(Well, this one was supposed to be posted first before the others, and it has yet to show up at the list!)
This is the first of many. I see Peter posted a couple of them, and there's several more after this one. Note on this one, if you don't use Messenger or have it disabled, and don't use WMP 9 it's not needed. -Clint --------------------------------- SECUNIA ADVISORY ID: SA14174 VERIFY ADVISORY: http://secunia.com/advisories/14174/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Millenium http://secunia.com/product/14/ Microsoft Windows 98 Second Edition http://secunia.com/product/13/ Microsoft Windows 98 http://secunia.com/product/12/ SOFTWARE: Microsoft MSN Messenger 6.x http://secunia.com/product/1902/ Microsoft Windows Messenger 5.x http://secunia.com/product/40/ Microsoft Windows Media Player 9.x http://secunia.com/product/1085/ DESCRIPTION: Two vulnerabilities have been reported in various Microsoft products, which can be exploited by malicious people to compromise a vulnerable system. 1) Microsoft has acknowledged a vulnerability in Windows Messenger and MSN Messenger when processing PNG image files. This can be exploited to execute arbitrary code on a user's system via a specially crafted PNG image file. For more information: SA12219 2) A variant of the first vulnerability exists in Windows Media Player when processing PNG image files containing extremely large width and height values. This can be exploited to execute arbitrary code on a user's system via a specially crafted PNG image when the user e.g visits a malicious web site. SOLUTION: Apply patches. Windows Media Player 9 Series (running on Windows 2000, Windows XP SP1, or Windows Server 2003): http://www.microsoft.com/downloads/details.aspx?FamilyId=A52279DC-3B6C-4720-8192-45657EDBB14F Windows Messenger 5.0 (standalone version): http://www.microsoft.com/downloads/details.aspx?FamilyID=A8D9EB73-5F8C-4B9A-940F-9157A3B3D774 Microsoft MSN Messenger 6.1: http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925 Microsoft MSN Messenger 6.2: http://www.microsoft.com/downloads/details.aspx?FamilyId=EBE898D8-FE1C-4A5E-993C-5FAB3E62C925 Windows Messenger 4.7.0.2009 (running on Windows XP SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=E3DC209B-AD57-49E1-BB90-6FA2CA8763A6 Windows Messenger 4.7.0.3000 (running on Windows XP SP2): http://www.microsoft.com/downloads/details.aspx?FamilyId=1DCC9628-E2D0-496F-B4F2-3AFEFA0A0156 Windows 98, Windows 98 SE, and Windows ME: An update is available via Windows Update. ORIGINAL ADVISORY: MS05-009 (KB890261): http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx OTHER REFERENCES: SA12219: http://secunia.com/advisories/12219/ ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
