The remote host is missing IE Security Update 963027.

The remote version of IE is affected by several vulnerabilities that may allow an attacker to execute arbitrary code on the remote host.

Windows の SearchPath 機能がリモートホストでファイルを探して開く方法での脆弱性により、攻撃者は、ユーザーをトリックにかけて、特別に作り上げられたファイルを特定の場所（Windows のデスクトップなど）にダウンロードさせることができる場合、任意のリモートコードを実行できることがあります。

リモートホストに IE セキュリティ更新 963027 がありません。

リモートバージョンの IE は、いくつかの脆弱性の影響を受けます。これにより、攻撃者は、リモートホストで任意のコードを実行できることがあります。

The version of Safari installed on the remote host reportedly is affected by several issues :

  - An out-of-bounds memory read while handling BMP and GIF     images may lead to information disclosure     (CVE-2008-1573).

  - Safari will automatically launch executable files     downloaded from a site if that site is in an IE7 zone     with 'Launching applications and unsafe files' set to     'Enable' or an IE6 'Local intranet ' / ' Trusted sites'     zone (CVE-2008-2306).

  - There is a memory corruption issue in WebKit's     handling of JavaScript arrays that could be leveraged     to crash the application or execute arbitrary code     if visiting a malicious site (CVE-2008-2307).

  - When handling an object with an unrecognized content     type, Safari does not prompt the user before     downloading the object (aka, the 'carpet-bombing'     issue). If the download location is the Windows     Desktop (the default), this could lead to arbitrary     code execution (CVE-2008-2540).

A vulnerability in the way the Windows SearchPath function locates and opens files on the remote host could allow an attacker to execute arbitrary remote code if he can trick a user into downloading a specially crafted file into a specific location, such as the Windows Desktop.

如果攻击者可欺骗用户将特别构建的文件下载到 Windows 桌面等特定位置，Windows SearchPath 函数在远程主机上查找并打开文件的方式中的漏洞可允许攻击者执行任意代码。

远程主机缺少 IE 安全更新 963027。

远程 IE 版本受到多个漏洞的影响，可能会允许攻击者在远程主机上执行任意代码。

The version of Safari installed on the remote host reportedly is affected by several issues :

  - An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573).
  - Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with 'Launching applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone (CVE-2008-2306).
  - There is a memory corruption issue in WebKit's handling of JavaScript arrays that could be leveraged to crash the application or execute arbitrary code if visiting a malicious site (CVE-2008-2307).
  - When handling an object with an unrecognized content type, Safari does not prompt the user before downloading the object (aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the default), this could lead to arbitrary code execution (CVE-2008-2540).

The version of Safari installed on the remote host reportedly is affected by several issues :

  - An out-of-bounds memory read while handling BMP and GIF images may lead to information disclosure (CVE-2008-1573).
  - Safari will automatically launch executable files downloaded from a site if that site is in an IE7 zone with 'Launching applications and unsafe files' set to 'Enable' or an IE6 'Local intranet ' / ' Trusted sites' zone (CVE-2008-2306).
  - There is a memory corruption issue in WebKit's handling of JavaScript arrays that could be leveraged to crash the application or execute arbitrary code if visiting a malicious site (CVE-2008-2307).
  - When handling an object with an unrecognized content type, Safari does not prompt the user before downloading the object (aka, the 'carpet-bombing' issue). If the download location is the Windows Desktop (the default), this could lead to arbitrary code execution (CVE-2008-2540).
IAVT Reference : 2009-T-0021
STIG Finding Severity : Category II

ID	名前	製品	ファミリー	公開日	更新日	深刻度
36152	MS09-014: Cumulative Security Update for Internet Explorer (963027)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
36153	MS09-015：SearchPath での複合型脅威の脆弱性により、権限を昇格できる可能性があります（959426）	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
36152	MS09-014：Internet Explorer の累積セキュリティ更新（963027）	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
33226	Safari < 3.1.2 Multiple Vulnerabilities	Nessus	Windows	2008/6/20	2018/11/15	high
36153	MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
36153	MS09-015：SearchPath 中的混合威胁漏洞可允许权限提升 (959426)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
36152	MS09-014：Internet Explorer 累积安全更新 (963027)	Nessus	Windows : Microsoft Bulletins	2009/4/15	2018/11/15	high
4556	Safari < 3.1.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	2004/8/18	2019/3/6	medium
800992	Safari < 3.1.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients			high

検出

プラグインの検索

high

high

high

high

high

high

high

medium

high