The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of XP

vulnerability alert 16611

Microsoft Windows: credentials disclosure via HTTP redirections

Synthesis of the vulnerability

An attacker who controls both an HTTP server used by a application program based on urlmon.dll and a CIFS server can use HTTP redirections to get encrypted user credentials.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 15/04/2015.
Identifiers: VIGILANCE-VUL-16611, VU#672268.

Description of the vulnerability

Microsoft Windows offers a library urlmon.dll that provides an HTTP client.

This client follows HTTP redirections. However, it does so even if the URL scheme is changed from "http" to "file". So, when the redirection target is a SMB/CIFS server, the client automatically sends the user credentials (user name and password hash) to the CIFS server.

An attacker who controls both an HTTP server used by a application program based on urlmon.dll and a CIFS server can therefore use HTTP redirections to get encrypted user credentials.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2015-1170

Windows: privilege escalation via NVIDIA Display Driver

Synthesis of the vulnerability

A local attacker can use an NVIDIA Display Driver on Windows, in order to escalate his privileges.
Impacted products: Windows 2008 R0, Windows 2008 R2, Windows 7, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 03/03/2015.
Identifiers: 3634, CERTFR-2015-AVI-083, CVE-2015-1170, VIGILANCE-VUL-16292.

Description of the vulnerability

NVIDIA products require a driver which have to be installed on Windows:
 - GeForce Notebook, Quadro, NVS Notebook
 - GeForce Desktop
 - Quadro, NVS Workstation
 - GRID baremetal, GPU passthrough
 - GRID virtual GPU (vGPU)

However, an attacker can use this driver, to access to privileged resources.

A local attacker can therefore use an NVIDIA Display Driver on Windows, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-4971

Windows XP, 2003: vulnerabilities of drivers

Synthesis of the vulnerability

An attacker can use two vulnerabilities of Windows drivers.
Impacted products: Windows 2003, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 21/07/2014.
Revision date: 14/10/2014.
Identifiers: 2993254, CERTFR-2014-AVI-418, CVE-2014-4971, KL-001-2014-002, KL-001-2014-003, MS14-062, VIGILANCE-VUL-15078.

Description of the vulnerability

An attacker can use two vulnerabilities of Windows drivers.

An attacker can generate a memory corruption in BthPan.sys of Windows XP, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; CVE-2014-4971, KL-001-2014-002]

An attacker can generate a memory corruption in MQAC.sys, in order to trigger a denial of service, and possibly to execute code. [severity:2/4; 2993254, CVE-2014-4971, KL-001-2014-003, MS14-062]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2014-0253 CVE-2014-0257 CVE-2014-0295

Microsoft .NET: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft .NET.
Impacted products: .NET Framework, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, data reading, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 11/02/2014.
Revisions dates: 12/02/2014, 25/09/2014.
Identifiers: 2916607, BID-65415, BID-65417, BID-65418, CERTFR-2014-AVI-064, CVE-2014-0253, CVE-2014-0257, CVE-2014-0295, MS14-009, VIGILANCE-VUL-14222.

Description of the vulnerability

Several vulnerabilities were announced in Microsoft .NET.

An attacker can use a POST query to generate an error in the processing of stale or closed HTTP client connections, in order to trigger a denial of service. This vulnerability has the same origin than VIGILANCE-VUL-8809. [severity:2/4; BID-65415, CVE-2014-0253]

An attacker can execute a special method, in order to escape the sandbox, to escalate his privileges. [severity:3/4; BID-65417, CVE-2014-0257]

An attacker can use vsab7rt.dll, in order to obtain sensitive information about the memory layout, to bypass ASLR. [severity:1/4; BID-65418, CVE-2014-0295]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2013-3900

Windows: code execution via WinVerifyTrust

Synthesis of the vulnerability

An attacker can alter a valid signed file, without being noticed by WinVerifyTrust, in order to deceive the victim so it runs the program.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/12/2013.
Revision date: 30/07/2014.
Identifiers: 2893294, BID-64079, CERTA-2013-AVI-664, CVE-2013-3900, MS13-098, VIGILANCE-VUL-13927.

