CVE-2009-2507

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version, specifically including Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2.

Description The issue arises from a certain ActiveX control in the Indexing Service that does not properly process URLs. This allows remote attackers to execute arbitrary programs via unspecified vectors, causing a vulnerable binary to load and run, resulting in memory corruption.

Recommendations For Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, update to a version that includes the fix for the Memory Corruption in Indexing Service issue. As a temporary workaround, consider disabling the Indexing Service until a patch is available. Restrict access to the vulnerable ActiveX control to minimize the risk of exploitation.