Details of VAR-201211-0023

ID

VAR-201211-0023

CVE

CVE-2012-2531

TITLE

Microsoft Internet Information Services Vulnerabilities in which authentication information is discovered

Trust: 0.8

sources: JVNDB: JVNDB-2012-005346

DESCRIPTION

Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability.". Microsoft IIS is prone to an information-disclosure vulnerability. An attacker can exploit this vulnerability to obtain sensitive information that may lead to further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Awareness System US-CERT Alert TA12-318A Microsoft Updates for Multiple Vulnerabilities Original release date: November 13, 2012 Last revised: -- Systems Affected * Microsoft Windows * Microsoft Office * Microsoft .NET Framework * Internet Explorer Overview Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities. Description The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities. Impact A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system. Solution Apply Updates Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates. References * Microsoft Security Bulletin Summary for November 2012 <http://technet.microsoft.com/en-us/security/bulletin/ms12-nov> * Microsoft Windows Server Update Services <http://technet.microsoft.com/en-us/wsus/default.aspx> * Microsoft Update <http://www.update.microsoft.com/> * Microsoft Update Overview <http://www.microsoft.com/security/updates/mu.aspx> * Turn Automatic Updating On or Off <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off> Revision History November 13, 2012: Initial release ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA12-318A Feedback VU#970852" in the subject. ____________________________________________________________________ Produced by US-CERT, a government organization. ____________________________________________________________________ This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html Privacy & Use policy: http://www.us-cert.gov/privacy/ This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-318A.html For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR DRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/ GCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB tPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U lEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws sqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA== =/QVO -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2012-2531 // JVNDB: JVNDB-2012-005346 // BID: 56439 // VULMON: CVE-2012-2531 // PACKETSTORM: 118116

AFFECTED PRODUCTS

vendor:	microsoft	model:	iis	scope:	eq	version:	7.5	Trust: 1.7
vendor:	microsoft	model:	windows 7	scope:	eq	version:	(x32) sp1 before	Trust: 0.8
vendor:	microsoft	model:	windows 7	scope:	eq	version:	(x64) sp1 before	Trust: 0.8
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2(itanium) sp1 before	Trust: 0.8
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2(x64) sp1 before	Trust: 0.8
vendor:	microsoft	model:	windows vista service pack	scope:	eq	version:	20	Trust: 0.3
vendor:	microsoft	model:	windows server r2 itanium sp1	scope:	eq	version:	2008	Trust: 0.3
vendor:	microsoft	model:	windows server r2 itanium	scope:	eq	version:	20080	Trust: 0.3
vendor:	microsoft	model:	windows server r2 for x64-based systems sp1	scope:	eq	version:	2008	Trust: 0.3
vendor:	microsoft	model:	windows server r2 for x64-based systems	scope:	eq	version:	20080	Trust: 0.3
vendor:	microsoft	model:	windows server for x64-based systems sp2	scope:	eq	version:	2008	Trust: 0.3
vendor:	microsoft	model:	windows server for 32-bit systems sp2	scope:	eq	version:	2008	Trust: 0.3
vendor:	microsoft	model:	windows for x64-based systems sp1	scope:	eq	version:	7	Trust: 0.3
vendor:	microsoft	model:	windows for x64-based systems	scope:	eq	version:	70	Trust: 0.3
vendor:	microsoft	model:	windows for 32-bit systems sp1	scope:	eq	version:	7	Trust: 0.3
vendor:	microsoft	model:	windows for 32-bit systems	scope:	eq	version:	70	Trust: 0.3
vendor:	microsoft	model:	internet information server	scope:	eq	version:	7.5	Trust: 0.1

sources: VULMON: CVE-2012-2531 // BID: 56439 // JVNDB: JVNDB-2012-005346 // CNNVD: CNNVD-201211-229

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-2531
value:	LOW
Trust: 1.0
NVD:	CVE-2012-2531
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201211-229
value:	LOW
Trust: 0.6
VULMON:	CVE-2012-2531
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2012-2531
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

sources: VULMON: CVE-2012-2531 // JVNDB: JVNDB-2012-005346 // CNNVD: CNNVD-201211-229 // NVD: CVE-2012-2531

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2012-005346 // NVD: CVE-2012-2531

THREAT TYPE

local

Trust: 0.9

sources: BID: 56439 // CNNVD: CNNVD-201211-229

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201211-229

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-005346

PATCH

title:	MS12-073	url:	http://technet.microsoft.com/en-us/security/bulletin/ms12-073	Trust: 0.8
title:	MS12-073	url:	http://technet.microsoft.com/ja-jp/security/bulletin/ms12-073	Trust: 0.8
title:	TA12-318A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta12-318a.html	Trust: 0.8
title:	shodan-playing	url:	https://github.com/dominicporter/shodan-playing	Trust: 0.1
title:	copycat	url:	https://github.com/entynetproject/copycat	Trust: 0.1

sources: VULMON: CVE-2012-2531 // JVNDB: JVNDB-2012-005346

EXTERNAL IDS

db:	NVD	id:	CVE-2012-2531	Trust: 2.8
db:	BID	id:	56439	Trust: 2.0
db:	USCERT	id:	TA12-318A	Trust: 0.9
db:	JVNDB	id:	JVNDB-2012-005346	Trust: 0.8
db:	CNNVD	id:	CNNVD-201211-229	Trust: 0.6
db:	VULMON	id:	CVE-2012-2531	Trust: 0.1
db:	PACKETSTORM	id:	118116	Trust: 0.1

sources: VULMON: CVE-2012-2531 // BID: 56439 // JVNDB: JVNDB-2012-005346 // PACKETSTORM: 118116 // CNNVD: CNNVD-201211-229 // NVD: CVE-2012-2531

REFERENCES

url:	http://www.securityfocus.com/bid/56439	Trust: 1.8
url:	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073	Trust: 1.7
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15959	Trust: 1.7
url:	http://www.us-cert.gov/cas/techalerts/ta12-318a.html	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2531	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2012/at120035.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta12-318a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2531	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.microsoft.com/windowsserver2003/iis/default.mspx	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/56439	Trust: 0.1
url:	https://github.com/dominicporter/shodan-playing	Trust: 0.1
url:	http://www.us-cert.gov/privacy/notification.html	Trust: 0.1
url:	http://www.us-cert.gov/privacy/	Trust: 0.1
url:	http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off>	Trust: 0.1
url:	http://www.update.microsoft.com/>	Trust: 0.1
url:	http://www.microsoft.com/security/updates/mu.aspx>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html	Trust: 0.1
url:	http://technet.microsoft.com/en-us/wsus/default.aspx>	Trust: 0.1
url:	http://technet.microsoft.com/en-us/security/bulletin/ms12-nov>	Trust: 0.1

sources: VULMON: CVE-2012-2531 // BID: 56439 // JVNDB: JVNDB-2012-005346 // PACKETSTORM: 118116 // CNNVD: CNNVD-201211-229 // NVD: CVE-2012-2531

CREDITS

Justin Royce of ProDX

Trust: 0.3

sources: BID: 56439

SOURCES

db:	VULMON	id:	CVE-2012-2531
db:	BID	id:	56439
db:	JVNDB	id:	JVNDB-2012-005346
db:	PACKETSTORM	id:	118116
db:	CNNVD	id:	CNNVD-201211-229
db:	NVD	id:	CVE-2012-2531

LAST UPDATE DATE

2024-11-23T21:45:53.432000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2012-2531	date:	2021-02-05T00:00:00
db:	BID	id:	56439	date:	2012-11-20T12:10:00
db:	JVNDB	id:	JVNDB-2012-005346	date:	2012-11-16T00:00:00
db:	CNNVD	id:	CNNVD-201211-229	date:	2019-07-08T00:00:00
db:	NVD	id:	CVE-2012-2531	date:	2024-11-21T01:39:11.930

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2012-2531	date:	2012-11-14T00:00:00
db:	BID	id:	56439	date:	2012-11-13T00:00:00
db:	JVNDB	id:	JVNDB-2012-005346	date:	2012-11-15T00:00:00
db:	PACKETSTORM	id:	118116	date:	2012-11-15T02:44:59
db:	CNNVD	id:	CNNVD-201211-229	date:	2012-11-14T00:00:00
db:	NVD	id:	CVE-2012-2531	date:	2012-11-14T00:55:01.547