GEN:SID | 1:2527 |
Message | SMTP STARTTLS attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Microsoft implementation of the Private Communications Transport (PCT) protocol.
|
Impact | Execution of arbitrary code. Unauthorized administrative access to an affected host.
|
Detailed Information | A vulnerability exists in the handling of PCT requests that can be manipulated to give an attacker the opportunity to execute arbitrary code of their choosing leading to a possible remote administrative compromize of an affected host.
The condition exists because of poor error handling routines in the Microsoft Secure Sockets Layer (SSL) library.
|
Affected Systems | Microsoft Windows NT, 2000, 2003 and XP systems using PCT
|
Attack Scenarios | An attcker needs to make a specially crafted PCT request to an affected system.
|
Ease of Attack | Simple.
|
Corrective Action | Apply the appropriate vendor supplied patches
Disable the use of PCT
|
Additional References | |