MSN Heartbeat Control Buffer Overflow
From: NGSSoftware Insight Security Research (nisr_at_NEXTGENSS.COM)
Date: 01/19/05
- Previous message: Markus Kern: "Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 19 Jan 2005 16:54:46 -0000 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
NGSSoftware Insight Security Research Advisory
Name: MSN Heartbeat Control Buffer Overflow
Systems Affected: Microsoft Internet Explorer with the MSN Heartbeat Control
Severity: High
Vendor URL: http://zone.msn.com/
Author: John Heasman [ john@ngssoftware.com ]
Date of Public Advisory: 19th January 2004
Advisory number: #NISR19012005d
Advisory URL: http://www.ngssoftware.com/advisories/heartbeatfull.txt
Reference: http://www.ngssoftware.com/advisories/heartbeat.txt
Description
***********
A vulnerability has been discovered in the MSN Heartbeat ActiveX component
which can allow remote code execution through Internet Explorer.
This component is installed by some MSN gaming sites and is marked safe
for scripting by default.
Details
*******
When initialising the Heartbeat control in a webpage, there are several
parameters which must be set to access the functionality within the
control, such as urls and filenames. When providing an overly string for
the SetupData parameter, a heap based buffer overflow occurs. A reliable
arbitrary dword overwrite is possible, and it is trivial to exploit this
flaw.
Fix Information
***************
Microsoft have released an update for the MSN Heartbeat component which
addresses this issue.
This can be downloaded from:
http://www.microsoft.com/technet/security/bulletin/MS04-038.mspx
A check for this vulnerability has been added to Typhon III, NGSSoftware's
advanced vulnerability assessment scanner. For more information please
visit the NGSSoftware website at http://www.ngssoftware.com/
About NGSSoftware
*****************
NGSSoftware design, research and develop intelligent, advanced application
security assessment scanners. Based in the United Kingdom, NGSSoftware
have offices in the South of London and the East Coast of Scotland.
NGSSoftware's sister company NGSConsulting, offers best of breed security
consulting services, specialising in application, host and network
security assessments.
Telephone +44 208 401 0070
Fax +44 208 401 0076
enquiries@ngssoftware.com
-- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. --
- Previous message: Markus Kern: "Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
