OSVDB ID: 18606

Title: Microsoft Windows Telephony Application Programming Interface (TAPI) Overflow

Info

Disclosure

Aug 09, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Windows contains a flaw related to the Telephone Application Programming Interface (TAPI) that may allow an attacker to execute arbitrary code. No further details have been provided.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation, Attack Type Unknown
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Commercial
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	2000 SP4
		XP SP1
		XP SP2
		XP Professional x64 Edition
		98
		98 SE
		ME
	Windows Server	2003
		2003 SP1
		2003 for Itanium
		2003 for Itanium SP1
		2003 x64 Edition

References

Security Tracker: 1014639
Bugtraq ID: 14518
Secunia Advisory ID: 16354
SCIP VulDB ID: 1687
CVE ID: 2005-0058 (see also: NVD)
ISS X-Force ID: 21599
Microsoft Knowledge Base Article: 893756
Mail List Post: http://archives.neohapsis.com/archives/dailydave/2005-q3/0221.html
Generic Exploit URL: http://immunitysec.com
http://www.saintcorporation.com/cgi-bin/exploit_info/windows_tapi
Other Advisory URL: http://www.securiteam.com/windowsntfocus/5ZP0F00GKA.html
Microsoft Security Bulletin: MS05-040
CIAC Advisory: p-268

Credit

Kostya Kortchinsky - CERT

Direct URL: http://osvdb.org/18606

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Windows

Windows Server

References

Credit