PCWorks: Windows OLE Dialog Memory Corruption Vulnerability

Thread: PCWorks: Windows OLE Dialog Memory Corruption Vulnerability

Search this list only Search all lists
PCWorks: Windows OLE Dialog Memory Corruption Vulnerability
United States	2007-02-19 08:55:24
TITLE: Microsoft Windows OLE Dialog Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA24147 VERIFY ADVISORY: http://secunia.c om/advisories/24147/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/pro duct/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/p roduct/1177/ Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows 2000 Server http://secunia.com/pro duct/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ Microsoft Windows Storage Server 2003 http://secunia.com/ product/12399/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows XP Professional http://secunia.com/pro duct/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in Windows OLE Dialog components handling of OLE objects in RTF (Rich Text Format) files. This can be exploited to cause a memory corruption by e.g. tricking a user into opening a malicious RTF document using Wordpad and interact with a specially crafted embedded OLE object. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches: Microsoft Windows 2000 Service Pack 4: http://www.microsof t.com/downloads/details.aspx?FamilyId=7b1a81d5-1072-49d9-a24 a-0e2630f62d8c Microsoft Windows XP Service Pack 2: http://www.microsof t.com/downloads/details.aspx?FamilyId=e9b84661-25e3-4d38-95b 1-8d3e7af565aa Microsoft Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=57c1b19f-3242-457c-bed f-d35a8efe525c Microsoft Windows Server 2003 (with or without SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=eaed6f59-801e-45d7-951 8-469d0de13cad Microsoft Windows Server 2003 for Itanium-based Systems (with or without SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=cd1b18ae-bc8d-4d73-847 f-4fa7ca672c88 Microsoft Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=11f4f8f6-b8ce-4a5f-b7e d-8389ccc56473 ORIGINAL ADVISORY: MS07-011 (KB926436): http://www.microsoft.com/technet/security/Bullet in/MS07-011.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )