Technical Analysis

echinoidqueenΔιακομιστές

4 Δεκ 2013 (πριν από 3 χρόνια και 8 μήνες)

1.033 εμφανίσεις

TM
TECHNICAL ANALYSIS
Fri December 21,2007
Networks
Training scans
Filters
host
vuln
jtitmus
TM
Report Summary 1
Technical Analysis Summary..............................................1
Hosts 5
Hosts..........................................................5
192.168.6.34.......................................................6
192.168.6.42.......................................................10
192.168.6.62.......................................................14
192.168.6.51.......................................................17
192.168.6.61.......................................................20
192.168.6.60.......................................................23
192.168.6.43.......................................................26
192.168.6.35.......................................................29
192.168.6.50.......................................................32
192.168.6.49.......................................................35
192.168.6.33.......................................................37
192.168.6.10.......................................................39
192.168.6.52.......................................................41
192.168.6.36.......................................................43
192.168.6.44.......................................................45
192.168.6.57.......................................................47
192.168.6.59.......................................................48
192.168.6.58.......................................................49
192.168.6.53.......................................................50
192.168.6.37.......................................................52
192.168.6.45.......................................................53
192.168.6.116......................................................54
192.168.6.6.......................................................55
Vulnerabilities 56
Vulnerabilities......................................................56
MS01-026:Microsoft IIS CGI Filename Decode Error.................................60
MS01-033:Microsoft Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability......63
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability...............66
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability...............68
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability............71
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability.................73
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability.........................78
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability.....81
MS04-029:Microsoft RPC Runtime Library Remote Denial Of Service And Information Disclosure.........84
MS05-019:Microsoft Windows IP Validation Vulnerability (Remote Check).....................86
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability..........................88
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)..................92
MS05-047:Microsoft Windows Plug and Play Buffer Overflow Vulnerability.....................94
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability................97
MS02-018:Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability.................100
MS02-028:Microsoft IIS HTR Chunked Encoding Transfer Heap Overflow Vulnerability..............106
Weak SNMP Community String............................................108
MS00-078:Microsoft IIS UNICODE Directory Traversal...............................109
MS02-062:Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities.................112
Microsoft IIS IDQ/IDA Mappings Enabled.......................................115
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability.......................116
SMB Null Session Share Enumeration.........................................119
MS03-043:Microsoft Windows Messenger Service Buffer Overrun Vulnerability...................121
MS01-035:Microsoft FrontPage 2000 SE Buffer Overflow RAD...........................123
MS01-044:Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability...................125
i
TM
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability............127
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability...............131
Sendmail Address Prescan Memory Corruption Vulnerability.............................134
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability..............136
MS01-026:Microsoft IIS Various Domain User Account Access Vulnerability....................139
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability......142
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption...146
Sendmail Race Condition Vulnerability.........................................150
Microsoft IIS printers Directory Available.......................................155
MS02-045:Microsoft Network Share Provider SMB Request Buffer Overflow Vulnerability.............156
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability.....................159
Microsoft Windows LANMAN Share Enumeration via SNMP.............................162
MS02-053:Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability...........164
MS06-074:Microsoft Windows SNMP Memory Corruption Vulnerability.......................166
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS.....................168
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability........................171
OpenSSH Buffer Mismanagement Vulnerabilities...................................174
Sendmail Prescan() Variant Remote Buffer Overrun Vulnerability...........................180
OpenSSH Multiple Buffer Management Errors.....................................182
Portable OpenSSH PAM Challenge Authentication Failure Vulnerability.......................184
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check).............186
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)................189
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability....................192
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability.....................196
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability.....................199
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability.................202
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability................205
Portable OpenSSH GSSAPI Remote Code Execution Vulnerability..........................208
MS02-056:Visual FoxPro Driver Buffer Overflow...................................210
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability..................212
MS01-044:Microsoft IIS WebDAV ’Propfind’ Server Restart Vulnerability......................214
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability..............216
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability......................219
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability........................222
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability..................225
MS01-044:Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability....................228
MS02-018:Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability....................230
MS02-018:Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability................233
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability..............236
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability...............239
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability...............242
OpenSSH GSSAPI Credential Disclosure Vulnerability.................................245
Microsoft IIS Internal Network Information Disclosure Vulnerability..........................250
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability......................252
MS00-060:Microsoft IIS FrontPage Cross Site Scripting shtml.dll Vulnerability...................255
Microsoft Windows Service Enumeration via SNMP..................................258
MS06-053:Microsoft Indexing Service Cross-Site Scripting Vulnerability.......................259
Microsoft Windows 2000 Lanman Denial of Service Vulnerability...........................262
Microsoft SQL Server Stored Procedure Low Privilege Weakness...........................265
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability....................267
MS03-051:Microsoft IIS Malformed HTTP HOST Header Field Denial Of Service Vulnerability..........270
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability........................272
Sendmail Ruleset Parsing Buffer Overflow Vulnerability................................275
MS03-051:Microsoft FrontPage Server Extensions SmartHTML Interpreter DoS Vulnerability...........277
IIS admin directory present...............................................280
IIS Sample directory present..............................................281
ii
TM
Anonymous FTP is enabled...............................................282
MS04-011:Microsoft Windows Help And Support Center Interface Spoofing Weakness...............284
Portmapper Available..................................................286
Portmapper RPC enumeration.............................................288
Multiple Vendor TCP Sequence Number Approximation Vulnerability........................289
Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability.......................294
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)............296
Microsoft IIS False Logging Weakness.........................................299
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability..............301
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness...........303
Microsoft Windows LANMAN User Enumeration via SNMP.............................306
SNMP System Description Available (system.sysDescr)................................307
System Process List Available via SNMP........................................308
Sendmail DNS Maps Remote Denial of Service Vulnerability.............................309
The Messenger Service is running...........................................311
MS01-044:Microsoft IIS MIME Header Denial of Service Vulnerability........................313
MS01-044:Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability..................315
Microsoft Windows Terminal Services Denial Of Service Vulnerability........................317
Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness.....................319
MS02-062:Microsoft IIS 5.0 and 5.1 WebDAV Denial Of Service Vulnerability...................321
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities..............323
Sendmail Milter Remote Denial Of Service Weakness.................................326
MS03-018:Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability.......328
Portable OpenSSH Server PAM Conversion Stack Corruption Vulnerability......................332
