Microsoft Windows Indexing Service Buffer Overflow Vulnerability
BID:12228
Info
Microsoft Windows Indexing Service Buffer Overflow Vulnerability
| Bugtraq ID: | 12228 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0897 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | This issue was announced by Microsoft. |
| Vulnerable: |
Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows 2000 Terminal Services SP4 Microsoft Windows 2000 Terminal Services SP3 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 |
| Not Vulnerable: | |
Discussion
Microsoft Windows Indexing Service Buffer Overflow Vulnerability
Microsoft Indexing Service is reported prone to a buffer overflow vulnerability. This issue results from insufficient boundary checks performed by the application when copying user-supplied data in to sensitive process buffers. A remote or local attacker may execute arbitrary code on a vulnerable computer, which could ultimately allow the attacker to gain unauthorized access to the computer or gain elevated privileges.
This issue can be exploited by sending a malformed query to the Indexing Service. It is reported that issue may be locally and remotely exploited, if Indexing Service is enabled on a vulnerable computer.
Microsoft Indexing Service is reported prone to a buffer overflow vulnerability. This issue results from insufficient boundary checks performed by the application when copying user-supplied data in to sensitive process buffers. A remote or local attacker may execute arbitrary code on a vulnerable computer, which could ultimately allow the attacker to gain unauthorized access to the computer or gain elevated privileges.
This issue can be exploited by sending a malformed query to the Indexing Service. It is reported that issue may be locally and remotely exploited, if Indexing Service is enabled on a vulnerable computer.
Exploit / POC
Microsoft Windows Indexing Service Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Microsoft Windows Indexing Service Buffer Overflow Vulnerability
Solution:
Microsoft has released updates to address this vulnerability in supported versions of the Windows operating system.
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home SP1
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows XP Professional SP1
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
Solution:
Microsoft has released updates to address this vulnerability in supported versions of the Windows operating system.
Microsoft Windows Server 2003 Web Edition
-
Microsoft Security Update for Windows Server 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=50F72DC5-5DD6 -4D12-A91C-6815EC8203EF&displaylang=en
Microsoft Windows XP Home SP1
-
Microsoft Security Update for Windows XP (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=FB8A7622-94AB -44E7-85C3-163BAC4602E2&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition Itanium 0
-
Microsoft Security Update for Windows Server 2003 64-bit & Windows XP 64-bit 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=C3474E75-1FE2 -4215-8A8D-A9244FF93419&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003 SP1
-
Microsoft Security Update for Windows Server 2003 64-bit & Windows XP 64-bit 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=C3474E75-1FE2 -4215-8A8D-A9244FF93419&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition
-
Microsoft Security Update for Windows Server 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=50F72DC5-5DD6 -4D12-A91C-6815EC8203EF&displaylang=en
Microsoft Windows XP 64-bit Edition SP1
-
Microsoft Security Update for Windows XP 64-bit Edition (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=30A83F1D-87E9 -4720-8316-191AE509F094&displaylang=en
Microsoft Windows Server 2003 Standard Edition
-
Microsoft Security Update for Windows Server 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=50F72DC5-5DD6 -4D12-A91C-6815EC8203EF&displaylang=en
Microsoft Windows XP 64-bit Edition Version 2003
-
Microsoft Security Update for Windows Server 2003 64-bit & Windows XP 64-bit 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=C3474E75-1FE2 -4215-8A8D-A9244FF93419&displaylang=en
Microsoft Windows Server 2003 Enterprise Edition
-
Microsoft Security Update for Windows Server 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=50F72DC5-5DD6 -4D12-A91C-6815EC8203EF&displaylang=en
Microsoft Windows XP Professional SP1
-
Microsoft Security Update for Windows XP (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=FB8A7622-94AB -44E7-85C3-163BAC4602E2&displaylang=en
Microsoft Windows Server 2003 Datacenter Edition Itanium 0
-
Microsoft Security Update for Windows Server 2003 64-bit & Windows XP 64-bit 2003 (KB871250)
http://www.microsoft.com/downloads/details.aspx?familyid=C3474E75-1FE2 -4215-8A8D-A9244FF93419&displaylang=en
References
Microsoft Windows Indexing Service Buffer Overflow Vulnerability
References:
References:
- Microsoft Security Bulletin MS05-003 (Microsoft)