ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA24147] Microsoft Windows OLE Dialog Memory Corruption Vulnerability

> 
> TITLE:
> Microsoft Windows OLE Dialog Memory Corruption Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA24147
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/24147/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows Storage Server 2003
> http://secunia.com/product/12399/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Windows, which can be
> exploited by malicious people to compromise a user's system.
> 
> The vulnerability is caused due to an error in Windows OLE Dialog
> components handling of OLE objects in RTF (Rich Text Format) files.
> This can be exploited to cause a memory corruption by e.g. tricking a
> user into opening a malicious RTF document using Wordpad and interact
> with a specially crafted embedded OLE object.
> 
> Successful exploitation allows execution of arbitrary code.
> 
> SOLUTION:
> Apply patches:
> 
> Microsoft Windows 2000 Service Pack 4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=7b1a8
> 1d5-1072-49d9-a24a-0e2630f62d8c
> 
> Microsoft Windows XP Service Pack 2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=e9b84
> 661-25e3-4d38-95b1-8d3e7af565aa
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=57c1b
> 19f-3242-457c-bedf-d35a8efe525c
> 
> Microsoft Windows Server 2003 (with or without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=eaed6
> f59-801e-45d7-9518-469d0de13cad
> 
> Microsoft Windows Server 2003 for Itanium-based Systems (with or
> without SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=cd1b1
> 8ae-bc8d-4d73-847f-4fa7ca672c88
> 
> Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=11f4f
> 8f6-b8ce-4a5f-b7ed-8389ccc56473
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits:
> * Kostya Kortchinsky, Immunity, Inc.
> * Fabrice Desclaux, EADS Common Research Center.
> 
> ORIGINAL ADVISORY:
> MS07-011 (KB926436):
> http://www.microsoft.com/technet/security/Bulletin/MS07-011.mspx
>

 



Copyright © Lexa Software, 1996-2009.