Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability

2008-02-12T00:00:00
ID SMNTC-27670
Type symantec
Reporter Symantec Security Response
Modified 2008-02-12T00:00:00

Description

Description

Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer. To be affected, the Web Client service must be enabled on the computer. The Web Client service is disabled by default on Microsoft Windows Server 2003.

Technologies Affected

  • Microsoft Windows Server 2003 Datacenter x64 Edition
  • Microsoft Windows Server 2003 Datacenter x64 Edition SP2
  • Microsoft Windows Server 2003 Enterprise x64 Edition
  • Microsoft Windows Server 2003 Enterprise x64 Edition SP2
  • Microsoft Windows Server 2003 Itanium SP1
  • Microsoft Windows Server 2003 Itanium SP2
  • Microsoft Windows Server 2003 SP1
  • Microsoft Windows Server 2003 SP2
  • Microsoft Windows Server 2003 Standard Edition SP1
  • Microsoft Windows Server 2003 Standard Edition SP2
  • Microsoft Windows Server 2003 Web Edition SP1
  • Microsoft Windows Server 2003 Web Edition SP2
  • Microsoft Windows Vista
  • Microsoft Windows Vista Business 64-bit edition
  • Microsoft Windows Vista Business
  • Microsoft Windows Vista Enterprise 64-bit edition
  • Microsoft Windows Vista Enterprise
  • Microsoft Windows Vista Home Basic 64-bit edition
  • Microsoft Windows Vista Home Basic
  • Microsoft Windows Vista Home Premium 64-bit edition
  • Microsoft Windows Vista Home Premium
  • Microsoft Windows Vista Ultimate 64-bit edition
  • Microsoft Windows Vista Ultimate
  • Microsoft Windows Vista x64 Edition
  • Microsoft Windows XP Home SP2
  • Microsoft Windows XP Media Center Edition SP2
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Professional x64 Edition SP2
  • Microsoft Windows XP Tablet PC Edition SP2
  • Nortel Networks Enterprise NMS
  • Nortel Networks Self Service VoiceXML
  • Nortel Networks Self-Service - CCSS7
  • Nortel Networks Self-Service CCXML
  • Nortel Networks Self-Service MPS 1000
  • Nortel Networks Self-Service MPS 500
  • Nortel Networks Self-Service Peri Application
  • Nortel Networks Self-Service Speech Server
  • Nortel Networks Self-Service WVADS

Recommendations

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to requests that include NOP sleds and unexplained incoming and outgoing network traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not follow links provided by unknown or untrusted sources.
Users should be wary of following links provided by untrusted or unknown sources.

Implement multiple redundant layers of security.
Various memory protection schemes (such as non-executable and randomly mapped memory segments) may hinder an attacker's ability to exploit this vulnerability to execute arbitrary code.

Implement egress filtering at the network boundary.
Administrators should implement egress filtering and a white-list policy to regulate access to external sites and hosts.

Microsoft has released a security bulletin to address this vulnerability. Please see the references for details.