Thursday, April 12, 2007

Microsoft Agent URL Parsing Memory Corruption Vulnerability - agentdpv.dll

Secunia Advisory: SA22896
Release Date: 2007-04-10
Last Update: 2007-04-11


Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch


OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional




CVE reference: CVE-2007-1205

Description:
Secunia Research has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in Microsoft Agent (agentdpv.dll) when processing specially crafted URLs passed as arguments to certain methods.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website with Internet Explorer.

Solution:
Apply patches.

Windows XP (requires SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=e16ededa-6e8c-40d6-a3c0-d61362411acc

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=23909036-898f-41af-a3de-4a899a15d25d


Credits: discovered by JJ Reyes and Carsten Eiram, Secunia Research.

Changelog:
2007-04-11: Added link to US-CERT.

Original Advisory:
MS07-020 (KB932168):
http://www.microsoft.com/technet/security/Bulletin/MS07-020.mspx

Secunia Research:
http://secunia.com/secunia_research/2006-74/

Other References:
US-CERT VU#728057:
http://www.kb.cert.org/vuls/id/728057

Labels: , , ,

posted by Xnet Solutions : Microsoft Agent URL Parsing Memory Corruption Vulnerability - agentdpv.dll

Thursday, April 5, 2007

Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow

Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow

Secunia Advisory: SA24742
Release Date: 2007-04-04

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Yahoo! Messenger 5.x , Yahoo! Messenger 6.x , Yahoo! Messenger 7.x, Yahoo! Messenger 8.x
CVE reference: CVE-2007-1680

Description:
A vulnerability has been reported in Yahoo! Messenger, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the AudioConf ActiveX control (yacscom.dll) component of Yahoo! Messenger. This can be exploited to cause a stack-based buffer overflow by setting the "socksHostname" and "hostName" properties to an overly large string and then calling the "createAndJoinConference()" method.

Successful exploitation allows execution of arbitrary code when a user visits a malicious web site.

The vulnerability is reported in version 8.x. Other versions may also be affected.

Solution: Update to the latest version.
http://messenger.yahoo.com

Labels: , ,

posted by Xnet Solutions : Yahoo! Messenger AudioConf ActiveX Control Buffer Overflow