SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Windows Address Book May Load DLLs Unsafely and Remotely Execute Arbitrary Code
SecurityTracker Alert ID:  1024878
SecurityTracker URL:  http://securitytracker.com/id/1024878
CVE Reference:   CVE-2010-3147   (Links to External Site)
Date:  Dec 14 2010
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7, 2008 R2; and prior service packs
Description:   A vulnerability was reported in Windows Address Book. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted DLL file on a remote share (e.g., WebDAV, SMB share). When the target application is loaded by the target user and the target user opens a Windows Address Book file on that remote share, the application may load the remote user's DLL instead of the intended DLL and execute arbitrary code. The code will run with the privileges of the target user.

This type of exploit is also known as "binary planting" or "DLL preloading".

Simon Raner of ACROS Security, HD Moore of Rapid7, and Muhaimin Dzulfakar of NGS Software reported this vulnerability.

Impact:   A remote user can may be able to cause a target application to execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following fixes:

Windows XP Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?familyid=46BAA431-126C-4FA5-9A7B-525008E2817D

Windows XP Professional x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=B9CE9D62-2EAA-48D8-BB6D-EA137E63D077

Windows Server 2003 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=E0B2837C-019B-419B-954D-5BDC71A3A332

Windows Server 2003 x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=4C5CB600-9A39-40A0-BE42-1593B1E0B97D

Windows Server 2003 with SP2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=9ABC8270-F3AC-474D-9EBC-410AAA6262CC

Windows Vista Service Pack 1 and Windows Vista Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=A1C7F1B5-E054-4CD6-857D-2AB0A2FE9F62

Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=73624B68-A69D-4517-B971-F0B7D2CCC9D6

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=118F528F-BD05-49C2-A4A4-78314CD00992

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=77E288FB-B51F-4F57-BAAC-1443D8FBD37B

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?familyid=82F71194-6F1F-4F43-8752-4BF5E5F94A93

Windows 7 for 32-bit Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=4E8AD5CD-AF27-4F00-9378-AD778B8EE7B3

Windows 7 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=35A3E821-B463-411C-858B-D01EB5AED42B

Windows Server 2008 R2 for x64-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=9E2C95F6-9381-4484-B11B-814AB9138118

Windows Server 2008 R2 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?familyid=CB4211F3-1082-4245-8F03-7CBAC90E9A31

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-096.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms10-096.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC