Last Updated: 2006-06-27 03:25:32 UTC
by Kevin Liston (Version: 5)
The original patch from Microsoft caused issues with dialup. Revised patch development was discussed by Microsoft. Exploit code is available that leverages this issue. This allows an authenticated attacker to execute arbitrary code on unpatched Win2k, Windows 2003 and XP SP2 systems. On versions that still allow anonymous connections/null sessions, an attacker could execute arbitrary code without authentication.
UPDATE: Microsoft has released on official comment at http://www.microsoft.com/technet/security/advisory/921923.mspx
MS06-025 works to protect against the published exploit.
Un-patched Windows 2000 systems are primarily at risk from this vulnerability.
Windows XP SP2, Windows Server 2003, and Windows Server 2003 SP1 require the attcker to have a valid login.
Windows 98, 98SE and ME are not affected by this vulnerability.
To clarify things a bit with some extra information we received in the mean time.
Windows 2000 Service Pack 4 and Windows XP Service Pack 1 systems are primarily at risk as this vulnerability can be exploited by an anonymous user that needs to deliver a specially crafted message to the vulnerable system. If you are running any of these install the patch as soon as possible.
On Windows XP Service Pack 2 and Windows 2003 systems, a user has to be authenticated (has to have valid credentials) to the system to exploit the vulnerability.
Bojan Zdrnja <bzdrnja at isc dot sans dot org>
Last Updated: 2006-06-25 01:00:02 UTC
by Kevin Liston (Version: 2)
CVE-2006-3059 aka "Excel Repair Mode" http://www.microsoft.com/technet/security/advisory/921365.mspx
Exploited by: Mdropper.G, Booli.A, Flux.E, Booli.B
CVE-2006-3086 aka "Long Hyperlink" http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
Exploited by: Urxcel.A, and three known public exploit code examples
CVE-2006-3014 aka "Shockwave vulnerability"
Exploited by proof of concept code Flemex.A
The workaround is a killbit