===================================================================== CERT-Renater Note d'Information No. 2005/VULN617 _____________________________________________________________________ DATE : 12/10/2005 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 2000, Windows XP, Windows Server 2003, systems running Exchange 2000 Server. ====================================================================== MS05-048 - Vulnerability in the Microsoft Collaboration Objects Could Allow Remote Code Execution (907245) - Affected Software: - Windows 2000 Service Pack 4 - Windows XP Service Pack 1 - Windows XP Service Pack 2 - Windows XP 64-Bit Edition Service Pack 1 (Itanium) - Windows XP 64-Bit Edition Version 2003 (Itanium) - Windows XP Professional x64 Edition - Windows Server 2003 - Windows Server 2003 Service Pack 1 - Windows Server 2003 for Itanium-based Systems - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 x64 Edition - Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004 - Impact: Remote Code Execution - Version Number: 1.0 Full MS05-048 advisory: http://www.microsoft.com/technet/security/bulletin/MS05-048.mspx Vulnerability Details: Collaboration Data Objects Vulnerability - CAN-2005-1987: A remote code execution vulnerability exists in Collaboration Data Objects that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================