Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: False positives when scanning for MS hotfixes

from [A J Hammond] Network Security [Permanent Link]
Subject: Re: False positives when scanning for MS hotfixes
Date: Sun, 27 Mar 2005 17:53:37 +0100 (BST) 
Hi Renaud,

Apologies for the delay in responding.

Attached is the KB file from the sample host and the
smb_hotfixes.nasl revision is 1.9.

I'm going to upgrade to the latest nessus release
later in the week (it has to be scheduled).

Many thanks for you help.

Andy


--- Renaud Deraison <deraison@nessus.org> wrote:


Can you send us your KB file


(/usr/local/var/nessus/user/<login>/kbs/<ip.of.target>)

?

Could you also send us the version of
smb_hotfixes.nasl that you are
using ?



Send instant messages to your online friends http://uk.messenger.yahoo.com 
1111678072 3 Launched/14273=1
1111678072 3 Launched/12288=1
1111678072 1 global_settings/experimental_scripts=no
1111678072 1 global_settings/thorough_tests=no
1111678072 1 global_settings/report_verbosity=Normal
1111678072 1 global_settings/log_verbosity=Normal
1111678072 1 global_settings/report_paranoia=Normal
1111678072 1 global_settings/network_type=Mixed (use RFC 1918)
1111678072 3 Launched/10180=1
1111678072 3 Launched/11840=1
1111678072 3 Launched/10870=1
1111678072 3 Launched/11038=1
1111678072 3 Launched/10917=1
1111678072 3 Launched/12634=1
1111678072 3 Launched/11011=1
1111678072 3 SMB/test_domain=1
1111678072 1 ftp/writeable_dir=/incoming
1111678072 1 SMTP/headers/From=nobody@example.com
1111678072 3 Launched/14773=1
1111678072 1 ftp/login=anonymous
1111678072 1 SMTP/headers/To=postmaster@[a.b.x.y]
1111678072 1 ftp/password=nessus@nessus.org
1111678072 3 SMB/dont_send_in_cleartext=1
1111678072 3 Launched/10223=1
1111678072 1 SMB/login_filled=*****
1111678073 3 Launched/10736=1
1111678073 1 SMB/password_filled=*****
1111678073 1 SMB/domain_filled=*****
1111678073 3 Launched/15588=1
1111678073 3 Launched/17299=1
1111678073 3 Launched/17277=1
1111678073 3 Launched/17269=1
1111678073 3 Launched/10757=1
1111678073 3 Launched/14772=1
1111678073 3 Launched/11111=1
1111678073 3 Launched/10582=1
1111678073 3 Launched/17264=1
1111678073 3 Launched/17293=1
1111678073 3 Services/www/80/broken=1
1111678073 3 Launched/11149=1
1111678073 3 Launched/11032=1
1111678073 1 Known/tcp/1056=DCE/1ff70682-0a51-30e8-076d-740be8cee98b
1111678073 3 Services/cifs=445
1111678073 1 Known/tcp/445=cifs
1111678073 3 SMB/transport=445
1111678073 1 Known/tcp/1056=DCE/378e52b0-c0a9-11cf-822d-00aa0051e40f
1111678073 3 Services/smb=139
1111678073 1 Known/tcp/139=smb
1111678073 1 SentData/11011/NOTE=An SMB server is running on this port
1111678073 1 SentData/10736/INFO=\nDistributed Computing Environment (DCE) 
services running on the remote host \ncan be enumerated by connecting on port 
135 and doing the appropriate queries. \n\nAn attacker may use this fact to 
gain more knowledge\nabout the remote host.\n\nSolution : filter incoming 
traffic to this port.\nRisk factor : Low
1111678073 3 Success/11011=1
1111678073 3 Launched/10150=1
1111678073 1 SentData/10736/NOTE=Distributed Computing Environment (DCE) 
services running on the remote host\ncan be enumerated by connecting on port 
135 and doing the appropriate queries.\n\nAn attacker may use this fact to gain 
more knowledge\nabout the remote host.\n\n\nHere is the list of DCE services 
running on this port:\n\n     UUID: 1ff70682-0a51-30e8-076d-740be8cee98b, 
version 1\n     Endpoint: ncacn_ip_tcp:a.b.x.y[1056]\n     Named pipe : atsvc\n 
    Win32 service or process : mstask.exe\n     Description : Scheduler 
service\n\n     UUID: 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1\n     
Endpoint: ncacn_ip_tcp:a.b.x.y[1056]\n\n\n\nSolution : filter incoming traffic 
to this port.\nRisk factor : Low
1111678073 3 Success/10736=1
1111678073 3 Launched/11153=1
1111678073 3 Launched/10662=1
1111678073 1 SMB/name=*****      
1111678073 1 SMB/workgroup=*****       
1111678073 3 Launched/10144=1
1111678073 3 Launched/11214=1
1111678073 3 Launched/10386=1
1111678073 1 SentData/10150/INFO=The following 7 NetBIOS names have been 
gathered :\n *****      \n *****        = Workgroup / Domain name\n *****       
= This is the current logged in user or registered workstation name.\n *****    
   = This is the computer name\n *****        = Workgroup / Domain name (part 
of the Browser elections)\n *****            = This is the current logged in 
user or registered workstation name.\n x*****     O  \nThe remote host has the 
following MAC address on its adapter :\n   00:c0:4f:1f:db:14\n\nIf you do not 
want to allow everyone to find the NetBios name\nof your computer, you should 
filter incoming traffic to this port.\n\nRisk factor : Medium
1111678073 3 Success/10150=1
1111678073 3 Launched/17267=1
1111678073 3 Launched/10264=1
1111678073 1 SMB/username=*****           
1111678073 3 Launched/10195=1
1111678073 3 Launched/10394=1
1111678073 3 Launched/11919=1
1111678073 3 Launched/10032=1
1111678073 3 Launched/10092=1
1111678073 3 Launched/10785=1
1111678073 3 ftp/21/broken=1
1111678078 1 SMB/login=*****
1111678078 1 SMB/password=*****
1111678078 1 SMB/domain=*****
1111678078 1 SentData/10394/NOTE=- NULL sessions are enabled on the remote 
host\n- The SMB tests will be done as '*****'/'******'
1111678078 3 Success/10394=1
1111678078 3 Launched/10400=1
1111678078 1 SMB/NativeLanManager=Windows 2000 LAN Manager
1111678078 1 Host/OS/smb=Windows 5.0
1111678078 1 SentData/10785/NOTE=The remote native lan manager is : Windows 
2000 LAN Manager\nThe remote Operating System is : Windows 5.0\nThe remote SMB 
Domain Name is : *****\n
1111678078 3 Success/10785=1
1111678078 3 Launched/10107=1
1111678078 3 Launched/10456=1
1111678079 1 SentData/10400/NOTE=\nThe remote registry can be accessed remotely 
using the login / password \ncombination used for the SMB tests.
