The remote host contains a flaw in the Network Connection Manager that may allow a local user to elevate his privileges.

To exploit this vulnerability, a user needs to send a specially- crafted code to the Network Manager handle to execute arbitrary code with the privileges of the SYSTEM.

An overflow in the RAS phonebook service allows a local user to execute code on the system with the privileges of LocalSystem.

The remote host contains a flaw in the Windows Debugger that could allow a local user to elevate his privileges.

To exploit this vulnerability, a user needs to send a specially crafted code to the Debbuging handler to execute arbitrary code with SYSTEM privileges.

The remote version of Windows contains a flaw in the Group Policy Object (GPO) access right of Active Directory that could allow a user to prevent the GPO to be applied to other users.

The remote version of Windows contains a flaw in Multiple UNC Provider (MUP) service that could allow a local user to execute arbitrary code on the remote host with SYSTEM privileges.

The remote version of Windows contains multiple flaws in the Internet Information Service (IIS), such as heap overflow, DoS, and XSS that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.

The remote host is running a version of Internet Explorer that may allow an attacker to read local files on the remote host.

To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website.

The remote host is running a version of Internet Explorer that could allow an attacker to read local files on the remote host.

To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website.

A buffer overrun is present in the SNMP service on the remote host.  By sending a malformed management request, an attacker could cause a denial of service and possibly cause code to run on the system in the LocalSystem context.

The Cumulative Patch for IE is not applied on the remote host.

Impact of vulnerability : Run code of attacker's choice.

Using a specially crafted NOTIFY directive, a remote attacker can cause code to run in the context of the Universal Plug and Play (UPnP) subsystem or possibly launch a denial of service attack against the affected host.

Note that, under Windows XP, the UPnP subsystem operates with SYSTEM privileges.

The hotfix for the 'RPC Endpoint Mapper Service on NT 4 has not been applied' problem has not been applied.

Because the endpoint mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions.  Normal service could be restored by rebooting the server.

The hotfix for the 'IrDA access violation patch' problem has not been applied.

This vulnerability can allow an attacker who is physically near the W2K host to shut it down using a remote control.

The hotfix for the 'NTLMSSP Privilege Escalation' problem has not been applied.  This hotfix corrects a problem in Windows NT that could allow a local process to execute code with the privileges of the NTLMSSP service provider.

This vulnerability allows a malicious user, who has the right to log on this host locally, to gain additional privileges.

The hotfix for the 'Malformed request to index server' problem has not been applied.

This vulnerability can allow an attacker to execute arbitrary code on the remote host.

The hotfix for the 'Webserver file request parsing' problem has not been applied.

This vulnerability can allow an attacker to execute arbitrary commands through the remote IIS server.

The remote version of Windows 2000 contains a bug in its LDAP implementation that fails to validate the permissions of a user requesting to change the password of a third-party user.

An attacker may exploit this vulnerability to gain unauthorized access to the remote host.

The hotfix for the 'Malformed PPTP Packet Stream' problem has not been applied.  This hotfix corrects a memory leak in Windows NT PPTP implementation that could cause it to use all the resources of the remote host.

An attacker could use this flaw by sending malformed PPTP packets to the remote host until no more memory is available.  This would result in a denial of service of the remote service or the whole system.

By default, Windows NT sets weak permissions on the Winsock mutex.  A local user without any privilege may abuse these permissions to lock the mutex indefinitely and, therefore, disrupt the network operations of the remote host.

The hotfix for the 'incomplete TCP/IP packet' problem has not been applied.

This vulnerability allows a user to prevent this host from communicating with the network.

The hotfix for the 'domain account lockout' problem has not been applied.

This vulnerability allows a user to bypass the domain account lockout policy, and hence attempt to brute-force a user account.

The hotfix for the 'Multiple LPC and LPC Ports Vulnerabilities' has not been applied on the remote Windows host.

These vulnerabilities allow an attacker gain privileges on the remote host, or to crash it remotely.

The hotfix for the 'Telnet Client NTLM Authentication' problem has not been applied.

This vulnerability may, under certain circumstances, allow a malicious user to obtain cryptographically protected login credentials from another user.

The hotfix for the 'Malformed RPC Packet' problem has not been applied.

This vulnerability allows a malicious user to launch a denial of service against this host.

The hotfix for the 'Still Image Service Privilege Escalation' problem has not been applied.

This vulnerability allows a malicious user, who has the right to log on this host locally, to gain additional privileges on this host.

