Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075)
| Check Point Reference: | SBP-2008-14 | |
| Date Published: | ||
| Severity: | ||
| Source: | Microsoft Security Bulletin MS08-075 | |
| Industry Reference(s): | CVE-2008-4268 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 (Itanium) | ||
| Vulnerability Description A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save information about a search in Windows. A remote attacker may exploit this vulnerability to take complete control of an affected system via a specially crafted search file. |
||
|
Update/Patch Available Apply patches: Microsoft Security Bulletin MS08-075 |
|
|
Vulnerability Details The vulnerability is due to an error in Windows Explorer that does not correctly free memory when saving Windows Search files. A remote attacker can exploit this issue by persuading the victim to open and save a specially crafted saved-search file. Successful exploitation of this vulnerability may allow the attacker to take complete control over the affected system. |
Protection Overview
By enabling this protection, the HTTP Worm Catcher will detect and block the vulnerability based on pre-defined worm signatures. No update is required to address this vulnerability.
Users are protected against this vulnerability if the Protection against Microsoft Windows Saved Search Vulnerability addressed in CPAI-2008-093 has been applied.
To configure the defense, select your product from the list below and follow the related protection steps.