---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Kodak Image Viewer Code Execution SECUNIA ADVISORY ID: SA27092 VERIFY ADVISORY: http://secunia.com/advisories/27092/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the Kodak Image Viewer when processing certain image files. This can be exploited to cause a memory corruption when a user e.g. visits a specially crafted web page or opens a specially crafted email. Successful exploitation allows execution of arbitrary code. NOTE: Supported editions of Windows XP and Windows Server 2003 are only vulnerable when upgraded from Windows 2000. SOLUTION: Apply updates. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=29763117-c2dc-4746-b31e-0b27350118e6 Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=be52f740-e9c9-4228-95c0-00995213bbd0 Windows Server 2003 SP1/SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=9a5c9e5d-4908-48bf-9346-745b4c6f6d4e PROVIDED AND/OR DISCOVERED BY: The vendor credits Cu Fang. ORIGINAL ADVISORY: MS07-055 (KB923810): http://www.microsoft.com/technet/security/Bulletin/MS07-055.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------