1111678079 3 Success/10400=1
1111678079 3 SMB/registry_access=1
1111678079 3 SMB/registry_full_access=1
1111678079 3 Launched/10428=1
1111678079 1 SMB/svcs=Application Management [ AppMgmt ] \nBackground 
Intelligent Transfer Service [ BITS ] \nComputer Browser [ Browser ] \nSMS 
Client Service [ clisvc ] \nDHCP Client [ Dhcp ] \nLogical Disk Manager [ 
dmserver ] \nDNS Client [ Dnscache ] \nEvent Log [ Eventlog ] \nCOM+ Event 
System [ EventSystem ] \nPC-DCE for Windows NT [ Gradient DCE ] \nServer [ 
lanmanserver ] \nWorkstation [ lanmanworkstation ] \nTCP/IP NetBIOS Helper 
Service [ LmHosts ] \nLotus Notes Single Logon [ Lotus Notes Single Logon ] 
\nMessenger [ Messenger ] \nMulti-user Cleanup Service [ Multi-user Cleanup 
Service ] \nNet Logon [ Netlogon ] \nNetwork Connections [ Netman ] \nRemovable 
Storage [ NtmsSvc ] \nPlug and Play [ PlugPlay ] \nIPSEC Policy Agent [ 
PolicyAgent ] \nProtected Storage [ ProtectedStorage ] \nRemote Access 
Connection Manager [ RasMan ] \nRemote Registry Service [ RemoteRegistry ] 
\nRemote Procedure Call (RPC) [ RpcSs ] \nSecurity Accounts Manager [ SamSs ] 
\nSmart Card [ SCa
 rdSvr ] \nTask Scheduler [ Schedule ] \nRunAs Service [ seclogon ] \nSystem 
Event Notification [ SENS ] \nPrint Spooler [ Spooler ] \nSweep for Windows NT 
Network [ SWEEPNET ] \nSophos Anti-Virus [ SWEEPSRV.SYS ] \nSweep for Windows 
NT Update [ SWEEPUPDATE ] \nTelephony [ TapiSrv ] \nDistributed Link Tracking 
Client [ TrkWks ] \nWindows Time [ W32Time ] \nWindows Management 
Instrumentation [ WinMgmt ] \nWMDM PMSP Service [ WMDM PMSP Service ] \nWindows 
Management Instrumentation Driver Extensions [ Wmi ] \nAutomatic Updates [ 
wuauserv ] \n
1111678079 1 SentData/10456/NOTE=Application Management [ AppMgmt ] 
\nBackground Intelligent Transfer Service [ BITS ] \nComputer Browser [ Browser 
] \nSMS Client Service [ clisvc ] \nDHCP Client [ Dhcp ] \nLogical Disk Manager 
[ dmserver ] \nDNS Client [ Dnscache ] \nEvent Log [ Eventlog ] \nCOM+ Event 
System [ EventSystem ] \nPC-DCE for Windows NT [ Gradient DCE ] \nServer [ 
lanmanserver ] \nWorkstation [ lanmanworkstation ] \nTCP/IP NetBIOS Helper 
Service [ LmHosts ] \nLotus Notes Single Logon [ Lotus Notes Single Logon ] 
\nMessenger [ Messenger ] \nMulti-user Cleanup Service [ Multi-user Cleanup 
Service ] \nNet Logon [ Netlogon ] \nNetwork Connections [ Netman ] \nRemovable 
Storage [ NtmsSvc ] \nPlug and Play [ PlugPlay ] \nIPSEC Policy Agent [ 
PolicyAgent ] \nProtected Storage [ ProtectedStorage ] \nRemote Access 
Connection Manager [ RasMan ] \nRemote Registry Service [ RemoteRegistry ] 
\nRemote Procedure Call (RPC) [ RpcSs ] \nSecurity Accounts Manager [ SamSs ] 
\nSmart
  Card [ SCardSvr ] \nTask Scheduler [ Schedule ] \nRunAs Service [ seclogon ] 
\nSystem Event Notification [ SENS ] \nPrint Spooler [ Spooler ] \nSweep for 
Windows NT Network [ SWEEPNET ] \nSophos Anti-Virus [ SWEEPSRV.SYS ] \nSweep 
for Windows NT Update [ SWEEPUPDATE ] \nTelephony [ TapiSrv ] \nDistributed 
Link Tracking Client [ TrkWks ] \nWindows Time [ W32Time ] \nWindows Management 
Instrumentation [ WinMgmt ] \nWMDM PMSP Service [ WMDM PMSP Service ] \nWindows 
Management Instrumentation Driver Extensions [ Wmi ] \nAutomatic Updates [ 
wuauserv ] \n\nYou should turn off the services you do not use.\nThis list is 
useful to an attacker, who can make his attack\nmore silent by not portscanning 
this host.\n\nSolution :  To prevent the listing of the services for 
being\nobtained, you should either have tight login restrictions,\nso that only 
trusted users can access your host, and/or you\nshould filter incoming traffic 
to this port.\n\nRisk factor : Low
1111678079 3 Success/10456=1
1111678079 3 Launched/10401=1
1111678079 3 Launched/14263=1
1111678079 1 SMB/WindowsVersion=5.0
1111678079 1 SMB/CSDVersion=Service Pack 4
1111678079 3 Launched/10531=1
1111678079 3 Launched/11119=1
1111678079 1 SMB/Win2K/ServicePack=Service Pack 4
1111678079 1 SentData/10531/NOTE=The remote Windows 2000 system has Service 
Pack 4 applied.\n
1111678079 3 Success/10531=1
1111678079 3 Launched/11217=1
1111678079 3 Launched/13855=1
1111678079 3 Launched/11804=1
1111678079 3 Launched/17328=1
1111678079 3 Launched/10412=1
1111678080 3 SMB/Registry/Enumerated=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB329115=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB819696=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB823182=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB823559=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB824105=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB824141=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB824146=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB825119=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB826232=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB828028=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB828035=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB828741=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB828749=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB834707-IE6SP1-20040929.091901=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB835732=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB837001=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB839643=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB839645=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB840315=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB840987=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB841356=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB841533=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB841872=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB841873=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB842526=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB867282-IE6SP1-20050127.163319=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB871250=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB873333=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB873339=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB885250=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB885834=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB885835=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB885836=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB888113=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB889293-IE6SP1-20041111.235619=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB890047=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB890175=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB891711=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/KB891781=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/Q147222=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/Q828026=1