Microsoft Windows LsaQueryInformationPolicy() Domain SID Leak Vulnerability..................333
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability..........337
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability............339
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability..........341
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability.........343
OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability..........................345
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability............347
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability.........349
SSHv1 Protocol Available................................................351
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability...........352
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service......354
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability.....................357
EXPIRED SSL/TLS CERTIFICATE..........................................360
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability...........................362
OpenSSH Port Bouncing Configuration Vulnerability.................................366
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability............367
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability.......370
MS04-030:Microsoft IIS Server WebDAV XML Requests Denial of Service Vulnerability..............373
Sendmail Long Header Denial Of Service Vulnerability................................375
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check).......377
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability..................380
DCE RPC mapper available...............................................381
Obsolete Windows Version...............................................382
MS06-018:MSDTC Denial of Service Vulnerability..................................384
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability................386
MS06-018:MSDTC Invalid Memory Access Vulnerability...............................389
MS06-035:Microsoft SMB Information Disclosure Vulnerability...........................391
Sendmail Malformed MIME Message Denial Of Service Vulnerability.........................394
HTTP Server Header Information Leakage.......................................397
OpenSSH Duplicated Block Remote Denial of Service Vulnerability.........................398
SMTP Server Allows Plaintext Authentication.....................................400
WebDAV HTTP method ’PROPFIND’ enabled....................................401
iii
TM
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability........402
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability........404
MS IIS Internal IP Address/Internal Network Name Disclosure Vulnerability.....................406
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities.......408
Web Server HTTP TRACE Method Supported....................................411
OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability.........................413
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability..................415
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability..........418
NetBIOS Name Table..................................................421
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability.........423
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability.............426
MS05-051:Microsoft Distributed Transaction Controller TIP DoS..........................429
ICMP Timestamp reply received with proper timestamp................................432
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability.................434
Microsoft IIS Authentication Method Disclosure Vulnerability.............................437
OpenSSH PAM Conversation Memory Scrubbing Weakness..............................439
MS02-043:Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability...........441
Microsoft IIS Failure To Log Undocumented TRACK Requests Vulnerability.....................444
MS02-040:Microsoft Data Access Components (MDAC) Buffer Overflow Vulnerability...............446
SSLv2 Enabled.....................................................450
OpenSSH SCP Shell Command Execution Vulnerability................................451
SSL Server Supports Weak Encryption.........................................454
SMTP Banner Available................................................456
Sun XDR Library Available...............................................457
Microsoft Windows DCOM Available..........................................458
SSL/TLS Certificate Domain Name Mismatch.....................................460
Weak IPsec Encryption Settings............................................462
OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability.....................463
Multiple Vendor rpc.statd Arbitrary File Creation/Deletion Vulnerability......................465
Multiple Linux Vendor rpc.statd Remote Format String Vulnerability.........................467
OpenSSH known
hosts Address Harvesting Vulnerability...............................472
MS01-060:Microsoft Windows C Runtime Library Format String Vulnerability...................473
E-Mail Services Available................................................476
Anonymous FTP is Enabled With Blank Password...................................478
FTP Available......................................................479
Real Name of Guest Account Enumerated.......................................481
Administrator Account Has Not Been Renamed....................................483
FTP Banner Available..................................................485
Guest Account Has Not Been Renamed........................................487
Administrator Account Password Does Not Expire...................................489
Disabled Accounts Enumerated............................................491
OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness.................494
Sendmail Available...................................................496
Accounts With Non-Expiring Passwords Detected...................................497
NetBIOS SSN Available.................................................499
Localstart.asp Brute Force exposure..........................................501
SMB Packet Signing Requirement Disabled......................................502
RPC status Available..................................................504
Microsoft SQL Server Available.............................................505
HTTP Available.....................................................506
NNTP Available.....................................................509
Unused Active Windows Accounts Found.......................................510
Self-Signed SSL/TLS Certificate Present........................................513
Real Name of Administrator Account Enumerated...................................515
Windows User Accounts With An Unchanged Password................................517
SSH Protocol Available.................................................520
iv
TM
Technical Analysis Fri December 21,2007
SMTP Available.....................................................521
SMB Packet Signing Disabled.............................................522
Applications 524
Applications.......................................................524
Audits 525
Audits..........................................................525
v
TM
Technical Analysis Fri December 21,2007
Report Summary
Start Date
12/16/2007 04:25:24
End Date
12/21/2007 04:25:24
Networks/Network
Groups
Training scans
Filters
host
vuln
jtitmus
Hosts
23
Asset Value
0
Average Host Score
138,812
Vulnerabilities
195
Applications/Services
42
Exposure Local Availability Local Access Local Privileged Remote Availability Remote Access Remote Privileged
0
10
20
30
40
50
60
Vulnerability Level Distribution
Level
Vulnerability Count
Other (60%)
HTTPS (14%)
HTTP (9%)
DCE/MS RPC over
TCP (9%)
SNMP (7%)
Service Distribution
nCircle: Cisco (0%)
nCircle: Linux (8%)
nCircle: Network
Infrastructure (0%)
nCircle: Sun
Microsystems (0%)
nCircle: Unix Variant
(16%)
nCircle: Windows
(76%)
OS Distribution by OS Group
1
TM
Technical Analysis Fri December 21,2007
nCircle: Cisco (0%)
nCircle: Linux (3%)
nCircle: Network
Infrastructure (0%)
nCircle: Sun
Microsystems (0%)
nCircle: Unix Variant
(6%)
nCircle: Windows
(92%)
Vuln Distribution by OS Group
nCircle: Cisco (17%)
nCircle: Linux (17%)
nCircle: Network
Infrastructure (17%)
nCircle: Sun
Microsystems (17%)
nCircle: Unix Variant
(17%)
nCircle: Windows
(17%)
Asset Value by OS Group
ASIA-PAC-ENG1
ASIA-PAC-LEGAL1
AMERICAS-ENG1
EMEA-SALES1
AMERICAS-UPDATE
EMEA-UPDATE
ASIA-PAC-FIN1
ASIA-PAC-UPDATE
EMEA-LEGAL1
AMERICAS-LEGAL1
0 100000 200000 300000 400000
Top 10 Most Vulnerable Hosts
Score
Host
2
TM
Technical Analysis Fri December 21,2007
Microsoft IIS HTTP 5.0 Frontpage Server
Extensions
HTTP-Based Application
Microsoft Windows 2000 Direct SMB Session
Service
TDS 8 - MS SQL Server 2000
Windows 2000 (build 2195) SNMP
Microsoft Distributed Transaction Coordinator
(TCP)
Microsoft Windows 2000 NetBIOS Session
Service
DCE/MS RPC Endpoint Mapper Interface (TCP)
Microsoft Windows RPC-DCOM (TCP)
Windows NetBIOS Name Service
0 5 10 15
Top 10 Applications by Instance
Instances
Application
Microsoft SQL Server Stored Procedure Low
Privilege Weakness
MS01-060: Microsoft SQL-Server Buffer Overflow
Vulnerability
MS02-030: Microsoft SQL Server SQLXML Script
Injection Vulnerability
MS00-092: Microsoft SQL Server / Data Engine
xp_SetSQLSecurity Buffer Overflow Vulnerability
MS02-030: Microsoft SQL Server SQLXML Buffer
Overflow Vulnerability
MS01-060: Microsoft Windows C Runtime Library
Format String Vulnerability
MS02-007: Microsoft SQL Server OLE DB
Provider Name Buffer Overflow Vulnerability
Microsoft Windows Print Spooler GetPrinterData
Denial of Service Vulnerability
MS04-007: Microsoft Windows ASN.1 Library
Integer Handling Vulnerability
SMB Null Session Share Enumeration
0 5 10
Top 10 Vulnerabilities by Instance
Instances
Vulnerability
3
TM
Technical Analysis Fri December 21,2007
Sendmail Race Condition Vulnerability
Microsoft SQL Server / Data Engine "sa" Account
Default Configuration Vulnerability
MS05-039: Microsoft Plug-and-Play Buffer
Overflow Vulnerability
MS05-047: Microsoft Windows Plug and Play
Buffer Overflow Vulnerability
MS05-039: Microsoft Plug-and-Play Buffer
Overflow Vulnerability (via NetBios)
MS05-027: Microsoft Server Message Block
Packet Validation Buffer Overflow Vulnerability
MS02-035: Microsoft SQL Server Installation
Password Caching Vulnerability
MS05-051: Microsoft Windows MSDTC Buffer
Overflow Vulnerability
0 2 4 6 8 10
Top 10 SANS Top 20 Vulnerabilities by Instance
Instances
Vulnerability
4
TM
Technical Analysis Fri December 21,2007
Hosts
Hostname
IP Address
OS
Owner
Asset
Value
Score
AMERICAS-LEGAL1
192.168.6.34
Windows 2000 (SP0 -
SP4)
None
0
413667
EMEA-LEGAL1
192.168.6.42
Windows 2000 (SP0 -
SP4)
None
0
413661
ASIA-PAC-UPDATE
192.168.6.62
Windows 2000 (SP0 -
SP4)
None
0
301882
ASIA-PAC-FIN1
192.168.6.51
Windows 2000 (SP0 -
SP4)
None
0
280378
EMEA-UPDATE
192.168.6.61
Windows 2000 (SP0 -
SP4)
None
0
260367
AMERICAS-UPDATE
192.168.6.60
Windows 2000 (SP0 -
SP4)
None
0
260341
EMEA-SALES1
192.168.6.43
Windows 2000 (SP0 -
SP4)
None
0
222116
AMERICAS-ENG1
192.168.6.35
Windows 2000 (SP0 -
SP4)
None
0
220343
ASIA-PAC-LEGAL1
192.168.6.50
Windows 2000 (SP0 -
SP4)
None
0
180453
ASIA-PAC-ENG1
192.168.6.49
Windows 2003 (SP0-
SP2)
None
0
93331
AMERICAS-FIN1
192.168.6.33
Windows 2003 (SP0-
SP2)
None
0
93263
TRAIN-VM-SRV-01
192.168.6.10
Windows 2000 (SP0 -
SP4)
None
0
87841
ASIA-PAC-SALES1
192.168.6.52
Windows XP (SP0 -
SP2)
None
0
67115
AMERICAS-HQ1
192.168.6.36
Windows 5.x (Win-
dows 2000,Windows
XP)
None
0
67109
EMEA-SALES2
192.168.6.44
Windows XP (SP0 -
SP2)
None
0
67061
AMERICAS-ENG3
192.168.6.57
Windows NT 4.0
(SP0 - SP6a)
None
0
59002
ASIA-PAC-ENG3
192.168.6.59
Windows NT 4.0
(SP0 - SP6a)
None
0
59002
EMEA-LEGAL3
192.168.6.58
Windows NT 4.0
(SP0 - SP6a)
None
0
32540
192.168.6.53
192.168.6.53
FreeBSD 4.x
None
0
6348
192.168.6.37
192.168.6.37
Linux 2.4-2.6
None
0
3130
192.168.6.45
192.168.6.45
Linux 2.4-2.6
None
0
3124
192.168.6.116
192.168.6.116
Unix Variant
None
0
559
TRAIN-DC01
192.168.6.6
Windows 5.x (Win-
dows 2000,Windows
XP)
None
0
32
continued on next page
5
TM
Technical Analysis Fri December 21,2007
Hostname
IP Address
OS
Owner
Asset
Value
Score
Host Summary
Hostname
AMERICAS-LEGAL1
IP Address
192.168.6.34
Score
413,667
Asset Value
0
OS Name
Windows 2000 (SP0 - SP4)
Owner
None
NetBIOS Name
AMERICAS-LEGAL1
Mac Address (Net-
BIOS)
00:0C:29:91:29:8A
Domain/Workgroup
WORKGROUP
Operating System
OS Name
Windows 2000 (SP0 - SP4)
Vulnerabilities
Vulnerability
CVE
#of Ports
Score
MS01-026:Microsoft IIS CGI Filename Decode Error
CVE-2001-0333
1
35353
MS01-033:Microsoft Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability
CVE-2001-0500
1
35103
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability
CVE-2000-1209
1
33377
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
CVE-2002-0649
1
31997
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
CVE-2002-1123
1
31425
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
CVE-2003-0352
1
28970
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability
CVE-2003-0533
1
26425
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
CVE-2003-0719
1
26425
MS05-019:Microsoft Windows IP Validation Vulnerability (Remote Check)
CVE-2005-0048
1
22574
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability
CVE-2005-1983
1
21163
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)
CVE-2005-1983
1
21163
MS05-047:Microsoft Windows Plug and Play Buffer Overflow Vulnerability
CVE-2005-2120
1
20377
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability
CVE-2006-3439
2
16099
MS02-018:Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
CVE-2002-0079,CVE-2002-
0147
1
8211
MS02-028:Microsoft IIS HTR Chunked Encoding Transfer Heap Overflow Vulnerability
CVE-2002-0364
1
8117
MS00-078:Microsoft IIS UNICODE Directory Traversal
CVE-2000-0884
1
6143
MS02-062:Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities
CVE-2002-1181
1
5198
Microsoft IIS IDQ/IDA Mappings Enabled
CVE-2003-0109
1
4985
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability
CVE-2002-1138
1
1989
SMB Null Session Share Enumeration
CVE-1999-0519
1
1898
MS01-035:Microsoft FrontPage 2000 SE Buffer Overflow RAD
CVE-2001-0341
1
1460
MS01-044:Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability
CVE-2001-0507
1
1444
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability
CVE-2005-1206
2
1364
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
CVE-2002-0649,CVE-2002-
0729
1
1279
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability
CVE-2003-0231
1
1204
MS01-026:Microsoft IIS Various Domain User Account Access Vulnerability
CVE-2001-0335
1
1178
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
CVE-2003-0715
1
1138
continued on next page
6
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability
CVE-2003-0528
1
1138
Microsoft IIS printers Directory Available
1
1112
MS02-045:Microsoft Network Share Provider SMB Request Buffer Overflow Vulnerability
CVE-2002-0724
1
1058
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability
CVE-2006-1314
2
1034
Microsoft Windows LANMAN Share Enumeration via SNMP
CVE-1999-0499
1
920
MS02-053:Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability
CVE-2002-0692
1
874
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability
CVE-2005-2119
1
815
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS
CVE-2005-1980
1
815
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)
CVE-2004-1060
1
752
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check)
CVE-1999-0016,CVE-2005-
0688
1
752
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability
CVE-2003-0818
2
750
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
CVE-2004-0123
2
734
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability
CVE-2003-0806
1
734
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
CVE-2004-0117
1
734
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
CVE-2004-0119
1
734
MS02-056:Visual FoxPro Driver Buffer Overflow
CVE-2002-1137
1
332
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
CVE-2002-1137
1
332
MS01-044:Microsoft IIS WebDAV ’Propfind’ Server Restart Vulnerability
CVE-2001-0508
1
295
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability
CVE-2002-0056
1
276
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
CVE-2002-0186
1
269
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability
CVE-2002-0859
1
269
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
CVE-2003-0813
1
187
MS01-044:Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability
CVE-2001-0506
1
160
MS02-018:Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
CVE-2002-0150
1
152
MS02-018:Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
CVE-2002-0071
1
152
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
CVE-2002-0642
1
151
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
CVE-2004-0116
1
122
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability
CVE-2004-0124
1
122
Microsoft IIS Internal Network Information Disclosure Vulnerability
CVE-2000-0649
1
96
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability
CVE-2002-0187
1
89
MS00-060:Microsoft IIS FrontPage Cross Site Scripting shtml.dll Vulnerability
CVE-2000-0746,CVE-2000-
1104
1
77
Microsoft Windows Service Enumeration via SNMP
1
76
MS06-053:Microsoft Indexing Service Cross-Site Scripting Vulnerability
CVE-2006-0032
1
71
Microsoft Windows 2000 Lanman Denial of Service Vulnerability
CVE-2002-0597
1
68
Microsoft SQL Server Stored Procedure Low Privilege Weakness
1
66
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability
CVE-2002-0643
1
66
MS03-051:Microsoft IIS Malformed HTTP HOST Header Field Denial Of Service Vulnerability
CVE-2003-0824
1
65
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability
CVE-2003-0605
1
59
MS03-051:Microsoft FrontPage Server Extensions SmartHTML Interpreter DoS Vulnerability
CVE-2003-0824
1
58
IIS admin directory present
1
57
IIS Sample directory present
1
57
Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
1
47
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)
CVE-2004-0230
1
47
Microsoft IIS False Logging Weakness
CVE-2001-0902
1
47
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
CVE-2002-0650
1
42
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness
CVE-2003-0661
1
39
Microsoft Windows LANMAN User Enumeration via SNMP
1
38
continued on next page
7
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
System Process List Available via SNMP
1
38
MS01-044:Microsoft IIS MIME Header Denial of Service Vulnerability
CVE-2001-0544
1
32
MS01-044:Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability
CVE-2001-0508
1
32
Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
1
29
MS02-062:Microsoft IIS 5.0 and 5.1 WebDAV Denial Of Service Vulnerability
CVE-2002-1182
1
28
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities
CVE-2005-1978
1
28
MS03-018:Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability
CVE-2003-0226
1
27
Microsoft Windows LsaQueryInformationPolicy() Domain SID Leak Vulnerability
CVE-2000-1200
2
26
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability
CVE-2000-1088
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability
CVE-2000-1083
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability
CVE-2000-1084
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability
CVE-2000-1082
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability
CVE-2000-1086
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability
CVE-2000-1085
1
25
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service
CVE-2003-0807
1
24
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability
CVE-2004-0120
1
24
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
CVE-2003-0663
1
24
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability
CVE-2001-0542
1
23
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
CVE-2002-0641
1
22
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
CVE-2002-0644
1
22
MS04-030:Microsoft IIS Server WebDAV XML Requests Denial of Service Vulnerability
CVE-2003-0718
1
22
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check)
CVE-2004-0790
1
20
DCE RPC mapper available
4
18
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
CVE-2006-6296
2
18
MS06-018:MSDTC Denial of Service Vulnerability
CVE-2006-1184
1
16
MS06-018:MSDTC Invalid Memory Access Vulnerability
CVE-2006-0034
1
16
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability
CVE-2002-0645,CVE-2002-
0982
1
16
MS06-035:Microsoft SMB Information Disclosure Vulnerability
CVE-2006-1315
2
15
HTTP Server Header Information Leakage
CVE-1999-0655
1
14
WebDAV HTTP method ’PROPFIND’ enabled
1
13
MS IIS Internal IP Address/Internal Network Name Disclosure Vulnerability
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability
CVE-2000-1081
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability
CVE-2000-1087
1
12
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities
CVE-2002-0154
1
11
Web Server HTTP TRACE Method Supported
1
9
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability
CVE-2001-0344
1
8
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
CVE-2002-0624
1
7
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
CVE-2002-1145
1
7
NetBIOS Name Table
1
7
MS05-051:Microsoft Distributed Transaction Controller TIP DoS
CVE-2005-1979
1
6
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
CVE-2003-0232
1
6
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability
CVE-2003-0230
1
6
ICMP Timestamp reply received with proper timestamp.
