I use domain admin credentials when I scan and I have verified that the
registry entry \HKLM\SOFTWARE\Microsoft\Updates\Windows Server
2003\SP3\KB948590 is there and the version of GDI32.dll is 5.2.3790.4237
but I keep getting the following error in my report.
Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
Synopsis :
Arbitrary code can be executed on the remote host by sending a malformed
file
to a victim.
Description :
The remote host contains a version of Microsoft Windows is missing a
critical
security update which fixes several vulnerabilities in the Graphic
Rendering
Engine, and in the way Windows handles Metafiles.
An attacker may exploit these flaws to execute arbitrary code on the
remote
host. To exploit this flaw, an attacker would need to send a specially
crafted image to a user on the remote host, or lure him into visiting a
rogue
website containing such a file.
Solution :
Microsoft has released a set of patches for Windows 2000, XP, 2003 and
Vista :
http://www.microsoft.com/technet/security/bulletin/ms08-021.mspx
Risk factor :
High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVE : CVE-2008-1083, CVE-2008-1087
BID : 28570, 28571
Other references : OSVDB:44213, OSVDB:44214, OSVDB:44215
Nessus ID : 31794
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If the reader of this message is not the intended recipient,
you are hereby notified that your access is unauthorized, and any review,
dissemination, distribution or copying of this message including any
attachments is strictly prohibited. If you are not the intended
recipient, please contact the sender and delete the material from any
computer.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