1111678080 3 SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows 
NT/CurrentVersion/HotFix/ServicePackUninstall=1
1111678080 1 
SMB/Registry/HKLM/SYSTEM/CurrentControlSet/Control/ProductOptions=WinNT
1111678080 3 Launched/10861=1
1111678080 3 Launched/11530=1
1111678080 3 Launched/10504=1
1111678080 3 Launched/11336=1
1111678080 3 Launched/11404=1
1111678080 3 Launched/11831=1
1111678080 3 Launched/12015=1
1111678080 3 Launched/14245=1
1111678080 3 Launched/11640=1
1111678081 3 Launched/11029=1
1111678081 3 Launched/12014=1
1111678081 3 Launched/12642=1
1111678081 3 Launched/12001=1
1111678081 3 Launched/14197=1
1111678081 3 Launched/16333=1
1111678081 3 Launched/15456=1
1111678081 3 Launched/11693=1
1111678081 1 SentData/15456/HOLE=\nThe remote version of Windows is affected by 
a vulnerability in \nNetwork Dynamic Data Exchange (NetDDE).\n\nTo exploit this 
flaw, NetDDE would have to be running and an attacker\nwith a specific 
knowledge of the vulnerability would need to send a malformed\nNetDDE message 
to the remote host to overrun a given buffer.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/MS04-031.mspx\nRisk factor : 
High
1111678081 3 Success/15456=1
1111678081 3 Launched/11616=1
1111678081 3 Launched/12052=1
1111678081 3 Launched/11191=1
1111678081 3 Launched/10458=1
1111678081 3 Launched/10964=1
1111678081 1 SentData/12052/HOLE=\nThe remote Windows host has a ASN.1 library 
which is vulnerable to a \nflaw which could allow an attacker to execute 
arbitrary code on this host.\n\nTo exploit this flaw, an attacker would need to 
send a specially crafted\nASN.1 encoded packet (either an IPsec session 
negotiation, or an HTTPS request)\nwith improperly advertised 
lengths.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-007.mspx\nRisk factor : 
High
1111678081 3 Launched/11304=1
1111678081 3 Launched/15779=1
1111678081 3 Success/12052=1
1111678081 3 Launched/15817=1
1111678082 3 Launched/17585=1
1111678082 3 Launched/10398=1
1111678082 3 Launched/16204=1
1111678082 3 Launched/10546=1
1111678082 3 Launched/10668=1
1111678082 3 Launched/17315=1
1111678082 3 Launched/10859=1
1111678082 3 Launched/10399=1
1111678082 3 Launched/10892=1
1111678082 3 Launched/10895=1
1111678082 3 Launched/11329=1
1111678082 3 Launched/10860=1
1111678082 3 Launched/10910=1
1111678082 3 Launched/11363=1
1111678082 3 Launched/14729=1
1111678082 3 Launched/11146=1
1111678082 3 Launched/12235=1
1111678082 3 Launched/12017=1
1111678082 3 Launched/17367=1
1111678082 3 Launched/12108=1
1111678082 3 Launched/16328=1
1111678082 3 Launched/14597=1
1111678082 3 Launched/11683=1
1111678082 3 Launched/10907=1
1111678082 3 Launched/11774=1
1111678083 3 Launched/17255=1
1111678083 3 Launched/13639=1
1111678083 3 Launched/10884=1
1111678083 3 Launched/12218=1
1111678083 3 Launched/10800=1
1111678083 3 Launched/10555=1
1111678083 3 Launched/11922=1
1111678083 3 Launched/14278=1
1111678083 3 Launched/12063=1
1111678083 3 Launched/12204=1
1111678083 3 Launched/11936=1
1111678083 3 Launched/15789=1
1111678083 3 Launched/12018=1
1111678083 1 Host/OS/icmp=Microsoft Windows 2000
1111678083 1 SentData/11936/NOTE=The remote host is running Microsoft Windows 
2000
1111678083 3 Success/11936=1
1111678083 3 Launched/13852=1
1111678083 3 Launched/12010=1
1111678083 3 Launched/10434=1
1111678083 3 Launched/10632=1
1111678083 3 Launched/14247=1
1111678083 3 Launched/11534=1
1111678083 3 Launched/10896=1
1111678083 3 Launched/13643=1
1111678083 3 Launched/10567=1
1111678083 1 SentData/13643/INFO=\nThe remote host is missing a cumulative 
security update for Outlook Express\nwhich fixes a denial of service 
vulnerability in the Outlook Express mail\nclient.\n\nTo exploit this 
vulnerability, an attacker would need to send a malformed\nmessage to a victim 
on the remote host. The message will crash her version\nof Outlook, thus 
preventing her from reading her e-mail.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-018.mspx\nRisk factor : 
Medium
1111678083 3 Success/13643=1
1111678084 3 Launched/12208=1
1111678084 3 Launched/17325=1
1111678084 3 Launched/12002=1
1111678084 1 SentData/12208/HOLE=\nThe remote host has a version of Outlook 
express which has a bug in its\nMHTML URL processor, which may allow an 
attacker to execute arbitrary\ncode on this host.\n\nTo exploit this flaw, an 
attacker would need to send a malformed email to\na user of this host using 
Outlook, or would need to lure him into visiting\na rogue website.\n\nSolution 
: http://www.microsoft.com/technet/security/bulletin/ms04-013.mspx\nRisk factor 
: High
1111678084 3 Success/12208=1
1111678084 3 Launched/10395=1
1111678084 3 Launched/11709=1
1111678084 1 SMB/shares=IPC$
1111678084 1 SMB/shares=D$
1111678084 1 SMB/shares=ADMIN$
1111678084 1 SMB/shares=C$
1111678084 1 SentData/10395/INFO=Here is the list of the SMB shares of this 
host : \n\nIPC$\nD$\nADMIN$\nC$\n\n\nThis is potentially dangerous as this may 
help the attack\nof a potential hacker.\n\nSolution : filter incoming traffic 
to this port\nRisk factor : Medium
1111678084 3 Success/10395=1
1111678084 3 Launched/10396=1
1111678084 3 Launched/10431=1
1111678084 3 Launched/17260=1
1111678084 3 Launched/11887=1
1111678084 3 Launched/17584=1
1111678084 1 SentData/11887/HOLE=\nA security vulnerability exists in the 
Microsoft Local Troubleshooter ActiveX control in \nWindows 2000. The 
vulnerability exists because the ActiveX control (Tshoot.ocx) contains\na 
buffer overflow that could allow an attacker to run code of their choice on a 
user's system. \nTo exploit this vulnerability, the attacker would have to 
create a specially formed HTML based \ne-mail and send it to the user. 
\nAlternatively an attacker would have to host a malicious Web site that 
contained a Web page \ndesigned to exploit this vulnerability.\n\nSolution : 
see http://www.microsoft.com/technet/security/bulletin/ms03-042.mspx\nRisk 
factor : High
1111678084 3 Launched/11999=1
1111678084 3 Success/11887=1
1111678084 3 Launched/10916=1
1111678084 3 Launched/11091=1
1111678084 3 Launched/15432=1
1111678084 3 Launched/11572=1
1111678084 3 Launched/14246=1
1111678084 3 Launched/10911=1
1111678084 3 Launched/10433=1
1111678085 3 Launched/11215=1
1111678085 3 Launched/12004=1
1111678085 3 Launched/17268=1
1111678085 3 Launched/10429=1
1111678085 3 Launched/15408=1
1111678085 3 Launched/11458=1
1111678085 3 Launched/10033=1
1111678085 3 Launched/17271=1
1111678085 3 Launched/16299=1
1111678085 3 Launched/17281=1
1111678085 3 Launched/14250=1
1111678085 3 Launched/11148=1
1111678085 3 Launched/11649=1
1111678085 1 SentData/16299/HOLE=\nThe remote host is running a version of the 
NetBT name\nservice which suffers from a memory disclosure problem.\n\nAn 
attacker may send a special packet to the remote NetBT name\nservice, and the 
reply will contain random arbitrary data from \nthe remote host memory. This 
arbitrary data may be a fragment from\nthe web page the remote user is viewing, 
or something more serious\nlike a POP password or anything else.\n\nAn attacker 
may use this flaw to continuously 'poll' the content\nof the memory of the 
remote host and might be able to obtain sensitive\ninformation.\n\n\nSolution : 
See http://www.microsoft.com/technet/security/bulletin/ms03-034.mspx\nRisk 
factor : Medium
1111678085 3 Success/16299=1
1111678085 3 Launched/17322=1
1111678085 3 Launched/11711=1
1111678085 3 Launched/15964=1
1111678085 3 Launched/10944=1
1111678085 3 Launched/14732=1
1111678085 3 Launched/12207=1
1111678085 3 Launched/12012=1
1111678085 3 Launched/13642=1
1111678085 3 Launched/14248=1
1111678085 3 Launched/17279=1
1111678085 3 Launched/11194=1
1111678085 1 SentData/12207/HOLE=\nThe remote host has a bug in its Microsoft 
Jet Database Engine (837001).\n\nAn attacker may exploit one of these flaws to 
execute arbitrary code on the\nremote system.\n\nTo exploit this flaw, an 
attacker would need the ability to craft a specially\nmalformed database query 
and have this engine execute it.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-014.mspx\nRisk factor : 
High
1111678085 1 SentData/13642/INFO=\nThe remote host is running a version of 
Windows which has a flaw in \nits shell. An attacker could persuade a user on 
the remote host to execute\na rogue program by using a CLSID instead of a file 
type, thus fooling\nthe user into thinking that he will not execute an 
application but simply\nopen a document.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-024.mspx\nRisk factor : 
Medium
1111678085 3 Success/12207=1
1111678085 3 Launched/10603=1
1111678086 3 Launched/12054=1
1111678086 3 Success/13642=1
1111678086 3 Launched/12205=1
1111678086 3 Launched/14249=1
1111678086 3 Launched/15458=1
1111678086 3 Launched/12286=1
1111678086 1 SentData/12205/HOLE=\nThe remote host is missing a critical 
Microsoft Windows Security Update (835732).\n\nThis update fixes various flaws 
which may allow an attacker to execute arbitrary code\non the remote 
host.\n\nSolution : Install the Windows cumulative update from Microsoft \nSee 
also : http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx\nRisk 
factor : High
1111678086 3 Success/12205=1
1111678086 3 Launched/11231=1
1111678086 3 Launched/15459=1
1111678086 3 Launched/10945=1
1111678086 3 Launched/14235=1
1111678086 3 Launched/16123=1
1111678086 3 Launched/17318=1
1111678086 3 Launched/12003=1
1111678086 1 SentData/16123/HOLE=\nThe remote host contains a version of the 
HTML Help ActiveX control which\nis vulnerable to a security flaw which may 
allow an attacker to execute\narbitrary code on the remote host by constructing 
a malicious web page\nand entice a victim to visit this web page.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms05-001.mspx\nRisk factor : 
High
1111678086 3 Success/16123=1
1111678086 3 Launched/12647=1
1111678086 3 Launched/15926=1
1111678086 3 Launched/11870=1
1111678086 3 Launched/10524=1
1111678086 3 Launched/15894=1
1111678086 3 Launched/11885=1
1111678086 3 Launched/10427=1
1111678086 1 SentData/11885/INFO=\nA vulnerability exists because the ListBox 
control and the ComboBox control \nboth call a function, which is located in 
the User32.dll file, that contains \na buffer overrun. An attacker who had the 
ability to log on to a system \ninteractively could run a program that could 
send a specially-crafted Windows \nmessage to any applications that have 
implemented the ListBox control or the \nComboBox control, causing the 
application to take any action an attacker \nspecified. An attacker must have 
valid logon credentials to exploit the \nvulnerability. This vulnerability 
could not be exploited remotely. \n\n\nSolution : see 
http://www.microsoft.com/technet/security/bulletin/ms03-045.mspx\n\nRisk factor 
: Medium
1111678086 3 Launched/11830=1
1111678086 3 Launched/11888=1
1111678086 3 Success/11885=1
1111678086 3 Launched/11803=1
1111678086 1 SentData/11888/HOLE=\nA security vulnerability exists in the 
Messenger Service that could allow \narbitrary code execution on an affected 
