Microsoft Patch MS09-063



The advisory for 063 is confusing I am not sure what their reference to local
subnet means, later in the advisory they state:

How could an attacker exploit the vulnerability?
An attacker could try to exploit the vulnerability by sending a specially
crafted message to the WSD TCP ports 5357 or 5358 on an affected system.
Alternatively, an attacker could send a specially crafted response to a WSD
message querying for devices, when initiated by the Windows client. Note that
applications that use the WSDAPI may use ports other than TCP ports 5357 and
5358, which are the defaults

Can someone clarify this for me.

Thanks
.



Relevant Pages

  • RealOne Player Allows Cross Zone and Domain Access
    ... DigitalPranksters Security Advisory ... RealOne Player Allows Cross Zone and Domain Access ... Using a SMIL presentation, an attacker can instruct the RealOne player to ...
    (NT-Bugtraq)
  • Calyptix Security Advisory CX-2007-04 - Cross-Site Request Forgery Attack Against Ch
    ... Calyptix Security Advisory CX-2007-04 ... This vulnerability allows an attacker to run commands on the web ... As a separate but exacerbating vulnerability, ...
    (Bugtraq)
  • RealOne Player Allows Cross Zone and Domain Access
    ... DigitalPranksters Security Advisory ... RealOne Player Allows Cross Zone and Domain Access ... Using a SMIL presentation, an attacker can instruct the RealOne player to ...
    (Bugtraq)
  • RE: XWT Foundation Advisory
    ... We'd like to set the record straight as regards the advisory ... Foundation solicited a response from Microsoft to include in the ... It's a pity the XWT Foundation ... Among the barriers that an attacker would face in attempting to ...
    (Bugtraq)
  • GLSA: krb5 & mit-krb5 (200303-28)
    ... "An attacker who has successfully authenticated to the Kerberos ... administration daemon (kadmind) may be able to crash kadmind or induce ... Read the full advisory at ...
    (Bugtraq)