| VID |
26072 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The Hotfix(Q832483) for 'Buffer Overflow in Microsoft ISA Server 2000 H.323 Filter' has not been applied.
Microsoft Internet Security and Acceleration (ISA) Server 2000 is included in Microsoft Small Business Server 2000 and Microsoft Small Business Server 2003. The H.323 Filter is used for traffic monitoring and control of traffic using the H.323 and T.120 protocols. The H.323 Filter is enabled by default on servers running ISA Server 2000 computers that are installed in integrated or firewall mode.
A security vulnerability exists in the H.323 filter for Microsoft ISA Server 2000 that could allow an attacker to overflow a buffer in the Microsoft Firewall Service in Microsoft Internet Security and Acceleration Server 2000. A remote attacker could exploit this vulnerability to overflow the buffer and execute arbitrary code on the system the security context of the Microsoft Firewall Service on the server.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* Platforms Affected:
Microsoft ISA Server 2000
Microsoft Small Business Server 2000
Microsoft Small Business Server 2003
Windows Any version
* References:
http://www.microsoft.com/technet/security/bulletin/ms04-001.asp
http://www.cert.org/advisories/CA-2004-01.html
http://xforce.iss.net/xforce/alerts/id/160
http://www.uniras.gov.uk/vuls/2004/006489/h323.htm |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS04-001 at http://www.microsoft.com/technet/security/bulletin/ms04-001.asp
Security Update Download Location:
For Microsoft Internet Security and Acceleration Server 2000:
For Microsoft Small Business Server 2000 (which includes Microsoft ISA Server 2000):
For Microsoft Small Business Server 2003 (which includes Microsoft ISA Server 2000):
http://www.microsoft.com/downloads/details.aspx?FamilyId=CBE42990-4156-4E1D-9ACB-4CD449D9599B
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web ste, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0819 (CVE) |
| Related URL |
9408 (SecurityFocus) |
| Related URL |
14167 (ISS) |
|
