===================================================================== CERT-Renater Note d'Information No. 2007/VULN264 _____________________________________________________________________ DATE : 13/06/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 2000, Windows XP, Windows Server 2003. ====================================================================== MS07-035 - Vulnerability in Win 32 API Could Allow Remote Code Execution (935839) Affected Software: - Microsoft Windows 2000 Service Pack 4 - Windows XP Service Pack 2 - Windows XP Professional x64 Edition - Windows XP Professional x64 Edition Service Pack 2 - Windows Server 2003 Service Pack 1 - Windows Server 2003 Service Pack 2 - Windows Server 2003 with SP1 for Itanium-based Systems - Windows Server 2003 with SP2 for Itanium-based Systems - Windows Server 2003 x64 Edition - Windows Server 2003 x64 Edition Service Pack 2 Non-Affected Software: -Windows Vista -Windows Vista x64 Edition Full MS07-035 advisory: http://www.microsoft.com/technet/security/bulletin/ms07-035.mspx Vulnerability Details Win32 API Vulnerability - CVE-2007-2219 A remote code execution vulnerability exists in the way that the Win32 API validates parameters. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================