|
Dear Nessus Support After scanning our servers, Nessus reported the following vulnerabilities When checking this server, we found all these required
patches installed on the machine Is this a false positive Please advice Regards, Vulnerability found on port microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host through
the web client. Description : The remote host contains a version of the Internet Explorer
which is vulnerable to multiple security flaws (JPEG Rendering, Web
Folder, COM Object) which may allow an attacker to execute arbitrary
code on the remote host by constructing a malicious web page and entice
a victim to visit this web page. Solution : Microsoft has released a set of patches for Windows 2000, XP
and 2003 : http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx Risk factor : High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-1988, CVE-2005-1989, CVE-2005-1990 BID : 14511, 14512, 14515 Other references : IAVA:2005-A-0024 Nessus ID : 19401 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host through
the web client. Description : The remote host contains a version of the JView Profiler
module which is vulnerable to a security flaw which may allow an attacker
to execute arbitrary code on the remote host by constructing a
malicious web page and entice a victim to visit this web page. Solution : Microsoft has released a set of patches for Windows 2000, XP
and 2003 : http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx Risk factor : High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-2087 Other references : IAVA:2005-B-0016 Nessus ID : 18682 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host through
the web client. Description : The remote host is missing the IE cumulative security update
905915. The remote version of IE is vulnerable to several flaws
which may allow an attacker to execute arbitrary code on the remote host. Solution : Microsoft has released a set of patches for Windows 2000, XP
and 2003 : http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx Risk factor : High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-2829, CVE-2005-2830, CVE-2005-2831, CVE-2005-1790 BID : 15823, 15825, 15827 Nessus ID : 20299 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host through
the web client. Description : The remote host is missing the IE cumulative security update
883939. The remote version of IE is vulnerable to several flaws
which may allow an attacker to execute arbitrary code on the remote host. Solution : Microsoft has released a set of patches for Windows 2000, XP
and 2003 : http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx Risk factor : High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-1211, CVE-2002-0648 BID : 5560, 13947, 13946, 13943, 13941 Other references : IAVA:2005-A-0016 Nessus ID : 18490 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host. Description : The remote version of Windows is affected by a vulnerability
in Microsoft Message Queuing Service (MSMQ). An attacker may exploit this flaw to execute arbitrary code
on the remote host with the SYSTEM privileges. Solution : Microsoft has released a set of patches for Windows 2000 and
XP : http://www.microsoft.com/technet/security/bulletin/ms05-017.mspx Risk factor : Critical / CVSS Base Score : 10 (AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-0059 BID : 13112 Nessus ID : 18021 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp) Synopsis : Arbitrary code can be executed on the remote host through
the web client. Description : The remote host contains a version of the Internet Explorer
which is vulnerable to a security flaw (COM Object Instantiation Memory
Corruption Vulnerability) which may allow an attacker to execute
arbitrary code on the remote host by constructing a malicious web page and entice
a victim to visit this web page. Solution : Microsoft has released a set of patches for Windows 2000, XP
SP2 and 2003 : http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx |
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
