=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN375
_____________________________________________________________________

DATE                      : 15/06/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003.

======================================================================

http://www.microsoft.com/technet/security/bulletin/MS05-028.mspx

MS05-028 - Vulnerability in Web Client Service May Allow Elevation of
            Privilege (896426)

   - Affected Software:
     - Windows XP Service Pack 1
     - Windows XP 64-Bit Edition Service Pack 1 (Itanium)
     - Windows XP 64-Bit Edition Version 2003 (Itanium)
     - Windows Server 2003
     - Windows Server 2003 for Itanium-based Systems

     - Impact: Remote Code Execution
     - Version Number: 1.0


- From the Microsoft Security Bulletin MS05-028:
	
Vulnerability Details
	
Web Client Vulnerability - CAN-2005-1207

A remote code execution vulnerability exists in the way that Windows
processes Web Client requests that could allow an attacker who successfully
exploited this vulnerability to take complete control of the affected system.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================