KLA11056
Multiple arbitrary code execution vulnerabilities in Microsoft Windows

Обновлено: 16/12/2020
Дата обнаружения
15/06/2017
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Windows XP and Microsoft Windows Server 2003. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An improper validation of user input in Windows OLE can be exploited remotely via a specially designed file or program to execute arbitrary code;
  2. An incorrect way of handling requests done by the Routing and Remote Access service can be exploited remotely via a specially designed application to execute arbitrary code.
Пораженные продукты

Microsoft Windows Server 2003
Microsoft Windows XP

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
Description of the security update of Windows XP and Windows Server 2003
Description of the security update of Windows XP and Windows Server 2003
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Microsoft Windows Server 2003
Microsoft Windows XP
CVE-IDS
CVE-2017-84879.3Critical
CVE-2017-84616.9High
Эксплуатация

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/42211