OVAL Reference oval:org.mitre.oval:def:5248

Oval Definition:

oval:org.mitre.oval:def:5248

Revision Date:	2009-03-09	Version:	23
Title:	SMB Validation Remote Code Execution Vulnerability
Description:	SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2008-4835
Platform(s):	Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP	Product(s):
Definition Synopsis
Windows 2000 SP4 Microsoft Windows 2000 SP4 or later is installed AND Srv.sys version is less than 5.0.2195.7222 OR Windows XP SP2 Microsoft Windows XP (x86) SP2 is installed AND Srv.sys version is less than 5.1.2600.3491 OR Windows XP SP3 Microsoft Windows XP (x86) SP3 is installed AND Srv.sys version is less than 5.1.2600.5725 OR Windows Server 2003 SP1 Microsoft Windows Server 2003 SP1 (x86) is installed AND Srv.sys version is less than 5.2.3790.3260 OR Windows Server 2003 SP2 Microsoft Windows Server 2003 SP2 (x86) is installed AND Srv.sys version is less than 5.2.3790.4425 OR Windows Server 2003 SP1\XP SP1 Windows Server 2003 SP1\XP SP1 Microsoft Windows Server 2003 SP1 (x64) is installed OR Microsoft Windows XP Professional x64 Edition SP1 is installed AND Srv.sys version is less than 5.2.3790.3260 OR Windows Server 2003 SP2\XP SP2 Windows Server 2003 SP2\XP SP2 Microsoft Windows Server 2003 SP2 (x64) is installed OR Microsoft Windows XP x64 Edition SP2 is installed AND Srv.sys version is less than 5.2.3790.4425 OR Windows Vista Microsoft Windows Vista (32-bit) is installed AND Srv.sys version is greater than or equal to 6.0.6000.16000 AND Srv.sys version is less than 6.0.6000.16789 OR Windows Vista Microsoft Windows Vista (32-bit) is installed AND Srv.sys version is greater than or equal to 6.0.6000.20000 AND Srv.sys version is less than 6.0.6000.20976 OR Windows Vista SP1\Server 2008 Windows Vista SP1\Server 2008 Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed AND Srv.sys version is greater than or equal to 6.0.6001.18000 AND Srv.sys version is less than 6.0.6001.18185 OR Windows Vista SP1\Server 2008 Windows Vista SP1\Server 2008 Microsoft Windows Vista (32-bit) Service Pack 1 is installed OR Microsoft Windows Server 2008 (32-bit) is installed AND Srv.sys version is greater than or equal to 6.0.6001.22000 AND Srv.sys version is less than 6.0.6001.22331 OR Windows Vista Microsoft Windows Vista x64 Edition is installed AND Srv.sys version is greater than or equal to 6.0.6000.16000 AND Srv.sys version is less than 6.0.6000.16789 OR Windows Vista Microsoft Windows Vista x64 Edition is installed AND Srv.sys version is greater than or equal to 6.0.6000.20000 AND Srv.sys version is less than 6.0.6000.20976 OR Windows Vista SP1\Server 2008 Windows Vista SP1\Server 2008 Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (64-bit) is installed AND Srv.sys version is greater than or equal to 6.0.6001.18000 AND Srv.sys version is less than 6.0.6001.18185 OR Windows Vista SP1\Server 2008 Windows Vista SP1\Server 2008 Microsoft Windows Vista x64 Edition Service Pack 1 is installed OR Microsoft Windows Server 2008 (64-bit) is installed AND Srv.sys version is greater than or equal to 6.0.6001.22000 AND Srv.sys version is less than 6.0.6001.22331

BACK