SMBv2 Remote Code Execution Vulnerability (942624)

Critical Nessus Network Monitor Plugin ID 4332

Synopsis

It is possible to execute code on the remote host.

Description

The remote version of Windows contains a version of SMBv2 (Server Message Block) protocol that is vulnerable to several vulnerabilities. An attacker may exploit these flaws to elevate privileges and gain control of the remote host.

Solution

Microsoft has released a set of patches for Windows Vista :

See Also

http://www.microsoft.com/technet/security/bulletin/ms07-063.mspx

Plugin Details

Severity: Critical

ID: 4332

Family: Generic

Published: 2008/01/07

Modified: 2016/01/19

Nessus ID: 29855

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2007-5351

BID: 26777

IAVT: 2007-T-0049