{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Microsoft Windows 2003 x64 Edition Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista x64 Edition Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 for x64-based Systems ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 2003 with SP2 for Itanium-based Systems ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 for 32-bit Systems Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista x64 Edition Service Pack 1 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 for Itanium-based Systems ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Vista x64 Edition ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 for x64-based Systems Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 for 32-bit Systems ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 2003 Service Pack 2 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows Server 2008 for Itanium-based Systems Service Pack 2.","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}},{"description":"Microsoft Windows 2000 Service Pack 4 ;","product":{"name":"Windows","vendor":{"name":"Microsoft","scada":false}}}],"affected_systems_content":null,"content":"## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans l'impl\u00e9mentation de\nTCP/IP sous Microsoft Windows :\n\n-   un d\u00e9ni de service \u00e0 distance est possible d\u00fb \u00e0 la fa\u00e7on dont\n    Microsoft Windows g\u00e8re un nombre excessif de connexions TCP. Cette\n    vuln\u00e9rabilit\u00e9 est amplifi\u00e9e lorsque la taille de la fen\u00eatre a une\n    valeur proche de 0 (CVE-2008-4609) ;\n-   une ex\u00e9cution de code arbitraire \u00e0 distance est possible car la pile\n    TCP/IP de Microsoft Windows ne nettoie pas correctement les\n    informations d'\u00e9tat (CVE-2009-1925) ;\n-   un d\u00e9ni de service \u00e0 distance est possible du fait d'une erreur dans\n    la gestion des paquets ayant une taille de fen\u00eatre proche de 0\n    (CVE-2009-1926).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 pour l'obtention\ndes correctifs (cf. section Documentation).\n","cves":[{"name":"CVE-2009-1926","url":"https://www.cve.org/CVERecord?id=CVE-2009-1926"},{"name":"CVE-2008-4609","url":"https://www.cve.org/CVERecord?id=CVE-2008-4609"},{"name":"CVE-2009-1925","url":"https://www.cve.org/CVERecord?id=CVE-2009-1925"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :","url":"http://www.microsoft.com/france/technet/security/Bulletin/MS09-048.mspx"},{"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre    2009 :","url":"http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx"}],"reference":"CERTA-2009-AVI-372","revisions":[{"description":"version initiale.","revision_date":"2009-09-09T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s dans l'impl\u00e9mentation de TCP/IP sous <span\nclass=\"textit\">Microsoft Windows</span> permettent d'ex\u00e9cuter du code\narbitraire ou de r\u00e9aliser un d\u00e9ni de service \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans TCP/IP sous Windows","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Microsoft MS09-048 du 08 septembre 2009","url":null}]}