Vulnerability 539 - CERT Civis.Net

Vulnerability Name:

CCN-539

Published:

1997-03-01

Updated:

1997-03-01

Summary:

Windows 95 and Microsoft Internet Explorer could allow an attacker from anywhere on the Internet to obtain your Windows 95 login password given only the IP address and the workgroup.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Consequences:

Obtain Information

References:

Source: CCN
Type: BugTraq Mailing List, Tue, 18 Mar 1997 04:25:53 +0200
Exploit for MSIE on Win95

Source: CCN
Type: Network Security Consortium Web site
Windows 95 and MSIE Security Hole

Source: XF
Type: UNKNOWN
win95-msie-passwd(539)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/o:microsoft:windows:3.11:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK