CERTA-2000-AVI-046
Vulnerability from certfr_avis

Windows 2000 intègre un service appelé Still Image, qui gère les périphériques concernant l'imagerie (scanner, camera numérique, etc.). Une vulnérabilité permet à un utilisateur aillant ouvert une session localement d'augmenter ses privilèges.

Description

Une vulnérabilité dans le service Still Image permet à un utilisateur aillant ouvert une session localement, grâce à un dépassement de mémoire, d'exécuter du code arbitraire avec les privilèges de l'administrateur du service (LocalSystem).

Solution

Appliquer le correctif de Microsoft :

http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200

Windows 2000.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eWindows 2000.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le service Still Image permet \u00e0 un utilisateur\naillant ouvert une session localement, gr\u00e2ce \u00e0 un d\u00e9passement de\nm\u00e9moire, d\u0027ex\u00e9cuter du code arbitraire avec les privil\u00e8ges de\nl\u0027administrateur du service (LocalSystem).\n\n## Solution\n\nAppliquer le correctif de Microsoft :\n\n    http://www.microsoft.com/Downloads/Release.asp?ReleaseID=24200\n",
  "cves": [],
  "initial_release_date": "2000-09-11T00:00:00",
  "last_revision_date": "2000-09-11T00:00:00",
  "links": [
    {
      "title": "L\u0027avis et la FAQ sur l\u0027avis de Microsoft :",
      "url": "http://www.microsoft.com/technet/security/bulletin/ms00-065.asp"
    }
  ],
  "reference": "CERTA-2000-AVI-046",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2000-09-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Augmentation des privil\u00e8ges pour un utilisateur aillant ouvert une session localement"
    }
  ],
  "summary": "Windows 2000 int\u00e8gre un service appel\u00e9 \u003cspan class=\"textit\"\u003eStill\nImage\u003c/span\u003e, qui g\u00e8re les p\u00e9riph\u00e9riques concernant l\u0027imagerie (scanner,\ncamera num\u00e9rique, etc.). Une vuln\u00e9rabilit\u00e9 permet \u00e0 un utilisateur\naillant ouvert une session localement d\u0027augmenter ses privil\u00e8ges.\n",
  "title": "vuln\u00e9rabilit\u00e9 du service imagerie sous Windows 2000",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.