CVE-1999-0524
1
6
Microsoft IIS Authentication Method Disclosure Vulnerability
CVE-2002-0419
1
5
MS02-043:Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability
CVE-2002-0721
1
3
Microsoft IIS Failure To Log Undocumented TRACK Requests Vulnerability
1
2
MS02-040:Microsoft Data Access Components (MDAC) Buffer Overflow Vulnerability
CVE-2002-0695
1
2
Microsoft Windows DCOM Available
CVE-2003-0528
1
1
continued on next page
8
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS01-060:Microsoft Windows C Runtime Library Format String Vulnerability
CVE-2001-0879
1
1
Windows User Accounts With An Unchanged Password
2
0
Microsoft SQL Server Available
1
0
Localstart.asp Brute Force exposure
1
0
HTTP Available
CVE-1999-0633
1
0
NetBIOS SSN Available
CVE-1999-0621
1
0
Real Name of Administrator Account Enumerated
1
0
Real Name of Guest Account Enumerated
1
0
Guest Account Has Not Been Renamed
2
0
SMB Packet Signing Disabled
1
0
SMB Packet Signing Requirement Disabled
1
0
Disabled Accounts Enumerated
2
0
Unused Active Windows Accounts Found
1
0
Administrator Account Password Does Not Expire
CVE-1999-0535
2
0
Administrator Account Has Not Been Renamed
CVE-1999-0585
2
0
Accounts With Non-Expiring Passwords Detected
2
0
9
TM
Technical Analysis Fri December 21,2007
Host Summary
Hostname
EMEA-LEGAL1
IP Address
192.168.6.42
Score
413,661
Asset Value
0
OS Name
Windows 2000 (SP0 - SP4)
Owner
None
NetBIOS Name
EMEA-LEGAL1
Mac Address (Net-
BIOS)
00:0C:29:E8:8F:01
Domain/Workgroup
WORKGROUP
Operating System
OS Name
Windows 2000 (SP0 - SP4)
Vulnerabilities
Vulnerability
CVE
#of Ports
Score
MS01-026:Microsoft IIS CGI Filename Decode Error
CVE-2001-0333
1
35353
MS01-033:Microsoft Index Server and Indexing Service ISAPI Extension Buffer Overflow Vulnerability
CVE-2001-0500
1
35103
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability
CVE-2000-1209
1
33377
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
CVE-2002-0649
1
31997
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
CVE-2002-1123
1
31425
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
CVE-2003-0352
1
28970
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
CVE-2003-0719
1
26425
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability
CVE-2003-0533
1
26425
MS05-019:Microsoft Windows IP Validation Vulnerability (Remote Check)
CVE-2005-0048
1
22574
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability
CVE-2005-1983
1
21163
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)
CVE-2005-1983
1
21163
MS05-047:Microsoft Windows Plug and Play Buffer Overflow Vulnerability
CVE-2005-2120
1
20377
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability
CVE-2006-3439
2
16099
MS02-018:Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
CVE-2002-0079,CVE-2002-
0147
1
8211
MS02-028:Microsoft IIS HTR Chunked Encoding Transfer Heap Overflow Vulnerability
CVE-2002-0364
1
8117
MS00-078:Microsoft IIS UNICODE Directory Traversal
CVE-2000-0884
1
6143
MS02-062:Microsoft IIS Administrative Pages Cross Site Scripting Vulnerabilities
CVE-2002-1181
1
5198
Microsoft IIS IDQ/IDA Mappings Enabled
CVE-2003-0109
1
4985
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability
CVE-2002-1138
1
1989
SMB Null Session Share Enumeration
CVE-1999-0519
1
1898
MS01-035:Microsoft FrontPage 2000 SE Buffer Overflow RAD
CVE-2001-0341
1
1460
MS01-044:Microsoft IIS 5.0 In-Process Table Privelege Elevation Vulnerability
CVE-2001-0507
1
1444
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability
CVE-2005-1206
2
1364
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
CVE-2002-0649,CVE-2002-
0729
1
1279
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability
CVE-2003-0231
1
1204
MS01-026:Microsoft IIS Various Domain User Account Access Vulnerability
CVE-2001-0335
1
1178
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
CVE-2003-0715
1
1138
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability
CVE-2003-0528
1
1138
continued on next page
10
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
Microsoft IIS printers Directory Available
1
1112
MS02-045:Microsoft Network Share Provider SMB Request Buffer Overflow Vulnerability
CVE-2002-0724
1
1058
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability
CVE-2006-1314
2
1034
Microsoft Windows LANMAN Share Enumeration via SNMP
CVE-1999-0499
1
920
MS02-053:Microsoft FrontPage Server Extensions SmartHTML Buffer Overflow Vulnerability
CVE-2002-0692
1
874
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability
CVE-2005-2119
1
815
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS
CVE-2005-1980
1
815
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check)
CVE-1999-0016,CVE-2005-
0688
1
752
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)
CVE-2004-1060
1
752
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability
CVE-2003-0818
2
750
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
CVE-2004-0123
2
734
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability
CVE-2003-0806
1
734
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
CVE-2004-0119
1
734
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
CVE-2004-0117
1
734
MS02-056:Visual FoxPro Driver Buffer Overflow
CVE-2002-1137
1
332
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
CVE-2002-1137
1
332
MS01-044:Microsoft IIS WebDAV ’Propfind’ Server Restart Vulnerability
CVE-2001-0508
1
295
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability
CVE-2002-0056
1
276
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
CVE-2002-0186
1
269
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability
CVE-2002-0859
1
269
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
CVE-2003-0813
1
187
MS01-044:Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability
CVE-2001-0506
1
160
MS02-018:Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
CVE-2002-0150
1
152
MS02-018:Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
CVE-2002-0071
1
152
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
CVE-2002-0642
1
151
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability
CVE-2004-0124
1
122
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
CVE-2004-0116
1
122
Microsoft IIS Internal Network Information Disclosure Vulnerability
CVE-2000-0649
1
96
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability
CVE-2002-0187
1
89
MS00-060:Microsoft IIS FrontPage Cross Site Scripting shtml.dll Vulnerability
CVE-2000-0746,CVE-2000-
1104
1
77
Microsoft Windows Service Enumeration via SNMP
1
76
MS06-053:Microsoft Indexing Service Cross-Site Scripting Vulnerability
CVE-2006-0032
1
71
Microsoft Windows 2000 Lanman Denial of Service Vulnerability
CVE-2002-0597
1
68
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability
CVE-2002-0643
1
66
Microsoft SQL Server Stored Procedure Low Privilege Weakness
1
66
MS03-051:Microsoft IIS Malformed HTTP HOST Header Field Denial Of Service Vulnerability
CVE-2003-0824
1
65
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability
CVE-2003-0605
1
59
MS03-051:Microsoft FrontPage Server Extensions SmartHTML Interpreter DoS Vulnerability
CVE-2003-0824
1
58
IIS admin directory present
1
57
IIS Sample directory present
1
57
Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
1
47
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)
CVE-2004-0230
1
47
Microsoft IIS False Logging Weakness
CVE-2001-0902
1
47
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
CVE-2002-0650
1
42
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness
CVE-2003-0661
1
39
Microsoft Windows LANMAN User Enumeration via SNMP
1
38
System Process List Available via SNMP
1
38
continued on next page
11
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS01-044:Microsoft IIS MIME Header Denial of Service Vulnerability
CVE-2001-0544
1
32
MS01-044:Microsoft IIS WebDAV Invalid Request Denial of Service Vulnerability
CVE-2001-0508
1
32
Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
1
29
MS02-062:Microsoft IIS 5.0 and 5.1 WebDAV Denial Of Service Vulnerability
CVE-2002-1182
1
28
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities
CVE-2005-1978
1
28
MS03-018:Microsoft IIS WebDAV PROPFIND and SEARCH Method Denial of Service Vulnerability
CVE-2003-0226
1
27
Microsoft Windows LsaQueryInformationPolicy() Domain SID Leak Vulnerability
CVE-2000-1200
2
26
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability
CVE-2000-1085
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability
CVE-2000-1088
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability
CVE-2000-1082
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability
CVE-2000-1086
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability
CVE-2000-1083
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability
CVE-2000-1084
1
25
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
CVE-2003-0663
1
24
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service
CVE-2003-0807
1
24
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability
CVE-2004-0120
1
24
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability
CVE-2001-0542
1
23
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
CVE-2002-0641
1
22
MS04-030:Microsoft IIS Server WebDAV XML Requests Denial of Service Vulnerability
