Exploits Against Obsolete Software
The Qualys Research & Development team periodically evaluates publicly available exploits against obsolete operating systems and software packages to determine if they are vulnerable. When an obsolete version is found to be vulnerable to an exploit, then this information is integrated into the vulnerability detection to improve the accuracy and coverage of the detection. Findings from the Qualys Research & Development team are published below.
MS10-047
- Evaluated in August 2010 - QID 90619
Vulnerable Software per Vendor Advisory: Windows XP SP 3, Vista SP1, Vista SP2, Vista 64 SP1, Vista 64 SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Exploit Used:
Findings: 2000(OK Elevation of Privilege), XP(OK Elevation of Privilege), XP sp1(OK Elevation of Privilege), Xp sp2(OK Elevation of Privilege), Vista(OK, Deny of service)
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP0 | Elevation of Privilege |
| Windows XP SP1 | Elevation of Privilege |
| Windows XP SP2 | Elevation of Privilege |
| Windows 2000 32bit | Elevation of Privilege |
| Vista | Deny of service |
Video: Not available
MS10-054
- Evaluated in August 2010 - QID 90626
Vulnerable Software per Vendor Advisory: Windows XP SP3/x64 SP2, 2003 SP2, Vista SP 1/2 , 2008 SP2, Windows 7
Exploit Used: http://www.exploit-db.com/exploits/14607/
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP1 | Denial of Service |
| Windows XP SP2 | Denial of Service |
| Windows 2003 | Denial of Service |
| Windows 2003 SP1 | Denial of Service |
Video: Not available
MS10-048
- Evaluated in August 2010 - QID 90627
Vulnerable Software per Vendor Advisory: Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems*, Windows Server 2008 R2 for Itanium-based Systems
Exploit Used: http://www.exploit-db.com/exploits/14608/
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP2 | BSOD |
| Windows2003 enterprise | BSOD |
Video: Not available
MS10-048
- Evaluated in August 2010 - QID 90627
Vulnerable Software per Vendor Advisory: Windows XP SP3, Windows XP 64 SP2
Exploit Used: http://www.exploit-db.com/exploits/14611
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP0 | Local Privilege Escalation Vulnerability |
| Windows XP SP1 | Local Privilege Escalation Vulnerability |
| Windows XP SP2 | Local Privilege Escalation Vulnerability |
| Windows XP 64 | Local Privilege Escalation Vulnerability |
| Windows XP 64 SP1 | Local Privilege Escalation Vulnerability |
Video: Not available
MS10-051
- Evaluated in August 2010 - QID 90625
Vulnerable Software per Vendor Advisory: Windows XP SP3,Windows XP x64 Edition SP2, Windows 2003 SP2, 2003 x64 SP2, Windows Vista SP1,SP2, Windows Server 2008,SP2, Windows 7, Windows Server 2008 R2
Exploit Used: http://www.exploit-db.com/exploits/14609/
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows 2000 sp4 | Denial of Service |
| Windows XP x64 SP1 | Denial of Service |
| Windows XP SP2 | Denial of Service |
| Windows vista SP0 | Denial of Service |
Video: Not available
MS10-038
- Evaluated in June 2010 - QID 110124
Vulnerable Software per Vendor Advisory: Microsoft Office XP SP3, Microsoft Office 2003 SP3, 2007 Microsoft Office System SP1/2, Microsoft Office Excel Viewer SP1/2, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1/2, Microsoft Office for Mac 2004/2008, Open XML File Format Converter for Mac
Exploit Used: Publically available: http://www.packetstormsecurity.org/1007-exploits/msexcel0x5d-overflow.txt
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Microsoft Office System 2007 Service Pack 0 | Remote Code Execution |
Video: Not available
KB2286198
- Evaluated in July 2010 - QID 90616
