Alert: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/21/03

Next message: Russ: "Alert: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"

Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Tue, 21 Oct 2003 17:27:43 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

Summary:
  Version Number: V1.0
  Revision Date: 10-15-2003
  Impact of Vulnerability: Local Elevation of Privilege
  Maximum Severity Rating: Important
  Patch(es) Replaced: None
  Caveats: None
  CVE Number(s): CAN-2003-065

Software Not Affected:
* Microsoft Windows Millennium Edition

Technical Description:
A vulnerability exists because the ListBox control and the ComboBox
control both call a function, which is located in the User32.dll file,
that contains a buffer overrun. The function does not correctly validate
the parameters that are sent from a specially-crafted Windows message.
Windows messages provide a way for interactive processes to react to
user events (for example, keystrokes or mouse movements) and to
communicate with other interactive processes. A security vulnerability
exists because the function that provides the list of accessibility
options to the user does not correctly validate Windows messages that
are sent to it. One process in the interactive desktop could use a
specific Windows message to cause the ListBox control or the ComboBox
control to execute arbitrary code. Any program that implements the
ListBox control or the ComboBox control could allow code to be
executed at an elevated level of administrative credentials, as long as
the program is running at an elevated level of privileges (for example,
Utility Manager in Windows 2000). This could include third-party
applications. An attacker who had the ability to log on to a system
interactively could run a program that could send a specially-crafted
Windows message to any applications that have implemented the ListBox
control or the ComboBox control, causing the application to take any
action an attacker specified. This could give an attacker complete
control over the system by using Utility Manager in Windows 2000.
This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, *** covering, and bureaucracy are threatening to derail any
chance of making progress.
-----

Next message: Russ: "Alert: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"

Previous message: Russ: "Alert: Microsoft Security Bulletin MS03-044 - Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]