TITLE: Microsoft Windows Explorer COM Object Handling Vulnerability SECUNIA ADVISORY ID: SA19606
VERIFY ADVISORY: http://secunia.com/advisories/19606/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in Windows Explorer when handling of COM objects. This can be exploited to execute arbitrary code by tricking a user into connecting to a malicious file server. Successful exploitation requires that a netbios/CIFS connections can be established to a malicious system. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=AE28BC65-3A5E-4497-AD05-2CDE8E7B5E95 Microsoft Windows XP (requires Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=392C2F1B-AA24-48E5-8D5B-EA56341DB936 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=11A5195E-3F32-41F9-AB39-68A099EE945D Microsoft Windows Server 2003 (with or without Service Pack 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=099EE535-8B31-4356-B3FB-EF524C20A424 Microsoft Windows Server 2003 for Itanium (with or without SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=E3C7E736-1583-4BD5-B661-A9AADDFA5B86 Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=238AB809-5A7E-4678-B01B-38FD82E9C701 ORIGINAL ADVISORY: MS06-015 (KB908531): http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx OTHER REFERENCES: US-CERT VU#641460: http://www.kb.cert.org/vuls/id/641460 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