system. An attacker who successfully \nexploited this vulnerability could be 
able to run code with Local System \nprivileges on an affected system, or could 
cause the Messenger Service to fail.\nDisabling the Messenger Service will 
prevent the possibility of attack. \n\nThis plugin determined by reading the 
remote registry that the patch\nMS03-043 has not been applied.\n\nSolution : 
see http://www.microsoft.com/technet/security/bulletin/ms03-043.mspx\n \nRisk 
factor : High
1111678086 3 Success/11888=1
1111678086 3 Launched/17252=1
1111678086 3 Launched/17319=1
1111678086 3 Launched/17297=1
1111678086 3 Launched/17290=1
1111678086 3 Launched/11423=1
1111678086 3 Launched/11802=1
1111678086 3 Launched/12092=1
1111678086 3 Launched/11835=1
1111678086 3 Launched/17323=1
1111678086 3 Launched/12016=1
1111678087 3 SMB/KB824146=1
1111678087 3 Launched/11790=1
1111678087 3 Launched/17256=1
1111678087 3 Launched/11882=1
1111678087 3 Launched/11325=1
1111678087 3 Launched/11921=1
1111678087 3 Launched/17218=1
1111678087 3 Launched/11212=1
1111678087 1 SentData/11921/HOLE=\nThe remote Windows host is vulnerable to a 
buffer overflow in its Workstation service\nwhich may allow an attacker to 
execute arbitrary code on this host with SYSTEM\nprivileges. \n\n\nSolution : 
see http://www.microsoft.com/technet/security/bulletin/ms03-049.mspx\nRisk 
factor : High
1111678087 3 Launched/17307=1
1111678087 3 Launched/15465=1
1111678087 3 Launched/14254=1
1111678087 3 Success/11921=1
1111678087 3 Launched/11562=1
1111678087 3 Launched/15962=1
1111678087 3 Launched/17327=1
1111678087 3 Launched/10915=1
1111678087 3 Launched/11145=1
1111678087 3 Launched/12111=1
1111678087 3 Launched/11892=1
1111678087 3 Launched/17294=1
1111678087 3 Launched/10815=1
1111678087 3 Launched/10413=1
1111678087 3 Launched/14270=1
1111678088 3 Launched/17581=1
1111678088 3 Launched/17278=1
1111678088 3 Launched/16124=1
1111678088 3 Launched/10806=1
1111678088 3 Launched/16226=1
1111678088 3 Launched/10619=1
1111678088 3 Launched/16337=1
1111678088 1 SentData/16124/HOLE=\nThe remote host contains a version of the 
Windows kernel which is vulnerable\nto a security flaw in the way that cursors 
and icons are handleld. An attacker\nmay be able to execute arbitrary code on 
the remote host by constructing a\nmalicious web page and entice a victim to 
visit this web page. An attacker may\nsend a malicious email to the victim to 
exploit this flaw too.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms05-002.mspx\nRisk factor : 
High
1111678088 3 Success/16124=1
1111678088 3 Launched/12114=1
1111678088 3 Launched/10693=1
1111678088 3 Launched/11819=1
1111678088 3 Launched/15455=1
1111678088 3 Launched/17291=1
1111678088 3 Launched/11595=1
1111678088 1 SentData/16337/INFO=\nThe remote version of Windows contains a 
flaw which may allow an attacker\nto cause it to disclose information over the 
use of a named pipe through\na NULL session.\n\nAn attacker may exploit this 
flaw to gain more knowledge about the\nremote host.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx\nRisk factor : 
Low
1111678088 3 Success/16337=1
1111678088 3 Launched/11998=1
1111678088 3 Launched/10734=1
1111678088 3 Launched/11561=1
1111678088 3 Launched/10485=1
1111678088 3 Launched/10719=1
1111678088 3 Launched/11710=1
1111678088 3 Launched/17313=1
1111678088 3 Launched/11578=1
1111678088 3 Launched/12076=1
1111678088 3 Launched/11789=1
1111678088 3 Launched/16326=1
1111678088 3 Launched/12226=1
1111678088 3 Launched/14192=1
1111678088 3 Launched/10894=1
1111678088 3 Launched/17576=1
1111678088 3 Launched/11485=1
1111678088 1 SentData/16326/HOLE=\nThe remote version of Windows contains a 
flaw in the Server Message\nBlock (SMB) implementation which may allow an 
attacker to execute arbitrary \ncode on the remote host.\n\nTo exploit this 
flaw, an attacker would need to send malformed responses\nto the remote SMB 
client, and would be able to either execute arbitrary\ncode on the remote host 
or to perform a denial of service.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/MS05-011.mspx\nRisk factor : 
High
1111678088 3 Success/16326=1
1111678088 3 Launched/11967=1
1111678088 3 Launched/14686=1
1111678088 3 Launched/10905=1
1111678088 3 Launched/17310=1
1111678088 3 Launched/11883=1
1111678089 3 Launched/10906=1
1111678089 3 Launched/15714=1
1111678089 3 Launched/15996=1
1111678089 3 Launched/11765=1
1111678089 3 Launched/17348=1
1111678089 3 Launched/14336=1
1111678089 3 Launched/12090=1
1111678089 3 Launched/16329=1
1111678089 3 Launched/17353=1
1111678089 3 Launched/13638=1
1111678089 3 Launched/10525=1
1111678089 3 Launched/10904=1
1111678089 1 SentData/16329/HOLE=\nThe remote host is running a version of 
Windows which contains a flaw in\nthe DHTML Editing Component ActiveX 
Control.\n\nAn attacker may exploit this flaw to execute arbitrary code on the 
remote host.\n\nTo exploit this flaw, an attacker would need to construct a 
malicious web page\nand lure a victim into visiting it.\n\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx\nRisk factor : 
High
1111678089 1 SentData/13638/HOLE=\nThe remote host is running a version of the 
posix subsystem which contains\na flaw which may allow a local attacker to 
execute arbitrary code on the host,\nthus escalating his privileges and 
obtaining the full control of the remote\nsystem.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-020.mspx\nRisk factor : 