CVE-2003-0718
1
22
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
CVE-2002-0644
1
22
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check)
CVE-2004-0790
1
20
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
CVE-2006-6296
2
18
DCE RPC mapper available
4
18
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability
CVE-2002-0645,CVE-2002-
0982
1
16
MS06-018:MSDTC Denial of Service Vulnerability
CVE-2006-1184
1
16
MS06-018:MSDTC Invalid Memory Access Vulnerability
CVE-2006-0034
1
16
MS06-035:Microsoft SMB Information Disclosure Vulnerability
CVE-2006-1315
2
15
HTTP Server Header Information Leakage
CVE-1999-0655
1
14
WebDAV HTTP method ’PROPFIND’ enabled
1
13
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability
CVE-2000-1087
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability
CVE-2000-1081
1
12
MS IIS Internal IP Address/Internal Network Name Disclosure Vulnerability
1
12
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities
CVE-2002-0154
1
11
Web Server HTTP TRACE Method Supported
1
9
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability
CVE-2001-0344
1
8
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
CVE-2002-0624
1
7
NetBIOS Name Table
1
7
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
CVE-2002-1145
1
7
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability
CVE-2003-0230
1
6
MS05-051:Microsoft Distributed Transaction Controller TIP DoS
CVE-2005-1979
1
6
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
CVE-2003-0232
1
6
Microsoft IIS Authentication Method Disclosure Vulnerability
CVE-2002-0419
1
5
MS02-043:Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability
CVE-2002-0721
1
3
Microsoft IIS Failure To Log Undocumented TRACK Requests Vulnerability
1
2
MS02-040:Microsoft Data Access Components (MDAC) Buffer Overflow Vulnerability
CVE-2002-0695
1
2
Microsoft Windows DCOM Available
CVE-2003-0528
1
1
MS01-060:Microsoft Windows C Runtime Library Format String Vulnerability
CVE-2001-0879
1
1
Disabled Accounts Enumerated
2
0
continued on next page
12
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
Localstart.asp Brute Force exposure
1
0
Windows User Accounts With An Unchanged Password
2
0
NetBIOS SSN Available
CVE-1999-0621
1
0
Real Name of Administrator Account Enumerated
1
0
HTTP Available
CVE-1999-0633
1
0
Administrator Account Password Does Not Expire
CVE-1999-0535
2
0
SMB Packet Signing Disabled
1
0
SMB Packet Signing Requirement Disabled
1
0
Administrator Account Has Not Been Renamed
CVE-1999-0585
2
0
Unused Active Windows Accounts Found
2
0
Microsoft SQL Server Available
1
0
Accounts With Non-Expiring Passwords Detected
2
0
Real Name of Guest Account Enumerated
2
0
Guest Account Has Not Been Renamed
2
0
13
TM
Technical Analysis Fri December 21,2007
Host Summary
Hostname
ASIA-PAC-UPDATE
IP Address
192.168.6.62
Score
301,882
Asset Value
0
OS Name
Windows 2000 (SP0 - SP4)
Owner
None
NetBIOS Name
ASIA-PAC-UPDATE
Mac Address (Net-
BIOS)
00:0C:29:97:27:4C
Domain/Workgroup
WORKGROUP
Operating System
OS Name
Windows 2000 (SP0 - SP4)
Vulnerabilities
Vulnerability
CVE
#of Ports
Score
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability
CVE-2000-1209
1
33377
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
CVE-2002-0649
1
31997
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
CVE-2002-1123
1
31425
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
CVE-2003-0352
1
28970
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability
CVE-2003-0533
1
26425
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
CVE-2003-0719
1
26425
MS05-019:Microsoft Windows IP Validation Vulnerability (Remote Check)
CVE-2005-0048
1
22574
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)
CVE-2005-1983
1
21163
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability
CVE-2005-1983
1
21163
MS05-047:Microsoft Windows Plug and Play Buffer Overflow Vulnerability
CVE-2005-2120
1
20377
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability
CVE-2006-3439
1
16099
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability
CVE-2002-1138
1
1989
SMB Null Session Share Enumeration
CVE-1999-0519
1
1898
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability
CVE-2005-1206
2
1364
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
CVE-2002-0649,CVE-2002-
0729
1
1279
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability
CVE-2003-0231
1
1204
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability
CVE-2003-0528
1
1138
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
CVE-2003-0715
1
1138
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability
CVE-2006-1314
2
1034
Microsoft Windows LANMAN Share Enumeration via SNMP
CVE-1999-0499
1
920
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS
CVE-2005-1980
1
815
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability
CVE-2005-2119
1
815
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check)
CVE-1999-0016,CVE-2005-
0688
1
752
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)
CVE-2004-1060
1
752
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability
CVE-2003-0818
1
750
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
CVE-2004-0119
1
734
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability
CVE-2003-0806
1
734
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
CVE-2004-0123
1
734
continued on next page
14
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
CVE-2004-0117
1
734
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
CVE-2002-1137
1
332
MS02-056:Visual FoxPro Driver Buffer Overflow
CVE-2002-1137
1
332
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability
CVE-2002-0056
1
276
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability
CVE-2002-0859
1
269
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
CVE-2002-0186
1
269
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
CVE-2003-0813
1
187
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
CVE-2002-0642
1
151
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability
CVE-2004-0124
1
122
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
CVE-2004-0116
1
122
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability
CVE-2002-0187
1
89
Microsoft Windows Service Enumeration via SNMP
1
76
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability
CVE-2002-0643
1
66
Microsoft SQL Server Stored Procedure Low Privilege Weakness
1
66
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability
CVE-2003-0605
1
59
Multiple Vendor TCP Sequence Number Approximation Vulnerability
CVE-2004-0230
1
54
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)
CVE-2004-0230
1
47
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
CVE-2002-0650
1
42
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness
CVE-2003-0661
1
39
Microsoft Windows LANMAN User Enumeration via SNMP
1
38
System Process List Available via SNMP
1
38
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities
CVE-2005-1978
1
28
Microsoft Windows LsaQueryInformationPolicy() Domain SID Leak Vulnerability
CVE-2000-1200
1
26
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability
CVE-2000-1085
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability
CVE-2000-1082
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability
CVE-2000-1083
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability
CVE-2000-1086
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability
CVE-2000-1084
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability
CVE-2000-1088
1
25
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
CVE-2003-0663
1
24
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability
CVE-2004-0120
1
24
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service
CVE-2003-0807
1
24
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability
CVE-2001-0542
1
23
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
CVE-2002-0641
1
22
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
CVE-2002-0644
1
22
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check)
CVE-2004-0790
1
20
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
CVE-2006-6296
2
18
DCE RPC mapper available
3
18
MS06-018:MSDTC Invalid Memory Access Vulnerability
CVE-2006-0034
1
16
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability
CVE-2002-0645,CVE-2002-
0982
1
16
MS06-018:MSDTC Denial of Service Vulnerability
CVE-2006-1184
1
16
MS06-035:Microsoft SMB Information Disclosure Vulnerability
CVE-2006-1315
2
15
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability
CVE-2000-1081
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability
CVE-2000-1087
1
12
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities
CVE-2002-0154
1
11
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability
CVE-2001-0344
1
8
NetBIOS Name Table
1
7
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
CVE-2002-1145
1
7
continued on next page
15
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
CVE-2002-0624
1
7
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
CVE-2003-0232
1
6
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability
CVE-2003-0230
1
6
ICMP Timestamp reply received with proper timestamp.
