Windows Search Bugs Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1021366 |
|
SecurityTracker URL: http://securitytracker.com/id/1021366
|
|
CVE Reference:
CVE-2008-4268, CVE-2008-4269
(Links to External Site)
|
Date: Dec 9 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Vista, Vista SP1, 2008
|
Description:
Two vulnerabilities were reported in Windows Search on Microsoft Vista and Windows 2008. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted saved search file that, when loaded by the target user, will trigger a memory free error and execute arbitrary code on the target system [CVE-2008-4268]. The code will run with the privileges of the target user.
A remote user can create a specially crafted 'search-ms' URL that, when loaded by the target user, will pass unsafe parameter values to Windows Explorer and execute arbitrary code on the target system [CVE-2008-4269]. The code will run with the privileges of the target user.
The Windows Search add-on for Windows XP is not affected by either vulnerability.
Andre Protas of eEye Digital Security reported the saved search vulnerability. Nate McFeters reported the search parsing vulnerability.
|
Impact:
A remote user can create a file or URL that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=0DCC5373-0435-42D5-864D-298E5BB122D9
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=5B1B65F0-6848-47C6-BDD5-BE3C0621B323
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2112C5C8-7C9F-4491-B127-B1093085E105
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=EB1D0FFE-1644-457B-9E82-768BD4C7F7AB
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=90AB7E6F-5AE7-4F55-8838-868FC98D8A16
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=470D506F-77AE-4A44-8598-DF645F484295
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=E1DEAB57-ADA2-4B12-9157-5615E7B0071D
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=E41F23E4-6A2F-4EBB-B425-D241A08DA316
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=48BED90D-C243-4969-8E54-326D9A7AF343
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=83DE2263-DE2A-4C13-96BA-ECFEBDAF0BB9
Application Compatibility Toolkit 5.0:
http://www.microsoft.com/downloads/details.aspx?familyid=24DA89E9-B581-47B0-B45E-492DD6DA2971
A restart is required.
The vendor's advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms08-075.mspx (Links to External Site)
|
Cause:
Access control error, Input validation error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 9 Dec 2008 13:27:41 -0500
Subject: http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx
|
Microsoft Security Bulletin MS08-075 – Critical: Vulnerabilities in Windows Search Could Allow Remote Code Execution (959349)
CVE-2008-4268
CVE-2008-4269
|
|
