ðòïåëôù 

  áòèé÷ 

Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 

  ðåòóïîáìøîïå 

  ðòïçòáííù 

ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: [SA22878] Microsoft Windows Agent ActiveX Control Buffer Overflow

> 
> TITLE:
> Microsoft Windows Agent ActiveX Control Buffer Overflow
> 
> SECUNIA ADVISORY ID:
> SA22878
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22878/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> OPERATING SYSTEM:
> Microsoft Windows 2000 Advanced Server
> http://secunia.com/product/21/
> Microsoft Windows 2000 Datacenter Server
> http://secunia.com/product/1177/
> Microsoft Windows 2000 Professional
> http://secunia.com/product/1/
> Microsoft Windows 2000 Server
> http://secunia.com/product/20/
> Microsoft Windows XP Home Edition
> http://secunia.com/product/16/
> Microsoft Windows XP Professional
> http://secunia.com/product/22/
> Microsoft Windows Server 2003 Datacenter Edition
> http://secunia.com/product/1175/
> Microsoft Windows Server 2003 Enterprise Edition
> http://secunia.com/product/1174/
> Microsoft Windows Server 2003 Standard Edition
> http://secunia.com/product/1173/
> Microsoft Windows Server 2003 Web Edition
> http://secunia.com/product/1176/
> 
> DESCRIPTION:
> A vulnerability has been reported in Microsoft Windows, which can be
> exploited by malicious people to compromise a vulnerable system.
> 
> The vulnerability is caused due to an unspecified error in the
> Microsoft Agent ActiveX control when processing .ACF files. This can
> be exploited to cause a buffer overflow via a specially crafted .ACF
> file.
> 
> Successful exploitation allows execution of arbitrary code when e.g.
> a malicious website is visited with Internet Explorer.
> 
> SOLUTION:
> Apply patches.
> 
> Microsoft Windows 2000 SP4:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c72ce
ec8-3e4d-4281-8183-11b724693217
> 
> Microsoft Windows XP SP2:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=c16e1
607-f396-4113-89f6-1fe89ec54b6a
> 
> Microsoft Windows XP Professional x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=b4002
a2a-b03e-4428-a26a-84293270d149
> 
> Microsoft Windows Server 2003 (optionally with SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=8f1a3
f85-830b-4662-a4cc-8dff9f59acea
> 
> Microsoft Windows Server 2003 for Itanium-based systems (optionally
> with SP1):
> http://www.microsoft.com/downloads/details.aspx?FamilyId=b528f
61d-ad54-4bad-b9a0-b650385de216
> 
> Microsoft Windows Server 2003 x64 Edition:
> http://www.microsoft.com/downloads/details.aspx?FamilyId=3da7f
f4a-2389-4ce4-a6bb-b7e02f646b74
> 
> PROVIDED AND/OR DISCOVERED BY:
> Reported by the vendor.
> 
> ORIGINAL ADVISORY:
> MS06-068 (KB920213):
> http://www.microsoft.com/technet/security/Bulletin/MS06-068.mspx
>

 



Copyright © Lexa Software, 1996-2009.