Technical Description

A vulnerability was identified in Microsoft Windows, which could be exploited by remote attackers to execute arbitrary commands or by local users to obtain elevated privileges. This flaw is due to a buffer overflow error in the Telephony Application Programming Interface (TAPI) that does not properly handle specially crafted messages, which could be exploited by remote attackers to compromise a vulnerable system.

Note : On Windows 2000 Server, an anonymous attacker could remotely exploit this vulnerability. On Windows 2000 Professional and on Windows XP, this is a local elevation of privilege vulnerability. On Windows Server 2003, the Telephony service is restricted to authenticated user accounts.

Affected Products

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx

References

http://www.vupen.com/english/advisories/2005/1355
http://www.microsoft.com/technet/security/Bulletin/MS05-040.mspx

Credits

Vulnerability reported by Kostya Kortchinsky

ChangeLog

2005-08-09 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.