PCWorks: Windows Winsock & DNS Resolution Code Execution Vulnerabilities

Thread: PCWorks: Windows Winsock & DNS Resolution Code Execution Vulnerabilities

Search this list only Search all lists
PCWorks: Windows Winsock & DNS Resolution Code Execution Vulnerabilities
	2006-08-09 14:36:40
TITLE: Windows Winsock & DNS Resolution Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA21394 VERIFY ADVISORY: http://secunia.c om/advisories/21394/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/pro duct/22/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows 2000 Server http://secunia.com/pro duct/20/ Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/p roduct/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/pro duct/21/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Winsock API when handling hostnames can be exploited to cause a buffer overflow by either tricking a user into opening a file or visiting a specially crafted website. Successful exploitation allows execution of arbitrary code. 2) A boundary error in the DNS Client service when processing DNS responses can be exploited to cause a buffer overflow by returning a specially crafted DNS response. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=144408a7-3011-458a-bc7 9-49b1658aa25d Windows XP SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=c332b95a-2956-406b-9e0 6-07c5e96b02e3 Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=1be5310b-1995-4ef9-a46 2-04da9833f50b Windows Server 2003 (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=6d027e72-1f94-44de-95f 9-f52000a991cc Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=18477016-0b70-4c86-90c 7-3535d365b7c1 Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=583b741c-47e2-429d-9d5 0-44670bb2f452 ORIGINAL ADVISORY: MS06-041 (KB920683): http://www.microsoft.com/technet/security/Bullet in/MS06-041.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )