US-CERT Technical Cyber Security Alert TA05-284A -- Microsoft Windows, Internet Explorer, and Exchange Server Vulnerabilities

From: CERT Advisory (cert-advisory_at_cert.org)
Date: 10/12/05

  • Next message: CERT Advisory: "US-CERT Technical Cyber Security Alert TA05-291A -- Snort Back Orifice Preprocessor Buffer Overflow" 
    Date: Tue, 11 Oct 2005 18:56:22 -0400
To: cert-advisory@cert.org

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

                Technical Cyber Security Alert TA05-284A
      Microsoft Windows, Internet Explorer, and Exchange Server
      Vulnerabilities

       Original release date: October 11, 2005
       Last revised: --
       Source: US-CERT

    Systems Affected

         * Microsoft Windows
         * Microsoft Internet Explorer
         * Microsoft Exchange Server

       For more complete information, refer to the Microsoft Security
       Bulletin Summary for October 2005.

    Overview

       Microsoft has released updates that address critical vulnerabilities
       in Windows, Internet Explorer, and Exchange Server. Exploitation of
       these vulnerabilities could allow a remote, unauthenticated attacker
       to execute arbitrary code or cause a denial of service on an affected
       system.

    I. Description

       Microsoft Security Bulletins for October 2005 address vulnerabilities
       in Windows and Internet Explorer. Further information is available in
       the following US-CERT Vulnerability Notes:

       VU#214572 - Microsoft Plug and Play fails to properly validate user
       supplied data

       Microsoft Plug and Play contains a flaw in the handling of message
       buffers that may result in local or remote arbitrary code execution or
       denial-of-service conditions.
       (CAN-2005-2120)

       VU#883460 - Microsoft Collaboration Data Objects buffer overflow

       A buffer overflow in Microsoft Collaboration Data Objects may allow a
       remote, unauthenticated attacker to execute arbitrary code on a
       vulnerable system.
       (CAN-2005-1987)

       VU#922708 - Microsoft Windows Shell fails to handle shortcut files
       properly

       Microsoft Windows Shell does not properly handle some shortcut files
       and may permit arbitrary code execution when a specially-crafted file
       is opened.
       (CAN-2005-2122)

       VU#995220 - Microsoft DirectShow buffer overflow

       A buffer overflow in Microsoft DirectShow may allow a remote,
       unauthenticated attacker to execute arbitrary code on a vulnerable
       system.
       (CAN-2005-2128)

       VU#180868 - Microsoft Distributed Transaction Coordinator vulnerable
       to buffer overflow via specially crafted network message

       Microsoft Distributed Transaction Coordinator (MSDTC) may be
       vulnerable to a flaw that allows remote, unauthenticated attackers to
       execute arbitrary code.
       (CAN-2005-2119)

       VU#950516 - Microsoft COM+ contains a memory management flaw

       Microsoft COM+ contains a vulnerability due to a memory management
       flaw that may allow an attacker to take complete control of an
       affected system.
       (CAN-2005-1978)

       VU#959049 - Several COM objects cause memory corruption in Microsoft
       Internet Explorer

       Microsoft Internet Explorer will initialize COM objects that were not
       intended to be used in the web browser. Several COM objects have been
       identified that may allow an attacker to execute arbitrary code or
       crash Internet Explorer.
       (CAN-2005-2127)

       VU#680526 - Microsoft Internet Explorer allows non-ActiveX COM objects
       to be instantiated

       Microsoft Internet Explorer will initialize COM objects that were not
       intended to be used in the web browser. This may allow an attacker to
       execute arbitrary code or crash Internet Explorer.
       (CAN-2005-0163)

    II. Impact

       Exploitation of these vulnerabilities may allow a remote,
       unauthenticated attacker to execute arbitrary code with SYSTEM
       privileges or with the privileges of the user. If the user is logged
       on with administrative privileges, the attacker could take complete
       control of an affected system. An attacker may also be able to cause a
       denial of service.

    III. Solution

    Apply Updates

       Microsoft has provided the updates for these vulnerabilities in the
       Security Bulletins and on the Microsoft Update site.

    Workarounds

       Please see the following US-CERT Vulnerability Notes for workarounds.

    Appendix A. References

         * Microsoft Security Bulletin Summary for October 2005 -
           <http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx>

         * US-CERT Vulnerability Note VU#214572 -
           <http://www.kb.cert.org/vuls/id/214572>

         * US-CERT Vulnerability Note VU#883460 -
           <http://www.kb.cert.org/vuls/id/883460>

         * US-CERT Vulnerability Note VU#922708 -
           <http://www.kb.cert.org/vuls/id/922708>

         * US-CERT Vulnerability Note VU#995220 -
           <http://www.kb.cert.org/vuls/id/995220>

         * US-CERT Vulnerability Note VU#180868 -
           <http://www.kb.cert.org/vuls/id/180868>

         * US-CERT Vulnerability Note VU#950516 -
           <http://www.kb.cert.org/vuls/id/950516>

         * US-CERT Vulnerability Note VU#959049 -
           <http://www.kb.cert.org/vuls/id/959049>

         * US-CERT Vulnerability Note VU#680526 -
           <http://www.kb.cert.org/vuls/id/680526>

         * CAN-2005-2120 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2120>

         * CAN-2005-1987 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1987>

         * CAN-2005-2122 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2122>

         * CAN-2005-2128 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2128>

         * CAN-2005-2119 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2119>

         * CAN-2005-1978 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1978>

         * CAN-2005-2127 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2127>

         * CAN-2005-0163 -
           <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0163>

         * Microsoft Update - <https://update.microsoft.com/microsoftupdate>

      _________________________________________________________________

       The most recent version of this document can be found at:

       <http://www.us-cert.gov/cas/techalerts/TA05-284A.html>
      _________________________________________________________________

       Feedback can be directed to US-CERT. Please send email to:
       <cert@cert.org> with "TA05-284A Feedback VU#959049" in the subject.
      _________________________________________________________________

       Revision History

       Oct 11, 2004: Initial release
      _________________________________________________________________

       Produced 2005 by US-CERT, a government organization.
      
       Terms of use

       <http://www.us-cert.gov/legal.html>
      _________________________________________________________________

       For instructions on subscribing to or unsubscribing from this
       mailing list, visit <http://www.us-cert.gov/cas/>.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iQEVAwUBQ0xBVn0pj593lg50AQJvOQf/QqIy3putm/wkUAUguQaylsCfC38Lysdc
    bqbtj7oF6HEoCzhQguaqQdMGOqa4QJnrObnkHN29xFhYovKWOIYkYsh6c3IXaNLK
    PdImVbcMFNn9VsBNNRVr2dqPXJPvgFFzQKsDcKkknnZyxLf5mshwDJoKFsKDGr9c
    1P9yxwyagQ8G73gTq6hPV/Wl/6zElXH/chlh6haXe6XN9ArTmz8A3OCAN+BZQUqe
    /9T4US8oxLeLlNDcQc/PV5v3VuXXW0v9kjEjqAVEH5tRKH/oIkVdgpj7gdrAzDjM
    MUojHfl1v2/JwWubQ9DFQsBx4Jxv5YvJEREsU7RbVJotn02+Yaaeog==
    =5hXu
    -----END PGP SIGNATURE-----

  • Next message: CERT Advisory: "US-CERT Technical Cyber Security Alert TA05-291A -- Snort Back Orifice Preprocessor Buffer Overflow"

    Relevant Pages