----------------------------------------------------------------------



Secunia integrated with Microsoft WSUS 
http://secunia.com/blog/71/



----------------------------------------------------------------------

TITLE:
Microsoft Data Analyzer ActiveX Control Vulnerability

SECUNIA ADVISORY ID:
SA38503

VERIFY ADVISORY:
http://secunia.com/advisories/38503/

DESCRIPTION:
A vulnerability has been reported in Microsoft Data Analyzer, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error in the
Microsoft Data Analyzer ActiveX control (max3activex.dll). This can
be exploited to cause a system state corruption and execute arbitrary
code via a specially crafted web page.

SOLUTION:
Apply patches.

Microsoft Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyID=543dc6a7-fa76-4ba9-81e4-25fdf2013548

Windows XP SP2/SP3:
http://www.microsoft.com/downloads/details.aspx?FamilyID=7bcf3945-0552-478e-b7f3-bbca97dd1b5d

Windows XP Professional x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=25ef97e8-e76e-44c2-953c-f94cbac552cf

Windows Server 2003 SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=29ff72f7-1663-4f35-a794-2dfe3c17b39c

Windows Server 2003 x64 Edition SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyID=d4a97bb7-4f74-4884-9a6e-7a4df9c540fb

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b84f0be4-6d11-4b07-bb3c-2c76ae9ceea8

Windows Vista (optionally with SP1 or SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=2c897ddd-f441-41d4-b5b4-d794cfc96e6b

Windows Vista x64 Edition (optionally with SP1 or SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=f349f7aa-d020-4e0d-a35f-518a63ec92df

Windows Server 2008 for 32-bit Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=9a85b1bf-7427-47d0-9e1b-21dbe824a62c

Windows Server 2008 for x64-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=fde218c3-90ab-4664-852d-25ca55835054

Windows Server 2008 for Itanium-based Systems (optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyID=5b6e9451-df38-4626-bb1d-4fc160d7a40e

Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=ec6d996f-dffa-45ad-9467-e96a4ac63e5f

Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b3265576-04c1-48b1-8ce9-128843c58cf5

Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=cda31c54-8b81-4185-a623-64480ad4b73c

Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?FamilyID=43fa4e26-160f-4aa3-a03d-b98a79666a18

NOTE: The listed patches fix additional vulnerabilities in
third-party ActiveX controls by setting corresponding kill-bits.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Shaun Colley, NGS Software.

ORIGINAL ADVISORY:
Microsoft (978262):
http://www.microsoft.com/technet/security/Bulletin/MS10-008.mspx

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------