18606 : Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow
Printer | http://osvdb.org/18606 | Email This | Edit Vulnerability

Views This Week
3

Views All Time
115

Info

Last Modified
about 1 year ago

Percent Complete
100%

Disclosure
Aug 09, 2005

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Keywords

 No Keywords

Description

 Windows contains a flaw related to the Telephone Application Programming Interface (TAPI) that may allow an attacker to execute arbitrary code. No further details have been provided.

Classification

 Location: Local Access Required, Remote/Network Access Required
Attack Type: Input Manipulation, Unknown
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Technical

 According to Microsoft, this is a remotely exploitable flaw only on Windows 2000 Server. Windows Server 2003 requires remote authentication, and Windows 2000 Professional and XP Professional require a local login.

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products
Microsoft Corporation
Watch-list
Windows
Watch-list
 2000 SP4
XP SP1
XP SP2
XP Professional x64 Edition
98
98 SE
ME
Windows Server
Watch-list
 2003
2003 SP1
2003 for Itanium
2003 for Itanium SP1
2003 x64 Edition

References

Tools & Filters

Snort

 10000 10001 10002 10003 10004 10005 10006 10007 10008 10009 9914 9915 9916 9917 9918 9919 9920 9921 9922 9923 9924 9925 9926 9927 9928 9929 9930 9931 9932 9933 9934 9935 9936 9937 9938 9939 9940 9941 9942 9943 9944 9945 9946 9947 9948 9949 9950 9951 9952 9953 9954 9955 9956 9957 9958 9959 9960 9961 9962 9963 9964 9965 9966 9967 9968 9969 9970 9971 9972 9973 9974 9975 9976 9977 9978 9979 9980 9981 9982 9983 9984 ... and 16 more

Nessus

 19403

Credit
  • Kostya Kortchinsky - CERT

Blogs

Provided by Technorati

 None found at this time

Comments

Add Comment

No Comments.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use