Secunia Security Advisory - A vulnerability has been reported in Microsoft Windows XP and 2003, which can be exploited by malicious people to compromise a vulnerable system.
dbf21616a2deab6a07c994e593b5f70833fa631ad8916a4ac0f803672cab67e5
TITLE:
Microsoft Windows Indexing Service Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA13802
VERIFY ADVISORY:
http://secunia.com/advisories/13802/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows XP and 2003,
which can be exploited by malicious people to compromise a vulnerable
system.
The vulnerability is caused due to an unchecked buffer in the
indexing service. This can be exploited to execute arbitrary code
through a malicious query.
Note: This vulnerability has been set to "From Remote" because the
indexing service can be configured to be accessible through Internet
Information Services (IIS).
SOLUTION:
Apply patches.
Microsoft Windows XP (requires Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=FB8A7622-94AB-44E7-85C3-163BAC4602E2
Microsoft Windows XP 64-Bit Edition (requires Service Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=30A83F1D-87E9-4720-8316-191AE509F094
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C3474E75-1FE2-4215-8A8D-A9244FF93419
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=50F72DC5-5DD6-4D12-A91C-6815EC8203EF
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C3474E75-1FE2-4215-8A8D-A9244FF93419
Note: Microsoft has also issued patches for Microsoft Windows 2000
which provides a security enhancement. However, Microsoft Windows
2000 is not affected by the vulnerability. See original advisory for
details.
ORIGINAL ADVISORY:
MS05-003 (KB871250):
http://www.microsoft.com/technet/security/Bulletin/MS05-003.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------