Signature Detail

HTTP: Microsoft WMS Arbitrary File Write Vulnerability

This signature detects an issue in Windows Media Services Authoring Objects where a malicious user can write an arbitrary file on the affected system.

Extended Description

The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Affected Products

• Avaya Customer Interaction Express (CIE) Server 1.0
• Avaya Customer Interaction Express (CIE) User Interface 1.0
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• HP Storage Management Appliance 2.1
• Microsoft Windows 2000 Professional SP1
• Microsoft Windows 2000 Professional SP2
• Microsoft Windows 2000 Professional SP3
• Microsoft Windows 2000 Professional SP4
• Microsoft Windows 2000 Professional
• Microsoft Windows 2000 Server SP4
• Microsoft Windows Server 2003 SP1
• Microsoft Windows Server 2003 SP2
• Microsoft Windows Server 2003 Datacenter Edition SP1
• Microsoft Windows Server 2003 Datacenter Edition Itanium SP1
• Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Datacenter x64 Edition SP2
• Microsoft Windows Server 2003 Datacenter x64 Edition
• Microsoft Windows Server 2003 Enterprise Edition SP1
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
• Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Enterprise x64 Edition SP2
• Microsoft Windows Server 2003 Enterprise x64 Edition
• Microsoft Windows Server 2003 Itanium SP1
• Microsoft Windows Server 2003 Itanium SP2
• Microsoft Windows Server 2003 Itanium
• Microsoft Windows Server 2003 Standard Edition SP1
• Microsoft Windows Server 2003 Standard Edition SP2
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Standard x64 Edition
• Microsoft Windows Server 2003 Web Edition SP1
• Microsoft Windows Server 2003 Web Edition SP2
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows Server 2003 x64 SP2
• Microsoft Windows Vista Business
• Microsoft Windows Vista Enterprise
• Microsoft Windows Vista Home Basic
• Microsoft Windows Vista Home Premium
• Microsoft Windows Vista Ultimate
• Microsoft Windows Vista
• Microsoft Windows Vista x64 Edition
• Microsoft Windows XP Home SP2
• Microsoft Windows XP Media Center Edition SP2
• Microsoft Windows XP Professional SP2
• Microsoft Windows XP Professional x64 Edition SP2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows XP Tablet PC Edition SP2
• Nortel Networks CallPilot 1002Rp
• Nortel Networks CallPilot 200I
• Nortel Networks CallPilot 201I
• Nortel Networks CallPilot 702T
• Nortel Networks CallPilot 703T
• Nortel Networks Centrex IP Client Manager
• Nortel Networks Contact Center
• Nortel Networks Contact Center Administration
• Nortel Networks Contact Center Express
• Nortel Networks Contact Center Manager
• Nortel Networks Contact Center Manager Server
• Nortel Networks Contact Center Multimedia
• Nortel Networks Contact Center Web Client
• Nortel Networks Symposium Agent

References

• BugTraq: 23827
• CVE: CVE-2007-2221