Windows Search Parsing Vulnerability
Severity: HIGH
CVE Identifier: CVE-2008-4269,MS08-075
Advisory Date: FEB 15, 2011
DESCRIPTION
The search-ms protocol handler in Windows Explorer in Microsoft
Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data
obtained from incorrect parsing, which allows remote attackers to execute
arbitrary code via a crafted HTML document, aka "Windows Search Parsing
Vulnerability."
Based on MS08-075, Windows Search
Parsing Vulnerability - CVE-2008-4269 is a remote code execution vulnerability
exists in Windows Explorer that allows an attacker to construct a malicious web
page that includes a call to the search-ms protocol handler. The protocol
handler in turn passes untrusted data to Windows Explorer.
TREND MICRO PROTECTION INFORMATION
Trend Micro Deep Security shields networks through Deep Packet Inspection (DPI) rules. Trend Micro customers using OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities. Please refer to the filter number and filter name when applying appropriate DPI and/or IDF rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1003115
Trend Micro Deep Security DPI Rule Name: 1003115 - Windows Search Parsing Vulnerability
AFFECTED SOFTWARE AND VERSION
- microsoft windows_server_2008
- microsoft windows_vista