PCWorks: Windows Win32 API Code Execution Vulnerability

Thread: PCWorks: Windows Win32 API Code Execution Vulnerability

Search this list only Search all lists
PCWorks: Windows Win32 API Code Execution Vulnerability
United States	2007-06-13 09:41:49
TITLE: Microsoft Windows Win32 API Code Execution Vulnerability SECUNIA ADVISORY ID: SA25640 VERIFY ADVISORY: http://secunia.c om/advisories/25640/ CRITICAL: Highly critical IMPACT: Privilege escalation, System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows XP Professional http://secunia.com/pro duct/22/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ Microsoft Windows Storage Server 2003 http://secunia.com/ product/12399/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in the Win32 API when handling parameters to a function call. This can be exploited to execute arbitrary code via a local application using the vulnerable component or when a user e.g. views a specially crafted web page using Internet Explorer. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=3918ac76-ebb6-4886-9a9 e-808eafb96b1b Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=27c7f1b9-2d1d-40cb-ad7 e-bfedb6156a9c Windows XP Professional x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=0ba12191-1e6f-443b-915 0-7ab8b2deb7c2 Windows Server 2003 SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=d554dff4-bcfb-4bbc-8fa 0-af2f939d2610 Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsof t.com/downloads/details.aspx?FamilyId=170473d8-6bb1-4fbd-849 4-a059dbfdf182 Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsof t.com/downloads/details.aspx?FamilyId=f5e45e3c-4cac-41a5-99f 7-42c2c2c73e99 ORIGINAL ADVISORY: MS07-035 (KB935839): http://www.microsoft.com/technet/security/bullet in/ms07-035.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )