Update Protection against Microsoft Windows Saved Search Vulnerability (MS08-038)
| Check Point Reference: | CPAI-2008-093 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Microsoft Security Bulletin MS08-038 | |
| Industry Reference(s): | CVE-2008-1435 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium) | ||
| Vulnerability Description A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save information about a search in Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system via a specially crafted search file. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-038 |
|
|
Vulnerability Details The vulnerability is due to an error in the Windows Explorer that fails to properly parse search files when saving them. A remote attacker can exploit this issue by persuading the victim to open and save a specially crafted saved-search file. Successful exploitation of this vulnerability may allow the attacker to take complete control over the affected system. |
Protection Overview
The update enables the HTTP Worm Catcher to detect and block the vulnerability based on pre-defined worm signatures.
In order for the protection to be activated, update your VPN-1 product to the latest SmartDefense update. For information on how to update SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.