TITLE: Windows Winsock & DNS Resolution Code Execution Vulnerabilities SECUNIA ADVISORY ID: SA21394
VERIFY ADVISORY: http://secunia.com/advisories/21394/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the Winsock API when handling hostnames can be exploited to cause a buffer overflow by either tricking a user into opening a file or visiting a specially crafted website. Successful exploitation allows execution of arbitrary code. 2) A boundary error in the DNS Client service when processing DNS responses can be exploited to cause a buffer overflow by returning a specially crafted DNS response. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=144408a7-3011-458a-bc79-49b1658aa25d Windows XP SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=c332b95a-2956-406b-9e06-07c5e96b02e3 Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=1be5310b-1995-4ef9-a462-04da9833f50b Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=6d027e72-1f94-44de-95f9-f52000a991cc Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=18477016-0b70-4c86-90c7-3535d365b7c1 Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=583b741c-47e2-429d-9d50-44670bb2f452 ORIGINAL ADVISORY: MS06-041 (KB920683): http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
