Home

Microsoft Windows search-ms protocol code execution

Notification Type:	IBM Internet Security Systems Protection Alert
Notification Date:	December 09, 2008
Notification Version:	1.0

Name:	Microsoft Windows search-ms protocol code execution
Public disclosure/ In the wild date:	December 09, 2008
Aliases:	MS08-075
CVE:	CVE-2008-4269
Description:	Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of parameters when parsing the search-ms protocol.

ISS Coverage

Product	Content Version
Proventia Network IDS Proventia Network IPS Proventia Network MFS Proventia Server (Linux) RealSecure Network RealSecure Server Sensor	28.190
Proventia Desktop Proventia Server IPS (Windows)	2330

Propagation Techniques	ISS Protection	Available
remote exploit	HTML_Win_SearchProtocol_Code_Exec	Dec 9, 2008

Detailed Description

Business Impact:	Windows Search is an optional add-on component for Windows XP, but is installed by default on Windows Visa and Windows 2008. This vulnerability is accessible through the browser by enticing a user to click a link and would be a candidate for integration in web exploit toolkits. Compromise of machines may lead to exposure of confidential information, loss of productivity, and further compromise. An attacker would need to entice a user to click a link to trigger this vulnerability.
CVSS	Base Score:		9.3
		Access Vector:	Network
		Access Complexity:	Medium
		Authentication:	None
		Confidentiality Impact:	Complete
		Integrity Impact:	Complete
		Availability Impact:	Complete

	Adjusted Temporal Score:		6.9
		Exploitability:	Unproven
		Remediation Level:	Official-Fix
		Report Confidence:	Confirmed
Affected Products:	For a full list of affected versions, see references below.
Technical Description:	Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of parameters when parsing the search-ms protocol. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Remediation:	Patches are available for this issue. See References for details.

References

XFDB:	http://xforce.iss.net/xforce/xfdb/46866
Microsoft:	http://www.microsoft.com/technet/security/bulletin/ms08-075.mspx

Revision History

1.0	Initial publication.

About IBM Internet Security Systems
IBM Internet Security Systems is the trusted security advisor to thousands of the world's leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, the IBM Proventia® integrated security platform is designed to automatically protect against both known and unknown threats, helping to keep networks up and running and shielding customers from online attacks before they impact business assets. IBM Internet Security Systems products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. The Internet Security Systems product line is also complemented by comprehensive Managed Security Services and Professional Security Services. For more information, visit the Internet Security Systems Web site at www.iss.net or call 800-776-2362.