Microsoft Windows COM code execution
| win-com-execute-code (22473) |  High Risk |
Description:
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the process COM+ uses to create and use memory structures. A remote attacker could send a specially-crafted network message to execute arbitrary code on the system.
On Windows XP SP2, Windows Server 2003 and Windows Server 2003 SP1, this vulnerability could be exploited by a local attacker to gain elevated privileges on the system.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-051. See References.
For Windows 2000:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-018. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS05-051, which was superseded by the patch released with MS06-018.
For CallPilot: Apply the fix as listed in Security Advisory P-2005-0056-Global, available from the Nortel Networks Web site. See References. A login account is required for access.
References:
- Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400).
- Microsoft Security Bulletin MS06-018: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580).
- Security Advisory P-2005-0056-Global: Nortel Networks: Log In Required.
- BID-15057: Microsoft MSDTC COM+ Remote Code Execution Vulnerability
- CVE-2005-1978: COM+ in Microsoft Windows does not properly create and use memory structures
- SA17161: Microsoft Windows MSDTC and COM+ Vulnerabilities
- SA17172: Avaya Various Products Multiple Vulnerabilities
- SA17223: Nortel Centrex IP Client Manager Multiple Vulnerabilities
- SA17509: Nortel CallPilot Multiple Vulnerabilities
- US-CERT VU#950516: Microsoft COM+ contains a memory management flaw
Platforms Affected:
- Microsoft Windows 2000 SP4
- Microsoft Windows 2003
- Microsoft Windows 2003 Server Itanium
- Microsoft Windows 2003 Server SP1 Itanium
- Microsoft Windows 2003 Server SP1
- Microsoft Windows 2003 Server x64
- Microsoft Windows XP SP1
- Microsoft Windows XP x64 Professional
- Microsoft Windows XP SP2
- Nortel CallPilot
Reported:
Oct 11, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net