This application requires Javascript for optimal performance.

MS.Windows.Fax.Cover.Page.Editor.Remote.Code.Execution

Release Date Sep 09, 2011
Severity high
Impact System Compromise: Remote attackers can gain control of vulnerable systems. Denial of Service: Remote attackers can crash vulnerable systems.
Description This indicates an attack attempt against a remote Code Execution vulnerability in Microsoft Fax Cover Page Editor. The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious ".COV" file. A remote attacker may exploit this to execute arbitrary code via a crafted ".COV" file.
Affected Products Microsoft Windows XP Tablet PC Edition SP3 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Service Pack 3 Microsoft Windows XP Professional x64 Edition SP3 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP3 Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition 2005 SP3 Microsoft Windows XP Media Center Edition SP3 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP3 Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP Microsoft Windows Vista x64 Edition SP2 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows Vista x64 Edition Microsoft Windows Vista Ultimate 64-bit edition SP2 Microsoft Windows Vista Ultimate 64-bit edition SP1 Microsoft Windows Vista Ultimate 64-bit edition Microsoft Windows Vista Home Premium 64-bit edition SP2 Microsoft Windows Vista Home Premium 64-bit edition SP1 Microsoft Windows Vista Home Premium 64-bit edition Microsoft Windows Vista Home Basic 64-bit edition Sp2 X64 Microsoft Windows Vista Home Basic 64-bit edition SP2 Microsoft Windows Vista Home Basic 64-bit edition Sp1 X64 Microsoft Windows Vista Home Basic 64-bit edition SP1 Microsoft Windows Vista Home Basic 64-bit edition Microsoft Windows Vista Enterprise 64-bit edition SP2 Microsoft Windows Vista Enterprise 64-bit edition SP1 Microsoft Windows Vista Enterprise 64-bit edition Microsoft Windows Vista Business 64-bit edition SP2 Microsoft Windows Vista Business 64-bit edition SP1 Microsoft Windows Vista Business 64-bit edition Microsoft Windows Vista Ultimate SP2 Microsoft Windows Vista Ultimate SP1 Microsoft Windows Vista Ultimate Microsoft Windows Vista Home Premium SP2 Microsoft Windows Vista Home Premium SP1 Microsoft Windows Vista Home Premium Microsoft Windows Vista Home Basic SP2 Microsoft Windows Vista Home Basic SP1 Microsoft Windows Vista Home Basic Microsoft Windows Vista Enterprise SP2 Microsoft Windows Vista Enterprise SP1 Microsoft Windows Vista Enterprise Microsoft Windows Vista Business SP2 Microsoft Windows Vista Business SP1 Microsoft Windows Vista Business Microsoft Windows Vista Microsoft Windows Storage Server 2003 Microsoft Windows Server 2008 R2 x64 SP1 Microsoft Windows Server 2008 R2 x64 Microsoft Windows Server 2008 R2 Itanium SP1 Microsoft Windows Server 2008 R2 Itanium Microsoft Windows Server 2008 R2 Datacenter SP1 Microsoft Windows Server 2008 R2 Datacenter Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for x64-based Systems R2 Microsoft Windows Server 2008 for x64-based Systems Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems R2 Microsoft Windows Server 2008 for Itanium-based Systems Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems Microsoft Windows Server 2008 Enterprise Edition SP2 Microsoft Windows Server 2008 Enterprise Edition Release Candidate Microsoft Windows Server 2008 Enterprise Edition Microsoft Windows Server 2008 Datacenter Edition SP2 Microsoft Windows Server 2008 Datacenter Edition Release Candidate Microsoft Windows Server 2008 Datacenter Edition Microsoft Windows Server 2003 x64 SP2 Microsoft Windows Server 2003 x64 SP1 Microsoft Windows Server 2003 Web Edition SP2 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard Edition SP2 Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 R2 web Edition Microsoft Windows Server 2003 R2 Standard Edition Microsoft Windows Server 2003 R2 Enterprise Edition SP2 Microsoft Windows Server 2003 R2 Enterprise Edition SP1 Microsoft Windows Server 2003 R2 Enterprise Edition Microsoft Windows Server 2003 R2 Datacenter Edition SP2 Microsoft Windows Server 2003 R2 Datacenter Edition SP1 Microsoft Windows Server 2003 R2 Datacenter Edition Microsoft Windows Server 2003 Itanium SP2 Microsoft Windows Server 2003 Itanium SP1 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 Enterprise x64 Edition SP2 Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 R2 Platfom SDK Microsoft Windows Server 2003 R2 Enterprise Microsoft Windows Server 2003 R2 Datacenter Microsoft Windows Server 2008 R2 Microsoft Windows 7 XP Mode Microsoft Windows 7 Ultimate Microsoft Windows 7 Starter Microsoft Windows 7 Professional Microsoft Windows 7 Home Premium Microsoft Windows 7 for x64-based Systems SP1 Microsoft Windows 7 for x64-based Systems Microsoft Windows 7 for Itanium-based Systems SP1 Microsoft Windows 7 for Itanium-based Systems Microsoft Windows 7 for 32-bit Systems SP1 Microsoft Windows 7 for 32-bit Systems Avaya Messaging Application Server 5 Avaya Messaging Application Server 4 Avaya Meeting Exchange - Webportal Avaya Meeting Exchange - Web Conferencing Server Avaya Meeting Exchange - Streaming Server Avaya Meeting Exchange - Recording Server Avaya Meeting Exchange - Client Registration Server Avaya Meeting Exchange 5.0.0.52 Avaya Meeting Exchange 5.2 SP2 Avaya Meeting Exchange 5.2 SP1 Avaya Meeting Exchange 5.2 Avaya Meeting Exchange 5.1 SP1 Avaya Meeting Exchange 5.1 Avaya Meeting Exchange 5.0 SP2 Avaya Meeting Exchange 5.0 SP1 Avaya Meeting Exchange 5.0 Avaya Communication Server 1000 Telephony Manager 4.0 Avaya Communication Server 1000 Telephony Manager 3.0 Avaya CallPilot 5.0 Avaya CallPilot 4.0 Avaya Aura Conferencing 6.0 Standard Avaya Aura Conferencing 6.0 SP1 Standard
Recommended Actions Apply the latest update from the vendor. Microsoft Windows Vista Home Premium SP2 Microsoft Windows6.1-KB2491683-x86.msu http://www.microsoft.com/downloads/details.aspx?familyid=BF762B86-B949-4E84-8CA4-93EBE669C1B8 Microsoft Windows6.1-KB2506212-x86.msu http://www.microsoft.com/downloads/details.aspx?familyid=0F5A122E-DD5E-4B08-881A-F13B38642720 Microsoft Windows Server 2008 R2 Itanium 0 Microsoft Windows6.1-KB2506212-ia64.msu http://www.microsoft.com/downloads/details.aspx?familyid=1A993F8C-D28A-4A95-A3C6-059F06E75461 Microsoft Windows XP Media Center Edition SP3 Microsoft WindowsXP-KB2491683-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=50FC3869-F2FC-43C8-8049-AAD62F2CB332 Microsoft WindowsXP-KB2506212-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=A8220A21-02FC-4AD6-988D-844276B2FD66 Microsoft Windows Server 2003 Web Edition SP2 Microsoft WindowsServer2003-KB2506212-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=BF084B4C-AAC9-4CC6-BB30-87FC96BA9430 Microsoft WindowsServer2003-KB2491683-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=EDDA8CCE-B764-4EF1-AFBE-391FBD087362 Microsoft Windows XP Professional x64 Edition SP2 Microsoft WindowsServer2003.WindowsXP-KB2506212-x64-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=0F60FC99-CD88-4237-8B31-A4E618502F7E Microsoft WindowsServer2003.WindowsXP-KB2491683-x64-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=B93311B4-1B8F-478D-8833-750C5E01E6F8 Microsoft Windows Vista x64 Edition SP1 Microsoft Windows6.0-KB2506212-x64.msu http://www.microsoft.com/downloads/details.aspx?familyid=1C942282-0F80-46C1-AEEF-1EF948E105A3 Microsoft Windows6.1-KB2491683-x64.msu http://www.microsoft.com/downloads/details.aspx?familyid=A6793ECF-A3F6-4989-8E4C-C5C0005F9AC4 Microsoft Windows6.1-KB2506212-x64.msu http://www.microsoft.com/downloads/details.aspx?familyid=658301F1-103A-48A2-9B67-61CF8E1DAD50 Microsoft Windows6.0-KB2491683-x64.msu http://www.microsoft.com/downloads/details.aspx?familyid=61DB662E-88D7-4454-B4B7-E987728FB137 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows6.0-KB2506212-ia64.msu http://www.microsoft.com/downloads/details.aspx?familyid=421024F1-AA86-459E-B6DE-53851A3FCBA2 Microsoft Windows Server 2003 Standard Edition SP2 Microsoft WindowsServer2003-KB2491683-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=EDDA8CCE-B764-4EF1-AFBE-391FBD087362 Microsoft WindowsServer2003-KB2506212-x86-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=BF084B4C-AAC9-4CC6-BB30-87FC96BA9430 Microsoft Windows Server 2003 Itanium SP2 Microsoft WindowsServer2003-KB2491683-ia64-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=EFB575C7-3259-49B1-B59C-89D9544E37A6 Microsoft WindowsServer2003-KB2506212-ia64-ENU.exe http://www.microsoft.com/downloads/details.aspx?familyid=03A7EE49-7BD6-4215-9779-1B48C10D08B9 Microsoft Windows Server 2008 for Itanium-based Systems 0 Microsoft Windows6.0-KB2506212-ia64.msu http://www.microsoft.com/downloads/details.aspx?familyid=421024F1-AA86-459E-B6DE-53851A3FCBA2 Microsoft Windows Vista x64 Edition SP2 Microsoft Windows6.0-KB2491683-x64.msu http://www.microsoft.com/downloads/details.aspx?familyid=61DB662E-88D7-4454-B4B7-E987728FB137 Microsoft Windows6.0-KB2506212-x64.msu http://www.microsoft.com/downloads/details.aspx?familyid=1C942282-0F80-46C1-AEEF-1EF948E105A3
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2010-3974
Reference/s http://technet.microsoft.com/en-us/security/bulletin/MS11-024.mspx (MS-ID)

Reference: VID-29056

Current Threat Level

Vulnerabilities

Virus/Spyware

Spam

PGP Keys

Contact Form

Copyright © 2012 Fortinet Inc. All Rights Reserved