High
1111678089 3 Success/16329=1
1111678089 3 Launched/11105=1
1111678089 3 Success/13638=1
1111678089 3 Launched/10615=1
1111678089 3 Launched/11890=1
1111678089 3 Launched/11867=1
1111678090 3 Launched/11996=1
1111678090 3 Launched/16192=1
1111678090 3 Launched/11323=1
1111678090 3 Launched/17213=1
1111678090 3 Launched/14638=1
1111678090 3 Launched/11705=1
1111678090 3 Launched/11952=1
1111678090 3 Launched/13637=1
1111678090 3 Launched/14261=1
1111678090 3 Launched/17324=1
1111678090 3 Launched/10898=1
1111678090 3 Launched/17344=1
1111678090 3 Launched/10486=1
1111678090 1 SentData/13637/HOLE=\nThe remote host is running a version of the 
Utility Manager which contains\na flaw which may allow a local attacker to 
execute arbitrary code on the host,\nthus escalating his privileges and 
obtaining the full control of the remote\nsystem.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-019.mspx\nRisk factor : 
High
1111678090 3 Launched/11635=1
1111678090 3 Launched/11366=1
1111678090 3 Launched/17289=1
1111678090 3 Success/13637=1
1111678090 3 Launched/16314=1
1111678090 3 Launched/11792=1
1111678090 3 Launched/11541=1
1111678090 3 Launched/17288=1
1111678090 3 Launched/10899=1
1111678090 3 Launched/10553=1
1111678093 3 Launched/15820=1
1111678093 3 Launched/17161=1
1111678093 3 Launched/14244=1
1111678093 3 Launched/11696=1
1111678093 3 Launched/15970=1
1111678093 3 Launched/11432=1
1111678093 3 Launched/11144=1
1111678093 3 Launched/13640=1
1111678093 3 Launched/11496=1
1111678093 3 Launched/10902=1
1111678093 3 Launched/17266=1
1111678093 3 Launched/11301=1
1111678093 3 Launched/14346=1
1111678093 3 Launched/10901=1
1111678093 1 SentData/13640/HOLE=\nThe remote host is running a version of 
Windows which contains a flaw in\nthe task scheduler which may lead to 
arbitrary execution of commands \non the remote host.\n\nTo exploit this 
vulnerability, an attacker would need to lure a user on\nthe remote host to 
take certain steps to execute a .job file, or to visit\na rogue web site, then 
he may be able to execute arbitrary commands on the \nremote host.\n\nSolution 
: http://www.microsoft.com/technet/security/bulletin/ms04-022.mspx\nRisk factor 
: High
1111678093 3 Success/13640=1
1111678094 3 Launched/17314=1
1111678094 3 Launched/16335=1
1111678094 3 Launched/16085=1
1111678094 3 Launched/10835=1
1111678094 3 Launched/17316=1
1111678094 3 Launched/16152=1
1111678094 3 Launched/17265=1
1111678094 3 Launched/15912=1
1111678094 3 Launched/12220=1
1111678094 3 Launched/11868=1
1111678094 3 Launched/10913=1
1111678094 3 Launched/11433=1
1111678094 3 Launched/11997=1
1111678094 3 Launched/15966=1
1111678094 3 Launched/17583=1
1111678094 3 Launched/10829=1
1111678094 3 Launched/11878=1
1111678094 3 Launched/10893=1
1111678094 3 Launched/17259=1
1111678094 1 SentData/11878/HOLE=\nThere is a flaw in the way the HTML 
converter for Microsoft Windows handles a \nconversion request during a 
cut-and-paste operation. This flaw causes a \nsecurity vulnerability to exist. 
A specially crafted request to the HTML \nconverter could cause the converter 
to fail in such a way that it could \nexecute code in the context of the 
currently logged-in user. Because this \nfunctionality is used by Internet 
Explorer, an attacker could craft a \nspecially formed Web page or HTML e-mail 
that would cause the HTML converter \nto run arbitrary code on a user's system. 
A user visiting an attacker's Web \nsite could allow the attacker to exploit 
the vulnerability without any other \nuser action.\n\nSolution : see 
http://www.microsoft.com/technet/security/bulletin/ms03-023.mspx\n \nRisk 
factor : High
1111678094 3 Launched/11756=1
1111678094 3 Launched/12091=1
1111678094 3 Success/11878=1
1111678094 3 Launched/10926=1
1111678094 3 Launched/17575=1
1111678094 3 Launched/15965=1
1111678094 3 Launched/17577=1
1111678094 3 Launched/15860=1
1111678094 3 Launched/10499=1
1111678094 3 Launched/10509=1
1111678094 3 Launched/17300=1
1111678094 3 Launched/11309=1
1111678094 3 Launched/17212=1
1111678095 3 Launched/15821=1
1111678095 3 Launched/10943=1
1111678095 3 Launched/10457=1
1111678095 3 Launched/10674=1
1111678095 3 Launched/11147=1
1111678095 3 Launched/17580=1
1111678095 3 Launched/17287=1
1111678095 3 Launched/17579=1
1111678095 3 Launched/12107=1
1111678095 3 Launched/16324=1
1111678095 3 Launched/17254=1
1111678095 3 Launched/16322=1
1111678095 1 SentData/16324/HOLE=\nThe remote version of Windows contains a 
flaw in the Windows Shell which\nmay allow an attacker to elevate his 
privileges and/or execute arbitrary\ncode on the remote host.\n\nTo exploit 
this flaw, an attacker would need to lure a victim into visiting\na malicious 
website or into opening a malicious file attachment.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/MS05-008.mspx\nRisk factor : 
High
1111678095 3 Success/16324=1
1111678095 3 Launched/13641=1
1111678095 3 Launched/13844=1
1111678095 3 Launched/10865=1
1111678095 1 SentData/13641/HOLE=\nThe remote host is subject to two 
vulnerabilities in the HTML Help and showHelp\nmodules, which could allow an 
attacker to execute arbitrary code on the remote \nhost.\n\nTo exploit this 
flaw, an attacker would need to set up a rogue website\ncontaining a malicious 
showHelp URL, and would need to lure a user on the\nremote host to visit it. 
