The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Windows Search

computer vulnerability note CVE-2009-0239

Windows Search: information disclosure

Synthesis of the vulnerability

An attacker can invite the victim to use Windows Search in order to execute a JavaScript code in the context on the computer.
Impacted products: Windows 2003, Windows Search, Windows XP.
Severity: 1/4.
Consequences: data reading.
Provenance: document.
Creation date: 10/06/2009.
Identifiers: 963093, BID-35220, CERTA-2009-AVI-218, CVE-2009-0239, MS09-023, VIGILANCE-VUL-8779.

Description of the vulnerability

The Windows Search can be optionally installed on Windows XP and 2003.

When the user searches a pattern, the first file found is previewed.

However, if it is an HTML file, the JavaScript code it contains runs in the context of the computer.

To exploit this vulnerability, the attacker has to upload an HTML file on victim's computer or to send it by email, and then has to wait for this file to be indexed, and finally has to invite the victim to search something where this file is the first result.

This vulnerability can therefore be used by an attacker to read files on victim's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2008-4268 CVE-2008-4269

Windows Search: code execution

Synthesis of the vulnerability

An attacker can use two vulnerabilities of the Windows Search feature in order to execute code on victim's computer.
Impacted products: Windows 2008 R0, Windows Desktop Search, Windows Search, Windows Vista.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/12/2008.
Identifiers: 959349, BID-32651, BID-32652, CERTA-2008-AVI-589, CVE-2008-4268, CVE-2008-4269, MS08-075, VIGILANCE-VUL-8307, VU#468227.

Description of the vulnerability

The Saved Search feature creates files with the ".search-ms" extension. It has two vulnerabilities. The attacker can invite the victim to open and save a malicious search-ms file in order to exploit two vulnerabilities of Saved Search.

When saving Windows Search files, the memory is not correctly freed, which forces a restart and leads to code execution. [severity:3/4; BID-32651, CERTA-2008-AVI-589, CVE-2008-4268, VU#468227]

Windows Explorer does not correctly interpret parameters when the search-ms protocol is parsed, which leads to code execution. [severity:3/4; BID-32652, CVE-2008-4269]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.