Re: Microsoft Security Bulletin MS02-022
From: Hector Santos (spamhole@spamhole.com)
Date: 05/09/02
- Next message: Onno Pieters: "built-in abilities"
- Previous message: Mark Strelecki, ACP: "Re: jdbgmgr.exe"
- In reply to: Jerry Bryant [MS]: "Microsoft Security Bulletin MS02-022"
- Next in thread: Kent W. England [MVP]: "Re: Microsoft Security Bulletin MS02-022"
- Reply: Kent W. England [MVP]: "Re: Microsoft Security Bulletin MS02-022"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hector Santos" <spamhole@spamhole.com> Date: Thu, 9 May 2002 11:37:16 -0400
This is getting really ridiculous.
"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:O2FF2nu9BHA.1656@tkmsftngp07...
> - ----------------------------------------------------------------------
> Title: Unchecked Buffer in MSN Chat Control Can Lead to Code
> Execution (Q321661)
> Date: 08 May 2002
> Software: MSN Chat, MSN Messenger, Exchange Instant Messenger
> Impact: Run Code of Attacker's Choice
> Max Risk: Critical
> Bulletin: MS02-022
>
> Microsoft encourages customers to review the Security Bulletin at:
> http://www.microsoft.com/technet/security/bulletin/MS02-022.asp.
> - ----------------------------------------------------------------------
>
> Issue:
> ======
> The MSN Chat control is an ActiveX control that allows groups of users to
> gather in a single, virtual location online to engage in text messaging.
The
> control is offered for download as a single ActiveX control from a number
of
> MSN sites. In addition, it is included with MSN Messenger since version
4.5
> and Exchange Instant Messenger. While the MSN Chat control is included
with
> these products it is not used to provide Instant Messaging functionality,
> but rather to add chat functionality to those products.
>
> An unchecked buffer exists in one of the functions that handles input
> parameters in the MSN Chat control. A security vulnerability results
because
> it is possible for a malicious user to levy a buffer overrun attack and
> attempt to exploit this flaw. A successful attack could allow code to run
in
> the user's context.
>
> It would be possible for an attacker to attempt to exploit
> this vulnerability either through a malicious web site or through HTML
> email. However, Outlook Express 6.0 and the Outlook Email Security Update,
> which is available for Outlook 98 and Outlook 2000, Outlook 2002 and can
> thwart such attempts through their default security settings.
>
> Mitigating Factors:
> ====================
> - A successful attack would require that the user have installed
> the MSN Chat control, MSN Messenger, or
> Exchange Instant Messenger.
>
> - The MSN Chat control does not install with any version of
> Windows or Internet Explorer by default.
>
> - Windows Messenger which ships with Windows XP does not
> include the MSN Chat control. Windows XP users would be
> vulnerable only if they have chosen to install the MSN Chat
> control from MSN sites.
>
> - The HTML email attack vector is blocked by the following
> Microsoft mail products:
> - Outlook 98 and Outlook 2000 with the
> Outlook Email Security Update
> - Outlook 2002
> - Outlook Express.
> This is because these products all open HTML email in the
> Restricted Sites zone by default.
>
> Risk Rating:
> ============
> - Internet systems: Low
> - Intranet systems: Low
> - Client systems: Critical
>
> Patch Availability:
> ===================
> - A patch is available to fix this vulnerability. Please read the
> Security Bulletin at
> http://www.microsoft.com/technet/security/bulletin/ms02-022.asp
> for information on obtaining this patch.
>
> Acknowledgment:
> ===============
> - eEye Digital Security (http://www.eeye.com)
>
> - ---------------------------------------------------------------------
>
> THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
> PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
> WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
> WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
> EVENT
> SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES
> WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF
> BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS
> SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES
> DO
> NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR
> INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
>
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
- Next message: Onno Pieters: "built-in abilities"
- Previous message: Mark Strelecki, ACP: "Re: jdbgmgr.exe"
- In reply to: Jerry Bryant [MS]: "Microsoft Security Bulletin MS02-022"
- Next in thread: Kent W. England [MVP]: "Re: Microsoft Security Bulletin MS02-022"
- Reply: Kent W. England [MVP]: "Re: Microsoft Security Bulletin MS02-022"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