Once the user visits the web site, a buffer overflow\nwould allow the attacker 
to execute arbitrary commands with the privileges\nof the victim 
user.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx\nRisk factor : 
High
1111678095 3 Success/13641=1
1111678095 3 Launched/10908=1
1111678095 3 Launched/14835=1
1111678095 3 Launched/12106=1
1111678095 3 Launched/16199=1
1111678095 3 Launched/12028=1
1111678095 3 Launched/16193=1
1111678095 3 Launched/15460=1
1111678095 3 Launched/10642=1
1111678095 1 SentData/15460/HOLE=\nThe remote version of Windows contains a 
flaw in the Windows Shell which\nmay allow an attacker to execute arbitrary 
code on the remote host.\n\nTo exploit this flaw, an attacker would need to 
lure a victim into visiting\na malicious website or into opening a malicious 
file attachment.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/MS04-037.mspx\nRisk factor : 
High
1111678095 3 Success/15460=1
1111678095 3 Launched/11995=1
1111678095 3 Launched/11300=1
1111678095 3 Launched/12051=1
1111678095 3 Launched/11839=1
1111678096 3 Launched/17308=1
1111678096 3 Launched/10426=1
1111678106 3 Launched/12298=1
1111678106 3 Launched/11413=1
1111678106 3 Launched/11459=1
1111678106 3 Launched/17280=1
1111678106 3 Launched/15952=1
1111678106 3 Launched/11631=1
1111678106 3 Launched/16327=1
1111678106 3 Launched/17586=1
1111678106 3 Launched/17345=1
1111678106 3 Launched/12215=1
1111678106 3 Launched/11528=1
1111678106 1 SentData/16327/HOLE=\nThe remote host is running a version of 
Windows which is vulnerable to two\nvulnerabilities when dealing with OLE 
and/or COM. \n\nThese vulnerabilities may allow a local user to escalate his 
privileges\nand allow a remote user to execute arbitrary code on the remote 
host.\n\nTo exploit these flaws, an attacker would need to send a specially 
crafted\ndocument to a victim on the remote host.\n\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx\nRisk factor : 
High
1111678106 3 Success/16327=1
1111678106 3 Launched/17306=1
1111678106 3 Launched/14724=1
1111678106 3 Launched/10903=1
1111678106 3 Launched/11990=1
1111678106 3 Launched/12006=1
1111678106 3 Launched/10897=1
1111678107 3 Launched/10763=1
1111678107 3 Launched/14236=1
1111678107 3 Launched/10914=1
1111678107 3 Launched/11177=1
1111678107 3 Launched/16230=1
1111678107 3 Launched/17292=1
1111678107 3 Launched/12244=1
1111678107 3 Launched/14668=1
1111678107 3 Launched/12011=1
1111678107 3 Launched/12267=1
1111678107 3 Launched/12019=1
1111678107 3 Launched/17303=1
1111678107 3 Launched/14181=1
1111678107 3 Launched/17258=1
1111678107 3 Launched/11506=1
1111678107 3 Launched/17286=1
1111678107 3 Launched/11886=1
1111678107 3 Launched/12209=1
1111678107 1 SentData/11886/HOLE=\nThere is a vulnerability in Authenticode 
that, under certain low memory \nconditions, could allow an ActiveX control to 
download and install without \npresenting the user with an approval dialog. To 
exploit this vulnerability, \nan attacker could host a malicious Web Site 
designed to exploit this \nvulnerability. If an attacker then persuaded a user 
to visit that site an \nActiveX control could be installed and executed on the 
user's system. \nAlternatively, an attacker could create a specially formed 
HTML e-mail and i\nsend it to the user. \n\nExploiting the vulnerability would 
grant the attacker with the same privileges \nas the user.\n\nSolution : see 
http://www.microsoft.com/technet/security/bulletin/ms03-041.mspx\nRisk factor : 
High
1111678107 3 Launched/11286=1
1111678107 3 Launched/11330=1
1111678107 3 Success/11886=1
1111678107 3 Launched/10761=1
1111678107 3 Launched/17270=1
1111678107 3 Launched/14728=1
1111678107 3 Launched/10432=1
1111678108 3 Launched/14262=1
1111678108 3 Launched/11143=1
1111678108 3 Launched/17253=1
1111678108 3 Launched/11832=1
1111678108 3 Launched/17317=1
1111678108 3 Launched/11429=1
1111678108 3 Launched/12000=1
1111678108 3 Launched/10519=1
1111678108 3 Launched/15572=1
1111678108 3 Launched/11818=1
1111678108 3 Launched/11302=1
1111678109 3 Launched/11992=1
1111678109 3 Launched/11994=1
1111678109 3 Launched/11787=1
1111678109 3 Launched/17304=1
1111678109 3 Launched/17578=1
1111678109 3 Launched/11928=1
1111678109 3 Launched/12044=1
1111678109 3 Launched/16325=1
1111678109 3 Launched/10563=1
1111678109 3 Launched/14818=1
1111678109 3 Launched/10449=1
1111678119 3 Launched/11900=1
1111678119 3 Launched/10482=1
1111678119 3 Launched/17368=1
1111678119 3 Launched/11322=1
1111678119 3 Launched/12013=1
1111678119 3 Launched/10900=1
1111678119 3 Launched/12005=1
1111678120 3 Launched/10430=1
1111678120 3 Launched/17301=1
1111678120 3 Launched/11625=1
1111678120 3 Launched/12206=1
1111678121 3 Launched/10397=1
1111678121 1 SentData/12206/HOLE=\nThe remote host has multiple bugs in its 
RPC/DCOM implementation (828741).\n\nAn attacker may exploit one of these flaws 
to execute arbitrary code on the\nremote system.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms04-012.mspx\nRisk factor : 
