Microsoft Windows Indexing Service ActiveX Vulnerability (969059) Network Vulnerability

Summary

This host is missing a critical security update according to Microsoft Bulletin MS09-057.

Impact

Successful exploitation will allow remote attackers to crash an affected browser or execute arbitrary code on the victim's system. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx

Insight

This issue is caused by a memory corruption error in the 'Query.dll' ActiveX component (included with the Indexing service) that does not properly handle specially crafted Web content.

Affected

Microsoft Windows 2K Service Pack 4 and prior. Microsoft Windows XP Service Pack 3 and prior. Microsoft Windows 2K3 Service Pack 2 and prior.

References

http://support.microsoft.com/kb/969059
http://www.microsoft.com/technet/security/bulletin/MS09-057.mspx
http://www.vupen.com/english/advisories/2009/2892

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-2507

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956803)
Cumulative Security Update for Internet Explorer (937143)
Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
Microsoft Groove Remote Code Execution Vulnerability (2494047)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)

Take action and discover your vulnerabilities