TITLE: Microsoft Collaboration Data Objects Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA17167
VERIFY ADVISORY: http://secunia.com/advisories/17167/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ SOFTWARE: Microsoft Exchange Server 2000 http://secunia.com/product/41/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows and Microsoft Exchange 2000 Server, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the CDO (Collaboration Data Objects) COM component. This can be exploited to execute arbitrary code on a vulnerability system via a specially crafted message delivered through SMTP. SOLUTION: Apply patches. Microsoft Windows 2000 (requires SP 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=AE0BA6D7-37AF-46E8-9E25-AB63883FA944 Microsoft Windows XP (requires SP 1 or SP 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=E0DAF2D1-656C-4580-94C1-8AB009B4AD4F Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=D389EF4D-583D-41C0-9081-844D348F3817 Microsoft Windows Server 2003 (with or without SP 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=1BC06799-B9F5-416F-8965-DC0E07A24A29 Microsoft Windows Server 2003 (Itanium) (with or without SP 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=956FFD90-60AF-4296-8765-F0A17A77DB77 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=5504C410-CDCB-4826-B002-DBA0E3A402A4 Microsoft Exchange 2000 Server (requires SP 3 and Post-SP 3 Update Rollup of August 2004): http://www.microsoft.com/downloads/details.aspx?FamilyId=60FD0DDC-04B7-4879-930B-53375823CD51 ORIGINAL ADVISORY: MS05-048 (KB907245): http://www.microsoft.com/technet/security/Bulletin/MS05-048.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
