Advisories & Alerts

Date Reported: 2009/09/09
Name: MS09-046:MS DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability-2003
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 are exist a vulnerability in the DHTML Editing Component
ActiveX control. A remote attacker could hosting a specially crafted Web page and trick the victim to open. Successfully
exploited this vulnerability, remote attacker could execute arbitrary code with victim's privileges.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4038


Date Reported: 2009/09/09
Name: MS09-046:MS DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability-XP
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 are exist a vulnerability in the DHTML Editing Component
ActiveX control. A remote attacker could hosting a specially crafted Web page and trick the victim to open. Successfully
exploited this vulnerability, remote attacker could execute arbitrary code with victim's privileges.
Category: MS HotFix
Affect OS: Windows XP
Link: http://vdb.dragonsoft.com/detail.php?id=4037


Date Reported: 2009/09/09
Name: MS09-046:MS DHTML Editing Component ActiveX Control Remote Code Execution Vulnerability-2000
Risk: High
CVSS Base Score: 9.3
Description:
Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 are exist a vulnerability in the DHTML Editing Component
ActiveX control. A remote attacker could hosting a specially crafted Web page and trick the victim to open. Successfully
exploited this vulnerability, remote attacker could execute arbitrary code with victim's privileges.
Category: MS HotFix
Affect OS: Windows 2000
Link: http://vdb.dragonsoft.com/detail.php?id=4036


Date Reported: 2009/09/09
Name: MS09-048:Windows TCP/IP Orphaned Connection Remote DoS Vulnerability-2003
Risk: Low
CVSS Base Score: 7.8
Description:
Microsoft Windows 2000 SP4, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 are exists a denial
of service vulnerability in the TCP/IP processing. A remote attacker could send an excessive amount of specially crafted
packets with a TCP receive window size set to a very small value or zero to cause the system to stop responding.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4040


Date Reported: 2009/09/09
Name: MS09-048:TCP/IP Protocol Stack Zero Window Size Remote DoS Vulnerability-2003
Risk: Low
CVSS Base Score: 7.1
Description:
Microsoft Windows Server 2003 SP2, Vista and Server 2008 are exists a denial of service vulnerability in the TCP/IP
processing. A remote attacker could send an excessive amount of specially crafted packets with a TCP receive window size
set to a very small value or zero to cause the system to stop responding to new requests or automatically restart.
Category: MS HotFix
Affect OS: Windows 2003
Link: http://vdb.dragonsoft.com/detail.php?id=4039

--------------------------------------------------------------------------------------------------

Risk:
  High: Allow immediate remote, or local access or immediate execution of code or commands,
          with unauthorized privileges, and bypassing security on firewalls.
  Medium: Potential of granting access or allowing code execution by means of complex or 
          lengthy exploit procedures. Examples are cross-site scripting, man-in-the-middle 
          attacks, SQL injection, denial of service, information disclosure.
  Low: deny service or provide non-system information that could be used to formulate 
         structured attacks on a target, but not directly gain unauthorized access.
--------------------------------------------------------------------------------------------------
Copyright (c) DragonSoft Security Associates, Inc. All rights reserved

';