Security Microsoft WebDAV Mini-Redirector Code Execution Vulnerability

PHP Web Host - Quality Web Hosting For All PHP Applications

• Home • Downloads • Your Account • Forums •

Site Navigation

Home:

Donate o Meter

Help Keep Our Servers Online AND Our Services Free!

Donations

Please Link To Me!

Quality Web Hosting For All PHP Applications

Quality PHP Web Host!

Great Reviews!

Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?

Need help customizing or designing scripts?

Please contact us via the Contact Us option for further details and pricing.

Link to Me

There are more Link To Me icons here.

Site Info v2.2.2 ©

Microsoft WebDAV Mini-Redirector Code Execution Vulnerability

SECUNIA ADVISORY ID: SA28894

VERIFY ADVISORY: http://secunia.com/advisories/28894/

CRITICAL: Highly critical

IMPACT: System access

OPERATING SYSTEM:
Microsoft Windows XP Home Edition http://secunia.com/product/16/
Microsoft Windows XP Professional http://secunia.com/product/22/
Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/
Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/
Microsoft Windows Vista http://secunia.com/product/13223/

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the WebDAV Mini-Redirector (a.k.a Web Client service) when handling long pathnames in WebDAV responses. This can be exploited to cause a heap-based buffer overflow via a specially crafted WebDAV response. Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply patches.
Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8
Windows Server 2003 SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38
Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3
Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03a
Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585

PROVIDED AND/OR DISCOVERED BY: The vendor credits Steven, COSEINC Vulnerability Research Lab.

ORIGINAL ADVISORY: MS08-007 (KB946026): http://www.microsoft.com/technet/security/Bulletin/MS08-007.mspx

Posted on Tuesday, February 12, 2008 @ 17:34:19 EST by Raven

Related Links

· More about Security
· News by Raven

Most read story about Security:
PHP-Nuke *eid* SQL Injection Vulnerability

Article Rating

Average Score: 0
Votes: 0

Options

Printer Friendly Page

Send to a Friend

Associated Topics

All logos and trademarks in this site are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2011 by Raven

You can syndicate our news using the file

Website engines core code is © copyright by PHP-Nuke but has been heavily patched and modified by myself and others.
PHP-Nuke is a free software released under the GNU/GPL.

:: fisubice phpbb2 style by Daz :: PHP-Nuke theme by www.nukemods.com :::: fisubice Theme Modified by the RavenNuke™ Team ::
::