{"vuid":"VU#468227","idnumber":"468227","name":"Microsoft Vista and Server 2008 vulnerable to memory corruption via saved search","keywords":["Microsoft","memory corruption",".search-ms","ms08-dec"],"overview":"Microsoft Windows Vista and Server 2008 contain a memory corruption vulnerability when saving a specially crafted search file. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"In Windows Vista and Server 2008, users can save searches as a search folder that is generated by a .search-ms XML file. Microsoft Windows fails to properly parse .search-ms files, which can result in memory corruption.","impact":"By convincing a user to save a specially crafted search specified by a .search-ms file, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.","resolution":"Apply an update\nThis vulnerability is addressed in Microsoft Security Bulletin MS08-075. This bulletin also includes several workarounds, including changing the file association for .search-ms files and denying the ability to save searches.","workarounds":"","sysaffected":"","thanks":"Thanks to Andre Protas of \neEye\n for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://www.microsoft.com/technet/security/Bulletin/ms08-075.mspx","http://msdn.microsoft.com/en-us/library/bb892885(VS.85).aspx"],"cveids":["CVE-2008-4268"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2008-07-11T14:56:18Z","publicdate":"2008-12-09T00:00:00Z","datefirstpublished":"2008-12-09T19:38:10Z","dateupdated":"2008-12-09T19:42:45Z","revision":6,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"2","cam_widelyknown":"10","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"4","cam_attackeraccessrequired":"13","cam_scorecurrent":"4.3875","cam_scorecurrentwidelyknown":"6.58125","cam_scorecurrentwidelyknownexploited":"10.96875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.3875,"vulnote":null}