---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Microsoft Windows Search Preview Display Information Disclosure SECUNIA ADVISORY ID: SA35366 VERIFY ADVISORY: http://secunia.com/advisories/35366/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows Search, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to the application improperly restricting the execution environment of a script when generating file previews. This can be exploited to run arbitrary HTML script code and disclose sensitive data from the local system when a specially crafted file is returned as a search result and previewed. SOLUTION: Apply patches. Windows XP SP2/SP3 with Windows Search 4.0 http://www.microsoft.com/downloads/details.aspx?familyid=759f22cb-ea7f-49dd-a200-19cb83fffd8d Windows XP Professional x64 Edition SP2 with Windows Search 4.0: http://www.microsoft.com/downloads/details.aspx?familyid=50c56dd6-c34d-4632-a779-8bcf8fdb341b Windows Server 2003 SP2 with Windows Search 4.0: http://www.microsoft.com/downloads/details.aspx?familyid=e72ef31f-5161-4fe6-8ed3-6206e02cef31 Windows Server 2003 x64 Edition SP2 with Windows Search 4.0: http://www.microsoft.com/downloads/details.aspx?familyid=7ffc3680-f9bf-423b-96a7-102f4cc9c240 PROVIDED AND/OR DISCOVERED BY: The vendor credits Yair Amit of IBM Rational Application Security. ORIGINAL ADVISORY: Microsoft (KB963093): http://www.microsoft.com/technet/security/Bulletin/MS09-023.mspx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------