ISS Coverage |
| Product |
Content Version |
Network Sensor 7.0
Proventia A
Proventia IPS (G/GX) prior to Firmware Version 1.2
Server Sensor 7.0 |
24.58 |
Proventia IPS (G/GX) Firmware Version 1.2 or
later
Proventia Multifunction Appliance
Proventia Server (Linux) |
1.97 |
| Proventia Server (Windows) |
1.0.x.1980 |
| Proventia Desktop |
x.x.x.1980 |
| RealSecure Desktop 7.0 |
EQD |
| BlackICE PC Protection 3.6 |
CQD |
| Enterprise Scanner |
1.20 |
| Internet Scanner |
7.2.41 |
|
| Propagation Techniques |
ISS Protection |
Available |
| remote exploit |
UPnP_Request_Overflow (IPS) |
April 10, 2007 |
|
| Detection Techniques |
ISS Detection |
Available |
| network assessment |
WinMs07kb931261Update |
April 12, 2007 |
|
Detailed Description |
| Business Impact: |
MS07-019 patches a critical stack overflow in Microsoft Universal Plug and Play (UPNP). The UPNP service listens on UDP port 1900 and TCP port 2869 on computers that have an attached UPNP capable hardware device or are running a UPNP configured service such as Internet Connection Sharing. This stack overflow is easily exploited and provides an attacker with complete control over the victim PC. |
| CVSS: |
Base Score: |
10 |
| |
Access Vector: |
Remote |
| Access Complexity: |
Low |
| Authentication: |
Not Required |
| Confidentiality Impact: |
Complete |
| Integrity Impact: |
Complete |
| Availability Impact: |
Complete |
| Impact Bias: |
Normal |
| Adjusted Temporal Score: |
7.4 |
| |
Exploitability: |
Unproven |
| Remediation Level: |
Official Fix |
| Report Confidence: |
Confirmed |
| Affected Products: |
Windows XP: SP2
Windows XP: Pro x64 Edition |
| Technical Description: |
Microsoft Windows is vulnerable to a buffer overflow, caused by improper bounds checking by the Universal Plug and Play (UPnP) service. By sending a specially-crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges when combined with another exploit. |
| Remediation: |
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS07-019. See References. |
|
References |
|
|
Revision History |
| 1.0 |
Initial publication. |
| 1.1 |
Updated product coverage info. |
|
|
About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.
|
