a vulnerable system. Vulnerability Impact: Successful exploitation will allow attacker to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options. Affected Software/OS: - Microsoft Windows XP SP2 and prior - Microsoft Windows 2000 Server SP4 and prior Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	BugTraq ID: 13116 BugTraq ID: 13658 BugTraq ID: 13124 BugTraq ID: 10183 Common Vulnerability Exposure (CVE) ID: CVE-2005-0048 Cert/CC Advisory: TA05-102A http://www.us-cert.gov/cas/techalerts/TA05-102A.html CERT/CC vulnerability note: VU#233754 http://www.kb.cert.org/vuls/id/233754 ISS Security Advisory: 20050412 Windows IP Options Remote Compromise http://xforce.iss.net/xforce/alerts/id/192 Microsoft Security Bulletin: MS05-019 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-019 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3824 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4549 Common Vulnerability Exposure (CVE) ID: CVE-2005-0688 Bugtraq: 20050305 Windows Server 2003 and XP SP2 LAND attack vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111005099504081&w=2 HPdes Security Advisory: HPSBST02161 http://www.securityfocus.com/archive/1/449179/100/0/threaded HPdes Security Advisory: SSRT061264 Microsoft Security Bulletin: MS06-064 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-064 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1288 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1685 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A482 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4978 http://secunia.com/advisories/22341 http://www.vupen.com/english/advisories/2006/3983 Common Vulnerability Exposure (CVE) ID: CVE-2004-0790 http://www.securityfocus.com/bid/13124 HPdes Security Advisory: HPSBTU01210 http://marc.info/?l=bugtraq&m=112861397904255&w=2 HPdes Security Advisory: HPSBUX01164 http://www.securityfocus.com/archive/1/418882/100/0/threaded HPdes Security Advisory: SSRT4743 HPdes Security Advisory: SSRT4884 http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html http://www.uniras.gov.uk/niscc/docs/al-20050412-00308.html?lang=en http://www.watersprings.org/pub/id/draft-gont-tcpm-icmp-attacks-03.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1177 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A176 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1910 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A211 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3458 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A412 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4804 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A514 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A53 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A622 SCO Security Bulletin: SCOSA-2006.4 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.4/SCOSA-2006.4.txt http://secunia.com/advisories/18317 http://securityreason.com/securityalert/19 http://securityreason.com/securityalert/57 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101658-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57746-1 Common Vulnerability Exposure (CVE) ID: CVE-2004-1060 Cisco Security Advisory: 20050412 Crafted ICMP Messages Can Cause Denial of Service http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A196 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2188 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3826 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A405 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A651 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A780 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A899 Common Vulnerability Exposure (CVE) ID: CVE-2004-0230 http://www.securityfocus.com/bid/10183 Bugtraq: 20040425 Perl code exploting TCP not checking RST ACK. (Google Search) http://marc.info/?l=bugtraq&m=108302060014745&w=2 Cert/CC Advisory: TA04-111A http://www.us-cert.gov/cas/techalerts/TA04-111A.html CERT/CC vulnerability note: VU#415294 http://www.kb.cert.org/vuls/id/415294 Cisco Security Advisory: 20040420 TCP Vulnerabilities in Multiple IOS-Based Cisco Products http://www.cisco.com/warp/public/707/cisco-sa-20040420-tcp-ios.shtml HPdes Security Advisory: SSRT4696 http://marc.info/?l=bugtraq&m=108506952116653&w=2 http://www.uniras.gov.uk/vuls/2004/236929/index.htm NETBSD Security Advisory: NetBSD-SA2004-006 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-006.txt.asc http://www.osvdb.org/4030 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2689 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A270 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3508 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4791 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5711 SCO Security Bulletin: SCOSA-2005.14 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.14/SCOSA-2005.14.txt SCO Security Bulletin: SCOSA-2005.3 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.3/SCOSA-2005.3.txt SCO Security Bulletin: SCOSA-2005.9 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.9/SCOSA-2005.9.txt http://secunia.com/advisories/11440 http://secunia.com/advisories/11458 SGI Security Advisory: 20040403-01-A ftp://patches.sgi.com/support/free/security/advisories/20040403-01-A.asc XForce ISS Database: tcp-rst-dos(15886) https://exchange.xforce.ibmcloud.com/vulnerabilities/15886
Copyright	Copyright (C) 2011 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.