| Description: | Summary:
Windows operating system are affected to multiple remote code
execution (RCE) and privileges escalation vulnerabilities.
Vulnerability Insight:
These vulnerabilities includes:
LSASS Remote Code Execution Vulnerability - CAN-2003-0533
LDAP Denial Of Service Vulnerability - CAN-2003-0663
PCT Remote Code Execution Vulnerability - CAN-2003-0719
Winlogon Remote Code Execution Vulnerability - CAN-2003-0806
Metafile Remote Code Execution Vulnerability - CAN-2003-0906
Help and Support Center Remote Code Execution Vulnerability - CAN-2003-0907
Utility Manager Privilege Elevation Vulnerability - CAN-2003-0908
Windows Management Privilege Elevation Vulnerability - CAN-2003-0909
Local Descriptor Table Privilege Elevation Vulnerability - CAN-2003-0910
H.323 Remote Code Execution Vulnerability - CAN-2004-0117
Virtual DOS Machine Privilege Elevation Vulnerability - CAN-2004-0118
Negotiate SSP Remote Code Execution Vulnerability - CAN-2004-0119
SSL Denial Of Service Vulnerability - CAN-2004-0120
ASN.1 Double Free Vulnerability - CAN-2004-0123.
Vulnerability Impact:
An attacker who successfully exploited the most severe of these vulnerabilities could take
complete control of an affected system, including:
- installing programs
- viewing, changing, or deleting data
- creating new accounts that have full privileges.
Solution:
Microsoft has released a patch to fix these issues.
CVSS Score:
7.6
CVSS Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
