Hi All...
I just ran a scan on one of our Windows servers, and it came up with the
following security warning:
Synopsis :
Arbitrary code can be executed on the remote host.
Description :
The remote host is running a version of Windows which is vulnerable to a
buffer overrun vulnerability when viewing a JPEG file, which may allow an
attacker to execute arbitrary code on the remote host.
To exploit this flaw, an attacker would need to send a malformed JPEG file
to a user on the remote host and wait for him to open it using an
affected Microsoft application.
Solution:
Microsoft has released a set of patches for Windows NT, 2000, XP and 2003 :
http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx
Risk Factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVE : CVE-2004-0200
BID : 11173
Other references : IAVA:2004-A-0015, IAVA:2004-t-0028, OSVDB:9951
Plugin ID : 14724
I thought that this was strange, as this server is completely up to date. I
checked to make sure, and the patch that Nessus recommended is already
applied to the server.
Why is this being flagged as a vulerability?
-----
Marc R. Hoffman
Computer Operations Manager
Morris Printing Group
Phone: 308.236.7888, Extension 6272
FAX: 928.441.6032
http://www.morrisprintinggroup.com
---------------------------------------------
E-MAIL CONFIDENTIALITY NOTICE:
The contents of this email message and
any attachments are for the sole use of
the intended recipient(s) and may
contain confidential and or legally
privileged information. Any
unauthorized review, use, disclosure,
or distribution is prohibited. If you are
not the intended recipient(s) of this
message or if this message has
been addressed to you in error, please
notify the sender and delete or destroy
all copies of the original message.
---------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
