Описание
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
Ссылки
- Broken Link
- Broken Link
- PatchThird Party AdvisoryUS Government Resource
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Broken Link
- Broken Link
- PatchThird Party AdvisoryUS Government Resource
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkThird Party AdvisoryUS Government Resource
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:microsoft:windows_2000:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:*:*:*:*:*:*:*
EPSS
Процентиль: 96%
0.23155
Средний
7.5 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-476
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
EPSS
Процентиль: 96%
0.23155
Средний
7.5 High
CVSS3
7.5 High
CVSS2
Дефекты
CWE-476