---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Microsoft Windows "ShellExecute()" Input Validation Vulnerability SECUNIA ADVISORY ID: SA38501 VERIFY ADVISORY: http://secunia.com/advisories/38501/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error in the implementation of the "ShellExecute()" function. This can be exploited to execute arbitrary local binaries by tricking a user into e.g. opening a specially crafted web page. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=92234237-a8eb-4ce4-bc5e-cd86feb7dbd3 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=b8e7bf17-a037-4200-9ae2-2280b19766a4 Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=b8d83f30-9cd7-4d6b-b2b9-65d0a483cb9c Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=5cb2e203-18fb-4887-a1c9-289d86b8ba11 Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=90360537-9311-45e2-8047-9a971f90c3c3 Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=d695ca9f-a1db-4c0f-94b6-7112861c28da PROVIDED AND/OR DISCOVERED BY: Brett Moore of Insomnia Security, reported via ZDI. Lostmon Lords. CHANGELOG: 2010-02-10: Added additional information provided by ZDI. 2010-02-11: Added additional information provided by Lostmon Lords. ORIGINAL ADVISORY: Microsoft (KB975713): http://www.microsoft.com/technet/security/Bulletin/MS10-007.mspx ZDI: http://www.zerodayinitiative.com/advisories/ZDI-10-016/ Lostmon Lords: http://lostmon.blogspot.com/2010/02/internet-explorer-7-8-url-validation.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------