RE: Nessus False Positive

[Biswas, Proneet]

Title: Message

Hi Hany, An easy way to check would be to go to the directory Winnt\system32 and see the version of the file "Mshtml.dll" by opening its properties and checking its version. If it matches any of the following mentioned below as per the OS and the Service Pack combination, then the system is vulnerable.   This nessus plugin checks for the version of "mshtml.dll" in the various OS installations.   (os:"5.2", sp:0, file:"Mshtml.dll", version:"6.0.3790.373", (os:"5.2", sp:1, file:"Mshtml.dll", version:"6.0.3790.2491", (os:"5.1", sp:1, file:"Mshtml.dll", version:"6.0.2800.1515", (os:"5.1", sp:2, file:"Mshtml.dll", version:"6.0.2900.2722", (os:"5.0", file:"Mshtml.dll", version:"6.0.2800.1515", min_version:"6.0.0.0", (os:"5.0", file:"Mshtml.dll", version:"5.0.3831.1800", Thanks Proneet.     --------------------------------------------------------------- To have known the best, and to have known it for the best, is success in life. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hany Fawzy Sent: Wednesday, May 17, 2006 8:20 AM To: [EMAIL PROTECTED]; nessus@list.nessus.org Cc: Mohamed Farid Subject: Nessus False Positive Dear  Nessus Support   After scanning our servers, Nessus reported the following vulnerabilities   When checking this server, we found all these required patches installed on the machine   Is this a false positive   Please advice     Regards,   Vulnerability found on port microsoft-ds (445/tcp)   Synopsis :   Arbitrary code can be executed on the remote host through the web client.   Description :   The remote host contains a version of the Internet Explorer which is vulnerable to multiple security flaws (JPEG Rendering, Web Folder, COM Object) which may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page.   Solution :   Microsoft has released a set of patches for Windows 2000, XP and 2003 :   http://www.microsoft.com/technet/security/bulletin/ms05-038.mspx   Risk factor :   High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-1988, CVE-2005-1989, CVE-2005-1990 BID : 14511, 14512, 14515 Other references : IAVA:2005-A-0024 Nessus ID : 19401 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp)   Synopsis :   Arbitrary code can be executed on the remote host through the web client.   Description :   The remote host contains a version of the JView Profiler module which is vulnerable to a security flaw which may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page.   Solution :   Microsoft has released a set of patches for Windows 2000, XP and 2003 :   http://www.microsoft.com/technet/security/bulletin/ms05-037.mspx   Risk factor :   High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-2087 Other references : IAVA:2005-B-0016 Nessus ID : 18682 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp)   Synopsis :   Arbitrary code can be executed on the remote host through the web client.   Description :   The remote host is missing the IE cumulative security update 905915.   The remote version of IE is vulnerable to several flaws which may allow an attacker to execute arbitrary code on the remote host.   Solution :   Microsoft has released a set of patches for Windows 2000, XP and 2003 :   http://www.microsoft.com/technet/security/bulletin/ms05-054.mspx   Risk factor :   High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-2829, CVE-2005-2830, CVE-2005-2831, CVE-2005-1790 BID : 15823, 15825, 15827 Nessus ID : 20299 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp)   Synopsis :   Arbitrary code can be executed on the remote host through the web client.   Description :   The remote host is missing the IE cumulative security update 883939.   The remote version of IE is vulnerable to several flaws which may allow an attacker to execute arbitrary code on the remote host.   Solution :   Microsoft has released a set of patches for Windows 2000, XP and 2003 :   http://www.microsoft.com/technet/security/bulletin/ms05-025.mspx   Risk factor :   High / CVSS Base Score : 8 (AV:R/AC:H/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-1211, CVE-2002-0648 BID : 5560, 13947, 13946, 13943, 13941 Other references : IAVA:2005-A-0016 Nessus ID : 18490 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp)   Synopsis :   Arbitrary code can be executed on the remote host.   Description :   The remote version of Windows is affected by a vulnerability in Microsoft Message Queuing Service (MSMQ).   An attacker may exploit this flaw to execute arbitrary code on the remote host with the SYSTEM privileges.   Solution :   Microsoft has released a set of patches for Windows 2000 and XP :   http://www.microsoft.com/technet/security/bulletin/ms05-017.mspx   Risk factor :   Critical / CVSS Base Score : 10 (AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N) CVE : CVE-2005-0059 BID : 13112 Nessus ID : 18021 [ back to the list of ports ] Vulnerability found on port microsoft-ds (445/tcp)   Synopsis :   Arbitrary code can be executed on the remote host through the web client.   Description :   The remote host contains a version of the Internet Explorer which is vulnerable to a security flaw (COM Object Instantiation Memory Corruption Vulnerability) which may allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page.   Solution :   Microsoft has released a set of patches for Windows 2000, XP SP2 and 2003 :   http://www.microsoft.com/technet/security/bulletin/ms05-052.mspx

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus