Remote Code Execution Vulnerability in Multiple Microsoft Products
Reported June 14, 2005 by Microsoft
VERSIONS AFFECTED
|
Windows 98
|
DESCRIPTION
Multiple
vulnerabilities have been discovered in Windows and its components
that could allow intruders to launch code from a remote location on
systems running the affected software.
An
unchecked buffer in the PNG rendering library used by Internet
Explorer (IE) might allow an intruder to launch code on an affected
system that could let the intruder take complete control over that
system. Also, IE doesn't handle Web site redirects properly when
processing XML data. Because of this vulnerability, an intruder might
be able to gain access to XML data outside the intruder's domain.
Microsoft released a cumulative update for IE to address these
issues. The update also corrects other problems in IE, including an
issue with the pop-up blocker as well as problems with? GIF and XBM
image rendering.
The Windows HTML Help facility doesn't properly validate input, which could allow an intruder to take complete control of an affected system.
Due to an error in the way Windows processes Server Message Block (SMB) packets, an intruder could craft specialized packets that might allow that intruder complete control over an affected system or launch Denial of Service (DoS) attacks.
An unchecked buffer in the Windows Web Client service might allow an intruder to take complete control of an affected system. However the intruder would need valid logon credentials.
Due to the way Outlook Web Access (OWA) performs HTML encoding in its Compose New Message form, a cross-site scripting attack could occur. An intruder might be able to convince a user to allow a script to be executed that could take any action allowed by the security settings that govern the Web site.
An unchecked buffer in the Network News Transfer Protocol (NNTP) response processing function of Outlook Express could allow an intruder to take complete control of an affected system.
MIcrosoft's Step-by-Step Interactive Training component contains an unchecked buffer in the function that processes bookmarks. This buffer could allow an intruder to take complete control over an affected system.
VENDOR RESPONSE
Microsoft released several security bulletins to address these problems:
Cumulative
Security Update for Internet Explorer (883939)
Vulnerability
in HTML Help Could Allow Remote Code Execution (896358)
Vulnerability
in Server Message Block Could Allow Remote Code Execution (896422)
Vulnerability
in Web Client Service Could Allow Remote Code Execution
(896426)
Vulnerability
in Outlook Web Access for Exchange Server 5.5 Could Allow Cross-Site
Scripting Attacks (895179)
Cumulative
Security Update in Outlook Express (897715)
Vulnerability
in Step-by-Step Interactive Training Could Allow Remote Code
Execution (898458)
CREDITS
Mark Dowd of ISS
X-Force reported the PNG image rendering problem.
Mark
Litchfield of Next Generation Security Software reported the issues
with XML and the Web Client service.
Thor Larholm of PivX
Solutions reported the pop-up blocker issue.
The UK National
Infrastructure Security Co-ordination Centre (NISCC) reported the
GIF- and XBM-rendering issues.
Both Peter Winter-Smith with Next Generation Security Software and eEye Digital Security reported the HTML Help vulnerability.
Qualys reported the SMB vulnerability.
Gaël Delalleau and iDEFENSE reported the Outlook Web Access vulnerability.
iDEFENSE reported the issue with Outlook Express.
iDEFENSE and Brett Moore of Security-Assessment.com reported the vulnerability in Step-by-Step Interactive Training.
