MS02-013: Cumulative VM Update (300845)

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through the VM.

Description :

The Microsoft VM is a virtual machine for the Win32 operating
environment.

There are numerous security flaws in the remote Microsoft VM that could
allow an attacker to execute arbitrary code on this host.

To exploit these flaws, an attacker would need to set up a malicious web
site with a rogue Java applet and lure the user of this host to visit
it. The Java applet could then execute arbitrary commands on this
host.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms02-013
http://support.microsoft.com/gp/lifean12

Solution :

Microsoft VM is no longer supported, and previous updates are no no
longer available. Upgrade to an actively supported product.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 11326 ()

Bugtraq ID: 4228
4313

CVE ID: CVE-2002-0058
CVE-2002-0076