Exploits Against Obsolete Software
When obsolete software is detected on a scanned system, Qualys reports a high severity vulnerability. Software vendors either provide no patches for obsolete software, which clearly increases security risk over time. Or, software vendors provide private patches only to their customers with special support agreements, and Qualys does not have access to analyze private patches for vulnerabilities. It is therefore a best practice always to upgrade obsolete software as soon as possible.
To help demonstrate the risk of obsolete software, the Qualys Vulnerability Research Team periodically evaluates prevalent or important publicly available exploits against obsolete operating systems and software packages to determine if they are vulnerable. When an obsolete version is found to be vulnerable to an exploit, this information is integrated into the vulnerability detection to improve the accuracy and coverage of the detection. Findings from the Qualys Vulnerability Research Team are published below.
-
May 2017
CPUJUL2016 - QID 86494 Expand +
Vulnerable Software per Vendor Advisory
Oracle WebLogic Server, version(s) 10.3.6.0, 12.1.3.0, 12.2.1.0
Exploit Used
https://github.com/CoalfireLabs/java_deserialization_exploits/blob/master/WebLogic/weblogic.py
Findings
Additional Vulnerable Software
Oracle WebLogic Server, version(s) 10.3.5.0Impact of Exploit
Remote Code Execution -
Sep 2015
MS15-051 - QID 91049 Expand +
-
Aug 2015
MS15-010 - QID 91016 Expand +
Vulnerable Software per Vendor Advisory
Windows 2003 - Windows 8.1
see advisory for full detail
Findings
Additional Vulnerable Software
Windows XP SP3Impact of Exploit
Elevation of Privilege -
Jul 2015
MS14-058 - QID 90983 Expand +
Vulnerable Software per Vendor Advisory
Windows 2003 - Windows 8.1
see advisory for full detail
Findings
Additional Vulnerable Software
Windows XP SP3Impact of Exploit
Local Privilege Escalation -
Jun 2015
MS15-061 - QID 91059 Expand +
Vulnerable Software per Vendor Advisory
Windows 2003 - Windows 8.1
see advisory for full detail
Findings
Additional Vulnerable Software
Windows XP SP3Impact of Exploit
Elevation of Privilege -
Apr 2015
MS15-020 - QID 91029 Expand +
Vulnerable Software per Vendor Advisory
Windows 2003 - Windows 8.1
see advisory for full detail
Findings
Additional Vulnerable Software
Windows XP SP3 with IE7Impact of Exploit
Remote Code Execution -
Mar 2015
MS14-064 - QID 90987 Expand +
Vulnerable Software per Vendor Advisory
Windows 2003 - Windows 8.1
see advisory for full detail
Findings
Additional Vulnerable Software
Windows XP SP3 with IE7Impact of Exploit
Remote Code Execution -
Oct 2011
MS11-050 - QID 100103 Expand +
Vulnerable Software per Vendor Advisory
see advisory for full detail
Findings
Additional Vulnerable Software
Windows XP SP2 with IE7Impact of Exploit
Remote Code ExecutionMicrosoft MS11-050 Exploit for Obsolete Windows XP SP
-
Oct 2011
MS10-073 - QID 90611Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2,Windows Vista Service Pack 1 and Windows Vista Service Pack 2,Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2,Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*,Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2,Windows 7 for 32-bit Systems,Windows 7 for x64-based Systems,Windows Server 2008 R2 for x64-based Systems*,Windows Server 2008 R2 for Itanium-based Systems
Exploit Used
Findings
Additional Vulnerable Software Windows XP SP2
Windows XP SP1
2000 sp4
Windows Vista SP0
Windows XP SP0
windows 2003 enterprise 32bit sp1Impact of Exploit Elevation of Privilege
-
Oct 2011
MS10-078 - QID 90654Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3, Windows XP Pro x64 SP2, Windows Server 2003 SP2, Windows Server 2003 x64 SP2
Findings
Additional Vulnerable Software Win 2000 RTM and all SP
Win XP SP0, SP1, SP2
Win XP x64 SP1
Win 2003 SP0, SP1
Win 2003 x64 SP0, SP1Impact of Exploit Elevation of Privilege
Credit Diego Juarez of Core Security Technologies for reporting the OpenType Font Validation Vulnerability (CVE-2010-2741)
-
Oct 2011
MS10-071 - QID 100091Expand +
Vulnerable Software per Vendor Advisory
IE6 running in Windows XP SP3, Windows XP x64 SP2, Windows 2003 SP2, Windows 2003 x64 SP2, Windows 2003 SP2 for Itanium
IE7 running in Windows XP SP3, Windows XP x64 SP2, Windows 2003 SP2, Windows 2003 x64 SP2, Windows 2003 SP2 for Itanium, Windows Vista SP1-2, Windows Vista x64 SP1-2, Windows 2008 SP0-2, Windows 2008 x64 SP0-2, Windows 2001 SP0-2 for itanium
IE8 running in Windows XP SP3, Windows XP x64 SP2, Windows 2003 SP2, Windows 2003 x64 SP2, Windows Vista SP1-2, Windows Vista x64 SP1-2, Windows 2008 SP0-2, Windows 2008 x64 SP0-2, Windows 7, Windows 7 x64, Windows 2008 R2 x64, Windows 2008 R2 for itanium
Findings
Additional Vulnerable Software IE 6 running in XP SP2
IE 7 running in XP SP2
IE 8 running in XP SP2Impact of Exploit Remote Code Execution
Credit: This vulnerability was discovered and researched by Rodrigo Rubira Branco from Check Point Vulnerability Discovery Team (VDT). For more information click here.
