Oval Definition:oval:org.mitre.oval:def:6063
Revision Date:2014-03-17Version:44
Title:Internet Authentication Service Memory Corruption Vulnerability
Description:The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2009-2505
Platform(s):Microsoft Windows Server 2008
Microsoft Windows Vista
Product(s):
Definition Synopsis
  • Rastls.dll and OS
  • vulnerable OS
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND the version of Rastls.dll is less than 6.0.6002.18116
  • AND the version of Rastls.dll is greater than or equal 6.0.6002.18000
  • OR Rastls.dll and OS
  • vulnerable OS
  • Microsoft Windows Vista (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Vista x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 (32-bit) Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 x64 Edition Service Pack 2 is installed
  • OR Microsoft Windows Server 2008 Itanium-Based Edition Service Pack 2 is installed
  • AND the version of Rastls.dll is less than 6.0.6002.22240
  • AND the version of Rastls.dll is greater than or equal 6.0.6002.22000
    • BACK