PDA

Visualizza versione completa : VulnerabilitÓ MS del 13/07/04


Giorgius
14-07-2004, 11.15.16
Microsoft Windows POSIX Subsystem Privilege Escalation Vulnerability

Effetti:
Rafal Wojtczuk has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to a boundary error within the POSIX subsystem and can be exploited to cause a buffer overflow.
Successful exploitation allows execution of arbitrary code with SYSTEM privileges.

Leggi: http://secunia.com/advisories/12062/

Microsoft Internet Information Server Redirection Buffer Overflow Vulnerability

Effetti:
Microsoft has released an update for Internet Information Server. This fixes a vulnerability, allowing malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the handling of permanent redirects. This could be exploited by supplying an overly long maliciously crafted URL.
This vulnerability affects Internet Information Server 4.0 on Microsoft Windows NT 4.0.

Leggi: http://secunia.com/advisories/12061/

Microsoft Windows Task Scheduler Buffer Overflow Vulnerability

Effetti:
Microsoft has issued an update for Windows. This fixes a vulnerability, allowing malicious websites to execute arbitrary code on a vulnerable system.
The vulnerability is caused due a boundary error during application name validation in the Task Scheduler ("Mstask.dll"). According to Microsoft, this could lead to system access if the current user has administrative privileges.
This affects Microsoft Windows 2000 and Windows XP. Microsoft Windows NT 4 is also affected if Internet Explorer 6 SP1 is installed.

Leggi: http://secunia.com/advisories/12060/

Giorgius
14-07-2004, 11.20.57
Microsoft Windows showHelp and HTML Help Vulnerabilities

Effetti:
Microsoft has issued an update for Windows. This fixes two vulnerabilities, allowing malicious websites to compromise a vulnerable system.
1) A problem in the handling of a specially crafted showHelp URL allows execution of arbitrary code in the Local Security Zone.
This issue may be related to:
SA10523
2) An unspecified problem in HTML Help allows execution of arbitrary code on a user's system if the current user has administrative privileges.
Reportedly, all versions of Microsoft Windows running Internet Explorer 5.5 SP2 and 6 SP1 are affected.
Microsoft will not be releasing updates for Windows 98, 98SE, and ME.

Leggi: http://secunia.com/advisories/12059/

Microsoft Windows / Internet Explorer File Download Extension Spoofing

Effetti:
Microsoft has issued an update for Microsoft Windows. This fixes a vulnerability, allowing malicious web sites to spoof the extension of files being downloaded.
For more information:
SA10736

Leggi: http://secunia.com/advisories/12058/

Microsoft Internet Explorer Multiple Vulnerabilities

Effetti:
Paul has reported some vulnerabilities in Internet Explorer, allowing malicious people to bypass security restrictions and potentially compromise a vulnerable system.
1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.
Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too.
2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".
This issue is a variant of an issue discovered by Liu Die Yu.
SA9711
http-equiv has posted a PoC (Proof of Concept), which combined with the inherently insecure Windows "shell:" functionality, can be exploited to compromise a vulnerable system.
3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.
4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.
Successful exploitation may potentially cause users to open harmful files or do other harmful actions without knowing it.
An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.
Issues 1-4 has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1.
Previous versions of Internet Explorer may also be affected.

Leggi: http://secunia.com/advisories/12048/

Giorgius
14-07-2004, 11.24.06
Microsoft Outlook Express Header Validation Denial of Service Weakness

Effetti:
A weakness has been discovered in Microsoft Outlook Express 6, which can be exploited by malicious people to cause a DoS (Denial of Service).
The weakness is caused due to an error when validating email headers. This can be exploited to crash the application when a specially crafted email is viewed.
This will only pose a problem if the preview pane is enabled, since Outlook Express will crash each time it is started.
Microsoft has issued cumulative patches. However, only Outlook Express 6 (without SP1) is affected by the weakness.

Leggi: http://secunia.com/advisories/12038/