[Plugins-writers] Nessus Script ID 22534 version 1.3: Contains A Reporting Bug?

From: Paul Bellefeuille (nessusd@private)
Date: Wed Oct 25 2006 - 20:01:09 PDT


Hello All,

 

I believe the following Script ID: 22534 version 1.3 contains an reporting bug.

 

When scanning systems with Office 2003, this check reports twice in the reports. 

 

Example output for NBE:

 

results|TARGET SYSTEM|microsoft-ds (445/tcp)|11119|Security Note|\nSynopsis :\n\nThe remote system has the latest service pack installed.\n\nDescription :\n\nBy reading the registry key HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CSDVersion\nit was possible to determine the Service Pack version of the Windows XP\nsystem.\n\nRisk factor :\n\nNone\n\nPlugin output :\n\nThe remote Windows XP system has Service Pack 2 applied.\n\nCVE : CVE-1999-0662\nBID : 10897, 11202\n

results|TARGET SYSTEM|microsoft-ds (445/tcp)|22534|Security Hole|\nSynopsis :\n\nArbitrary code can be executed on the remote host through the web or\nemail client. \n\nDescription :\n\nThe remote host is running a version of Windows which contains a flaw\nin the Windows XML Core Services..\n\nAn attacker may be able to execute arbitrary code on the remote host\nby constructing a malicious script and enticing a victim to visit a\nweb site or view a specially-crafted email message.\n\nSolution : \n\nMicrosoft has released a set of patches for Windows 2000, XP and 2003 :\n\nhttp://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx\n\nRisk factor : \n\nHigh / CVSS Base Score : 8 \n(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)\nCVE : CVE-2006-4684, CVE-2006-4685\nBID : 20338, 20339\n

results|TARGET SYSTEM|microsoft-ds (445/tcp)|22534|Security Hole|\nSynopsis :\n\nArbitrary code can be executed on the remote host through the web or\nemail client. \n\nDescription :\n\nThe remote host is running a version of Windows which contains a flaw\nin the Windows XML Core Services..\n\nAn attacker may be able to execute arbitrary code on the remote host\nby constructing a malicious script and enticing a victim to visit a\nweb site or view a specially-crafted email message.\n\nSolution : \n\nMicrosoft has released a set of patches for Windows 2000, XP and 2003 :\n\nhttp://www.microsoft.com/technet/security/Bulletin/MS06-061.mspx\n\nRisk factor : \n\nHigh / CVSS Base Score : 8 \n(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)\nCVE : CVE-2006-4684, CVE-2006-4685\nBID : 20338, 20339\n

results|TARGET SYSTEM|microsoft-ds (445/tcp)|22531|Security Hole|\nSynopsis :\n\nArbitrary code can be executed on the remote host through Microsoft\nPowerPoint.\n\nDescription :\n\nThe remote host is running a version of Microsoft PowerPoint\nwhich is subject to a flaw which may allow arbitrary code to be run.\n\nAn attacker may use this to execute arbitrary code on this host.\n\nTo succeed, the attacker would have to send a rogue file to \na user of the remote computer and have it open it. Then a bug in\nthe font parsing handler would result in code execution.\n\nSolution : \n\nMicrosoft has released a set of patches for PowerPoint 2000, XP and 2003 :\n\nhttp://www.microsoft.com/technet/security/bulletin/ms06-058.mspx\n\nRisk factor : \n\nHigh / CVSS Base Score : 8 \n(AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N)\nCVE : CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, CVE-2006-4694\nBID : 20325, 20322, 20304\n

 

Could someone verify?

 

Thanks,

Paul




_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Wed Oct 25 2006 - 20:03:50 PDT