Secunia Advisory: | SA26753 | |
Release Date: | 2007-09-11 | |
Critical: | Highly critical | |
Impact: | System access | |
Where: | From remote | |
Solution Status: | Vendor Patch | |
OS: | Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server | |
CVE reference: | CVE-2007-3040 (Secunia mirror) |
A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an error in the Microsoft Agent component when handling URLs and can be exploited to cause memory corruption via a specially crafted URL.
Successful exploitation may allow execution of arbitrary code on a user's system when e.g. visiting a malicious website.
Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/
Solution:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=7cd248ed-d154-4dce-89ef-ceefd2700965
Provided and/or discovered by:
The vendor credits the following:
* Assurent Secure Technologies
* Yamata Li, Palo Alto Networks.
* An anonymous researcher via iDefense.
Original Advisory:
MS07-051 (KB938827):
http://www.microsoft.com/technet/security/Bulletin/MS07-051.mspx
Extended Solution:
The "Extended Solution" section is available for Secunia customers only. Request a trial and get access to the Secunia Customer Area and Extended Secunia advisories.
資料來源 http://secunia.com/advisories/26753/
全站熱搜
留言列表