Copyright 2024 - CSIM - Asian Institute of Technology

Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA05-039A -- Multiple Vulnerabilities in Microsoft Windows Components
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Tue, 8 Feb 2005 21:23:39 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

           Technical Cyber Security Alert TA05-039A
  Multiple Vulnerabilities in Microsoft Windows Components

   Original release date: February 8, 2005
   Last revised: --
   Source: US-CERT

Systems Affected

     * Microsoft Windows Systems

Overview

   Microsoft has released a Security Bulletin Summary for February, 2005.
   This summary includes several bulletins that address vulnerabilities
   in various Windows applications and components. Exploitation of some
   vulnerabilities can result in the remote execution of arbitrary code
   by a remote attacker. Details of the vulnerabilities and their impacts
   are provided below.


I. