Microsoft Windows Time Component Remote Code Execution Vulnerability
BID:50970
Info
Microsoft Windows Time Component Remote Code Execution Vulnerability
| Bugtraq ID: | 50970 |
| Class: | Unknown |
| CVE: |
CVE-2011-3397 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 13 2011 12:00AM |
| Updated: | Dec 21 2011 08:09AM |
| Credit: | An anonymous researcher, working with VeriSign iDefense Labs |
| Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Service Pack 3 0 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional SP3 Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Home SP3 Microsoft Windows XP Embedded SP3 Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise Edition Itanium Sp2 Itanium Microsoft Windows Server 2003 Datacenter x64 Edition SP2 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 SP2 Microsoft Systems Management Server 2003 SP2 Microsoft Small Business Server 2003 SP2 Microsoft Exchange Server 2003 SP2 Avaya Messaging Application Server 5.2 Avaya Messaging Application Server 5 Avaya Messaging Application Server 4 Avaya Meeting Exchange - Webportal 0 Avaya Meeting Exchange - Web Conferencing Server 0 Avaya Meeting Exchange - Streaming Server 0 Avaya Meeting Exchange - Recording Server 0 Avaya Meeting Exchange - Client Registration Server 0 Avaya Meeting Exchange 5.0 .0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya Communication Server 1000 Telephony Manager 4.0 Avaya Communication Server 1000 Telephony Manager 3.0 Avaya CallPilot 5.0 Avaya CallPilot 4.0 Avaya Aura Conferencing 6.0 Standard |
| Not Vulnerable: | |
Discussion
Microsoft Windows Time Component Remote Code Execution Vulnerability
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Microsoft Time component.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control.
NOTE: Internet Explorer 7, 8, and 9 are not affected by this vulnerability.
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Microsoft Time component.
An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage.
Successful exploits will allow the attacker to execute arbitrary code within the context of the application (typically Internet Explorer) that uses the ActiveX control.
NOTE: Internet Explorer 7, 8, and 9 are not affected by this vulnerability.
Exploit / POC
Microsoft Windows Time Component Remote Code Execution Vulnerability
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
A working commercial exploit is available through VUPEN Security - Exploit and PoCs Service. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Microsoft Windows Time Component Remote Code Execution Vulnerability
Solution:
The vendor released an advisory and updates. Please see the references for details.
Microsoft Windows Server 2003 SP2
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 Standard Edition SP2
Microsoft Windows XP Media Center Edition SP3
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2003 Web Edition SP2
Microsoft Windows XP Home SP3
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
Microsoft Windows XP Tablet PC Edition SP3
Solution:
The vendor released an advisory and updates. Please see the references for details.
Microsoft Windows Server 2003 SP2
-
Microsoft Security Update for ActiveX Killbits for Windows Server 2003 (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=dfb948c5-8aee -4bcd-babf-3564b78712dd
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=2d37a8cb-2316 -4db4-980c-11b6dcbdc696
Microsoft Windows Server 2003 Standard Edition SP2
-
Microsoft Security Update for ActiveX Killbits for Windows Server 2003 (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=dfb948c5-8aee -4bcd-babf-3564b78712dd
Microsoft Windows XP Media Center Edition SP3
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=21b4b999-2dbf -4921-80bd-cc7ab2cd1190
Microsoft Windows Server 2003 Itanium SP2
-
Microsoft Security Update for ActiveX Killbits for Windows Server 2003 for Itanium-based Systems (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=7726ddbe-0578 -44fb-a40f-49b804a45989
Microsoft Windows Server 2003 Web Edition SP2
-
Microsoft Security Update for ActiveX Killbits for Windows Server 2003 (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=dfb948c5-8aee -4bcd-babf-3564b78712dd
Microsoft Windows XP Home SP3
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=21b4b999-2dbf -4921-80bd-cc7ab2cd1190
Microsoft Windows XP Professional x64 Edition SP2
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows XP x64 Edition (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=126e8092-980d -471a-867d-d5939671b7df
Microsoft Windows Server 2003 x64 SP2
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=2d37a8cb-2316 -4db4-980c-11b6dcbdc696
Microsoft Windows Server 2003 Enterprise x64 Edition SP2
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows Server 2003 x64 Edition (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=2d37a8cb-2316 -4db4-980c-11b6dcbdc696
Microsoft Windows XP Tablet PC Edition SP3
-
Microsoft Cumulative Security Update for ActiveX Killbits for Windows XP (KB2618451)
http://www.microsoft.com/downloads/details.aspx?familyid=21b4b999-2dbf -4921-80bd-cc7ab2cd1190
References
Microsoft Windows Time Component Remote Code Execution Vulnerability
References:
References:
- Microsoft Internet Explorer Time Element Behavior Use-After-Free Vulnerability (iDefense)
- Microsoft Windows Homepage (Microsoft )
- More information on the December 2011 ActiveX Kill Bits bulletin (MS11-090) (Microsoft)
- VUPEN Security Research - Microsoft Windows "datime.dll" Remote Code Execution V (VUPEN Security Research)
- VUPEN Security Research - Microsoft Windows Time Behaviour Remote Use-after-free (VUPEN Security Research)
- ASA-2011-389 MS11-090 Cumulative Security Update of ActiveX Kill Bits (2618451) (Avaya)
- Microsoft Security Bulletin MS11-090 (Microsoft)