Alert: Microsoft Security Bulletin MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/16/03

  • Next message: Russ: "Alert: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"
    Date:         Wed, 15 Oct 2003 19:37:52 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-044.asp

    Summary:

      Version Number: V1.0
      Revision Date: 10-15-2003
      Patch(es) Replaced: None
      Caveats: None
      CVE Number(s): CAN-2003-0711

    Tested Software:
      Affected Software:
      * Microsoft Windows Millennium Edition
      * Microsoft Windows NT Workstation 4.0, Service Pack 6a
      * Microsoft Windows NT Server 4.0, Service Pack 6a
      * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
      * Microsoft Windows 2000, Service Pack 2
      * Microsoft Windows 2000, Service Pack 3, Service Pack 4
      * Microsoft Windows XP Gold, Service Pack 1
      * Microsoft Windows XP 64-bit Edition
      * Microsoft Windows XP 64-bit Edition Version 2003
      * Microsoft Windows Server 2003
      * Microsoft Windows Server 2003 64-bit Edition

      Software Not Affected:
      * None

    Technical Description:
    A security vulnerability exists in the Help and Support Center function
    which ships with Windows XP and Windows Server 2003. The affected code
    is also included in all other supported Windows operating systems,
    although no known attack vector has been identified at this time because
    the HCP protocol is not supported on those platforms. The vulnerability
    results because a file associated with the HCP protocol contains an
    unchecked buffer. An attacker could exploit the vulnerability by
    constructing a URL that, when clicked on by the user, could execute code
    of the attacker's choice in the Local Computer security context. The URL
    could be hosted on a web page, or sent directly to the user in email. In
    the web based scenario, where a user then clicked on the URL hosted on a
    website, an attacker could have the ability to read or launch files
    already present on the local machine. The risk of attack from the HTML
    email vector can be significantly reduced if the following conditions
    are met:
      * You have applied the patch included with Microsoft Security bulletin
    MS03-040
      * You are using Internet Explorer 6 or later
      * You are using the Microsoft Outlook Email Security Update or
    Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or
    higher in their default configuration.

    This email is sent to NTBugtraq automatically as a service to my
    subscribers. (v2.0)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Russ: "Alert: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"

    Relevant Pages