McAfee > Theat Center > Vulnerability Detail Page

Timeline

8/29/2007

A proof of concept has been released.

8/14/2007

Vendor has provided a patch.

Description

Windows Gadgets are applications that provide special functionality such as supplying data or utility functions. A vulnerability exist in Microsoft Vista Contacts Gadget that may allow for arbitrary code execution. The flaw lies in processing of specially crafted contact gadget files. Successful exploitation would allow for code execution at the rights level of the victim. In order to be vulnerable the Contacts Gadget must have been added to the Windows Sidebar as the Contacts Gadget is not installed by default.

McAfee Product Mitigation & Recommendations

Recommendations

Download and install the patch available from Microsoft (938123): http://www.microsoft.com/technet/security/Bulletin/MS07-048.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-048) Microsoft Vista Contacts Gadget Remote Code Execution Vulnerability (938123)

Signature identifier:

5425

Release date:

8/14/2007

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HIGH - HTTP: Microsoft Vista Contacts Gadget Remote Code Execution Vulnerability

Signature identifier:

0x4023D600

Release date:

9/11/2007

First released in:

Sigsets 4.1.10.3, 3.1.47.3

Additional Resources

Microsoft Security Bulletin: Vulnerability in Windows Gadgets Could Allow Remote Code Execution (938123)

http://www.microsoft.com/technet/security/Bulletin/MS07-048.mspx

All Information

Timeline -

8/29/2007

A proof of concept has been released.

8/14/2007

Vendor has provided a patch.

Description -

Windows Gadgets are applications that provide special functionality such as supplying data or utility functions. A vulnerability exist in Microsoft Vista Contacts Gadget that may allow for arbitrary code execution. The flaw lies in processing of specially crafted contact gadget files. Successful exploitation would allow for code execution at the rights level of the victim. In order to be vulnerable the Contacts Gadget must have been added to the Windows Sidebar as the Contacts Gadget is not installed by default.

McAfee Product Mitigation & Recommendations

Recommendations -

Download and install the patch available from Microsoft (938123): http://www.microsoft.com/technet/security/Bulletin/MS07-048.mspx

McAfee Product Mitigation

McAfee Foundstone

This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.

Signature:

(MS07-048) Microsoft Vista Contacts Gadget Remote Code Execution Vulnerability (938123)

Signature identifier:

5425

Release date:

8/14/2007

McAfee Intrushield

McAfee Intrushield is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.

Signature:

HIGH - HTTP: Microsoft Vista Contacts Gadget Remote Code Execution Vulnerability

Signature identifier:

0x4023D600

Release date:

9/11/2007

First released in:

Sigsets 4.1.10.3, 3.1.47.3

Additional Resources

Additional Resources -

Microsoft Security Bulletin: Vulnerability in Windows Gadgets Could Allow Remote Code Execution (938123)

http://www.microsoft.com/technet/security/Bulletin/MS07-048.mspx