MS00-036: NT ResetBrowser frame & HostAnnouncement flood patch (262694)

This script is Copyright (C) 2000-2013 Tenable Network Security, Inc.


Synopsis :

It is possible to partially crash the remote host.

Description :

The hotfix for the 'ResetBrowser Frame' and the 'HostAnnouncement
flood' has not been applied.

The first of these vulnerabilities allows anyone to shut down the
network browser of this host at will.

The second vulnerability allows an attacker to add thousands of bogus
entries in the master browser, which will consume most of the network
bandwidth as a side effect.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms00-036

Solution :

Microsoft has released a set of patches for Windows NT and 2000.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 10434 ()

Bugtraq ID: 1262

CVE ID: CVE-2000-0404