CERTA-2000-AVI-046

Vulnerability from certfr_avis - Published: - Updated:

Windows 2000 intègre un service appelé Still Image, qui gère les périphériques concernant l'imagerie (scanner, camera numérique, etc.). Une vulnérabilité permet à un utilisateur aillant ouvert une session localement d'augmenter ses privilèges.

Description

Une vulnérabilité dans le service Still Image permet à un utilisateur aillant ouvert une session localement, grâce à un dépassement de mémoire, d'exécuter du code arbitraire avec les privilèges de l'administrateur du service (LocalSystem).

Solution

Appliquer le correctif de Microsoft :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200

Windows 2000.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWindows 2000.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le service Still Image permet \u00e0 un utilisateur\naillant ouvert une session localement, gr\u00e2ce \u00e0 un d\u00e9passement de\nm\u00e9moire, d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges de\nl\u0027administrateur du service (LocalSystem).\n\n## Solution\n\nAppliquer le correctif de Microsoft :\n\n    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200\n",
  "cves": [],
  "links": [
    {
      "title": "L\u0027avis et la FAQ sur l\u0027avis de Microsoft :",
      "url": "http://www.microsoft.com/technet/security/bulletin/ms00-065.asp"
    }
  ],
  "reference": "CERTA-2000-AVI-046",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2000-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Augmentation des privil\u00e8ges pour un utilisateur aillant ouvert une session localement"
    }
  ],
  "summary": "Windows 2000 int\u00e8gre un service appel\u00e9 \u003cspan class=\"textit\"\u003eStill\nImage\u003c/span\u003e, qui g\u00e8re les p\u00e9riph\u00e9riques concernant l\u0027imagerie (scanner,\ncamera num\u00e9rique, etc.). Une vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur\naillant ouvert une session localement d\u0027augmenter ses privil\u00e8ges.\n",
  "title": "vuln\u00e9rabilit\u00e9 du service imagerie sous Windows 2000",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.