|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA21851] Microsoft Windows Pragmatic General Multicast Code Execution
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Tue Sep 12 2006 - 13:32:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts.
We will help with relocation and obtaining a work permit.
Currently the following type of positions are available:
http://secunia.com/quality_assurance_analyst/
http://secunia.com/web_application_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
----------------------------------------------------------------------
TITLE:
Microsoft Windows Pragmatic General Multicast Code Execution
SECUNIA ADVISORY ID:
SA21851
VERIFY ADVISORY:
http://secunia.com/advisories/21851/
CRITICAL:
Moderately critical
IMPACT:
System access
WHERE:
From local network
OPERATING SYSTEM:
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows XP, which can
be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of PGM
(Pragmatic General Multicast) messages and can be exploited via a
specially crafted multicast message.
Successful exploitation allows execution of arbitrary code, but
requires that the MSMQ (Microsoft Message Queuing) service is
installed (not installed by default).
SOLUTION:
Apply patch.
Microsoft Windows XP SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=ce264ac4-6ca3-4732-9016-3143ff1bca2f
PROVIDED AND/OR DISCOVERED BY:
The vendor credits David Warden, NuPaper.
ORIGINAL ADVISORY:
MS06-052 (KB919007):
http://www.microsoft.com/technet/security/Bulletin/MS06-052.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]