CERTA-2005-AVI-137
Vulnerability from certfr_avis - Published: 2005-04-13 - Updated: 2005-04-13
Une vulnérabilité découverte dans l'application Message Queuing de Microsoft permet à un utilisateur mal intentionné d'exécuter à distance du code arbitraire sur le système vulnérable.
Description
Microsoft Message Queuing est un système de messagerie asynchrone.
Une vulnérabilité de type débordement de mémoire permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.
Remarque : le sous-système Message Queuing n'est pas installé par défaut par les systèmes d'exploitation affectés.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Windows 98 et 98 Second Edition.",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows 2000 Service Pack 3 \u0026 4 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP 64-bit Edition Service Pack 1 pour syst\u00e8mes Itanium ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Windows XP Service Pack 1 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nMicrosoft Message Queuing est un syst\u00e8me de messagerie asynchrone.\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire permet \u00e0 un utilisateur\nmal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\nRemarque : le sous-syst\u00e8me Message Queuing n\u0027est pas install\u00e9 par d\u00e9faut\npar les syst\u00e8mes d\u0027exploitation affect\u00e9s.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [],
"initial_release_date": "2005-04-13T00:00:00",
"last_revision_date": "2005-04-13T00:00:00",
"links": [],
"reference": "CERTA-2005-AVI-137",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-04-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans l\u0027application Message Queuing de\nMicrosoft permet \u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter \u00e0 distance\ndu code arbitraire sur le syst\u00e8me vuln\u00e9rable.\n",
"title": "Vuln\u00e9rabilit\u00e9 de Microsoft Message Queuing",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS05-017 du 12 avril 2005",
"url": "http://www.microsoft.com/technet/security/bulletin/MS05-017.mspx"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…