Microsoft WebDAV Mini-Redirector Code Execution Vulnerability

Posted on Tuesday, February 12, 2008 @ 17:34:19 UTC in Security
by Raven

SECUNIA ADVISORY ID: SA28894

VERIFY ADVISORY: http://secunia.com/advisories/28894/

CRITICAL: Highly critical

IMPACT: System access

OPERATING SYSTEM:
Microsoft Windows XP Home Edition http://secunia.com/product/16/
Microsoft Windows XP Professional http://secunia.com/product/22/
Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/
Microsoft Windows Storage Server 2003 http://secunia.com/product/12399/
Microsoft Windows Vista http://secunia.com/product/13223/

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the WebDAV Mini-Redirector (a.k.a Web Client service) when handling long pathnames in WebDAV responses. This can be exploited to cause a heap-based buffer overflow via a specially crafted WebDAV response. Successful exploitation allows execution of arbitrary code.

SOLUTION: Apply patches.
Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=afeef3ec-6160-4c1d-94bd-0bfce641d0a2
Windows XP Professional x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=15b7d1c4-4ef4-47b2-9e3b-22eafbdb90d8
Windows Server 2003 SP1 / SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=b7e725bf-7248-4119-aca5-b7d502c09cfc
Windows Server 2003 x64 Edition (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=8af82f86-731c-46a0-a025-b62447e2af38
Windows Server 2003 with SP1/SP2 for Itanium-based systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=bca224db-fe0e-411d-a948-1c776ce974f3
Windows Vista: http://www.microsoft.com/downloads/details.aspx?FamilyID=ba7a2b42-1c89-45e5-b8a6-049fa500c03a
Windows Vista x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=45962232-af78-42cb-bfa0-9ce7de199585

PROVIDED AND/OR DISCOVERED BY: The vendor credits Steven, COSEINC Vulnerability Research Lab.

ORIGINAL ADVISORY: MS08-007 (KB946026): http://www.microsoft.com/technet/security/Bulletin/MS08-007.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info

Last SeenLast Seen
  • neralex
  • nextgen
Server TrafficServer Traffic
  • Total: 482,306,583
  • Today: 24,848
Server InfoServer Info
  • Apr 18, 2024
  • 04:48 pm UTC
 
 

Site Navigation