Microsoft Warns of New Windows Flaw (March 19, 2003 )
From: The Other Guy (firstname.lastname@example.org)
From: The Other Guy <email@example.com> Date: Thu, 20 Mar 2003 16:36:25 GMT
March 19, 2003
Microsoft Warns of New Windows Flaw
Microsoft Corp. has released a patch for a critical vulnerability in
every version of Windows from 98 forward.
The flaw lies in the Windows Script Engine for Jscript, which enables
the operating system to execute script code. The engine incorrectly
processes the script and does not correctly size a buffer during a
memory operation. As a result, an attacker could cause a buffer
overflow and execute code of his choice on a vulnerable machine.
In order to exploit this problem, the attacker would either need to
construct a Web page that contains the malicious code and lure a user
to the page or send the user an HTML mail message with the code
Any code the attacker is able to execute on the user's machine would
run with the user's privileges.
This vulnerability affects Windows 98, 98 SE, Me, NT 4.0, NT 4.0
Terminal Server Edition, 2000 and XP. However, there are several
mitigating factors that could prevent exploitation of the flaw. Users
who have disabled active scripting in Internet Explorer would not be
vulnerable to either of the above attacks. Also, Outlook Express 6.0
and 2002 block the automatic execution of the HTML mail attack, as do
Outlook 98 and 2000 when the Outlook Email Security Update is
Flaw in Windows Script Engine Could Allow Code Execution
-- ./configure --prefix=~/zyterion Not this guy or that guy, The Other Guy. This spot may contain a satirical comment or comedic source, and is meant to be funny. If you are easily offended, gullible or don't have a sense of humour we suggest you read elsewhere.