TITLE: Microsoft Windows Hyperlink Object Library Buffer Overflow SECUNIA ADVISORY ID: SA14195
VERIFY ADVISORY: http://secunia.com/advisories/14195/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Millenium http://secunia.com/product/14/ Microsoft Windows 98 Second Edition http://secunia.com/product/13/ Microsoft Windows 98 http://secunia.com/product/12/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: Anna Hollingzworth has reported a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the Hyperlink Object Library. This can be exploited to cause a buffer overflow via applications linked against the vulnerable object library. Successful exploitation requires that a user opens a malicious URL following a link from an email or a HTML document. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 3 or Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=9DC37971-9268-4CED-85A3-2CF487EAE378 Microsoft Windows XP (requires Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=6005C5A3-AFF2-4765-B26F-BE47ED408E0B Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=84712902-1C6B-4402-9959-7A51EE319D7F Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=558AB19E-A5A3-44A6-99A3-F0D9E7C1F714 Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=68C55E18-3A3F-455B-A6C3-BB87B33CFD8E Microsoft Windows Server 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=558AB19E-A5A3-44A6-99A3-F0D9E7C1F714 The following platforms are no longer supported: Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME). ORIGINAL ADVISORY: MS05-015 (KB888113): http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
