---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Explorer Search Handling Vulnerabilities SECUNIA ADVISORY ID: SA33053 VERIFY ADVISORY: http://secunia.com/advisories/33053/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows Vista http://secunia.com/advisories/product/13223/ Microsoft Windows Server 2008 http://secunia.com/advisories/product/18255/ DESCRIPTION: Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to potentially compromise a vulnerable system. 1) Windows Explorer does not properly free memory when saving Windows Search files. This may be exploited to execute arbitrary code by saving a specially crafted search file using Windows Explorer. 2) Windows Explorer does not properly handle parameters when parsing the search-ms protocol. This can be exploited to execute arbitrary code via a website with a specially crafted call to the search-ms protocol handler. The vulnerabilities may be exploited to execute arbitrary code by tricking a user into opening and saving a specially crafted saved-search file or visiting a malicious website. SOLUTION: Apply patches. Windows Vista and Windows Vista SP1 (KB958623): http://www.microsoft.com/downloads/details.aspx?familyid=0DCC5373-0435-42D5-864D-298E5BB122D9 Windows Vista and Windows Vista SP1 (KB958624): http://www.microsoft.com/downloads/details.aspx?familyid=5B1B65F0-6848-47C6-BDD5-BE3C0621B323 Windows Vista x64 Edition and Windows Vista x64 Edition SP1 (KB958623): http://www.microsoft.com/downloads/details.aspx?familyid=2112C5C8-7C9F-4491-B127-B1093085E105 Windows Vista x64 Edition and Windows Vista x64 Edition SP1 (KB958624): http://www.microsoft.com/downloads/details.aspx?familyid=EB1D0FFE-1644-457B-9E82-768BD4C7F7AB Windows Server 2008 for 32-bit Systems (KB958623): http://www.microsoft.com/downloads/details.aspx?familyid=90AB7E6F-5AE7-4F55-8838-868FC98D8A16 Windows Server 2008 for 32-bit Systems (KB958624): http://www.microsoft.com/downloads/details.aspx?familyid=470D506F-77AE-4A44-8598-DF645F484295 Windows Server 2008 for x64-based Systems (KB958623): http://www.microsoft.com/downloads/details.aspx?familyid=E1DEAB57-ADA2-4B12-9157-5615E7B0071D Windows Server 2008 for x64-based Systems (KB958624): http://www.microsoft.com/downloads/details.aspx?familyid=E41F23E4-6A2F-4EBB-B425-D241A08DA316 Windows Server 2008 for Itanium-based Systems (KB958623): http://www.microsoft.com/downloads/details.aspx?familyid=48BED90D-C243-4969-8E54-326D9A7AF343 Windows Server 2008 for Itanium-based Systems (KB958624): http://www.microsoft.com/downloads/details.aspx?familyid=83DE2263-DE2A-4C13-96BA-ECFEBDAF0BB9 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Andre Protas, eEye Digital Security. 2) The vendor credits Nate McFeters. ORIGINAL ADVISORY: MS08-075 (KB959349): http://www.microsoft.com/technet/security/Bulletin/MS08-075.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------