Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA22896] Microsoft Agent URL Parsing Memory Corruption Vulnerability



> ----------------------------------------------------------------------
> 
> TITLE:
> Microsoft Agent URL Parsing Memory Corruption Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA22896
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22896/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> 
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in Microsoft Windows,
> which can be exploited by malicious people to compromise a user's
> system.
> 
> The vulnerability is caused due to an error in Microsoft Agent
> (agentsvr.exe) when processing specially crafted URLs passed as
> arguments to certain methods.
> 
> Successful exploitation allows execution of arbitrary code when a
> user e.g. visits a malicious website with Internet Explorer.
> 
> SOLUTION:
> Apply patches.
> 
> Windows 2000 (requires SP4):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=49dc4
> 70b-64e2-47ec-be90-622b407c7751
> 
> Windows XP (requires SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=e16ed
> eda-6e8c-40d6-a3c0-d61362411acc
> 
> Windows XP Professional x64 Edition (optionally with SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=23909
> 036-898f-41af-a3de-4a899a15d25d
> 
> Windows Server 2003 (optionally with SP1/SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=281f1
> 0d2-d754-44cd-8318-9ce94b8d01b4
> 
> Windows Server 2003 x64 Edition (requires SP1/SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=50469
> b54-b6ff-46ed-b2bc-3b00b0984e1e
> 
> Windows Server 2003 for Itanium-based systems (optionally with
> SP1/SP2):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=88366
> 0ca-e976-460f-8e50-c19d1b02b42f
> 
> PROVIDED AND/OR DISCOVERED BY:
> JJ Reyes and Carsten Eiram, Secunia Research.
> 
> ORIGINAL ADVISORY:
> MS07-020 (KB932168):
> http://www.microsoft.com/technet/security/Bulletin/MS07-020.mspx
> 
> Secunia Research:
> http://secunia.com/secunia_research/2006-74/
> 



 




Copyright © Lexa Software, 1996-2009.