Anfälligkeitssuche        Suche in 187964 CVE Beschreibungen
und 85075 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.11429
Kategorie:Windows
Titel:Windows Messenger is installed
Zusammenfassung:This host is installed with Microsoft Windows Messenger and;is prone to multiple vulnerabilities.
Beschreibung:Summary:
This host is installed with Microsoft Windows Messenger and
is prone to multiple vulnerabilities.

Vulnerability Insight:
The flaws are due to

- Buffer overflow in Setup ActiveX control (setupbbs.ocx), allows
attacker to execute commands via the methods vAddNewsServer or
bIsNewsServerConfigured.

- An error in 'ActiveX' object allows attacker to disclosure
information.

- An error in the authentication mechanisms, allows remote attacker
to spoof messages.

- An error in 'Font' tag and in 'Invite' request allows remote attacker
to cause denial of service.

Vulnerability Impact:
Successful exploitation could allow attackers to bypass certain
security restrictions, execute arbitrary code in the context of the browser or
cause a denial of service.

Affected Software/OS:
- Microsoft MSN Messenger Service 1.x, 2.0.x, 2.2.x, 3.0.x, 3.6.x

- Microsoft MSN Messenger Service 4.0.x to 4.6.x

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: BugTraq ID: 4028
BugTraq ID: 4316
BugTraq ID: 4675
BugTraq ID: 4827
BugTraq ID: 668
Common Vulnerability Exposure (CVE) ID: CVE-1999-1484
http://www.securityfocus.com/bid/668
Bugtraq: 19990924 Several ActiveX Buffer Overruns (Google Search)
http://www.securityfocus.com/archive/1/28719
XForce ISS Database: msn-setup-bbs-activex-bo(3310)
https://exchange.xforce.ibmcloud.com/vulnerabilities/3310
Common Vulnerability Exposure (CVE) ID: CVE-2002-0228
http://www.securityfocus.com/bid/4028
Bugtraq: 20020202 MSN Messenger reveals your name to websites (and can reveal email addresses too) (Google Search)
http://online.securityfocus.com/archive/1/254021
http://www.iss.net/security_center/static/8084.php
Common Vulnerability Exposure (CVE) ID: CVE-2002-0472
http://www.securityfocus.com/bid/4316
Bugtraq: 20020319 Potential vulnerabilities of the Microsoft RVP-based Instant Messaging (Google Search)
http://www.securityfocus.com/archive/1/262906
http://www.encode-sec.com/esp0202.pdf
http://www.iss.net/security_center/static/8582.php
CopyrightThis script is Copyright (C) 2003 Xue Yong Zhi

Dies ist nur einer von 85075 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2020 E-Soft Inc. Alle Rechte vorbehalten.