=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN444
_____________________________________________________________________

DATE                      : 09/08/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Microsoft Windows 2000, XP et 2003

======================================================================

MS06-041 - Vulnerability in DNS Resolution Could Allow Remote Code
            Execution (920683)

   - Affected Software:
     - Microsoft Windows 2000 Service Pack 4
     - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
       Pack 2
     - Microsoft Windows XP Professional x64 Edition
     - Microsoft Windows Server 2003 and Microsoft Windows Server 2003
       Service Pack 1
     - Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
       Windows Server 2003 with SP1 for Itanium-based Systems
     - Microsoft Windows Server 2003 x64 Edition

     - Impact: Remote Code Execution
     - Version Number: 1.0

- - From the Microsoft Security Bulletin MS05-041:

Vulnerability Details

Winsock Hostname Vulnerability - CVE-2006-3440

There is a remote code execution vulnerability in Winsock that could allow
an attacker who successfully exploited this vulnerability to take complete
control of the affected system. For an attack to be successful the attacker
would have to force the user to open a file or visit a website that is
specially crafted to call the affected Winsock API.

DNS Client Buffer Overrun Vulnerability - CVE-2006-3441

There is a remote code execution vulnerability in the DNS Client service
that could allow an attacker who successfully exploited this vulnerability to
take complete control of the affected system.

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================