A buffer overflow in the message handling routines of the Microsoft Web Client Service may allow a remote, authenticated attacker to execute arbitrary code on a vulnerable system.
According to Microsoft, the Web Client Service:
allows applications to access documents on the Internet. Web Client extends the networking capability of Windows by allowing standard Win32 applications to create, read, and write files on Internet file servers by using the WebDAV protocol. The WebDAV protocol is a file-access protocol that is described in XML and that travels over the Hypertext Transfer Protocol (HTTP). By using standard HTTP, WebDAV runs over the existing Internet infrastructure. For example, WebDAV runs over firewalls and routers.
A remote attacker with valid login credentials may be able to exploit this vulnerability to execute arbitrary code.
Apply An Update
Please see Microsoft Security Bulletin MS06-009 for a list of workarounds to mitigate this vulnerability.
This vulnerability was reported in Microsoft Security Bulletin MS06-008. Microsoft credits Kostya Kortchinsky of EADS/CRC with providing information regarding this issue.
This document was written by Jeff Gennari.
|Date First Published:||2006-02-14|
|Date Last Updated:||2006-02-14 21:37 UTC|