McAfee > Theat Center > Vulnerability Detail Page

Timeline

10/16/2009

A proof of concept has been released.

10/13/2009

Vendor has provided a patch.

Description

A remote code execution vulnerability exists in the Indexing Service on Windows systems. The vulnerability is due to an ActiveX control included with the service not properly handling specifically crafted URLs. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

McAfee Product Mitigation & Recommendations

Recommendations

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

(MS09-057) Memory Corruption in Indexing Service Vulnerability (969059)

Signature identifier:

7201

Release date:

10/13/2009

McAfee Intrushield

Signature:

HTTP: Indexing Service Remote Code Execution Vulnerability

Signature identifier:

0x4026A500

Release date:

10/13/2009

First released in:

4.1.59, 5.1.29

McAfee Host IPS

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee Host IPS

Signature:

Vulnerability in Indexing Service Could Allow Remote Code Execution

Signature identifier:

2237

Release date:

10/13/2009

First released in:

2925

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

Additional Resources

(MS09-057) Memory Corruption in Indexing Service Vulnerability (969059)

http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx

All Information

Timeline -

10/16/2009

A proof of concept has been released.

10/13/2009

Vendor has provided a patch.

Description -

A remote code execution vulnerability exists in the Indexing Service on Windows systems. The vulnerability is due to an ActiveX control included with the service not properly handling specifically crafted URLs. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

McAfee Product Mitigation & Recommendations

Recommendations -

The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx

McAfee Product Mitigation

McAfee Foundstone

Signature:

(MS09-057) Memory Corruption in Indexing Service Vulnerability (969059)

Signature identifier:

7201

Release date:

10/13/2009

McAfee Intrushield

Signature:

HTTP: Indexing Service Remote Code Execution Vulnerability

Signature identifier:

0x4026A500

Release date:

10/13/2009

First released in:

4.1.59, 5.1.29

McAfee Host IPS

Signature:

Generic Buffer Overflow Protection

Signature identifier:

428

Release date:

8/24/2000

First released in:

2.0

McAfee Host IPS

Signature:

Vulnerability in Indexing Service Could Allow Remote Code Execution

Signature identifier:

2237

Release date:

10/13/2009

First released in:

2925

McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

Signature:

Generic Buffer Overflow Protection

Additional Resources

Additional Resources -

(MS09-057) Memory Corruption in Indexing Service Vulnerability (969059)

http://www.microsoft.com/technet/security/bulletin/ms09-057.mspx