{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Windows 2000, Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows NT Workstation 4.0, Service Pack 6a ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP 64-bit Edition Version 2003 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 2000, Service Pack 3, Service Pack 4 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP 64-bit Edition ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows NT Server 4.0, Service Pack 6a ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2003 64-bit Edition.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows XP Gold, Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nMicrosoft Messenger Service est un service permettant l'envoi de\nmessages via NetBIOS ou RPC. Une vuln\u00e9rabilit\u00e9 dans le service permet \u00e0\nun utilisateur mal intentionn\u00e9 de r\u00e9aliser un d\u00e9bordement de tampon et\nainsi ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges Local\nSystem.\n\n## Contournement Provisoire\n\n-   Filtrer les ports UDP 135, 137 et 138 et les ports TCP 135, 139 et\n    445 ;\n-   D\u00e9sactiver le service Microsoft Messenger Service.\n\n## Solution\n\nAppliquer le correctif fourni par Microsoft suivant la version du\nsyst\u00e8me d'exploitation (cf. Documentation).\n","cves":[],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 MS03-043 de Microsoft :","url":"http://www.microsoft.com/technet/security/bulletin/MS03-043.asp"}],"reference":"CERTA-2003-AVI-168","revisions":[{"description":"version initiale.","revision_date":"2003-10-16T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"Une vuln\u00e9rabilit\u00e9 dans le service d'envoi de messages Microsoft\n(Microsoft Messenger Service) permet \u00e0 un utilisateur mal intentionn\u00e9\nd'ex\u00e9cuter du code arbitraire \u00e0 distance avec les privil\u00e8ges Local\nSystem.\n","title":"Vuln\u00e9rabilit\u00e9 dans Microsoft Messenger Service","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS03-043","url":null}]}