TITLE: Microsoft Windows ActiveX Controls ATL "OleLoadFromStream()" Vulnerability Critical: Extremely critical Impact: Security Bypass, System access Where: From remote SECUNIA ADVISORY ID: SA36997 VERIFY ADVISORY: http://secunia.com/advisories/36997/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. The vulnerability is caused due to multiple ActiveX controls using the "OleLoadFromStream()" ATL function in an unsafe manner. This is related to vulnerability #2 in: SA35967 Successful exploitation allows execution of arbitrary code. NOTE: This vulnerability is reportedly being actively exploited. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=edfea805-9544-4dc0-a52c-d7594205657b Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=171d43d3-669c-4923-b266-e47591833c05 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=171d43d3-669c-4923-b266-e47591833c05 Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=f3249c99-82e4-45dc-a254-28e647e822c8 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=1ad3f7b3-58d5-4507-ae20-a265e47cee9c Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=575e75d9-e348-4fbb-9eaa-43240e4d715e Windows Vista (optionally with SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=7313c03b-8844-4086-a0cc-43dfdb3ca48c Windows Vista x64 Edition (optionally with SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=7216bcb1-ff16-402b-ad1b-1500d46d0157 Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=51eb56fa-8204-45f3-86d7-6d03a2c8d78d Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=131b047a-ae93-4a99-83e5-71d5a79e96ea Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=3d16c5bf-ee5c-4220-9755-5cb92eac2aae Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=b64bcc14-38a7-45b9-8f85-acc573777506 Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=809e29f3-ec68-4a2b-b04e-11759dd16001 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=bcd2b944-6852-48f2-820b-cce7d195e391 Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=85e76e55-3766-4ffe-9a18-8655de935b7c ORIGINAL ADVISORY: Microsoft (KB973525): http://www.microsoft.com/technet/security/bulletin/ms09-055.mspx OTHER REFERENCES: SA35967: http://secunia.com/advisories/35967/ ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-