For Windows Server 2003 the affected component is not
vulnerable.
On Windows XP Service Pack 2 the attack could only be
successfully performed by a user with Administrator
privileges.
TITLE:
Microsoft Windows Workstation Service Buffer Overflow
Vulnerability
SECUNIA ADVISORY ID:
SA22883
VERIFY ADVISORY:
http://secunia.c
om/advisories/22883/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows,
which
can be
exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to a boundary error in the
Workstation Service and can be exploited to cause a buffer
overflow
via a specially crafted message sent to the system.
Successful exploitation allows execution of arbitrary code,
but
requires Administrator privileges on Windows XP SP2.
SOLUTION:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=3ad5c57d-d3f6-46a1-8de
e-3e16d0977f80
Microsoft Windows XP SP2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=f4c8e767-4ed2-4e36-aa4
3-612f3017efc7
ORIGINAL ADVISORY:
MS06-070 (KB924270):
http://www.microsoft.com/technet/security/Bullet
in/MS06-070.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|