List Info

Thread: PCWorks: Windows Agent ActiveX Control Buffer Overflow
PCWorks: Windows Agent ActiveX Control Buffer Overflow
user name
 2006-11-16 08:16:19 
TITLE:
Microsoft Windows Agent ActiveX Control Buffer Overflow

SECUNIA ADVISORY ID:
SA22878

VERIFY ADVISORY:
http://secunia.c
om/advisories/22878/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/p
roduct/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/p
roduct/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/p
roduct/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/p
roduct/1176/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows,
which 
can be
exploited by malicious people to compromise a vulnerable 
system.

The vulnerability is caused due to an unspecified error in
the
Microsoft Agent ActiveX control when processing .ACF files. 
This can
be exploited to cause a buffer overflow via a specially
crafted 
.ACF
file.

Successful exploitation allows execution of arbitrary code
when 
e.g.
a malicious website is visited with Internet Explorer.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=c72ceec8-3e4d-4281-818
3-11b724693217

Microsoft Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=c16e1607-f396-4113-89f
6-1fe89ec54b6a

Microsoft Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=b4002a2a-b03e-4428-a26
a-84293270d149

Microsoft Windows Server 2003 (optionally with SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=8f1a3f85-830b-4662-a4c
c-8dff9f59acea

Microsoft Windows Server 2003 for Itanium-based systems 
(optionally
with SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=b528f61d-ad54-4bad-b9a
0-b650385de216

Microsoft Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=3da7ff4a-2389-4ce4-a6b
b-b7e02f646b74

PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.

ORIGINAL ADVISORY:
MS06-068 (KB920213):
http://www.microsoft.com/technet/security/Bullet
in/MS06-068.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworksimagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )