Executive Summary
Summary | |
---|---|
Title | Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search |
Informations | |||
---|---|---|---|
Name | VU#468227 | First vendor Publication | 2008-12-09 |
Vendor | VU-CERT | Last vendor Modification | 2008-12-09 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 8.5 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#468227Microsoft Vista and Server 2008 vulnerable to memory corruption via saved searchOverviewMicrosoft Windows Vista and Server 2008 contain a memory corruption vulnerability when saving a specially crafted search file. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.I. DescriptionIn Windows Vista and Server 2008, users can save searches as a search folder that is generated by a .search-ms XML file. Microsoft Windows fails to properly parse .search-ms files, which can result in memory corruption.II. ImpactBy convincing a user to save a specially crafted search specified by a .search-ms file, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.III. SolutionApply an updateThis vulnerability is addressed in Microsoft Security Bulletin MS08-075. This bulletin also includes several workarounds, including changing the file association for .search-ms files and denying the ability to save searches.
References
Thanks to Andre Protas of eEye for reporting this vulnerability. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/468227 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5853 | |||
Oval ID: | oval:org.mitre.oval:def:5853 | ||
Title: | Windows Saved Search Vulnerability | ||
Description: | The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4268 | Version: | 3 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 4 | |
Os | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-14 | Name : Microsoft Windows Search Remote Code Execution Vulnerability (959349) File : nvt/gb_ms08-075.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
50565 | Microsoft Windows Explorer Saved Search File Handling Arbitrary Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-12-11 | IAVM : 2008-B-0083 - Multiple Windows Search Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0017913 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft search file attachment detected RuleID : 21880 - Revision : 12 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft search file attachment detected RuleID : 21879 - Revision : 11 - Type : FILE-IDENTIFY |
2014-01-10 | Microsoft search file download request RuleID : 13911 - Revision : 22 - Type : FILE-IDENTIFY |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-12-10 | Name : Vulnerabilities in the Windows Shell may allow an attacker to execute privile... File : smb_nt_ms08-075.nasl - Type : ACT_GATHER_INFO |