Two vulnerabilities have been identified in Microsoft Windows, which could be exploited by attackers to compromise a vulnerable system.

The first issue is caused by an error in Windows Explorer that does not correctly free memory when saving Windows Search files, which could be exploited by attackers to execute arbitrary code by tricking a user into opening and saving a specially crafted saved-search file.

The second vulnerability is caused by an error in Windows Explorer that does not correctly interpret parameters when parsing the search-ms protocol, which could be exploited by attackers to execute arbitrary code by tricking a user into visiting a malicious web page.

Affected Products

Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium)

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx

References

http://www.vupen.com/english/advisories/2008/3387
http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx

Credits

Vulnerabilities reported by Andre Protas (eEye Digital Security) and Nate McFeters.

Changelog

2008-12-09 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.