CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS07-031 | Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) | Windows 2000 | Critical | 13-06-2007 |
Technical Information
Brief overview of the risk:
A remote code execution vulnerability exists in the way that Windows Schannel on a client machine validates server-sent digital signatures. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site
Detailed Information on the risk:
An attacker who successfully exploited this vulnerability could take complete control of the affected system on Windows XP editions. However, attempts to exploit this vulnerability would most likely result in an Internet Web browser or application using SSL/TLS to exit. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system. On Windows 2000 editions and Windows 2003 editions attempts to exploit this vulnerability would result in a denial of service condition.Further information on this exploit is available at : MS07-031
Affected Software
Windows 2000 Service Pack 4Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)