The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Windows XP

vulnerability bulletin CVE-2017-0176 CVE-2017-8461 CVE-2017-8487

Microsoft Windows XP, 2003: three vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft Windows XP, 2003.
Impacted products: Windows 2003, Windows XP.
Severity: 3/4.
Consequences: privileged access/rights, denial of service on client.
Provenance: intranet server.
Number of vulnerabilities in this bulletin: 3.
Creation date: 15/06/2017.
Identifiers: 4022747, 4024323, 4025218, CERTFR-2017-ALE-008, CERTFR-2017-AVI-181, CVE-2017-0176, CVE-2017-8461, CVE-2017-8487, ESTEEMAUDIT, VIGILANCE-VUL-22983.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft Windows XP, 2003.

An attacker can use a vulnerability in the proxy for smart card access included in the RDP implementation from Microsoft Windows XP, 2003, in order to run code (VIGILANCE-VUL-22478). [severity:3/4; 4022747, CERTFR-2017-ALE-008, CVE-2017-0176, ESTEEMAUDIT]

An attacker can use a vulnerability via RPC, in order to run code. [severity:2/4; 4024323, CVE-2017-8461]

An attacker can bypass security features via olecnv32.dll, in order to escalate his privileges. [severity:2/4; 4025218, CVE-2017-8487]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-0176

Windows XP, 2003: code execution via RDP Smart Card Virtual Channel

Synthesis of the vulnerability

An attacker can use a vulnerability via RDP Smart Card Virtual Channel of Windows XP/2003, in order to run code.
Impacted products: Windows 2003, Windows XP.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/04/2017.
Identifiers: 4022747, 4024323, 4025218, CERTFR-2017-ALE-008, CVE-2017-0176, CVE-2017-9073-REJECT, ESTEEMAUDIT, VIGILANCE-VUL-22478.

Description of the vulnerability

An attacker can use a vulnerability via RDP Smart Card Virtual Channel of Windows XP/2003, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-0001 CVE-2017-0005 CVE-2017-0007

Windows: vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: IIS, Windows 10, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 82.
Creation date: 14/03/2017.
Revision date: 22/03/2017.
Identifiers: 1019, 1021, 1022, 1023, 1025, 1027, 1028, 1029, 1030, 1031, 1042, 1052, 1053, 1054, 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, 993, CERTFR-2017-AVI-082, CERTFR-2017-AVI-154, CVE-2017-0001, CVE-2017-0005, CVE-2017-0007, CVE-2017-0008, CVE-2017-0014, CVE-2017-0016, CVE-2017-0021, CVE-2017-0022, CVE-2017-0023, CVE-2017-0024, CVE-2017-0025, CVE-2017-0026, CVE-2017-0039, CVE-2017-0042, CVE-2017-0043, CVE-2017-0045, CVE-2017-0047, CVE-2017-0050, CVE-2017-0051, CVE-2017-0055, CVE-2017-0056, CVE-2017-0057, CVE-2017-0060, CVE-2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0072, CVE-2017-0073, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082, CVE-2017-0083, CVE-2017-0084, CVE-2017-0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0091, CVE-2017-0092, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0100, CVE-2017-0101, CVE-2017-0102, CVE-2017-0103, CVE-2017-0104, CVE-2017-0108, CVE-2017-0109, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128, CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-22132, ZDI-17-168.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 16611

Microsoft Windows: credentials disclosure via HTTP redirections

Synthesis of the vulnerability

An attacker who controls both an HTTP server used by a application program based on urlmon.dll and a CIFS server can use HTTP redirections to get encrypted user credentials.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 15/04/2015.
Identifiers: VIGILANCE-VUL-16611, VU#672268.

Description of the vulnerability

Microsoft Windows offers a library urlmon.dll that provides an HTTP client.

This client follows HTTP redirections. However, it does so even if the URL scheme is changed from "http" to "file". So, when the redirection target is a SMB/CIFS server, the client automatically sends the user credentials (user name and password hash) to the CIFS server.

An attacker who controls both an HTTP server used by a application program based on urlmon.dll and a CIFS server can therefore use HTTP redirections to get encrypted user credentials.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-1170

Windows: privilege escalation via NVIDIA Display Driver

Synthesis of the vulnerability

A local attacker can use an NVIDIA Display Driver on Windows, in order to escalate his privileges.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/03/2015.
Identifiers: 3634, CERTFR-2015-AVI-083, CVE-2015-1170, VIGILANCE-VUL-16292.

