Alert: Microsoft Security Bulletin MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/16/03
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Oct 2003 19:37:52 -0400 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-044.asp
Summary:
Version Number: V1.0
Revision Date: 10-15-2003
Patch(es) Replaced: None
Caveats: None
CVE Number(s): CAN-2003-0711
Tested Software:
Affected Software:
* Microsoft Windows Millennium Edition
* Microsoft Windows NT Workstation 4.0, Service Pack 6a
* Microsoft Windows NT Server 4.0, Service Pack 6a
* Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
Pack 6
* Microsoft Windows 2000, Service Pack 2
* Microsoft Windows 2000, Service Pack 3, Service Pack 4
* Microsoft Windows XP Gold, Service Pack 1
* Microsoft Windows XP 64-bit Edition
* Microsoft Windows XP 64-bit Edition Version 2003
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 64-bit Edition
Software Not Affected:
* None
Technical Description:
A security vulnerability exists in the Help and Support Center function
which ships with Windows XP and Windows Server 2003. The affected code
is also included in all other supported Windows operating systems,
although no known attack vector has been identified at this time because
the HCP protocol is not supported on those platforms. The vulnerability
results because a file associated with the HCP protocol contains an
unchecked buffer. An attacker could exploit the vulnerability by
constructing a URL that, when clicked on by the user, could execute code
of the attacker's choice in the Local Computer security context. The URL
could be hosted on a web page, or sent directly to the user in email. In
the web based scenario, where a user then clicked on the URL hosted on a
website, an attacker could have the ability to read or launch files
already present on the local machine. The risk of attack from the HTML
email vector can be significantly reduced if the following conditions
are met:
* You have applied the patch included with Microsoft Security bulletin
MS03-040
* You are using Internet Explorer 6 or later
* You are using the Microsoft Outlook Email Security Update or
Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or
higher in their default configuration.
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----
- Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
