A
vulnerability has been identified in Microsoft Windows, which could be
exploited by attackers to take complete control of an affected system.
This issue is due to a memory corruption error in the OLE Dialog
component when parsing OLE objects embedded within RTF files, which
could be exploited by remote attackers to execute arbitrary commands by
convincing a user to interact with a malformed embedded OLE object
within a Rich Text Format (RTF) file.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Solution
Update for Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=7b1a81d5-1072-49d9-a24a-0e2630f62d8c
Update for Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=e9b84661-25e3-4d38-95b1-8d3e7af565aa
Update for Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=57c1b19f-3242-457c-bedf-d35a8efe525c
Update for Microsoft Windows Server 2003 and Windows Server 2003 SP1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=eaed6f59-801e-45d7-9518-469d0de13cad
Update for Microsoft Windows Server 2003 (Itanium) and Windows Server 2003 SP1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=cd1b18ae-bc8d-4d73-847f-4fa7ca672c88
Update for Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=11f4f8f6-b8ce-4a5f-b7ed-8389ccc56473
