ID SECURITYVULNS:DOC:1756 Type securityvulns Reporter Securityvulns Modified 2001-06-23T00:00:00
Description
Title: Patch Available for "NetMeeting Desktop Sharing"
Vulnerability
Released: 13 October 2000
Revised: 21 June 2001 (version 2.0)
Software: Netmeeting
Impact: Denial of service
Bulletin: MS00-077
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS00-077.asp.
Reason for Revision:
A new variant of the originally reported vulnerability has been
found.
The patch has been updated to address both the original and new
variants.
Issue:
A remote denial of service vulnerability has been discovered in a
component of Microsoft(r) NetMeeting. The denial of service can occur
when a malicious client sends a particular malformed string to a port
which the NetMeeting service is listening on and with Remote Desktop
Sharing enabled.
Although the NetMeeting application is provided as part of Windows(r)
2000 products, the application and affected component is not enabled
by
default, and customers who have not enabled it would not be at risk
from this vulnerability.
Mitigating Factors:
NetMeeting is not enabled by default on either Windows 2000 or
Windows NT(r) 4.0.
The vulnerability could not be used for any broader attack - that
is, it could not be used to compromise data within a Netmeeting
session
or usurp administrative control of a remote desktop session.
Patch Availability:
A patch is available to fix this vulnerability. Please read the
Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
for information on obtaining this patch.
Acknowledgment:
Peter Grundl
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL
MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS
OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR
CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY
NOT
APPLY.
{"id": "SECURITYVULNS:DOC:1756", "bulletinFamily": "software", "title": "Security Bulletin MS00-077 (version 2.0)", "description": "- ----------------------------------------------------------------------\r\nTitle: Patch Available for "NetMeeting Desktop Sharing" \r\n Vulnerability\r\nReleased: 13 October 2000\r\nRevised: 21 June 2001 (version 2.0)\r\nSoftware: Netmeeting\r\nImpact: Denial of service\r\nBulletin: MS00-077\r\n\r\nMicrosoft encourages customers to review the Security Bulletin at: \r\nhttp://www.microsoft.com/technet/security/bulletin/MS00-077.asp.\r\n- ----------------------------------------------------------------------\r\n\r\nReason for Revision:\r\n====================\r\nA new variant of the originally reported vulnerability has been\r\nfound. \r\nThe patch has been updated to address both the original and new \r\nvariants.\r\n\r\nIssue:\r\n======\r\nA remote denial of service vulnerability has been discovered in a \r\ncomponent of Microsoft(r) NetMeeting. The denial of service can occur\r\nwhen a malicious client sends a particular malformed string to a port\r\nwhich the NetMeeting service is listening on and with Remote Desktop \r\nSharing enabled. \r\n\r\nAlthough the NetMeeting application is provided as part of Windows(r)\r\n2000 products, the application and affected component is not enabled\r\nby \r\ndefault, and customers who have not enabled it would not be at risk \r\nfrom this vulnerability. \r\n\r\nMitigating Factors:\r\n====================\r\n - NetMeeting is not enabled by default on either Windows 2000 or\r\n Windows NT(r) 4.0. \r\n - The vulnerability could not be used for any broader attack - that \r\n is, it could not be used to compromise data within a Netmeeting \r\nsession\r\n or usurp administrative control of a remote desktop session.\r\n\r\nPatch Availability:\r\n===================\r\n - A patch is available to fix this vulnerability. Please read the \r\n Security Bulletin\r\n http://www.microsoft.com/technet/security/bulletin/ms00-077.asp\r\n for information on obtaining this patch.\r\n\r\nAcknowledgment:\r\n===============\r\n - Peter Grundl\r\n\r\n- ---------------------------------------------------------------------\r\n\r\nTHE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED \r\n"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL \r\nWARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF \r\nMERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT\r\nSHALL \r\nMICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES \r\nWHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,\r\nLOSS \r\nOF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION\r\nOR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH\r\nDAMAGES. \r\nSOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR\r\nCONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY\r\nNOT \r\nAPPLY.\r\n", "published": "2001-06-23T00:00:00", "modified": "2001-06-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:1756", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:04", "edition": 1, "viewCount": 9, "enchantments": {"score": {"value": 2.9, "vector": "NONE", "modified": "2018-08-31T11:10:04", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:04", "rev": 2}, "vulnersScore": 2.9}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **healthforyouandyou[.]online** in [RST Threat Feed](https://rstcloud.net/profeed) with score **45**.\n First seen: 2021-01-13T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 87[.]236.16.202\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-13T00:00:00", "id": "RST:C7BB3BE8-1756-301B-9691-E674B9E36A18", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: healthforyouandyou.online", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **hijack-86dk6[.]stream** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:7C859D62-1756-3767-9754-1A3D2F72CCEC", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: hijack-86dk6.stream", "type": "rst", "cvss": {}}, {"lastseen": "2020-11-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **dac[.]moricpool.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-08-04T03:00:00, Last seen: 2020-11-06T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-08-04T00:00:00", "id": "RST:745587D6-1756-3CA3-BC8C-35575EEE31E3", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: dac.moricpool.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **support-add28[.]stream** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:76D10E2C-1756-37B3-A891-8FBC4D7DF493", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: support-add28.stream", "type": "rst", "cvss": {}}, {"lastseen": "2020-11-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **www[.]shop.phpmyadmin.wowne.ro** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-01-10T03:00:00, Last seen: 2020-11-06T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-01-10T00:00:00", "id": "RST:5E22C21B-1756-3ED2-BB1B-16DDA832262F", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: www.shop.phpmyadmin.wowne.ro", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **jeannettevandervliet[.]nl** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-19T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-19T00:00:00", "id": "RST:29D000BD-1756-308E-8E3D-02017837B495", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: jeannettevandervliet.nl", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **178[.]173.171.10** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **3**.\n First seen: 2020-02-01T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 1756: (First IP 178.173.170.0, Last IP 178.173.172.255).\nASN Name \"HAMYARAS\" and Organisation \"\".\nASN hosts 16 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-02-01T00:00:00", "id": "RST:367DDCDC-DB4C-35E2-9B1A-1BEA0583AC98", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 178.173.171.10", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **119[.]9.15.156** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 58683: (First IP 119.9.0.0, Last IP 119.9.63.255).\nASN Name \"RACKSPACEAS\" and Organisation \"Rackspacecom Sydney\".\nThis IP is a part of \"**rackspace**\" address pools.\nASN hosts 11741 domains.\nGEO IP information: City \"Sydney\", Country \"Australia\".\nIOC could be a **False Positive** (Cloud provider IP).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:28CE0699-1756-34F5-B6FC-5A8C0993942C", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 119.9.15.156", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **210[.]18.189.3** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-16T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 17488: (First IP 210.18.189.0, Last IP 210.18.191.255).\nASN Name \"HATHWAYNETAP\" and Organisation \"Hathway IP Over Cable Internet\".\nASN hosts 933 domains.\nGEO IP information: City \"Vellore\", Country \"India\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-16T00:00:00", "id": "RST:A0CC4E69-1756-3448-9EEC-6A17076A3AD2", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 210.18.189.3", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-15T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://116[.]73.59.114:36017/i** in [RST Threat Feed](https://rstcloud.net/profeed) with score **68**.\n First seen: 2021-01-15T03:00:00, Last seen: 2021-01-15T03:00:00.\n IOC tags: **malware**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-15T00:00:00", "id": "RST:52707DA5-1756-3876-80FF-88529D57F428", "href": "", "published": "2021-01-16T00:00:00", "title": "RST Threat feed. IOC: http://116.73.59.114:36017/i", "type": "rst", "cvss": {}}]}
