Executive Summary
Summary | |
---|---|
Title | Windows Firewall Exception May Not Display in the User Interface |
Informations | |||
---|---|---|---|
Name | KB897663 | First vendor Publication | 2005-08-31 |
Vendor | Microsoft | Last vendor Modification | 2005-08-31 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.1 | Attack Range | Local |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has received a report of an unexpected behavior in the way that the Windows Firewall User Interface handles malformed entries in the Windows Registry. By creating malformed Windows Firewall exception entries in the Windows Registry, an exception could be created in the firewall that would not be displayed in the Windows Firewall User Interface.However, this exception is displayed by the command line firewall administration tools. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/897663.mspx |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 2 | |
Os | 2 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
19287 | Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness Microsoft Windows Firewall contains a flaw that may allow a malicious local user, with administrative privileges, to hide firewall ruleset information. The issue is triggered by a specially crafted Windows Firewall exception entry in the Windows Registry. It is possible that the flaw may not allow firewall exception entries to be displayed in the Windows firewall graphical user interface, resulting in a loss of integrity. The command line firewall administration tool "Netsh" is not affected by this issue |