فا

‫ Microsoft Windows Memory Corruption and Arbitrary Library Loading Vulnerabilities

ID: IRCAD2015033812
Release Date: 2015-03-10
Criticality level: Highly critical
Software:
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows RT
Microsoft Windows RT 8.1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.
1) A boundary error in Windows Text Services can be exploited to cause memory corruption.
Successful exploitation of this vulnerability may allow execution of arbitrary code.
2) An error when handling icons referenced in .LNK and .PIF files can be exploited to load arbitrary libraries by tricking a user into opening a directory containing a specially crafted .LNK or .PIF file.
Solution
Apply update.
References:
Microsoft (KB3041836, KB3033889, KB3039066):
ZDI:
Protek Research Labs:
Secunia:
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 3 فروردین 1394

امتیاز

امتیاز شما
تعداد امتیازها: 0