---------------------------------------------------------------------- Secunia integrated with Microsoft WSUS http://secunia.com/blog/71/ ---------------------------------------------------------------------- TITLE: Microsoft Data Analyzer ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA38503 VERIFY ADVISORY: http://secunia.com/advisories/38503/ DESCRIPTION: A vulnerability has been reported in Microsoft Data Analyzer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the Microsoft Data Analyzer ActiveX control (max3activex.dll). This can be exploited to cause a system state corruption and execute arbitrary code via a specially crafted web page. SOLUTION: Apply patches. Microsoft Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyID=543dc6a7-fa76-4ba9-81e4-25fdf2013548 Windows XP SP2/SP3: http://www.microsoft.com/downloads/details.aspx?FamilyID=7bcf3945-0552-478e-b7f3-bbca97dd1b5d Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=25ef97e8-e76e-44c2-953c-f94cbac552cf Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=29ff72f7-1663-4f35-a794-2dfe3c17b39c Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?FamilyID=d4a97bb7-4f74-4884-9a6e-7a4df9c540fb Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=b84f0be4-6d11-4b07-bb3c-2c76ae9ceea8 Windows Vista (optionally with SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=2c897ddd-f441-41d4-b5b4-d794cfc96e6b Windows Vista x64 Edition (optionally with SP1 or SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=f349f7aa-d020-4e0d-a35f-518a63ec92df Windows Server 2008 for 32-bit Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=9a85b1bf-7427-47d0-9e1b-21dbe824a62c Windows Server 2008 for x64-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=fde218c3-90ab-4664-852d-25ca55835054 Windows Server 2008 for Itanium-based Systems (optionally with SP2): http://www.microsoft.com/downloads/details.aspx?FamilyID=5b6e9451-df38-4626-bb1d-4fc160d7a40e Windows 7 for 32-bit Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=ec6d996f-dffa-45ad-9467-e96a4ac63e5f Windows 7 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=b3265576-04c1-48b1-8ce9-128843c58cf5 Windows Server 2008 R2 for x64-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=cda31c54-8b81-4185-a623-64480ad4b73c Windows Server 2008 R2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?FamilyID=43fa4e26-160f-4aa3-a03d-b98a79666a18 NOTE: The listed patches fix additional vulnerabilities in third-party ActiveX controls by setting corresponding kill-bits. PROVIDED AND/OR DISCOVERED BY: The vendor credits Shaun Colley, NGS Software. ORIGINAL ADVISORY: Microsoft (978262): http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------