A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by an error in the way the SearchPath function in Windows locates and opens files on the system, which could allow an attacker to execute arbitrary code by convincing a user to download a specially crafted file to a specific location, and then open an application that could load the file under certain circumstances.

Affected Products

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 SP2 (Itanium)
Microsoft Windows Vista
Microsoft Windows Vista Service Pack 1
Microsoft Windows Vista x64 Edition
Microsoft Windows Vista x64 Edition Service Pack 1
Microsoft Windows Server 2008 (32-bit)
Microsoft Windows Server 2008 (x64)
Microsoft Windows Server 2008 (Itanium)

Solution

Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS09-015.mspx

References

http://www.vupen.com/english/advisories/2009/1029
http://www.microsoft.com/technet/security/Bulletin/MS09-015.mspx

Credits

Vulnerability reported by Aviv Raff.

Changelog

2009-04-14 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.