Title

Microsoft Windows COM Validation Remote Code Execution Vulnerability (Cat II impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability affecting various versions of Microsoft Windows. To exploit this vulnerability, a remote attacker would entice a user to access a malicious WordPad file hosted on a web site or sent via email or select a shortcut file on a network or WebDAV share. If successfully exploited, this vulnerability would allow an attacker to execute arbitrary code resulting in the compromise of affected systems. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. COM Validation Vulnerability - (CVE-2010-1263): A remote code execution vulnerability exists in the way that the Windows Shell and WordPad validate COM object instantiation. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS10-083 (2405882). Vulnerable Applications/Systems: WordPad Windows XP SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 (x86, x64 and Itanium) Windows Vista SP 1 and SP 2 (x86 and x64) [1] Windows Server 2008 and Windows Server 2008 SP2 (x86**, x64** and Itanium) [1] Windows 7 (x86 and x64) [1] Windows Server 2008 R2 (x64** and Itanium) [1] Windows Shell Windows Vista SP 1 and SP 2 (x86 and x64) [1] Windows Server 2008 and Windows Server 2008 SP2 (x86**, x64** and Itanium) [1] Windows 7 (x86 and x64) [1] Windows Server 2008 R2 (x64** and Itanium) [1] **Server Core installation not affected. [1]Where both security update packages for WordPad (KB979687) and Windows Shell (KB979688) are available for the same operating system, customers need to install both to be protected from the vulnerabilities described in this bulletin. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. WordPad (KB979687) Wordpad.exe Windows XP SP3 5.1.2600.6010 Windows XP SP2 x64 5.2.3790.4750 Windows 2003 SP2 x86 5.1.2600.6010 Windows 2003 SP2 x64, Itanium 5.2.3790.4750 Windows Vista SP1 / 2008 6.0.6001.18498 or 22720 Windows Vista SP2 / 2008 SP2 6.0.6002.18277 or 22433 Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 6.1.7600.16624 or 20744 Windows Shell (KB979688) Msshsq.dll Windows Vista SP1 / 2008 6.0.6001.18470 or 22865 Windows Vista SP2 / 2008 SP2 6.0.6002.18255 or 22398 Structuredquery.dll Windows 7 and 2008 R2 Fixed by SP1 Windows 7 / 2008 R2 7.0.7600.16587 or 20707

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25530

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.