Microsoft Winsock buffer overflow

2006-08-08T00:00:00
ID VU:908276
Type cert
Reporter CERT
Modified 2006-08-08T00:00:00

Description

Overview

A buffer overflow vulnerability in Microsoft Winsock may allow a remote attacker to execute arbitrary code on an affected system.

Description

Winsock (Windows Socket 2) allows network applications to relay data across a network regardless of the network protocol being used. Microsoft's Winsock contains a buffer overflow vulnerability that can allow a remote attacker to execute arbitrary code and gain control of the affected system. Exploitation of this vulnerability occurs when the remote attacker can convince the user to open a specially crafted file or website.

Microsoft's bulletin states that the following Windows operating systems are affected by this vulnerability:

* Microsoft Windows 2000 Service Pack 4 
* Microsoft Windows XP Service Pack 1 and Service Pack 2 
* Microsoft Windows XP Professional x64 Edition 
* Microsoft Windows Server 2003 and Service Pack 1 
* Microsoft Windows Server 2003 for Itanium-based Systems and Service Pack 1 
* Microsoft Windows Server 2003 x64 Edition

Impact

A remote attacker who can successfully convince a user to open a specially crafted file or website may be able to execute arbitrary code and gain control of the affected system.


Solution

Apply an update