Microsoft Security Bulletin MS02-022

From: Jerry Bryant [MS] (jbryant@online.microsoft.com)
Date: 05/09/02

• Next message: Nexus: "Re: security"
• Previous message: got root?: "Re: cmd.exe exploit"
• Next in thread: Hector Santos: "Re: Microsoft Security Bulletin MS02-022"
• Reply: Hector Santos: "Re: Microsoft Security Bulletin MS02-022"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Jerry Bryant [MS]" <jbryant@online.microsoft.com>
Date: Wed, 8 May 2002 16:42:02 -0700

- ----------------------------------------------------------------------
Title: Unchecked Buffer in MSN Chat Control Can Lead to Code
            Execution (Q321661)
Date: 08 May 2002
Software: MSN Chat, MSN Messenger, Exchange Instant Messenger
Impact: Run Code of Attacker's Choice
Max Risk: Critical
Bulletin: MS02-022

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-022.asp.
- ----------------------------------------------------------------------

Issue:
======
The MSN Chat control is an ActiveX control that allows groups of users to
gather in a single, virtual location online to engage in text messaging. The
control is offered for download as a single ActiveX control from a number of
MSN sites. In addition, it is included with MSN Messenger since version 4.5
and Exchange Instant Messenger. While the MSN Chat control is included with
these products it is not used to provide Instant Messaging functionality,
but rather to add chat functionality to those products.

An unchecked buffer exists in one of the functions that handles input
parameters in the MSN Chat control. A security vulnerability results because
it is possible for a malicious user to levy a buffer overrun attack and
attempt to exploit this flaw. A successful attack could allow code to run in
the user's context.

It would be possible for an attacker to attempt to exploit
this vulnerability either through a malicious web site or through HTML
email. However, Outlook Express 6.0 and the Outlook Email Security Update,
which is available for Outlook 98 and Outlook 2000, Outlook 2002 and can
thwart such attempts through their default security settings.

Mitigating Factors:
====================
 - A successful attack would require that the user have installed
   the MSN Chat control, MSN Messenger, or
   Exchange Instant Messenger.

 - The MSN Chat control does not install with any version of
   Windows or Internet Explorer by default.

 - Windows Messenger which ships with Windows XP does not
   include the MSN Chat control. Windows XP users would be
   vulnerable only if they have chosen to install the MSN Chat
   control from MSN sites.

 - The HTML email attack vector is blocked by the following
   Microsoft mail products:
    - Outlook 98 and Outlook 2000 with the
      Outlook Email Security Update
    - Outlook 2002
    - Outlook Express.
   This is because these products all open HTML email in the
   Restricted Sites zone by default.

Risk Rating:
============
 - Internet systems: Low
 - Intranet systems: Low
 - Client systems: Critical

Patch Availability:
===================
 - A patch is available to fix this vulnerability. Please read the
   Security Bulletin at
   http://www.microsoft.com/technet/security/bulletin/ms02-022.asp
   for information on obtaining this patch.

Acknowledgment:
===============
 - eEye Digital Security (http://www.eeye.com)

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES
DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

--
Regards,
Jerry Bryant - MCSE, MCDBA
Microsoft IT Communities
Get Secure! www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.

• Next message: Nexus: "Re: security"
• Previous message: got root?: "Re: cmd.exe exploit"
• Next in thread: Hector Santos: "Re: Microsoft Security Bulletin MS02-022"
• Reply: Hector Santos: "Re: Microsoft Security Bulletin MS02-022"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Microsoft Security Bulletin MS02-022 v2.0 ... Unchecked Buffer in MSN Chat Control Can Lead to Code ... version of Exchange Instant Messenger have been made available. ... A security vulnerability results because ... However, Outlook Express 6.0 and the Outlook Email Security Update, ... (microsoft.public.security) [NT] Unchecked Buffer in MSN Chat Control Can Lead to Code Execution ... The MSN Chat control is an ActiveX control that allows groups of users to ... version 4.5 and Exchange Instant Messenger. ... vulnerability either through a malicious web site or through HTML email. ... chosen to install the MSN Chat control from MSN sites. ... (Securiteam) Re: Microsoft Security Bulletin MS02-022 ... Unchecked Buffer in MSN Chat Control Can Lead to Code ... > Microsoft encourages customers to review the Security Bulletin at: ... > and Exchange Instant Messenger. ... A security vulnerability results ... (microsoft.public.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint