Technical Description
Two vulnerabilitieshave been identified in Microsoft Windows, which could be exploited byremote attackers to take complete control of an affected system.
The first issue is due to a buffer overflow error in the Winsock APIwhen handling malformed messages, which could be exploited by remoteattackers to execute arbitrary commands by convincing a user to open aspecially crafted file or visit a malicious web site.
The second vulnerability is due to a buffer overflow error in the DNSclient layer when handling malformed DNS related communications, whichcould be exploited by remote attackers to execute arbitrary commands bysending malformed packets to a vulnerable system.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Solution
Apply patches :
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
