---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Unspecified USB Device Driver Vulnerability SECUNIA ADVISORY ID: SA16210 VERIFY ADVISORY: http://secunia.com/advisories/16210/ CRITICAL: Less critical IMPACT: System access WHERE: Local system OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 98 http://secunia.com/product/12/ Microsoft Windows 98 Second Edition http://secunia.com/product/13/ Microsoft Windows Millenium http://secunia.com/product/14/ Microsoft Windows NT 4.0 Server http://secunia.com/product/18/ Microsoft Windows NT 4.0 Server, Terminal Server Edition http://secunia.com/product/19/ Microsoft Windows NT 4.0 Workstation http://secunia.com/product/15/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people with physical access to a vulnerable system to compromise it. The vulnerability is caused due to an unspecified boundary error in a USB device driver and can be exploited to cause a buffer overflow via a specially crafted USB device. Successful exploitation allows execution of arbitrary code with SYSTEM privileges, but requires physical access to a vulnerable system SOLUTION: Restrict physical access to vulnerable systems. Disable USB support. PROVIDED AND/OR DISCOVERED BY: SPI Dynamics ORIGINAL ADVISORY: eWeek: http://www.eweek.com/article2/0,1759,1840131,00.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------