Windows Media Services ActiveX Control Buffer Overflow in CallHTMLHelp() Function Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1020733 |
|
SecurityTracker URL: http://securitytracker.com/id/1020733
|
|
CVE Reference:
CVE-2008-5232
(Links to External Site)
|
Updated: Aug 20 2009
|
Original Entry Date: Aug 25 2008
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Exploit Included: Yes
|
|
Description:
A vulnerability was reported in Windows Media Services. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create specially crafted HTML that, when loaded by the target user, will invoke a Windows Media Services ActiveX control and trigger a buffer overflow to execute arbitrary code on the target system. The code will run with the privileges of the target user.
A specially crafted call to CallHTMLHelp() can trigger the overflow in 'nskey.dll'.
The CLSID of the vulnerable control is: 2646205B-878C-11D1-B07C-0000C040BCDB
Jeremy Brown reported this vulnerability.
The original advisory is available at:
http://packetstormsecurity.org/0808-exploits/wms-overflow.txt
|
Impact:
A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor silently issued a fix.
|
Vendor URL: www.microsoft.com/ (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (2000)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Sun, 24 Aug 2008 23:58:10 -0400
Subject: Windows Media Services (nskey.dll)
|
http://packetstormsecurity.org/0808-exploits/wms-overflow.txt
|
|