CVE-1999-0524
1
6
MS05-051:Microsoft Distributed Transaction Controller TIP DoS
CVE-2005-1979
1
6
MS02-043:Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability
CVE-2002-0721
1
3
MS02-040:Microsoft Data Access Components (MDAC) Buffer Overflow Vulnerability
CVE-2002-0695
1
2
Microsoft Windows DCOM Available
CVE-2003-0528
1
1
MS01-060:Microsoft Windows C Runtime Library Format String Vulnerability
CVE-2001-0879
1
1
Accounts With Non-Expiring Passwords Detected
1
0
Guest Account Has Not Been Renamed
1
0
Disabled Accounts Enumerated
1
0
Windows User Accounts With An Unchanged Password
1
0
NetBIOS SSN Available
CVE-1999-0621
1
0
Real Name of Administrator Account Enumerated
1
0
Real Name of Guest Account Enumerated
1
0
Administrator Account Password Does Not Expire
CVE-1999-0535
1
0
SMB Packet Signing Disabled
1
0
SMB Packet Signing Requirement Disabled
1
0
Administrator Account Has Not Been Renamed
CVE-1999-0585
1
0
Microsoft SQL Server Available
1
0
Unused Active Windows Accounts Found
1
0
16
TM
Technical Analysis Fri December 21,2007
Host Summary
Hostname
ASIA-PAC-FIN1
IP Address
192.168.6.51
Score
280,378
Asset Value
0
OS Name
Windows 2000 (SP0 - SP4)
Owner
None
NetBIOS Name
ASIA-PAC-FIN1
Mac Address (Net-
BIOS)
00:0C:29:8A:16:5F
Domain/Workgroup
WORKGROUP
Operating System
OS Name
Windows 2000 (SP0 - SP4)
Vulnerabilities
Vulnerability
CVE
#of Ports
Score
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability
CVE-2000-1209
1
33377
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
CVE-2002-0649
1
31997
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
CVE-2002-1123
1
31425
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
CVE-2003-0352
1
28970
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability
CVE-2003-0533
1
26425
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
CVE-2003-0719
1
26425
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability
CVE-2005-1983
1
21163
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)
CVE-2005-1983
1
21163
MS05-047:Microsoft Windows Plug and Play Buffer Overflow Vulnerability
CVE-2005-2120
1
20377
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability
CVE-2006-3439
2
16099
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability
CVE-2002-1138
1
1989
SMB Null Session Share Enumeration
CVE-1999-0519
1
1898
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability
CVE-2005-1206
1
1364
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
CVE-2002-0649,CVE-2002-
0729
1
1279
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability
CVE-2003-0231
1
1204
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
CVE-2003-0715
1
1138
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability
CVE-2003-0528
1
1138
MS02-045:Microsoft Network Share Provider SMB Request Buffer Overflow Vulnerability
CVE-2002-0724
1
1058
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability
CVE-2006-1314
2
1034
Microsoft Windows LANMAN Share Enumeration via SNMP
CVE-1999-0499
1
920
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability
CVE-2005-2119
1
815
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS
CVE-2005-1980
1
815
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)
CVE-2004-1060
1
752
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check)
CVE-1999-0016,CVE-2005-
0688
1
752
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability
CVE-2003-0818
1
750
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
CVE-2004-0119
1
734
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
CVE-2004-0123
1
734
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
CVE-2004-0117
1
734
continued on next page
17
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability
CVE-2003-0806
1
734
MS02-056:Visual FoxPro Driver Buffer Overflow
CVE-2002-1137
1
332
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
CVE-2002-1137
1
332
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability
CVE-2002-0056
1
276
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
CVE-2002-0186
1
269
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability
CVE-2002-0859
1
269
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
CVE-2003-0813
1
187
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
CVE-2002-0642
1
151
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability
CVE-2004-0124
1
122
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
CVE-2004-0116
1
122
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability
CVE-2002-0187
1
89
Microsoft Windows Service Enumeration via SNMP
1
76
Microsoft SQL Server Stored Procedure Low Privilege Weakness
1
66
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability
CVE-2002-0643
1
66
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability
CVE-2003-0605
1
59
Multiple Vendor TCP Sequence Number Approximation Vulnerability
CVE-2004-0230
1
54
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)
CVE-2004-0230
1
47
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
CVE-2002-0650
1
42
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness
CVE-2003-0661
1
39
System Process List Available via SNMP
1
38
Microsoft Windows LANMAN User Enumeration via SNMP
1
38
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities
CVE-2005-1978
1
28
Microsoft Windows LsaQueryInformationPolicy() Domain SID Leak Vulnerability
CVE-2000-1200
1
26
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability
CVE-2000-1083
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability
CVE-2000-1086
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability
CVE-2000-1084
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability
CVE-2000-1082
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability
CVE-2000-1085
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability
CVE-2000-1088
1
25
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service
CVE-2003-0807
1
24
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
CVE-2003-0663
1
24
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability
CVE-2004-0120
1
24
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability
CVE-2001-0542
1
23
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
CVE-2002-0644
1
22
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
CVE-2002-0641
1
22
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check)
CVE-2004-0790
1
20
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
CVE-2006-6296
2
18
DCE RPC mapper available
3
18
MS06-018:MSDTC Invalid Memory Access Vulnerability
CVE-2006-0034
1
16
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability
CVE-2002-0645,CVE-2002-
0982
1
16
MS06-018:MSDTC Denial of Service Vulnerability
CVE-2006-1184
1
16
MS06-035:Microsoft SMB Information Disclosure Vulnerability
CVE-2006-1315
2
15
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability
CVE-2000-1081
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability
CVE-2000-1087
1
12
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities
CVE-2002-0154
1
11
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability
CVE-2001-0344
1
8
NetBIOS Name Table
1
7
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
CVE-2002-1145
1
7
continued on next page
18
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
CVE-2002-0624
1
7
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
CVE-2003-0232
1
6
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability
CVE-2003-0230
1
6
ICMP Timestamp reply received with proper timestamp.
