Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA19606] Microsoft Windows Explorer COM Object Handling Vulnerability



> 
> 
> TITLE:
> Microsoft Windows Explorer COM Object Handling Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA19606
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19606/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Windows, which can be
> exploited by malicious people to compromise a vulnerable system.
> 
> The vulnerability is caused due to an error in Windows Explorer when
> handling of COM objects. This can be exploited to execute arbitrary
> code by tricking a user into connecting to a malicious file server.
> 
> Successful exploitation requires that a netbios/CIFS connections can
> be established to a malicious system.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 (requires Service Pack 4):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=AE28B
> C65-3A5E-4497-AD05-2CDE8E7B5E95
> 
> Microsoft Windows XP (requires Service Pack 1 or Service Pack 2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=392C2
> F1B-AA24-48E5-8D5B-EA56341DB936
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=11A51
> 95E-3F32-41F9-AB39-68A099EE945D
> 
> Microsoft Windows Server 2003 (with or without Service Pack 1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=099EE
> 535-8B31-4356-B3FB-EF524C20A424
> 
> Microsoft Windows Server 2003 for Itanium (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=E3C7E
> 736-1583-4BD5-B661-A9AADDFA5B86
> 
> Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=238AB
> 809-5A7E-4678-B01B-38FD82E9C701
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits NISCC.
> 
> ORIGINAL ADVISORY:
> MS06-015 (KB908531):
> http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
> 
> OTHER REFERENCES:
> US-CERT VU#641460:
> http://www.kb.cert.org/vuls/id/641460
> 



 




Copyright © Lexa Software, 1996-2009.