This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This report demonstrates a systematic understanding of the Common Vulnerabilities and Exposures (CVE) number of a practical windows security. This report explains the functions of a particular number i.e., the scale and scope of the vulnerability, and what Microsoft systems are affected by it. It also explains the level of threat posed by this vulnerability to Microsoft Systems.
It also demonstrates how the CVE exploit function and how the exploit code delivered to the system and how the CVE number can manage/mitigate this vulnerability.
Therefore according to the given work I have briefly explained the above stated matter. This work has been done with illustrated examples as mentioned.
CVE - Definition
Common Vulnerabilities and Exposures (CVE) is a dictionary of standard terms related to security threats. These threats fall into two categories, known as vulnerabilities and exposures. Vulnerability is a fact about a computer, server or network that presents a definite, identifiable security risk in a certain context. An exposure is a security-related situation, event or fact that may be considered vulnerability by some people but not by others.
CVE was developed and is maintained by the MITRE Corporation to facilitate the sharing of data among diverse security interests. It can simplify the process of searching for information in security-related databases and on the Internet. The dictionary is the product of collaboration among experts and representatives from security-related organizations worldwide.
Items in CVE are given names according to the year of their formal inclusion and the order in which they were added to the list in that year. For example, CVE-2002-0250 refers to a specific Web-based configuration utility that may allow an unauthorized user to modify a system administrator's password. This item was added in the year 2002 and was given sequence number 250 for that year.
At least two different definitions of security-related vulnerability exist. In its most often-used perspective, a vulnerability is an identifiable problem that can directly result in the compromise of a system in the short term. An example is a known security loophole in an operating system that has been exploited in real-world situations with adverse consequences. The less common definition of vulnerability refers to any factor that does not pose an imminent, direct security risk but can indirectly increase the risk in the long term. An example of this second definition is a high-speed Internet connection. It is easier to hack into a computer connected to the Internet through a cable modem with a downstream speed of 5 Mbps and an upstream speed of 1 Mbps, than it is to hack into a computer working through a dial-up modem with downstream and upstream speeds of 56 Kbps.
According to the MITRE Corporation, the content of CVE should not depend on the perspective of the individual user. Any CVE entry that can be considered vulnerability from all perspectives is known as a universal vulnerability. All other entries are categorized as exposures. An unpatched, previously exploited security loophole in an OS would constitute a universal vulnerability according to the CVE standard. A high-speed Internet connection would constitute an exposure.
Information security "vulnerability" is a mistake in software that can be directly used by a hacker to gain access to a system or network.
CVE considers a mistake vulnerability if it allows an attacker to use it to violate a reasonable security policy for that system (this excludes excluding entirely "open" security policies in which all users are trusted, or where there is no consideration of risk to the system).
For CVE, vulnerability is a state in a computing system (or set of systems) that either:
allows an attacker to execute commands as another user
allows an attacker to access data that is contrary to the specified access restrictions for that data
allows an attacker to pose as another entity
allows an attacker to conduct a denial of service
Examples of vulnerabilities include:
phf (remote command execution as user "nobody")
rpc.ttdbserverd (remote command execution as root)
world-writeable password file (modification of system-critical data)
default password (remote command execution or other access)
denial of service problems that allow an attacker to cause a Blue Screen of Death
smurf (denial of service by flooding a network)
An information security "exposure" is a system configuration issue or a mistake in software that allows access to information or capabilities that can be used by a hacker as a stepping-stone into a system or network.
CVE considers a configuration issue or a mistake an exposure if it does not directly allow compromise but could be an important component of a successful attack, and is a violation of a reasonable security policy.
An "exposure" describes a state in a computing system (or set of systems) that is not vulnerability, but either:
allows an attacker to conduct information gathering activities
allows an attacker to hide activities
includes a capability that behaves as expected, but can be easily compromised
is a primary point of entry that an attacker may attempt to use to gain access to the system or data
is considered a problem according to some reasonable security policy
Examples of exposures include:
running services such as finger (useful for information gathering, though it works as advertised)
inappropriate settings for Windows NT auditing policies (where "inappropriate" is enterprise-specific)
running services that are common attack points (e.g., HTTP, FTP, or SMTP)
use of applications or services that can be successfully attacked by brute force methods (e.g., use of trivially broken encryption, or a small key space)
Functions of CVE 2007-5348: The major functions of the CVE 2007-5348 are as follows
A remote code execution vulnerability exists in the way that GDI+ handles gradient sizes.
The vulnerability could allow remote code execution if a user opens a specially crafted image file.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could then install programs; view, change, or delete data; or create new accounts.
Heap-based buffer overflow in the vector graphics link library in gdiplus.dll in GDI+ in many of the Microsoft software, operating systems and security tools.
GDI+ is a graphics device interface that provides two-dimensional vector graphics, imaging, and typography to applications and programmers.
Scale and scope of the CVE 2007-5348: Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user.
The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution
An attacker who successfully exploited this vulnerability will be able to take the complete control of an affected system which was targeted. An attacker can then install the programs whatever he like and can view the data, can change it by adding or deleting the data or can change the account privileges and other user rights.
