Secunia Security Advisory - A vulnerability has been reported in Microsoft Data Analyzer, which can be exploited by malicious people to compromise a user's system.
4b3c7107a36fd881027fc459a9998ae9e8303f6dc2d81c9836d0d01831f0596d
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Microsoft Data Analyzer ActiveX Control Vulnerability
SECUNIA ADVISORY ID:
SA38503
VERIFY ADVISORY:
http://secunia.com/advisories/38503/
DESCRIPTION:
A vulnerability has been reported in Microsoft Data Analyzer, which
can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error in the
Microsoft Data Analyzer ActiveX control (max3activex.dll). This can
be exploited to cause a system state corruption and execute arbitrary
code via a specially crafted web page.
SOLUTION:
Apply patches.
Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyID=543dc6a7-fa76-4ba9-81e4-25fdf2013548
Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7bcf3945-0552-478e-b7f3-bbca97dd1b5d
Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=25ef97e8-e76e-44c2-953c-f94cbac552cf
Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=29ff72f7-1663-4f35-a794-2dfe3c17b39c
Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d4a97bb7-4f74-4884-9a6e-7a4df9c540fb
Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b84f0be4-6d11-4b07-bb3c-2c76ae9ceea8
Windows Vista (optionally with SP1 or SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=2c897ddd-f441-41d4-b5b4-d794cfc96e6b
Windows Vista x64 Edition (optionally with SP1 or SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=f349f7aa-d020-4e0d-a35f-518a63ec92df
Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=9a85b1bf-7427-47d0-9e1b-21dbe824a62c
Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=fde218c3-90ab-4664-852d-25ca55835054
Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=5b6e9451-df38-4626-bb1d-4fc160d7a40e
Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ec6d996f-dffa-45ad-9467-e96a4ac63e5f
Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b3265576-04c1-48b1-8ce9-128843c58cf5
Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=cda31c54-8b81-4185-a623-64480ad4b73c
Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=43fa4e26-160f-4aa3-a03d-b98a79666a18
NOTE: The listed patches fix additional vulnerabilities in
third-party ActiveX controls by setting corresponding kill-bits.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Shaun Colley, NGS Software.
ORIGINAL ADVISORY:
Microsoft (978262):
http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------