J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Microsoft Network Monitor Multiple Buffer Overflow Vulnerabilities

Severity: CRITICAL

Description:

The Network Monitor tool that ships with Windows NT/2000 allows and administrator to capture and analyze all network traffic on the local network as well as traffic destined for the host. Netmon is designed to capture this traffic before being viewed in the graphical interface by parsing information received from the network and then translated into a readable format in the user interface.

Seperate DLL libraries within Netmon parse the individual application protocols. One of these libraries, "browser.dll" is vulnerable. By exploiting multiple stack overflows in various function calls within the vulnerable dll's, a remote attacker could gain control of Network Monitor and execute arbitraty code and gaining control of the victim host.

Affected Products:

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Systems Management Server 1.2.0
  • Microsoft Systems Management Server 1.2.0SP1
  • Microsoft Systems Management Server 1.2.0SP2
  • Microsoft Systems Management Server 1.2.0SP3
  • Microsoft Systems Management Server 1.2.0SP4
  • Microsoft Systems Management Server 2.0.0
  • Microsoft Systems Management Server 2.0.0SP1
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows NT Enterprise Server 4.0
  • Microsoft Windows NT Enterprise Server 4.0 SP1
  • Microsoft Windows NT Enterprise Server 4.0 SP2
  • Microsoft Windows NT Enterprise Server 4.0 SP3
  • Microsoft Windows NT Enterprise Server 4.0 SP4
  • Microsoft Windows NT Enterprise Server 4.0 SP5
  • Microsoft Windows NT Enterprise Server 4.0 SP6
  • Microsoft Windows NT Enterprise Server 4.0 SP6a
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server 4.0 SP1
  • Microsoft Windows NT Server 4.0 SP2
  • Microsoft Windows NT Server 4.0 SP3
  • Microsoft Windows NT Server 4.0 SP4
  • Microsoft Windows NT Server 4.0 SP5
  • Microsoft Windows NT Server 4.0 SP6
  • Microsoft Windows NT Server 4.0 SP6a
  • Microsoft Windows NT Terminal Server 4.0
  • Microsoft Windows NT Terminal Server 4.0 SP1
  • Microsoft Windows NT Terminal Server 4.0 SP2
  • Microsoft Windows NT Terminal Server 4.0 SP3
  • Microsoft Windows NT Terminal Server 4.0 SP4
  • Microsoft Windows NT Terminal Server 4.0 SP5
  • Microsoft Windows NT Terminal Server 4.0 SP6

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.