MS09-063: Vulnerability in Web Services on Devices API Could Allow Remote Code Execution (973565)
High Nessus Plugin ID 42437
SynopsisArbitrary code can be executed on the remote host through the Web Services for Devices API (WSDAPI).
DescriptionThe remote Windows host is running a vulnerable version of WSDAPI.
Sending the affected service a packet with a specially crafted header can result in arbitrary code execution. An attacker on the same subnet could exploit this to take complete control of the system.
SolutionMicrosoft has released a set of patches for Windows Vista and 2008.