Follow:

Vulnerability:Win/WebServicesOnDevices.WSDAPI.RCE!CVE-2009-2512

Severity rating
Critical

Class/Type
Vulnerability

Discovered date
2009-11-10T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the Web Services on Devices API (WSDAPI) on Windows systems. The vulnerability is due to the service not properly handling a WSDAPI message with a specially crafted header. An attacker who successfully exploited this vulnerability could take complete control of an affected system.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected Windows system. An attacker could then install programs or view, change, or delete data; or create new accounts with full user rights.



Technical details (analysis)

Web Services on Devices allows a Windows client to discover and access remote devices, such as personal digital assistants (PDAs) and computer peripherals, including printers and cameras, as well as consumer electronics and their associated services across a network. It supports device discovery, description, and control. Developers can create WSDAPI client proxies and corresponding stubs for device hosts. Web Services on Devices API (WSDAPI) implements the Devices Profile for Web Services (DPWS) for Windows Vista and Windows Server 2008. The DPWS constrains Web Services specifications so that Windows clients can easily discover devices. Once a device is discovered, a client can retrieve a description of services hosted on that device and use those services. This vulnerability is caused by the WSD Application Programming Interface (API), on both clients and servers, not correctly validating specific headers of a received WSD message. An attacker could try to exploit the vulnerability by sending a specially crafted message to the WSD TCP ports 5357 or 5358 on an affected system. Alternatively, an attacker could send a specially crafted response to a WSD message querying for devices, when initiated by the Windows client. Note that applications that use the WSDAPI may use ports other than TCP ports 5357 and 5358, which are the defaults.



Affected software

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2



Non-affected software

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems



References




Solutions




NIS signature

Name: Vulnerability:Win/WebServicesOnDevices.WSDAPI.RCE!CVE-2009-2512
Release Date: 2009-11-12T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

No known work-arounds at this time.