Microsoft Windows Briefcase Integer Underflow and Overflow

by Carol~ Moderator - 11/13/12 12:03 PM

In Reply to: VULNERABILITIES / FIXES - November 13, 2012 by Carol~ Moderator

Microsoft Windows Briefcase Integer Underflow and Overflow Vulnerabilities

Release Date : 2012-11-13

Criticality level : Highly critical
Impact : System access
Where : Froom remote
Solution Status: Vendor Patch

Operating System : Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

1) An integer underflow error within the Briefcase handling feature can be exploited via a specially crafted file.

2) An integer overflow error within the Briefcase handling feature can be exploited via a specially crafted file.

Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into opening a malicious file.

Solution:
Apply patches.

Provided and/or discovered by:
The vendor credits Tal Zeltzer via iDefense.

Original Advisory:
MS12-072 (KB2727528):
http://technet.microsoft.com/en-us/security/bulletin/ms12-072

http://secunia.com/advisories/51221/