CERTA-2003-AVI-009
Vulnerability from certfr_avis - Published: 2003-01-23 - Updated: 2003-01-23
Une vulnérabilité présente dans Microsoft Locator Service permet à un utilisateur distant mal intentionné d'exécuter du code arbitraire sur la machine vulnérable ou d'entraîner un déni de service.
Description
Microsoft Locator Service est un service associant un nom logique à un identifiant réseau. Par défaut, ce service est uniquement activé sur les machines Controleur de domaine.
Un utilisateur mal intentionné peut, par le biais de paquets judicieusement composés, entraîner un déni de service ou exécuter du code arbitraire avec les droits system.
Contournement provisoire
Filtrer le port 135/TCP au niveau du garde-barrière.
Solution
Consulter le bulletin MS03-001 de Microsoft pour connaître la disponibilité des correctifs.
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Windows NT 4.0 Terminal Server Edition ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows NT 4.0 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows 2000 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nMicrosoft Locator Service est un service associant un nom logique \u00e0 un\nidentifiant r\u00e9seau. Par d\u00e9faut, ce service est uniquement activ\u00e9 sur les\nmachines Controleur de domaine.\n\nUn utilisateur mal intentionn\u00e9 peut, par le biais de paquets\njudicieusement compos\u00e9s, entra\u00eener un d\u00e9ni de service ou ex\u00e9cuter du\ncode arbitraire avec les droits system.\n\n## Contournement provisoire\n\nFiltrer le port 135/TCP au niveau du garde-barri\u00e8re.\n\n## Solution\n\nConsulter le bulletin MS03-001 de Microsoft pour conna\u00eetre la\ndisponibilit\u00e9 des correctifs.\n",
"cves": [],
"initial_release_date": "2003-01-23T00:00:00",
"last_revision_date": "2003-01-23T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft :",
"url": "http://www.microsoft.com/technet/security/bulletin/ms03-001.asp"
}
],
"reference": "CERTA-2003-AVI-009",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2003-01-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 pr\u00e9sente dans Microsoft Locator Service permet \u00e0 un\nutilisateur distant mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire sur la\nmachine vuln\u00e9rable ou d\u0027entra\u00eener un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans \"Microsoft Locator Service\"",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin Microsoft MS03-001",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…