Remote Code Execution Vulnerability in Multiple Microsoft Products
Multiple vulnerabilities have been discovered in Windows and its components that could allow intruders to launch code from a remote location on systems running the affected software.
June 14, 2005
RemoteCode Execution Vulnerability in Multiple Microsoft Products
ReportedJune 14, 2005 by Microsoft
VERSIONS AFFECTED
Windows 98Windows 2000Windows XPWindows Server 2003Internet Explorer 5.x and 6.0Outlook ExpressOutlook Web AccessStep-by-Step Interactive TrainingWindows Web ClientWindows HTML Help |
DESCRIPTION
Multiplevulnerabilities have been discovered in Windows and its componentsthat could allow intruders to launch code from a remote location onsystems running the affected software.
Anunchecked buffer in the PNG rendering library used by InternetExplorer (IE) might allow an intruder to launch code on an affectedsystem that could let the intruder take complete control over thatsystem. Also, IE doesn't handle Web site redirects properly whenprocessing XML data. Because of this vulnerability, an intruder mightbe able to gain access to XML data outside the intruder's domain.Microsoft released a cumulative update for IE to address theseissues. The update also corrects other problems in IE, including anissue with the pop-up blocker as well as problems with? GIF and XBMimage rendering.
The Windows HTML Helpfacility doesn't properly validate input, which could allow anintruder to take complete control of an affected system.
Due to an error in theway Windows processes Server Message Block (SMB) packets, an intrudercould craft specialized packets that might allow that intrudercomplete control over an affected system or launch Denial of Service(DoS) attacks.
An unchecked buffer inthe Windows Web Client service might allow an intruder to takecomplete control of an affected system. However the intruder wouldneed valid logon credentials.
Due to the way OutlookWeb Access (OWA) performs HTML encoding in its Compose New Messageform, a cross-site scripting attack could occur. An intruder might beable to convince a user to allow a script to be executed that couldtake any action allowed by the security settings that govern the Website.
An unchecked buffer inthe Network News Transfer Protocol (NNTP) response processingfunction of Outlook Express could allow an intruder to take completecontrol of an affected system.
MIcrosoft'sStep-by-Step Interactive Training component contains an uncheckedbuffer in the function that processes bookmarks. This buffer couldallow an intruder to take complete control over an affected system.
VENDOR RESPONSE
Microsoft releasedseveral security bulletins to address these problems:
CumulativeSecurity Update for Internet Explorer (883939)
Vulnerabilityin HTML Help Could Allow Remote Code Execution (896358)
Vulnerabilityin Server Message Block Could Allow Remote Code Execution (896422)
Vulnerabilityin Web Client Service Could Allow Remote Code Execution(896426)
Vulnerabilityin Outlook Web Access for Exchange Server 5.5 Could Allow Cross-SiteScripting Attacks (895179)
CumulativeSecurity Update in Outlook Express (897715)
Vulnerabilityin Step-by-Step Interactive Training Could Allow Remote CodeExecution (898458)
CREDITS
Mark Dowd of ISSX-Force reported the PNG image rendering problem.
MarkLitchfield of Next Generation Security Software reported the issueswith XML and the Web Client service.
Thor Larholm of PivXSolutions reported the pop-up blocker issue.
The UK NationalInfrastructure Security Co-ordination Centre (NISCC) reported theGIF- and XBM-rendering issues.
Both PeterWinter-Smith with Next Generation Security Software and eEye DigitalSecurity reported the HTML Help vulnerability.
Qualys reported theSMB vulnerability.
Gaël Delalleauand iDEFENSE reported the Outlook Web Access vulnerability.
iDEFENSE reported theissue with Outlook Express.
iDEFENSE and BrettMoore of Security-Assessment.com reported the vulnerability inStep-by-Step Interactive Training.
Read more about:
MicrosoftAbout the Author
You May Also Like