Microsoft Windows hxvz.dll ActiveX Control Memory Corruption - Security - World -


Editor Login \| Register		Ekle

> World > Security

Microsoft Windows hxvz.dll ActiveX Control Memory Corruption - Security - World -

(Date : 09.04.2008 05:58:22)

Microsoft Windows hxvz.dll ActiveX Control Memory Corruption

Secunia Advisory:	SA29714
Release Date:	2008-04-08

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Vendor Patch

OS:	Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP Home Edition Microsoft Windows XP Professional


CVE reference:	CVE-2008-1086 (Secunia mirror)

Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to an error in the hxvz.dll ActiveX control and can be exploited to cause a memory corruption when a user e.g. is tricked into visiting a malicious website.

Successful exploitation allows execution of arbitrary code.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.

Solution:
Apply patches.

Windows 2000 SP4 with Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/de...=0395451F-B719-4F71-A7B4-403D0C7E8FCC

Windows 2000 SP4 with Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/de...=BA6D3AEB-E35A-47CC-BACE-7BD9D58A9D3F

Windows XP SP2:
http://www.microsoft.com/downloads/de...=9DBF002F-FE53-4CC7-A430-35F45C520D10

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=01400970-DF68-4DAF-AA39-2FC4F969974C

Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=AD384FEA-53BE-4BE3-8ACB-1CD23A7F5405

Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=FFC5C893-CB24-4875-B0A7-6D5C7AA4D642

Windows Server 2003 with SP1/SP2 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=94CF78D3-B6C3-41BC-993E-3AF3BE0D70F1

Windows Vista (optionally with SP1):
http://www.microsoft.com/downloads/de...=D7F14001-7F42-4CA0-9193-CDF061179B59

Windows Vista x64 Edition (optionally with SP1):
http://www.microsoft.com/downloads/de...=D33462B6-7391-482D-BABE-FB4CD0BEAA21

Windows Server 2008 for 32-bit Systems:
http://www.microsoft.com/downloads/de...=95691924-2813-4A86-9E11-99D853F8E606

Windows Server 2008 for x64-based Systems:
http://www.microsoft.com/downloads/de...=920AE29B-19D0-4089-AC79-F2DA824A2256

Windows Server 2008 for Itanium-based Systems:
http://www.microsoft.com/downloads/de...=66DF79AC-8364-4922-9688-EBC7EC76D89F

Provided and/or discovered by:
The vendor credits an anonymous researcher, reported via iDefense Labs.

Original Advisory:
MS08-023 (948881)
http://www.microsoft.com/technet/security/Bulletin/MS08-023.mspx

Derecelendir

Kaynak

http://secunia.com/advisories/29714/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project