1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Security Threats
  3. Vulnerability Reports
  4. SA200906014

Web Services on Devices API Memory Corruption Vulnerability

Report ID: SA200906014
Source: F-Secure
Date of Discovery: 10.11.2009
Criticality: Critical
Affects:
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2

*Server Core installation affected.
Compromise From: From local system
Compromise Type: Remote code execution

Summary

A vulnerability has been reported in the Web Services on Devices Application Programming Interface (WSDAPI) of Windows Vista and Windows Server 2008 operating systems, which if exploited could allow remote code execution on the affected system.

Detailed Description

The vulnerability can be exploited using a specially crafted packet, sent by an attacker on a local subnet.

Solution

Original Reference

-