Microsoft Windows SearchPath Function May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1022047 |
|
SecurityTracker URL: http://securitytracker.com/id/1022047
|
|
CVE Reference:
CVE-2008-2540
(Links to External Site)
|
Date: Apr 14 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 2000 SP4, 2003 SP2, XP SP3, Vista SP1, 2008; and prior service packs
|
Description:
A vulnerability was reported in Microsoft Windows. A remote user may be able to cause arbitrary code to be executed on the target user's system in certain cases.
A remote user may be able to conduct a "blended attack" and exploit the way that the SearchPath function in Windows locates and opens files on the system. A remote user can create a specially crafted file that, when downloaded by the target user to a specific location, may be later executed by the target user when the target user opens an application.
[Editor's note: Aviv Raff originally reported this vulnerability as affecting applications (such as Apple Safari) in conjunction with Microsoft Windows. See Alert ID 1020150.]
|
Impact:
A remote user may be able to cause arbitrary code to be executed on the target user's system.
|
Solution:
The vendor has issued the following fixes:
Microsoft Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?familyid=c4e408d7-6716-4a12-ad3a-8029667f5c84
Windows XP Service Pack 2 and Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=3de0684d-605c-489b-bdc7-08bce9b2d4f6
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=b743a7fe-7bf4-420d-a72e-39471e5659fa
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=992bb0cd-fbc7-4a7c-9088-f7f9d9a3ead0
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=f0a58e8c-7d63-4d7d-ba95-b3787cf408f0
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=00c6479d-f81f-445d-b8e4-7b71d77d540a
Windows Vista and Windows Vista Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=2b672d45-f33b-4edc-9f22-2f2c8c726a8b
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=7576e7d5-5bb1-4a53-b568-1ee0500ce721
Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=6b73cf5e-66fe-4b7d-95fc-91a1c262c1e5
Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=7e60847c-b341-4c38-bc25-2e3cf2d4ae14
Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=de1c2b4b-af47-4b9a-8363-720e5527573c
A restart is required.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms09-015.mspx (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 14 Apr 2009 15:03:00 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms09-015.mspx
|
Microsoft Security Bulletin MS09-015 – Moderate: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege (959426)
CVE-2008-2540
|
|