Description of the vulnerability

The Authenticode feature checks the signature of an executable, in order to warn users before running the program

However, the WinVerifyTrust function does not correctly check the hash of the executable file.

An attacker can therefore alter a valid signed file, without being noticed by WinVerifyTrust, in order to deceive the victim, so he runs the program.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2014-2779

Microsoft Malware Protection Engine: denial of service

Synthesis of the vulnerability

An attacker can send a malicious file to the Microsoft Malware Protection Engine, in order to trigger a denial of service.
Impacted products: Forefront Security for Exchange Server, Forefront Threat Management Gateway, Forefront Unified Access Gateway, SCCM, SCOM, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 18/06/2014.
Identifiers: 2974294, CVE-2014-2779, VIGILANCE-VUL-14908.

Description of the vulnerability

The Microsoft Malware Protection Engine analyzes files searching for malware.

However, a malicious file locks this engine.

An attacker can therefore send a malicious file to the Microsoft Malware Protection Engine, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin 14818

Windows: changing configuration via DHCP INFORM

Synthesis of the vulnerability

An attacker can reply to DHCP INFORM queries of Windows, in order to alter its configuration.
Impacted products: Windows 2000, Windows 2003, Windows XP.
Severity: 2/4.
Consequences: data creation/edition.
Provenance: LAN.
Creation date: 30/05/2014.
Identifiers: VIGILANCE-VUL-14818.

Description of the vulnerability

The DHCP INFORM is used by a client to request a DHCP server to provide additional information (WPAD, DNS, router, etc.).

The DHCP client of Windows implements DHCP INFORM. However, if does not check if replies come from the DHCP server.

An attacker can therefore reply to DHCP INFORM queries of Windows, in order to alter its configuration.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2014-0315

Windows: code execution via BAT/CMD

Synthesis of the vulnerability

An attacker can invite the victim to open a remote BAT/CMD file on Windows, in order to execute code.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: document.
Creation date: 08/04/2014.
Identifiers: 2922229, CERTFR-2014-AVI-159, CVE-2014-0315, MS14-019, VIGILANCE-VUL-14555.

Description of the vulnerability

Files with the .BAT or .CMD extension contain shell commands.

When these files are located on a remote share, Windows applies a different security policy. However, an attacker can bypass this policy, so these scripts are run.

An attacker can therefore invite the victim to open a remote BAT/CMD file on Windows, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2014-0317

Windows: brute force via SAMR

Synthesis of the vulnerability

An attacker can use SAMR to exploit a brute force, in order to guess the password of a Windows user.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 11/03/2014.
Identifiers: 2934418, CERTFR-2014-AVI-122, CVE-2014-0317, MS14-016, VIGILANCE-VUL-14407.

Description of the vulnerability

The SAMR (Security Account Manager Remote) protocol is used to manipulate the user database.

However, the account lockout is not managed.

An attacker can therefore use SAMR to exploit a brute force, in order to guess the password of a Windows user.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2014-0300 CVE-2014-0323

Windows: two vulnerabilities of Win32k

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Win32k of Windows.
Impacted products: Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, data reading.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 11/03/2014.
Identifiers: 2930275, CERTFR-2014-AVI-121, CVE-2014-0300, CVE-2014-0323, MS14-015, VIGILANCE-VUL-14406.

Description of the vulnerability

Several vulnerabilities were announced in the win32k.sys kernel driver, which for example manages windows.

A local attacker can manipulate an object in memory, in order to escalate his privileges. [severity:2/4; CVE-2014-0300]

A local attacker can manipulate an object in memory, in order to obtain sensitive information. [severity:1/4; CVE-2014-0323]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.