-
Sep 2010
MS10-061 - QID 90636Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3, Windows XP x64 SP2, Windows 2003 SP2, Windows 2003 x64 SP2, Windows VISTA SP1, Windows VISTA SP2
Exploit Used
Metasploit 3.4.2dev "ms10_061_spoolss"
Findings
Additional Vulnerable Software Windows 2000
Windows XP SP1
Windows XP SP2
Windows XP x64 SP1Impact of Exploit Remote Code Execution
Additional Vulnerable Software Windows 2003
Windows 2003 SP1
Windows 2003 x64
Windows 2003 x64 SP 1
Windows VistaImpact of Exploit Elevation of Privilege
-
Aug 2010
MS10-047 - QID 90619Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP 3, Vista SP1, Vista SP2, Vista 64 SP1, Vista 64 SP2, Windows Server 2008 for 32-bit Systems, Windows Server 2008 for 32-bit Systems Service Pack 2, Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Server 2008 for Itanium-based Systems, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, Windows Server 2008 R2 for Itanium-based Systems
Findings
Additional Vulnerable Software Windows XP SP0
Windows XP SP1
Windows XP SP2
Windows 2000 32bitImpact of Exploit Elevation of Privilege
Additional Vulnerable Software Windows Vista
Impact of Exploit Denial of service
-
Aug 2010
MS10-054 - QID 90626Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3/x64 SP2, 2003 SP2, Vista SP 1/2 , 2008 SP2, Windows 7
Exploit Used
Findings
Additional Vulnerable Software Windows XP SP1
Windows XP SP2
Windows 2003
Windows 2003 SP1Impact of Exploit Denial of Service
-
Aug 2010
MS10-048 - QID 90627Expand +
Vulnerable Software per Vendor Advisory
Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 1 and Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems*, Windows Server 2008 R2 for Itanium-based Systems
Exploit Used
Findings
Additional Vulnerable Software Windows XP SP2
Windows 2003Impact of Exploit Denial of Service (BSOD)
-
Aug 2010
MS10-048 - QID 90627Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3, Windows XP 64 SP2
Exploit Used
Findings
Additional Vulnerable Software Windows XP SP0
Windows XP SP1
Windows XP SP2
Windows XP 64
Windows XP 64 SP1Impact of Exploit Local Privilege Escalation Vulnerability
-
Aug 2010
MS10-051 - QID 90625Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3,Windows XP x64 Edition SP2, Windows 2003 SP2, 2003 x64 SP2, Windows Vista SP1,SP2, Windows Server 2008,SP2, Windows 7, Windows Server 2008 R2
Exploit Used
Findings
Additional Vulnerable Software Windows 2000 sp4
Windows XP x64 SP1
Windows XP SP2
Windows vista SP0Impact of Exploit Denial of Service
-
Jun 2010
MS10-038 - QID 110124Expand +
Vulnerable Software per Vendor Advisory
Microsoft Office XP SP3, Microsoft Office 2003 SP3, 2007 Microsoft Office System SP1/2, Microsoft Office Excel Viewer SP1/2, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1/2, Microsoft Office for Mac 2004/2008, Open XML File Format Converter for Mac
Exploit Used
Publically available: http://www.packetstormsecurity.org/1007-exploits/msexcel0x5d-overflow.txt
Findings
Additional Vulnerable Software Microsoft Office System 2007 Service Pack 0
Impact of Exploit Remote Code Execution
-
Jul 2010
KB2286198 - QID 90616Expand +
Vulnerable Software per Vendor Advisory
