[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Latest Intel Pro/10* ethernet adaptor drivers contain vulnerable MSVC runtime!
From: "Stefan Kanthak" <stefan.kanthak@xxxxxxxx>
Date: Sat, 2 Jan 2010 04:36:47 +0100

Hi @ll,

Intel just released updated drivers for their ethernet network adaptors,
see
<http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=17906&ProdId=3025&lang=eng>
and
<http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18518&ProdId=3025&lang=eng>
for example.

Unfortunately ALL these driver packages but contain an outdated and
unsupported "Microsoft Visual C++ 2008 Runtime", repackaged as
VC90_CRT_{x86,ia64,x64}.msi and violating Microsofts redistribution
rules, which installs VULNERABLE runtime DLLs.

See <http://support.microsoft.com/kb/973551>,
<http://support.microsoft.com/kb/973552> and
<http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx>

Stefan Kanthak

Prev by Date: Java vulnerability
Next by Date: WASC Announcement: WASC Threat Classification v2.0 Published
Previous by thread: Java vulnerability
Next by thread: WASC Announcement: WASC Threat Classification v2.0 Published
Index(es):
- Date
- Thread