=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN538
_____________________________________________________________________

DATE                      : 15/12/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003
                             running Internet Connection Signup Wizard.

======================================================================
KB2443105
http://www.microsoft.com/technet/security/Bulletin/MS10-097.mspx
______________________________________________________________________

Microsoft Security Bulletin MS10-097 - Important
Insecure Library Loading in Internet Connection Signup Wizard Could Allow
Remote Code Execution (2443105)

Version: 1.0

General Information

Executive Summary

  This security update resolves a publicly disclosed vulnerability in the
  Internet Connection Signup Wizard of Microsoft Windows. This security update
  is rated Important for all supported editions of Windows XP and Windows
  Server 2003. All supported editions of Windows Vista, Windows Server 2008,
  Windows 7, and Windows Server 2008 R2 are not affected by the vulnerability.
  For more information, see the subsection, Affected and Non-Affected
  Software, in this section.

  The vulnerability could allow remote code execution if a user opens a
  .ins or .isp file located in the same network folder as a specially crafted
  library file. For an attack to be successful, a user must visit an untrusted
  remote file system location or WebDAV share and open a document from this
  location that is then loaded by a vulnerable application.

  The security update addresses the vulnerability by correcting the manner in
  which the Internet Connection Signup Wizard loads external libraries. For
  more information about the vulnerability, see the Frequently Asked
  Questions (FAQ) subsection for the specific vulnerability entry under the
  next section, Vulnerability Information.

Affected Software

  Windows XP Service Pack 3
  Windows XP Professional x64 Edition Service Pack 2
  Windows Server 2003 Service Pack 2
  Windows Server 2003 x64 Edition Service Pack 2
  Windows Server 2003 with SP2 for Itanium-based Systems

Vulnerability Information

Internet Connection Signup Wizard Insecure Library Loading Vulnerability -
CVE-2010-3144

  A remote code execution vulnerability exists in the way that the Internet
  Connection Signup Wizard, a component of Microsoft Windows, handles the
  loading of DLL files. An attacker who successfully exploited this
  vulnerability could take complete control of an affected system. An
  attacker could then install programs; view, change, or delete data; or
  create new accounts with full user rights. Users whose accounts are
  configured to have fewer user rights on the system could be less impacted
  than users who operate with administrative user rights.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================