High
1111678121 3 Success/12206=1
1111678121 3 Launched/10866=1
1111678121 3 Launched/17588=1
1111678121 3 Launched/17330=1
1111678121 3 Launched/17159=1
1111678121 3 Launched/15963=1
1111678121 3 Launched/16330=1
1111678121 1 SentData/10866/HOLE=\nXMLHTTP Control Can Allow Access to Local 
Files.\n\nA flaw exists in how the XMLHTTP control applies IE security 
zone\nsettings to a redirected data stream returned in response to a\nrequest 
for data from a web site. A vulnerability results because\nan attacker could 
seek to exploit this flaw and specify a data\nsource that is on the user's 
local system. The attacker could\nthen use this to return information from the 
local system to the\nattacker's web site. \n\nImpact of vulnerability: Attacker 
can read files on client system.\n\nAffected Software: \n\nMicrosoft XML Core 
Services versions 2.6, 3.0, and 4.0.\nAn affected version of Microsoft XML Core 
Services also\nships as part of the following products: \n\nMicrosoft Windows 
XP \nMicrosoft Internet Explorer 6.0 \nMicrosoft SQL Server 2000 \n\n(note: 
versions earlier than 2.6 are not affected\nfiles affected include 
msxml[2-4].dll and are found\nin the system32 directory. This might be fal
 se\npositive if you have earlier version)\n\nSee 
http://www.microsoft.com/technet/security/bulletin/ms02-008.mspx\n\nRisk factor 
: High
1111678121 3 Success/10866=1
1111678121 3 Launched/16331=1
1111678121 3 Launched/11989=1
1111678121 3 Launched/15395=1
1111678121 3 Launched/11178=1
1111678121 3 Launched/12231=1
1111678121 1 SentData/16330/HOLE=\nThe remote host is running a version of 
Windows which contains a flaw in\nthe Hyperlink Object Library.\n\nAn attacker 
may exploit this flaw to execute arbitrary code on the remote host.\n\nTo 
exploit this flaw, an attacker would need to construct a malicious 
hyperlink\nand lure a victim into clicking it.\n\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx\nRisk factor : 
High
1111678121 3 Success/16330=1
1111678121 3 Launched/15822=1
1111678121 3 Launched/15467=1
1111678121 3 Launched/11307=1
1111678121 3 Launched/12070=1
1111678121 3 Launched/15457=1
1111678121 3 Launched/12055=1
1111678121 3 Launched/11326=1
1111678121 1 SentData/15457/HOLE=\nThe remote host is missing a security update 
for Microsoft Windows (840987).\nThe missing security update fixes issues in 
the following areas :\n\n- Window Management\n- Virtual DOS Machine\n- Graphics 
Rendering Engine\n- Windows Kernel\n\n\nA local attacker may exploit any of 
these vulnerabilities to cause a local\ndenial of service or obtain higher 
privileges on the remote host.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/MS04-032.mspx\nRisk factor : 
High
1111678121 3 Success/15457=1
1111678121 3 Launched/16125=1
1111678121 3 Launched/17582=1
1111678121 3 Launched/11306=1
1111678121 3 Launched/15712=1
1111678121 3 Launched/11583=1
1111678121 1 SentData/16125/HOLE=\nThe remote host contains a version of the 
Indexing Service which is\nvulnerable to a security flaw which may allow an 
attacker to execute\narbitrary code on the remote host by constructing a 
malicious query.\n\nSolution : 
http://www.microsoft.com/technet/security/bulletin/ms05-003.mspx\nRisk factor : 
High
1111678121 3 Success/16125=1
1111678121 3 Launched/11460=1
1111678121 3 Launched/11457=1
1111678121 3 Launched/11920=1
1111678121 3 Launched/10912=1
1111678121 3 Launched/14198=1
1111678121 3 Launched/17247=1
1111678121 3 Launched/17273=1
1111678121 3 Launched/17162=1
1111678121 3 Launched/17312=1
1111678121 3 Launched/17257=1
1111678122 3 Launched/17285=1
1111678122 3 Launched/17335=1
1111678122 3 Launched/17343=1
1111678122 3 Launched/17163=1
1111678122 3 Launched/17305=1
1111678122 3 Launched/17309=1
1111678122 3 Launched/10673=1
1111678122 3 Launched/17341=1
1111678122 3 Launched/17272=1
1111678122 3 Launched/17329=1
1111678122 3 Launched/10862=1
1111678122 3 Launched/17342=1
1111678122 3 Launched/17311=1
1111678122 1 SentData/11457/NOTE=\n\nThe registry key 
\nHKLM\\Software\\Microsoft\\Windows 
NT\\CurrentVersion\\Winlogon\\CachedLogonsCount\nis non-null. It means that the 
remote host locally caches the passwords\nof the users when they log in, in 
order to continue to allow the users\nto log in in the case of the failure of 
the PDC.\n\n\nSolution : use regedt32 and set the value of this key to 0\nRisk 
factor : Low
1111678122 3 Success/11457=1
1111678122 3 Launched/17298=1
1111678122 3 Launched/17321=1
1111678122 3 Launched/17320=1
1111678122 3 imap/143/broken=1
1111678122 3 Services/www/8080/broken=1

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  help!, 潘斌 潘斌
Next by Date:  Re: help!, Josh Zlatin-Amishav
Previous by Thread:  Re: False positives when scanning for MS hotfixes, Renaud Deraison
Next by Thread:  installing nessus 2.2.4 issue on Solaris 10, Talwar, Puneet (NIH/NIAID)
Indexes:  [Date] [Thread] [Top] [All Lists]