Hi All... I just ran a scan on one of our Windows servers, and it came up with the following security warning:
> Synopsis : > > Arbitrary code can be executed on the remote host. > > > Description : > > The remote host is running a version of Windows which is vulnerable to a > buffer overrun vulnerability when viewing a JPEG file, which may allow an > attacker to execute arbitrary code on the remote host. > > To exploit this flaw, an attacker would need to send a malformed JPEG file > to a user on the remote host and wait for him to open it using an > affected Microsoft application. > > > Solution: > > Microsoft has released a set of patches for Windows NT, 2000, XP and 2003 : > > http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx > > > Risk Factor : > > High / CVSS Base Score : 9.3 > (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C) > CVE : CVE-2004-0200 > BID : 11173 > Other references : IAVA:2004-A-0015, IAVA:2004-t-0028, OSVDB:9951 > Plugin ID : 14724 I thought that this was strange, as this server is completely up to date. I checked to make sure, and the patch that Nessus recommended is already applied to the server. Why is this being flagged as a vulerability? ----- Marc R. Hoffman Computer Operations Manager Morris Printing Group Phone: 308.236.7888, Extension 6272 FAX: 928.441.6032 http://www.morrisprintinggroup.com --------------------------------------------- E-MAIL CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are for the sole use of the intended recipient(s) and may contain confidential and or legally privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient(s) of this message or if this message has been addressed to you in error, please notify the sender and delete or destroy all copies of the original message. ---------------------------------------------
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
