|
|
Family: Windows : Microsoft Bulletins --> Category: infos
Flaw in Microsoft VM Could Allow Code Execution (810030) Vulnerability Scan
Vulnerability Scan Summary
Checks for MS Hotfix Q329077, Flaw in Microsoft VM JDBC
Detailed Explanation for this Vulnerability Test
Synopsis :
Arbitrary code can be executed on the remote host through the VM.
Description :
The remote host is running a Microsoft VM machine which has a bug
in its bytecode verifier which may allow a remote attacker to execute
arbitrary code on this host, with the rights of the SYSTEM.
To exploit this vulnerability, a possible hacker would need to send a malformed
applet to a user on this host, and have him execute it. The malicious
applet would then be able to execute code outside the sandbox of the VM.
Solution :
Microsoft has released a set of patches for Windows NT, 2000 and XP :
http://www.microsoft.com/technet/security/bulletin/ms02-052.mspx
Threat Level:
High / CVSS Base Score : 8
(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
