[PCWorks] Microsoft Indexing Service ActiveX Control Memory Corruption

  • From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
  • Date: Wed, 14 Oct 2009 05:29:08 -0500

TITLE:
Microsoft Indexing Service ActiveX Control Memory Corruption

Critical:  Highly critical
Impact:  System access
Where:  From remote

SECUNIA ADVISORY ID:
SA37000

VERIFY ADVISORY:
http://secunia.com/advisories/37000/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which 
can be
exploited by malicious people to potentially compromise a 
user's
system.

The vulnerability is caused due to an error in an ActiveX 
control
included with the Indexing service. This can be exploited to 
corrupt
memory when specially crafted URLs are processed by the 
affected
ActiveX control.

Successful exploitation may allow execution of arbitrary code, 
but
requires that the Indexing Service is enabled.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?familyid=b34d94b5-b828-4e16-a636-04344c60d945

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?familyid=768fd74e-0a2f-4353-ac22-65d0d6321739

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=270ec100-5ba1-4f8c-aa36-105d30ad57bf

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=78072164-84d1-44da-8ede-2a9d212d47a9

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?familyid=8aa1f97d-ad53-4450-bb93-4a147dd10a87

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=fb5678b9-5ef1-42db-902e-c9ea02880e0a

ORIGINAL ADVISORY:
Microsoft (KB969059):
http://www.microsoft.com/technet/security/bulletin/MS09-057.mspx


=========================
The list's FAQ's can be seen by sending an email to 
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.

To unsubscribe, subscribe, set Digest or Vacation to on or off, go to 
//www.freelists.org/list/pcworks .  You can also send an email to 
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line.  Your 
member list settings can be found at 
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks .  Once logged in, you have 
access to numerous other email options.  

The list archives are located at //www.freelists.org/archives/pcworks/ .  
All email posted to the list will be placed there in the event anyone needs to 
look for previous posts.
-zxdjhu-

Other related posts:

  • » [PCWorks] Microsoft Indexing Service ActiveX Control Memory Corruption - Clint Hamilton-PCWorks Admin
  1. Home
  2. pcworks
  3. Archive
  4. 10-2009