[security-alerts] FW: [SA22883] Microsoft Windows Workstation Service Buffer Overflow Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> Microsoft Windows Workstation Service Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA22883
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22883/
> 
> CRITICAL:
> Moderately critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From local network
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Windows, which can be
> exploited by malicious people to compromise a vulnerable system.
> 
> The vulnerability is caused due to a boundary error in the
> Workstation Service and can be exploited to cause a buffer overflow
> via a specially crafted message sent to the system.
> 
> Successful exploitation allows execution of arbitrary code, but
> requires Administrator privileges on Windows XP SP2.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=3ad5c
> 57d-d3f6-46a1-8dee-3e16d0977f80
> 
> Microsoft Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=f4c8e
> 767-4ed2-4e36-aa43-612f3017efc7
> 
> PROVIDED AND/OR DISCOVERED BY:
> The vendor credits eEye.
> 
> ORIGINAL ADVISORY:
> MS06-070 (KB924270):
> http://www.microsoft.com/technet/security/Bulletin/MS06-070.mspx
>