TITLE: Microsoft Windows Media Services Buffer Overflow Vulnerability Highly critical Impact: System access Where: From remote VERIFY ADVISORY: http://secunia.com/advisories/39377/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in handling of transport information network packets in Windows Media Unicast Service (nsum.exe) and can be exploited to cause a stack-based buffer overflow via a specially crafted packet. Successful exploitation allows execution of arbitrary code. NOTE: Windows Media Services is an optional component and is not installed by default. SOLUTION: Apply patch. Microsoft Windows 2000 Server SP4: http://www.microsoft.com/downloads/details.aspx?familyid=73B3D681-26BB-49C1-849E-1F72484CB978 ORIGINAL ADVISORY: MS10-025 (KB980858): http://www.microsoft.com/technet/security/bulletin/MS10-025.mspx ========================= The list's FAQ's can be seen by sending an email to PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line. To unsubscribe, subscribe, set Digest or Vacation to on or off, go to //www.freelists.org/list/pcworks . You can also send an email to PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your member list settings can be found at //www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have access to numerous other email options. The list archives are located at //www.freelists.org/archives/pcworks/ . All email posted to the list will be placed there in the event anyone needs to look for previous posts. -zxdjhu-