Vulnerable Software per Vendor Advisory: Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2,Windows Server 2003 x64 Edition SP2,Windows Server 2003 with SP2 for Itanium-based Systems,Windows Vista SP1 and Windows Vista SP2,Windows Vista x64 Edition SP1 and Windows Vista x64 Edition SP2,Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2,Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2,Windows 7 for 32-bit Systems,Windows 7 for x64-based Systems,Windows Server 2008 R2 for x64-based Systems,Windows Server 2008 R2 for Itanium-based Systems
Exploit Used: ExploitDB #14403 "Microsoft Windows Automatic LNK Shortcut File Code Execution"
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP0/1/2 32bit | Remote Code Execution |
| Windows 2003 SP1 32bit | Remote Code Execution |
| Windows Vista SP0 32 bit | Remote Code Execution |
Video: Not available
MS10-018
- Evaluated in July 2010 - QID 100075
Vulnerable Software per Vendor Advisory: Windows 2000 SP4 with IE6 SP1, Windows XP SP2/3 with IE6/7, Windows Server 2003 SP2 with IE6/7, Windows Vista SP0/1/2 with IE7, Windows 2008 SP0/2 with IE7
Exploit Used: Metasploit 3.4.1dev "ms10_018_ie_behaviors" using "windows/exec" payload
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP0 with IE6 | Remote Code Execution |
| Windows XP SP1 with IE6 | Denial of Service |
| Windows 2003 SP1 with IE6 | Remote Code Execution |
| Windows 2003 SP1 with IE7 | Denial of Service |
Video: Windows XP SP0 + IE6 Update Version 0
Video: Windows 2003 SP1 + IE6 SP1
MS10-002
- Evaluated in July 2010 - QID 100078
Vulnerable Software per Vendor Advisory: Windows 2000 SP4 with IE6 SP1, Windows XP SP2/3 with IE6, Windows Server 2003 SP2 with IE6
Exploit Used: Metasploit 3.4.1dev "ms10_002_aurora" with payload "windows/exec"
Note: Metasploit currently only has an exploit for IE6
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows 2000 SP1 with IE6 | Remote Code Execution |
| Windows XP SP0 with IE6 | Remote Code Execution |
| Windows XP SP1 with IE6 | Remote Code Execution |
Video: Windows 2000 SP1 + IE SP1 and XP SP0/1 + IE SP0/1
MS09-072
- Evaluated in July 2010 - QID 90570
Vulnerable Software per Vendor Advisory: Windows 2000 SP4 with IE6 SP1, Windows XP SP2/3 with IE6/7, Windows Server 2003 SP2 with IE6/7, Windows Vista SP0/1/2 with IE7, Windows 2008 SP0/2 with IE7
Exploit Used: Metasploit 3.4.1dev "ms09_072_style_object" with payload "windows/exec"
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Windows XP SP0 with IE6 | Remote Code Execution |
| Windows 2003 SP0 with IE6 | Denial of Service |
Video: Microsoft MS09-072 Exploit for Obsolete Windows XP SP0 and 2003 SP0
MS09-067
- Evaluated in July 2010 - QID 110096
Vulnerable Software per Vendor Advisory: Microsoft Office Excel 2002 SP3, Microsoft Office Excel 2003 SP3, Microsoft Office Excel 2007 SP1, Microsoft Office Excel 2007 SP2
Exploit Used: Metasploit 3.4.1dev "ms09_067_excel_featheader" with payload "windows/exec"
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Office XP SP0 | Denial of Service |
| Office XP SP1 | Denial of Service |
| Office Excel 2003 SP0 | Remote Code Execution |
| Office 2007 SP0 | Denial of Service |
Video: Not available
MS09-043
- Evaluated in July 2010 - QID 110101
Vulnerable Software per Vendor Advisory: Microsoft Office XP SP3, Microsoft Office 2003 SP3, Microsoft Office 2000 Web Components SP3, Microsoft Office XP Web Components SP3, Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System
Exploit Used: Metasploit 3.4.1dev "ms09_043_owc_msdso" with payload "windows/exec"
Note: Metasploit currently only has an exploit for Office Web Components
Findings:
| Additional Vulnerable Software | Impact of Exploit |
|---|---|
| Office XP SP0 | Denial of Service |
| Office XP SP1 | Remote Code Execution |
| Windows 2003 SP1 with Office XP SP2 | Remote Code Execution |
Video: Not available
