cs35Lhw7 - smaller chance of being exploited when...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
1. VU#945216 SSH CRC32 Attack Metric: 99.0 This is the most vulnerable flaw because the attacker can obtain the system's root previlege by exploiting this flaw. 2. VU#692417 Microsoft Word Code Execution Metric: 22.34 Although this vulnerability could grant the attacker the system control; however, this is less dangerious because the attacker has to exploit this flaw by making a special word document and bait the user to excecute the code, therefore is passive. 3. VU#228569 Microsoft Internet Explorer Memory Corruption Metric: 15.53 Similar to the previous one, the attacking method is relatively passive; the user has to visit the malicious page in order for the attacker to gain control of the system. This flaw has a
Background image of page 1
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: smaller chance of being exploited when experienced users are operating the system (never click suspicious links). 4. VU#771937 Apache mod_jk2 Host header Buffer Overflow Metric: 4.80 This flaw only grants the attacker the previlege equavilent to the webserver's, which is usually very limited. Also, since the flaw only exists in the legacy version of the program, it could be easily fixed by upgrading the software to the newest version. 5. VU#794236 SkypeFine Fails to Properly Sanitize User-Supplied Input Metric: 0.0 This is least vulnurable because in order for the attacker to exploit the system, the user has to have Skype installed and manually visit the malicious Skype profile page....
View Full Document

This note was uploaded on 06/02/2009 for the course CS 35L taught by Professor Eggert during the Spring '09 term at UCLA.

Ask a homework question - tutors are online