CVE-1999-0524
1
6
MS05-051:Microsoft Distributed Transaction Controller TIP DoS
CVE-2005-1979
1
6
MS02-043:Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability
CVE-2002-0721
1
3
MS02-040:Microsoft Data Access Components (MDAC) Buffer Overflow Vulnerability
CVE-2002-0695
1
2
Microsoft Windows DCOM Available
CVE-2003-0528
1
1
MS01-060:Microsoft Windows C Runtime Library Format String Vulnerability
CVE-2001-0879
1
1
Accounts With Non-Expiring Passwords Detected
1
0
Guest Account Has Not Been Renamed
1
0
Disabled Accounts Enumerated
1
0
Windows User Accounts With An Unchanged Password
1
0
NetBIOS SSN Available
CVE-1999-0621
1
0
Real Name of Administrator Account Enumerated
1
0
Real Name of Guest Account Enumerated
1
0
Administrator Account Password Does Not Expire
CVE-1999-0535
1
0
SMB Packet Signing Disabled
1
0
SMB Packet Signing Requirement Disabled
1
0
Administrator Account Has Not Been Renamed
CVE-1999-0585
1
0
Microsoft SQL Server Available
1
0
Unused Active Windows Accounts Found
2
0
19
TM
Technical Analysis Fri December 21,2007
Host Summary
Hostname
EMEA-UPDATE
IP Address
192.168.6.61
Score
260,367
Asset Value
0
OS Name
Windows 2000 (SP0 - SP4)
Owner
None
NetBIOS Name
EMEA-UPDATE
Mac Address (Net-
BIOS)
00:0C:29:AF:82:5E
Domain/Workgroup
WORKGROUP
Operating System
OS Name
Windows 2000 (SP0 - SP4)
Vulnerabilities
Vulnerability
CVE
#of Ports
Score
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability
CVE-2000-1209
1
33377
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
CVE-2002-0649
1
31997
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
CVE-2002-1123
1
31425
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
CVE-2003-0352
1
28970
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
CVE-2003-0719
1
26425
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability
CVE-2003-0533
1
26425
MS05-019:Microsoft Windows IP Validation Vulnerability (Remote Check)
CVE-2005-0048
1
22574
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)
CVE-2005-1983
1
21163
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability
CVE-2006-3439
1
16099
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability
CVE-2002-1138
1
1989
SMB Null Session Share Enumeration
CVE-1999-0519
1
1898
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability
CVE-2005-1206
1
1364
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
CVE-2002-0649,CVE-2002-
0729
1
1279
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability
CVE-2003-0231
1
1204
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
CVE-2003-0715
1
1138
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability
CVE-2003-0528
1
1138
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability
CVE-2006-1314
1
1034
Microsoft Windows LANMAN Share Enumeration via SNMP
CVE-1999-0499
1
920
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability
CVE-2005-2119
1
815
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS
CVE-2005-1980
1
815
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)
CVE-2004-1060
1
752
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check)
CVE-1999-0016,CVE-2005-
0688
1
752
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability
CVE-2003-0818
1
750
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
CVE-2004-0119
1
734
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
CVE-2004-0123
1
734
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
CVE-2004-0117
1
734
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability
CVE-2003-0806
1
734
MS02-056:Visual FoxPro Driver Buffer Overflow
CVE-2002-1137
1
332
continued on next page
20
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
CVE-2002-1137
1
332
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability
CVE-2002-0056
1
276
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
CVE-2002-0186
1
269
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability
CVE-2002-0859
1
269
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
CVE-2003-0813
1
187
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
CVE-2002-0642
1
151
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
CVE-2004-0116
1
122
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability
CVE-2004-0124
1
122
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability
CVE-2002-0187
1
89
Microsoft Windows Service Enumeration via SNMP
1
76
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability
CVE-2002-0643
1
66
Microsoft SQL Server Stored Procedure Low Privilege Weakness
1
66
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability
CVE-2003-0605
1
59
Multiple Vendor TCP Sequence Number Approximation Vulnerability
CVE-2004-0230
1
54
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)
CVE-2004-0230
1
47
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
CVE-2002-0650
1
42
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness
CVE-2003-0661
1
39
System Process List Available via SNMP
1
38
Microsoft Windows LANMAN User Enumeration via SNMP
1
38
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities
CVE-2005-1978
1
28
Microsoft Windows LsaQueryInformationPolicy() Domain SID Leak Vulnerability
CVE-2000-1200
1
26
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability
CVE-2000-1086
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability
CVE-2000-1085
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability
CVE-2000-1088
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability
CVE-2000-1084
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability
CVE-2000-1083
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability
CVE-2000-1082
1
25
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability
CVE-2004-0120
1
24
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
CVE-2003-0663
1
24
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service
CVE-2003-0807
1
24
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability
CVE-2001-0542
1
23
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
CVE-2002-0644
1
22
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
CVE-2002-0641
1
22
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check)
CVE-2004-0790
1
20
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
CVE-2006-6296
1
18
DCE RPC mapper available
3
18
MS06-018:MSDTC Invalid Memory Access Vulnerability
CVE-2006-0034
1
16
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability
CVE-2002-0645,CVE-2002-
0982
1
16
MS06-018:MSDTC Denial of Service Vulnerability
CVE-2006-1184
1
16
MS06-035:Microsoft SMB Information Disclosure Vulnerability
CVE-2006-1315
1
15
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability
CVE-2000-1081
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability
CVE-2000-1087
1
12
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities
CVE-2002-0154
1
11
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability
CVE-2001-0344
1
8
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
CVE-2002-0624
1
7
NetBIOS Name Table
1
7
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
CVE-2002-1145
1
7
MS05-051:Microsoft Distributed Transaction Controller TIP DoS
CVE-2005-1979
1
6
continued on next page
21
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
ICMP Timestamp reply received with proper timestamp.
