Remote Code Execution Possible in Windows Print Spooler, Telephony Service, and Plug and Play Subsystem
Reported August 9, 2005 by Microsoft
VERSIONS AFFECTED
Windows 98
|
DESCRIPTION
The Windows Print Spooler contains an unchecked buffer that might allow a remote intruder to take complete control of an affected system.
A flaw in the way the Windows Telephony service processes data and performs validation could allow a remote intruder to take complete control of an affected system.
The Windows Plug and Play subsystem contains an unchecked buffer that might allow a remote intruder to take complete control of an affected system.
VENDOR RESPONSE
Microsoft released Security Bulletin MS05-043, "Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)," and an associated patch to correct the problem with the Print Spooler service
Microsoft released Security Bulletin MS05-040, "Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)," and an associated patch to correct the problem with Telephony service.
Microsoft released Security Bulletin MS05-039, "Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)", and an associated patch to correct the problem with the Plug and Play subsystem.
CREDITS
Kostya
Kortchinsky of CERT RENATER reported the vulnerability in the Print
Spooler and Telephony services; Neel Mehta of ISS X-Force reported
the vulnerability in the Plug and Play subsystem; Jean-Baptiste
Marchand of Herve Schauer Consultants worked with Microsoft on problems
related to the Plug and Play subsystem.