PCWorks: Microsoft Windows Explorer COM Object Handling Vulnerability

Thread: PCWorks: Microsoft Windows Explorer COM Object Handling Vulnerability

Search this list only Search all lists
PCWorks: Microsoft Windows Explorer COM Object Handling Vulnerability
	2006-04-12 07:08:46
TITLE: Microsoft Windows Explorer COM Object Handling Vulnerability SECUNIA ADVISORY ID: SA19606 VERIFY ADVISORY: http://secunia.c om/advisories/19606/ CRITICAL: Moderately critical IMPACT: System access WHERE: From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/pro duct/22/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows 2000 Server http://secunia.com/pro duct/20/ Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/p roduct/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/pro duct/21/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in Windows Explorer when handling of COM objects. This can be exploited to execute arbitrary code by tricking a user into connecting to a malicious file server. Successful exploitation requires that a netbios/CIFS connections can be established to a malicious system. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 4): http://www.microsof t.com/downloads/details.aspx?FamilyId=AE28BC65-3A5E-4497-AD0 5-2CDE8E7B5E95 Microsoft Windows XP (requires Service Pack 1 or Service Pack 2): http://www.microsof t.com/downloads/details.aspx?FamilyId=392C2F1B-AA24-48E5-8D5 B-EA56341DB936 Microsoft Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=11A5195E-3F32-41F9-AB3 9-68A099EE945D Microsoft Windows Server 2003 (with or without Service Pack 1): http://www.microsof t.com/downloads/details.aspx?FamilyId=099EE535-8B31-4356-B3F B-EF524C20A424 Microsoft Windows Server 2003 for Itanium (with or without SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=E3C7E736-1583-4BD5-B66 1-A9AADDFA5B86 Microsoft Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=238AB809-5A7E-4678-B01 B-38FD82E9C701 ORIGINAL ADVISORY: MS06-015 (KB908531): http://www.microsoft.com/technet/security/Bullet in/MS06-015.mspx OTHER REFERENCES: US-CERT VU#641460: http://www.kb.c ert.org/vuls/id/641460 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )