| VID |
26335 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (MS08-017, 933103) for 'Vulnerabilities in Microsoft Office Web Components' has not been applied. Microsoft Windows could allow a remote attacker to execute arbitrary code on the affected system, caused by multiple vulnerabilities in the Microsoft Office Web Components. By constructing a specially crafted Web page, a remote attacker could potentially execute arbitrary code if a user visited a Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx
* Platforms Affected:
Microsoft Office 2000
Microsoft Office XP
Microsoft Office Web Components 2000
Microsoft BizTalk Server 2000
Microsoft BizTalk Server 2002
Microsoft Commerce Server 2000
Microsoft ISA Server 2000
Microsoft Visual Studio 2002
Microsoft Visual Studio 2003
Microsoft Windows Any version |
| Recommendation |
Apply the appropriate patch (933103) for your system, as listed in Microsoft Security Bulletin MS08-017 at http://www.microsoft.com/technet/security/bulletin/ms08-017.mspx
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2006-4695,CVE-2007-1201 (CVE) |
| Related URL |
28135,28136 (SecurityFocus) |
| Related URL |
35212,35213,35216 (ISS) |
|