CVE-1999-0524
1
6
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability
CVE-2003-0230
1
6
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
CVE-2003-0232
1
6
MS02-043:Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability
CVE-2002-0721
1
3
MS02-040:Microsoft Data Access Components (MDAC) Buffer Overflow Vulnerability
CVE-2002-0695
1
2
Microsoft Windows DCOM Available
CVE-2003-0528
1
1
MS01-060:Microsoft Windows C Runtime Library Format String Vulnerability
CVE-2001-0879
1
1
Real Name of Administrator Account Enumerated
1
0
Real Name of Guest Account Enumerated
1
0
Unused Active Windows Accounts Found
1
0
SMB Packet Signing Disabled
1
0
SMB Packet Signing Requirement Disabled
1
0
Windows User Accounts With An Unchanged Password
1
0
Microsoft SQL Server Available
1
0
Administrator Account Has Not Been Renamed
CVE-1999-0585
1
0
NetBIOS SSN Available
CVE-1999-0621
1
0
22
TM
Technical Analysis Fri December 21,2007
Host Summary
Hostname
AMERICAS-UPDATE
IP Address
192.168.6.60
Score
260,341
Asset Value
0
OS Name
Windows 2000 (SP0 - SP4)
Owner
None
NetBIOS Name
AMERICAS-UPDATE
Mac Address (Net-
BIOS)
00:0C:29:B4:8E:B5
Domain/Workgroup
WORKGROUP
Operating System
OS Name
Windows 2000 (SP0 - SP4)
Vulnerabilities
Vulnerability
CVE
#of Ports
Score
Microsoft SQL Server/Data Engine ”sa” Account Default Configuration Vulnerability
CVE-2000-1209
1
33377
MS02-039:Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
CVE-2002-0649
1
31997
MS02-056:Microsoft SQL Server User Authentication Remote Buffer Overflow Vulnerability
CVE-2002-1123
1
31425
MS03-026:Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
CVE-2003-0352
1
28970
MS04-011:Microsoft Windows Private Communications Transport Protocol Buffer Overrun Vulnerability
CVE-2003-0719
1
26425
MS04-011:Microsoft Windows LSASS Buffer Overrun Vulnerability
CVE-2003-0533
1
26425
MS05-019:Microsoft Windows IP Validation Vulnerability (Remote Check)
CVE-2005-0048
1
22574
MS05-039:Microsoft Plug-and-Play Buffer Overflow Vulnerability (via NetBios)
CVE-2005-1983
1
21163
MS06-040:Microsoft Windows Server Service Remote Code Execution Vulnerability
CVE-2006-3439
1
16099
MS02-056:Microsoft SQL Agent Jobs Privilege Elevation Vulnerability
CVE-2002-1138
1
1989
SMB Null Session Share Enumeration
CVE-1999-0519
1
1898
MS05-027:Microsoft Server Message Block Packet Validation Buffer Overflow Vulnerability
CVE-2005-1206
1
1364
MS02-039:Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
CVE-2002-0649,CVE-2002-
0729
1
1279
MS03-031:Microsoft SQL Server/MSDE Named Pipe Denial Of Service Vulnerability
CVE-2003-0231
1
1204
MS03-039:Microsoft Windows RPCSS DCOM Interface Long Filename Heap Corruption Vulnerability
CVE-2003-0528
1
1138
MS03-039:Microsoft Windows RPCSS DCERPC DCOM Object Activation Packet Length Heap Corruption
CVE-2003-0715
1
1138
MS06-035:Microsoft Windows Server Mailslot Heap Overflow Vulnerability
CVE-2006-1314
1
1034
Microsoft Windows LANMAN Share Enumeration via SNMP
CVE-1999-0499
1
920
MS05-051:Microsoft Windows MSDTC Buffer Overflow Vulnerability
CVE-2005-2119
1
815
MS05-051:Microsoft Distributed Transaction Controller Packet Relay DoS
CVE-2005-1980
1
815
MS05-019:Microsoft Windows TCP/IP LAND Attack DoS Vulnerability (Remote Check)
CVE-1999-0016,CVE-2005-
0688
1
752
MS05-019:Microsoft Windows ICMP Path MTU DoS Vulnerability (Remote Check)
CVE-2004-1060
1
752
MS04-007:Microsoft Windows ASN.1 Library Integer Handling Vulnerability
CVE-2003-0818
1
750
MS04-011:Microsoft Negotiate SSP Remote Buffer Overflow Vulnerability
CVE-2004-0119
1
734
MS04-011:Microsoft ASN.1 Library Double Free Memory Corruption Vulnerability
CVE-2004-0123
1
734
MS04-011:Microsoft Windows Logon Process Remote Buffer Overflow Vulnerability
CVE-2003-0806
1
734
MS04-011:Microsoft Windows H.323 Remote Buffer Overflow Vulnerability
CVE-2004-0117
1
734
MS02-056:Microsoft SQL Server 7.0/2000 DBCC Buffer Overflow Vulnerability
CVE-2002-1137
1
332
continued on next page
23
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS02-056:Visual FoxPro Driver Buffer Overflow
CVE-2002-1137
1
332
MS02-007:Microsoft SQL Server OLE DB Provider Name Buffer Overflow Vulnerability
CVE-2002-0056
1
276
Microsoft SQL MS Jet Engine Unicode Buffer Overflow Vulnerability
CVE-2002-0859
1
269
MS02-030:Microsoft SQL Server SQLXML Buffer Overflow Vulnerability
CVE-2002-0186
1
269
MS04-012:Microsoft Windows RPCSS Multi-thread Race Condition Vulnerability
CVE-2003-0813
1
187
MS02-034:Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
CVE-2002-0642
1
151
MS04-012:Microsoft Windows RPCSS Service Remote Denial Of Service Vulnerability
CVE-2004-0116
1
122
MS04-012:Microsoft Windows Object Identity Network Communication Vulnerability
CVE-2004-0124
1
122
MS02-030:Microsoft SQL Server SQLXML Script Injection Vulnerability
CVE-2002-0187
1
89
Microsoft Windows Service Enumeration via SNMP
1
76
MS02-035:Microsoft SQL Server Installation Password Caching Vulnerability
CVE-2002-0643
1
66
Microsoft SQL Server Stored Procedure Low Privilege Weakness
1
66
MS03-039:Microsoft Windows RPCSS Denial of Service Vulnerability
CVE-2003-0605
1
59
Multiple Vendor TCP Sequence Number Approximation Vulnerability
CVE-2004-0230
1
54
MS05-019:Microsoft Windows TCP Reset Through Arbitrary Timer Value (Remote Check)
CVE-2004-0230
1
47
MS02-039:Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
CVE-2002-0650
1
42
MS03-034:Microsoft Windows NetBIOS Name Service Reply Information Leakage Weakness
CVE-2003-0661
1
39
Microsoft Windows LANMAN User Enumeration via SNMP
1
38
System Process List Available via SNMP
1
38
MS05-051:Microsoft Windows Shared Section Privileged Code Execution Vulnerabilities
CVE-2005-1978
1
28
MS00-092:Microsoft SQL Server/Data Engine xp
updatecolvbm Buffer Overflow Vulnerability
CVE-2000-1084
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
SetSQLSecurity Buffer Overflow Vulnerability
CVE-2000-1088
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
enumresultset Buffer Overflow Vulnerability
CVE-2000-1082
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
peekqueue Buffer Overflow Vulnerability
CVE-2000-1085
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
printstatements Buffer Overflow Vulnerability
CVE-2000-1086
1
25
MS00-092:Microsoft SQL Server/Data Engine xp
showcolv Buffer Overflow Vulnerability
CVE-2000-1083
1
25
MS04-011:Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
CVE-2003-0663
1
24
MS04-011:Microsoft Windows SSL Library Denial of Service Vulnerability
CVE-2004-0120
1
24
MS04-012:Microsoft Windows COM Internet Service And RPC over HTTP Remote Denial Of Service
CVE-2003-0807
1
24
MS01-060:Microsoft SQL-Server Buffer Overflow Vulnerability
CVE-2001-0542
1
23
MS02-038:Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
CVE-2002-0644
1
22
MS02-034:Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
CVE-2002-0641
1
22
MS05-019:Microsoft Operating Systems ICMP Connection Reset DoS Vulnerability (Remote Check)
CVE-2004-0790
1
20
Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
CVE-2006-6296
1
18
DCE RPC mapper available
3
18
MS02-038:Microsoft SQL Server 2000 sp
MScopyscript SQL Injection Vulnerability
CVE-2002-0645,CVE-2002-
0982
1
16
MS06-018:MSDTC Denial of Service Vulnerability
CVE-2006-1184
1
16
MS06-018:MSDTC Invalid Memory Access Vulnerability
CVE-2006-0034
1
16
MS06-035:Microsoft SMB Information Disclosure Vulnerability
CVE-2006-1315
1
15
MS00-092:Microsoft SQL Server/Data Engine xp
displayparamstmt Buffer Overflow Vulnerability
CVE-2000-1081
1
12
MS00-092:Microsoft SQL Server/Data Engine xp
proxiedmetadata Buffer Overflow Vulnerability
CVE-2000-1087
1
12
MS02-020:Microsoft SQL Server Multiple Extended Stored Procedure Buffer Overflow Vulnerabilities
CVE-2002-0154
1
11
MS01-032:Microsoft SQL Server Administrator Cached Connection Vulnerability
CVE-2001-0344
1
8
NetBIOS Name Table
1
7
MS02-061:Microsoft SQL Server Web Task Stored Procedure Privilege Escalation Vulnerability
CVE-2002-1145
1
7
MS02-034:Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
CVE-2002-0624
1
7
MS03-031:Microsoft SQL Server LPC Port Request Buffer Overflow Vulnerability
CVE-2003-0232
1
6
MS03-031:Microsoft SQL Server/MSDE Named Pipes Privilege Escalation Vulnerability
CVE-2003-0230
1
6
continued on next page
24
TM
Technical Analysis Fri December 21,2007
Vulnerability
CVE
#of Ports
Score
MS05-051:Microsoft Distributed Transaction Controller TIP DoS
CVE-2005-1979
1
6
ICMP Timestamp reply received with proper timestamp