Alert: Microsoft Security Bulletin MS03-051 - Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/12/03

  • Next message: Derek Soeder: "EEYE: Windows Workstation Service Remote Buffer Overflow"
    Date:         Tue, 11 Nov 2003 18:31:23 -0500
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Microsoft Security Bulletin MS03-051:
    Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code
    Execution (813360)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-051.asp

    Summary:
     Version Number: V1.0
     Revision Date: 11-11-2003
     Impact of Vulnerability: Remote Code Execution
     Maximum Severity Rating: Critical
     Patch(es) Replaced: This update replaces the security updates contained
    in the following bulletins: MS01-035 and MS02-053.
     Caveats: None
     CVE Number(s): CAN-2003-0822,CAN-2003-0824

    Tested Software:
     Affected Software:
     * Microsoft Windows 2000 Service Pack 2, Service Pack 3
     * Microsoft Windows XP, Microsoft Windows XP Service Pack 1
     * Microsoft Office XP, Microsoft Office XP Service Release 1

     Affected Components:
     * Microsoft FrontPage Server Extensions 2000
    <http://www.ntbugtraq.com/link/C84C3D10-A821-4819-BF58-D3BC70A77BFA.asp>
     * Microsoft FrontPage Server Extensions 2000 (Shipped with Windows
    2000)
    <http://www.ntbugtraq.com/link/057D5F0E-0E2B-47D2-9F0F-3B15DD8622A2.asp>
     * Microsoft FrontPage Server Extensions 2000 (Shipped with Windows XP)
    <http://www.ntbugtraq.com/link/9B302532-BFAB-489B-82DC-ED1E49A16E1C.asp>
     * Microsoft FrontPage Server Extensions 2002
    <http://www.ntbugtraq.com/link/3E8A21D9-708E-4E69-8299-86C49321EE25.asp>
     * Microsoft SharePoint Team Services 2002 (shipped with Office XP)
    <http://www.ntbugtraq.com/link/5923FC2F-D786-4E32-8F15-36A1C9E0A340.asp>

     Software Not Affected:
     * Microsoft Windows Millennium Edition
     * Microsoft Windows NT Workstation 4.0, Service Pack 6a
     * Microsoft Windows NT Server 4.0, Service Pack 6a
     * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
     * Microsoft Windows 2000 Service Pack 4
     * Microsoft Windows XP 64-Bit Edition Version 2003
     * Microsoft Windows Server 2003 (Windows SharePoint Services)
     * Microsoft Windows Server 2003 64-Bit Edition (Windows SharePoint
    Services)
     * Microsoft Office System 2003

    Technical Description:

    This bulletin addresses two new security vulnerabilities in Microsoft
    FrontPage Server Extensions, the most serious of which could enable an
    attacker to run arbitrary code on a user's system.

    The first vulnerability exists because of a buffer overrun in the remote
    debug functionality of FrontPage Server Extensions. This functionality
    enables users to remotely connect to a server running FrontPage Server
    Extensions and remotely debug content using, for example, Visual
    Interdev. An attacker who successfully exploited this vulnerability
    could be able to run code with Local System privileges on an affected
    system, or could cause FrontPage Server Extensions to fail. The attacker
    could then take any action on the system, including installing programs,
    viewing, changing or deleting data, or creating new accounts with full
    privileges.

    The second vulnerability is a Denial of Service vulnerability that
    exists in the SmartHTML interpreter. This functionality is made up of a
    variety of dynamic link library files, and exists to support certain
    types of dynamic web content. An attacker who successfully exploited
    this vulnerability could cause a server running Front Page Server
    Extensions to temporarily stop responding to requests.

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.0)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    ----
    NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
    code "NT1003" when registering to take the TICSA exam at www.2test.com.
    Prove to your employer and peers that you have the knowledge and
    abilities to be an active stakeholder in today's enterprise security.
    Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
    12/31/03 and cannot be used in combination with other offers.
    ----
    

  • Next message: Derek Soeder: "EEYE: Windows Workstation Service Remote Buffer Overflow"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #336
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Unspecified Remote Code Execution Vulnerability ... Microsoft Windows Explorer BMP Image Denial of Service Vulnerability ... An attacker could leverage this issue to have arbitrary code execute with kernel level privileges. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #102
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Media Player File Attachment Script Execution... ... Microsoft TSAC ActiveX Control Buffer Overflow Vulnerability ... Abyss Web Server Malicious HTTP Request Information Disclosure... ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #445
      ... MICROSOFT VULNERABILITY SUMMARY ... Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability ... Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #398
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows WINS Server Local Privilege Escalation Vulnerability ... Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability ...
      (Focus-Microsoft)
    • DHS/FedCIRC Advisory FA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange
      ... There are multiple vulnerabilities in Microsoft Windows and Microsoft ... execute arbitrary code. ... For detailed information, see the following vulnerability ...
      (microsoft.public.security.virus)