The hotfix for the 'Local Security Policy Corruption' problem has not been applied.

This vulnerability allows a malicious user to corrupt parts of a Windows 2000 system's local security policy, which could prevent this host from communicating with other hosts in this domain.

The hotfix for the 'Relative Shell Path' vulnerability has not been applied.

This vulnerability allows a malicious user who can write to the remote system root to cause the code of malicious user's choice to be executed by the users who will interactively log into this host.

The hotfix for the 'Service Control Manager Named Pipe Impersonation' problem has not been applied.

This vulnerability allows a malicious user, who has the right to log on this host locally, to gain additional privileges.

The hotfix for the 'NetBIOS Name Server Protocol Spoofing' problem has not been applied.

This vulnerability allows a malicious user to make this host think that its name has already been taken on the network, thus preventing it from functioning properly as an SMB server (or client).

The hotfix for the 'ResetBrowser Frame' and the 'HostAnnouncement flood' has not been applied.

The first of these vulnerabilities allows anyone to shut down the network browser of this host at will.

The second vulnerability allows an attacker to add thousands of bogus entries in the master browser, which will consume most of the network bandwidth as a side effect.

The hotfix for the 'IP Fragment Reassembly' vulnerability has not been applied on the remote Windows host.

This vulnerability allows an attacker to send malformed packets, which will utilize 100% of the computer CPU, making it nearly unusable for the legitimate users.

ID	Name	Severity
11091	MS02-042: Flaw in Network Connection Manager Could Enable Privilege Elevation (326886)	high
11029	MS02-029: Windows RAS Local Overflow (318138)	high
10964	MS02-024: Windows Debugger flaw can Lead to Elevated Privileges (320206)	high
10945	MS02-016: Opening Group Policy Files (318089)	medium
10944	MS02-017: MUP overlong request kernel overflow Patch (311967)	high
10943	MS02-018: Cumulative Patch for Internet Information Services (327696)	critical
10926	MS02-009: IE VBScript Handling patch (318089)	medium
10866	MS02-008: XML Core Services patch (318203)	medium
10865	MS02-006: Malformed SNMP Management Request Remote Overflow (314147)	critical
10861	MS02-005: MSIE 5.01 5.5 6.0 Cumulative Patch (890923)	critical
10835	MS01-059: Unchecked Buffer in Universal Plug and Play can Lead to System Compromise (315000)	critical
10806	MS01-048: RPC Endpoint Mapper Malformed Request DoS (305399)	medium
10734	MS01-046: IrDA Driver Malformed Packet Remote DoS (252795)	medium
10693	MS01-008: NTLMSSP Local Privilege Escalation (280119)	high
10668	MS01-025: Index Server Multiple Vulnerabilities (294472 / 296185)	critical
10632	MS00-086: Webserver file request parsing (277873)	critical
10619	MS01-011 / MS01-036: LDAP over SSL Arbitrary User Password Modification (287397 / 299687)	high
10615	MS01-009: Malformed PPTP Packet Stream Remote DoS (283001)	medium
10603	MS01-003: Winsock2ProtocolCatalogMutex Mutex Local DoS (279336)	medium
10563	MS00-091: Incomplete TCP/IP Packet Vulnerability (199346)	medium
10555	MS00-089: Domain Account Lockout Vulnerability (274372)	high
10525	MS00-070: LPC and LPC Ports Vulnerabilities patch (266433)	high
10519	MS00-067: Telnet Client NTLM Authentication Vulnerability (272743)	critical
10509	MS00-066: Malformed RPC Packet patch (272303)	high
10504	MS00-065: Still Image Service Privilege Escalation patch (272736)	high
10499	MS00-062: Local Security Policy Corruption (269609)	low
10486	MS00-052: Relative Shell Path patch (269049)	high
10485	MS00-053: Service Control Manager Named Pipe Impersonation patch (269523)	high
10482	MS00-047: NetBIOS Name Server Protocol Spoofing patch (269239)	medium
10434	MS00-036: NT ResetBrowser frame & HostAnnouncement flood patch (262694)	medium
10433	MS00-029: NT IP Fragment Reassembly Patch Not Applied (jolt2) (259728)	high

Detections

Analytics

Windows : Microsoft Bulletins Family for Nessus

high

high

high

medium

high

critical

medium

medium

critical

critical

critical

medium

medium

high

critical

critical

high

medium

medium

medium

high

high

critical

high

high

low

high

high

medium

medium

high