Description of the vulnerability

NVIDIA products require a driver which have to be installed on Windows:
 - GeForce Notebook, Quadro, NVS Notebook
 - GeForce Desktop
 - Quadro, NVS Workstation
 - GRID baremetal, GPU passthrough
 - GRID virtual GPU (vGPU)

However, an attacker can use this driver, to access to privileged resources.

A local attacker can therefore use an NVIDIA Display Driver on Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-4971

Windows XP, 2003: vulnerabilities of drivers

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Windows drivers.
Impacted products: Windows 2003, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/07/2014.
Revision date: 14/10/2014.
Identifiers: 2993254, CERTFR-2014-AVI-418, CVE-2014-4971, KL-001-2014-002, KL-001-2014-003, MS14-062, VIGILANCE-VUL-15078.

Description of the vulnerability

An attacker can use two vulnerabilities of Windows drivers.

An attacker can generate a memory corruption in BthPan.sys of Windows XP, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-4971, KL-001-2014-002]

An attacker can generate a memory corruption in MQAC.sys, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 2993254, CVE-2014-4971, KL-001-2014-003, MS14-062]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-0253 CVE-2014-0257 CVE-2014-0295

Microsoft .NET: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft .NET.
Impacted products: .NET Framework, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/02/2014.
Revisions dates: 12/02/2014, 25/09/2014.
Identifiers: 2916607, BID-65415, BID-65417, BID-65418, CERTFR-2014-AVI-064, CVE-2014-0253, CVE-2014-0257, CVE-2014-0295, MS14-009, VIGILANCE-VUL-14222.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft .NET.

An attacker can use a POST query to generate an error in the processing of stale or closed HTTP client connections, in order to trigger a denial of service. This vulnerability has the same origin than VIGILANCE-VUL-8809. [severity:2/4; BID-65415, CVE-2014-0253]

An attacker can execute a special method, in order to escape the sandbox, to escalate his privileges. [severity:3/4; BID-65417, CVE-2014-0257]

An attacker can use vsab7rt.dll, in order to obtain sensitive information about the memory layout, to bypass ASLR. [severity:1/4; BID-65418, CVE-2014-0295]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-3900

Windows: code execution via WinVerifyTrust

Synthesis of the vulnerability

An attacker can alter a valid signed file, without being noticed by WinVerifyTrust, in order to deceive the victim so it runs the program.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/12/2013.
Revision date: 30/07/2014.
Identifiers: 2893294, BID-64079, CERTA-2013-AVI-664, CVE-2013-3900, MS13-098, VIGILANCE-VUL-13927.

Description of the vulnerability

The Authenticode feature checks the signature of an executable, in order to warn users before running the program

However, the WinVerifyTrust function does not correctly check the hash of the executable file.

An attacker can therefore alter a valid signed file, without being noticed by WinVerifyTrust, in order to deceive the victim, so he runs the program.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-2779

Microsoft Malware Protection Engine: denial of service

Synthesis of the vulnerability

An attacker can send a malicious file to the Microsoft Malware Protection Engine, in order to trigger a denial of service.
Impacted products: Forefront Security for Exchange Server, Forefront Threat Management Gateway, Forefront Unified Access Gateway, SCCM, SCOM, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 18/06/2014.
Identifiers: 2974294, CVE-2014-2779, VIGILANCE-VUL-14908.

Description of the vulnerability

The Microsoft Malware Protection Engine analyzes files searching for malware.

However, a malicious file locks this engine.

An attacker can therefore send a malicious file to the Microsoft Malware Protection Engine, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 14818

Windows: changing configuration via DHCP INFORM

Synthesis of the vulnerability

An attacker can reply to DHCP INFORM queries of Windows, in order to alter its configuration.
Impacted products: Windows 2000, Windows 2003, Windows XP.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: LAN.
Creation date: 30/05/2014.
Identifiers: VIGILANCE-VUL-14818.

Description of the vulnerability

The DHCP INFORM is used by a client to request a DHCP server to provide additional information (WPAD, DNS, router, etc.).

The DHCP client of Windows implements DHCP INFORM. However, if does not check if replies come from the DHCP server.

An attacker can therefore reply to DHCP INFORM queries of Windows, in order to alter its configuration.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.