| Check Point Reference: |
CPAI-2006-015 |
| Date Published: |
14 Feb 2006 |
| Severity: |
High
|
| Last Updated: |
Tuesday 08 May, 2007 |
| Source: |
Microsoft Security Bulletin MS06-008 |
| Industry Reference: | CVE-2006-0013 |
| Protection Provided by: |
|
| Who is Vulnerable? | Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition |
| Vulnerability Description |
A vulnerability was detected in Microsoft Windows Web Client service. The Web Client Service allows applications to access documents on the Internet by using the WebDAV protocol. WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. To exploit the vulnerability, an attacker would first have to authenticate to the system. Successful exploitation will enable an attacker complete control of an affected system. |
| Vulnerability Status | No exploit has been reported so far. |
| Update/Patch Avaliable | Microsoft has released a patch for this vulnerability. The patch is available at http://www.microsoft.com/technet/security/Bulletin/MS06-008.mspx. |
| Vulnerability Details | The vulnerability is caused by an unchecked buffer in the Web Client service. To exploit the vulnerability, an attacker must have valid logon credentials. By creating a series of specially crafted messages and sending them to an affected system, an attacker can cause the affected system to execute code. |
Feedback