Windows XP SP3, Windows XP Professional x64 Edition SP2, Windows Server 2003 SP2,Windows Server 2003 x64 Edition SP2,Windows Server 2003 with SP2 for Itanium-based Systems,Windows Vista SP1 and Windows Vista SP2,Windows Vista x64 Edition SP1 and Windows Vista x64 Edition SP2,Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2,Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2,Windows 7 for 32-bit Systems,Windows 7 for x64-based Systems,Windows Server 2008 R2 for x64-based Systems,Windows Server 2008 R2 for Itanium-based Systems
Exploit Used
ExploitDB #14403 "Microsoft Windows Automatic LNK Shortcut File Code Execution"
Findings
Additional Vulnerable Software Windows XP SP0/1/2 32bit
Windows 2003 SP1 32bit
Windows Vista SP0 32 bitImpact of Exploit Remote Code Execution
-
Jul 2010
MS10-018 - QID 100075Expand +
Vulnerable Software per Vendor Advisory
Windows 2000 SP4 with IE6 SP1, Windows XP SP2/3 with IE6/7, Windows Server 2003 SP2 with IE6/7, Windows Vista SP0/1/2 with IE7, Windows 2008 SP0/2 with IE7
Exploit Used
Metasploit 3.4.1dev "ms10_018_ie_behaviors" using "windows/exec" payload
Findings
Additional Vulnerable Software Windows XP SP0 with IE6
Windows XP SP1 with IE6
Windows 2003 SP1 with IE6Impact of Exploit Remote Code Execution
Additional Vulnerable Software Windows 2003 SP1 with IE7
Impact of Exploit Denial of Service
Windows XP SP0 + IE6 Update Version 0
Windows 2003 SP1 + IE6 SP1
-
Jul 2010
MS10-002 - QID 100078Expand +
Vulnerable Software per Vendor Advisory
Windows 2000 SP4 with IE6 SP1, Windows XP SP2/3 with IE6, Windows Server 2003 SP2 with IE6
Exploit Used
Metasploit 3.4.1dev "ms10_002_aurora" with payload "windows/exec"
Note
Metasploit currently only has an exploit for IE6
Findings
Additional Vulnerable Software Windows 2000 SP1 with IE6
Windows XP SP0 with IE6
Windows XP SP1 with IE6Impact of Exploit Remote Code Execution
Windows 2000 SP1 + IE SP1 and XP SP0/1 + IE SP0/1
-
Jul 2010
MS09-072 - QID 90570Expand +
Vulnerable Software per Vendor Advisory
Windows 2000 SP4 with IE6 SP1, Windows XP SP2/3 with IE6/7, Windows Server 2003 SP2 with IE6/7, Windows Vista SP0/1/2 with IE7, Windows 2008 SP0/2 with IE7
Exploit Used
etasploit 3.4.1dev "ms09_072_style_object" with payload "windows/exec"
Findings
Additional Vulnerable Software Windows XP SP0 with IE6
Impact of Exploit Remote Code Execution
Additional Vulnerable Software Windows 2003 SP0 with IE6
Impact of Exploit Denial of Service
Microsoft MS09-072 Exploit for Obsolete Windows XP SP0 and 2003 SP0
-
Jul 2010
MS09-067 - QID 110096Expand +
Vulnerable Software per Vendor Advisory
Microsoft Office Excel 2002 SP3, Microsoft Office Excel 2003 SP3, Microsoft Office Excel 2007 SP1, Microsoft Office Excel 2007 SP2
Exploit Used
Metasploit 3.4.1dev "ms09_067_excel_featheader" with payload "windows/exec"
Findings
Additional Vulnerable Software Office XP SP0
Office XP SP1
Office 2007 SP0Impact of Exploit Denial of Service
Additional Vulnerable Software Office Excel 2003 SP0
Impact of Exploit Remote Code Execution
-
Jul 2010
MS09-043 - QID 110101Expand +
Vulnerable Software per Vendor Advisory
Microsoft Office XP SP3, Microsoft Office 2003 SP3, Microsoft Office 2000 Web Components SP3, Microsoft Office XP Web Components SP3, Microsoft Office 2003 Web Components SP1 for the 2007 Microsoft Office System
Exploit Used
Metasploit 3.4.1dev "ms09_043_owc_msdso" with payload "windows/exec"
Note
Metasploit currently only has an exploit for Office Web Components
Findings
Additional Vulnerable Software Office XP SP0
Impact of Exploit Denial of Service
Additional Vulnerable Software Office XP SP1
Windows 2003 SP1 with Office XP SP2Impact of Exploit Remote Code Execution