TITLE:
Microsoft MFC OLE Dialog Memory Corruption Vulnerability
SECUNIA ADVISORY ID:
SA24150
VERIFY ADVISORY:
http://secunia.c
om/advisories/24150/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/pro
duct/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/p
roduct/1177/
Microsoft Windows 2000 Professional
http://secunia.com/prod
uct/1/
Microsoft Windows 2000 Server
http://secunia.com/pro
duct/20/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/p
roduct/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/p
roduct/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/p
roduct/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/p
roduct/1176/
Microsoft Windows Storage Server 2003
http://secunia.com/
product/12399/
Microsoft Windows XP Home Edition
http://secunia.com/pro
duct/16/
Microsoft Windows XP Professional
http://secunia.com/pro
duct/22/
SOFTWARE:
Microsoft Visual Studio .NET 2002
http://secunia.com/p
roduct/1087/
Microsoft Visual Studio .NET 2003
http://secunia.com/p
roduct/1086/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows and
Visual
Studio, which can be exploited by malicious people to
compromise a
users system.
The vulnerability is caused due to a memory corruption in
the
MFC
component when handling OLE objects in Rich Text Format
(RTF)
files.
This can be exploited by e.g. tricking a user into opening
a
malicious RTF document using Wordpad and interact with a
specially
crafted embedded OLE object.
Successful exploitation allows execution of arbitrary code.
SOLUTION:
Apply patches.
Microsoft Windows 2000 Service Pack 4:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=d6577f1f-0d9e-4856-b1d
6-7e27657a3620
Microsoft Windows XP Service Pack 2:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=84ae4c62-89ae-410a-b34
b-471e3c09ce98
Microsoft Windows XP Professional x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=54e0dc33-6bad-476c-b4c
f-b833d591aaad
Microsoft Windows Server 2003 (with or without SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=934ca609-d6bc-4bf0-823
3-969eb43d48bb
Microsoft Windows Server 2003 for Itanium-based Systems
(with
or
without SP1):
http://www.microsof
t.com/downloads/details.aspx?FamilyId=67f52e93-cd57-4852-b83
8-a958ab9b23fb
Microsoft Windows Server 2003 x64 Edition:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=f2ca9de9-f69e-4e34-9aa
9-0b320d670e04
Microsoft Visual Studio .NET 2002:
(KB924641)
http://www.microsof
t.com/downloads/details.aspx?FamilyId=711F05A8-CD67-4702-B07
9-3FF79A3AB4DE
Microsoft Visual Studio .NET 2002 Service Pack 1:
(KB924642)
http://www.microsof
t.com/downloads/details.aspx?FamilyId=124F2D2D-8CF3-47F3-A8F
D-24A9FACF4FA4
Microsoft Visual Studio .NET 2003:
(KB924643)
http://www.microsof
t.com/downloads/details.aspx?FamilyId=A05CE727-C5B5-4022-B7A
0-D8861CE99209
Microsoft Visual Studio .NET 2003 Service Pack 1:
(KB927696)
http://www.microsof
t.com/downloads/details.aspx?FamilyId=1DD6D8E7-390B-4E02-9F1
6-AB9D5EF7792E
ORIGINAL ADVISORY:
MS07-012 (KB924667):
http://www.microsoft.com/technet/security/Bullet
in/MS07-012.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
