SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (Microsoft)  >   Windows Search Vendors:   Microsoft
Windows Search Bugs Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1021366
SecurityTracker URL:  http://securitytracker.com/id/1021366
CVE Reference:   CVE-2008-4268, CVE-2008-4269   (Links to External Site)
Date:  Dec 9 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista, Vista SP1, 2008
Description:   Two vulnerabilities were reported in Windows Search on Microsoft Vista and Windows 2008. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted saved search file that, when loaded by the target user, will trigger a memory free error and execute arbitrary code on the target system [CVE-2008-4268]. The code will run with the privileges of the target user.

A remote user can create a specially crafted 'search-ms' URL that, when loaded by the target user, will pass unsafe parameter values to Windows Explorer and execute arbitrary code on the target system [CVE-2008-4269]. The code will run with the privileges of the target user.

The Windows Search add-on for Windows XP is not affected by either vulnerability.

Andre Protas of eEye Digital Security reported the saved search vulnerability. Nate McFeters reported the search parsing vulnerability.

Impact:   A remote user can create a file or URL that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=0DCC5373-0435-42D5-864D-298E5BB122D9

Windows Vista and Windows Vista Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=5B1B65F0-6848-47C6-BDD5-BE3C0621B323

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=2112C5C8-7C9F-4491-B127-B1093085E105

Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?familyid=EB1D0FFE-1644-457B-9E82-768BD4C7F7AB

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=90AB7E6F-5AE7-4F55-8838-868FC98D8A16

Windows Server 2008 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=470D506F-77AE-4A44-8598-DF645F484295

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=E1DEAB57-ADA2-4B12-9157-5615E7B0071D

Windows Server 2008 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=E41F23E4-6A2F-4EBB-B425-D241A08DA316

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=48BED90D-C243-4969-8E54-326D9A7AF343

Windows Server 2008 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=83DE2263-DE2A-4C13-96BA-ECFEBDAF0BB9

Application Compatibility Toolkit 5.0:

http://www.microsoft.com/downloads/details.aspx?familyid=24DA89E9-B581-47B0-B45E-492DD6DA2971

A restart is required.

The vendor's advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-075.mspx (Links to External Site)
Cause:   Access control error, Input validation error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC