Vulnerability in Web Services on Devices API Could Allow Remote Code Execution
Description: This security update resolves a privately reported vulnerability in the Web Services on Devices Application Programming Interface (WSDAPI) on the Windows operating system. The vulnerability could allow remote code execution if an affected Windows system receives a specially crafted packet. Only attackers on the local subnet would be able to exploit this vulnerability. The security update addresses the vulnerability by correcting the processing of headers in WSD messages.
Update type: Critical
Release date: November 10, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/973565
- Web Services on Devices API Memory Corruption Vulnerability – CVE-2009-2512
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB973565.