Microsoft Systems Affected by CVE 2007-5348
This vulnerability does affect many of the Microsoft systems. The list goes like this
Affected Software: Maximum Security Impact - Remote Code Execution
Aggregate Severity Rating - Critical
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
Windows Server 2003 x64Edition and Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista and Windows Vista Service Pack 1
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for x64-based Systems
Windows Server 2008 for Itanium-based Systems
Internet Explorer 6
Microsoft Internet Explorer 6 Service Pack 1
Microsoft .NET Framework
Microsoft Windows 2000 Service Pack 4
Microsoft .NET Framework 1.0 Service Pack 3
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Office Suites
Microsoft Office XP Service Pack 3
Microsoft Office 2003 Service Pack 2
Microsoft Office 2003 Service Pack 3
2007 Microsoft Office System
2007 Microsoft Office System Service Pack 1
Other Office Software
Microsoft Office Project 2002 Service Pack 1
Microsoft Visio 2002 Service Pack 2
Microsoft Office Word Viewer, Microsoft Word Viewer 2003, Microsoft Word Viewer 2003 Service Pack 3, Microsoft Office Excel Viewer 2003, Microsoft Office Excel Viewer 2003 Service Pack 3
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Excel Viewer, Microsoft Office PowerPoint Viewer 2007, Microsoft Office PowerPoint Viewer 2007 Service Pack 1
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
Microsoft Expression Web and Microsoft Expression Web 2
Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1
Microsoft Works 8
Microsoft Digital Image Suite 2006
Microsoft SQL Server
SQL Server 2005 Service Pack 2
SQL Server 2005 X64 edition Service Pack 2
SQL Server 2005 for Itanium-based Systems Service Pack 2
Microsoft Visual Studio .NET 2002 Service Pack 1
Microsoft Visual Studio .NET 2003 Service Pack 1
Microsoft Visual Studio 2005 Service Pack 1
Microsoft Visual Studio 2008
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
Microsoft Report Viewer 2008 Redistributable Package
Microsoft Visual FoxPro 8.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
Microsoft Visual FoxPro 9.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4
Microsoft Visual FoxPro 9.0 Service Pack 2 when installed on Microsoft Windows 2000 Service Pack 4
Microsoft Platform SDK Redistributable: GDI+
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4
The level of threat posed by this vulnerability to Microsoft Systems Severity: High
This attack could pose a serious security threat. One should take immediate action to stop any damage or prevent further damage from happening.
Downloading and installing all the latest updates. All the vendor patches related to this vulnerability can get from the respective vendors and installing them could prevent any further damage.
The security update is rated Critical for all supported editions of a bunch of different Windows Operating Systems.
This security update is rated Important for all supported editions of Microsoft Office and set of other tools.
The exploit functions in the following wayâ€¦
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects an attempt to exploit a buffer overflow vulnerability in GDI+ may result in remote code execution.
A remote code execution vulnerability exists in the way that GDI+ handles gradient sizes. The vulnerability could allow remote code execution if a user opens a specially crafted image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
The exploit code delivered to the target system in the following way
The exploit code is delivered to the target system when the user at the target system tries to access the webpage or email.
Those email/web page were created by the attacker, so when the user tries to access them, then he is in trouble.
It could potentially damage the target system. These vulnerabilities could allow remote code execution if any person who uses that system which means when the user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content.
Mitigating Factors for GDI+ VML Buffer Over-run Vulnerability - CVE-2007-5348
Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, which could reduce the severity of exploitation of vulnerability. The following mitigating factors may be helpful in this situation:
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
The vulnerability could be exploited by an attacker who convinced a user to open a specially crafted file. There is no way for an attacker to force a user to open a specially crafted file.
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.
By default, Internet Explorer on Windows Server 2003 and Windows Server 2008 runs in a restricted mode that is known as Enhanced Security Configuration. This mode sets the security level for the Internet zone to High. This is a mitigating factor for Web sites that we have not added to the Internet Explorer Trusted sites zone.
This security update resolves several privately reported vulnerabilities in Microsoft Windows GDI+. These vulnerabilities could allow remote code execution if a user viewed a specially crafted image file using affected software or browsed a Web site that contains specially crafted content. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported editions of Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008, Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4, Microsoft Digital Image Suite 2006, SQL Server 2000 Reporting Services Service Pack 2, all supported editions of SQL Server 2005, Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package, and Microsoft Report Viewer 2008 Redistributable Package.
This security update is rated Important for all supported editions of Microsoft Office XP; Microsoft Office 2003; all affected Office Viewer software for Microsoft Office 2003; 2007 Microsoft Office System; all affected Office Viewer software for 2007 Microsoft Office System; Microsoft Office Compatibility Pack, Microsoft Expression Web, Microsoft Expression Web 2, Microsoft Office Groove 2007 and Microsoft Office Groove 2007 Service Pack 1; Microsoft Office Project 2002; Microsoft Visio 2002; Microsoft Office PowerPoint Viewer 2003; Microsoft Works 8; and Microsoft Forefront Client Security 1.0.
The security update addresses the vulnerabilities by modifying the way that GDI+ handles viewing malformed images.
In order to my consideration Vulnerability is a fact about a computer or server that presents a definite, identifiable security risk in a certain context. An exposure is a security related situation, event or fact that may be considered vulnerability by some people but not by others. Any CVE entry that can be considered vulnerability from all perspectives is known as a universal vulnerability. And all other entries are considered as exposures. Information Vulnerability is a mistake that exist in software that is usable for the hacker to hack the information. So to avoid this kind of vulnerabilities the information must be developed carefully.