Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to del.icio.us  
Two new Windows flaws found
Published: 2006-02-08

Microsoft announced on TechNet last night two new flaws in Windows, one in viewing WMF files with older versions (pre 6.0) of Internet Explorer, and a second related to priviledge escalation in Windows XP and 2003 systems without the latest service packs.

The first flaw, which is vulnerable only to Internet Explorer 5.5 and 5.01, uses the now-familiar terminology that it "could allow an attacker to execute arbitrary code on the user's system" when they view a specially-crafted web page or email attachment. On the surface the flaw appears similar to the very critical WMF flaw discovered in late December, but is a different issue.

The second flaw affects only Windows XP SP1 and prior, along with Windows Server 2003 without SP1. Systems with the latest service packs are not vulnerabile. The vulnerability permits priviledge escalation in default Windows services as well as third party applications set with overly permissive access controls.

Patches for these two vulnerabilities are not widely expected until Microsoft's next patching cycle on February 14th.

Posted by: Kelly Martin
    Digg this story   Add to del.icio.us  
 
Comments Mode:
Two new Windows flaws found 2006-02-10
Juha-Matti Laurio (1 replies)
Re: Two new Windows flaws found 2006-02-12
Anonymous







 

Privacy Statement
Copyright 2009, SecurityFocus