Microsoft Windows MS04-011 Security Check

2009-03-1500:00:00

plugins.openvas.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

7.6 High

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

0.972 High

EPSS

Percentile

99.8%

JSON

Windows operating system are affected to multiple remote code
execution and privileges escalation vulnerabilities.

# SPDX-FileCopyrightText: 2009 Christian Eric Edjenguele
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later

# Microsoft Security Bulletin MS04-011
# http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx
#
# LSASS Remote Code Execution Vulnerability - CAN-2003-0533
# LDAP Denial Of Service Vulnerability - CAN-2003-0663
# PCT  Remote Code Execution Vulnerability - CAN-2003-0719
# Winlogon  Remote Code Execution Vulnerability - CAN-2003-0806
# Metafile  Remote Code Execution Vulnerability - CAN-2003-0906
# Help and Support Center  Remote Code Execution Vulnerability - CAN-2003-0907
# Utility Manager  Privilege Elevation Vulnerability - CAN-2003-0908
# Local Descriptor Table  Privilege Elevation Vulnerability - CAN-2003-0910
# H.323  Remote Code Execution Vulnerability - CAN-2004-0117
# Virtual DOS Machine  Privilege Elevation Vulnerability - CAN-2004-0118
# Negotiate SSP  Remote Code Execution Vulnerability - CAN-2004-0119
# SSL  Denial Of Service Vulnerability - CAN-2004-0120
# ASN.1 Double Free Vulnerability - CAN-2004-0123
#
# Affected Software:
# Microsoft Windows NT® Workstation 4.0 Service Pack 6a
# Microsoft Windows NT Server 4.0 Service Pack 6a
# Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
# Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, and Microsoft Windows 2000 Service Pack 4
# Microsoft Windows XP and Microsoft Windows XP Service Pack 1
# Microsoft Windows XP 64-Bit Edition Service Pack 1
# Microsoft Windows XP 64-Bit Edition Version 2003
# Microsoft Windows Server 2003
# Microsoft Windows Server 2003 64-Bit Edition
# Microsoft NetMeeting
# Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
#
# remote-MS04-011.nasl
#
# Note:
# This security update replaces several prior security bulletins.
# The security bulletin IDs and operating systems that are affected are listed in the table below.
#
# Bulletin ID    Windows NT 4.0         Windows 2000     Windows XP             Windows Server 2003
# MS99-023       Replaced               Not Applicable   Not Applicable         Not Applicable
# MS00-027       Not Replaced           Replaced         Not Applicable         Not Applicable
# MS00-032       Not Applicable         Replaced         Not Applicable         Not Applicable
# MS00-070       Not Replaced           Replaced         Not Applicable         Not Applicable
# MS02-050       Replaced               Not Replaced     Not Replaced           Not Applicable
# MS02-051       Not Applicable         Replaced         Not Replaced           Not Applicable
# MS02-071       Replaced               Replaced         Not Replaced           Not Applicable
# MS03-007       Not Replaced           Replaced         Not Replaced           Not Applicable
# MS03-013       Replaced               Replaced         Not Replaced           Not Applicable
# MS03-025       Not Applicable         Replaced         Not Applicable         Not Applicable
# MS03-041       Replaced               Not Replaced     Not Replaced           Not Replaced
# MS03-045       Replaced               Replaced         Not Replaced           Not Replaced
# MS04-007       Replaced               Replaced         Replaced               Replaced
#
# Tested on:
#
# [Windows 2000]
#
# [Windows XP]
#
# [Windows 2003]

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.101011");
  script_version("2024-02-16T05:06:55+0000");
  script_tag(name:"last_modification", value:"2024-02-16 05:06:55 +0000 (Fri, 16 Feb 2024)");
  script_tag(name:"creation_date", value:"2009-03-15 22:32:35 +0100 (Sun, 15 Mar 2009)");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2024-02-15 21:44:30 +0000 (Thu, 15 Feb 2024)");
  script_cve_id("CVE-2003-0533", "CVE-2003-0663", "CVE-2003-0719", "CVE-2003-0806", "CVE-2003-0906", "CVE-2003-0907", "CVE-2003-0908",
                "CVE-2003-0909", "CVE-2003-0910", "CVE-2004-0117", "CVE-2004-0118", "CVE-2004-0119", "CVE-2004-0120", "CVE-2004-0123");
  script_name("Microsoft Windows MS04-011 Security Check");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2009 Christian Eric Edjenguele");
  script_family("Windows : Microsoft Bulletins");

  script_tag(name:"solution", value:"Microsoft has released a patch to fix these issues.");

  script_tag(name:"summary", value:"Windows operating system are affected to multiple remote code
  execution and privileges escalation vulnerabilities.");

  script_tag(name:"impact", value:"An attacker who successfully exploited the most severe of these vulnerabilities could take
  complete control of an affected system, including:

  - installing programs

  - viewing, changing, or deleting data

  - creating new accounts that have full privileges.");

  script_tag(name:"insight", value:"These vulnerabilities includes:

  LSASS Remote Code Execution Vulnerability - CAN-2003-0533

  LDAP Denial Of Service Vulnerability - CAN-2003-0663

  PCT Remote Code Execution Vulnerability - CAN-2003-0719

  Winlogon Remote Code Execution Vulnerability - CAN-2003-0806

  Metafile Remote Code Execution Vulnerability - CAN-2003-0906

  Help and Support Center Remote Code Execution Vulnerability - CAN-2003-0907

  Utility Manager Privilege Elevation Vulnerability - CAN-2003-0908

  Windows Management Privilege Elevation Vulnerability - CAN-2003-0909

  Local Descriptor Table Privilege Elevation Vulnerability - CAN-2003-0910

  H.323 Remote Code Execution Vulnerability - CAN-2004-0117

  Virtual DOS Machine Privilege Elevation Vulnerability - CAN-2004-0118

  Negotiate SSP Remote Code Execution Vulnerability - CAN-2004-0119

  SSL Denial Of Service Vulnerability - CAN-2004-0120

  ASN.1 Double Free Vulnerability - CAN-2004-0123.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"remote_vul");

  script_tag(name:"deprecated", value:TRUE);

  exit(0);
}

exit(66); ## This VT is deprecated as it seems to be broken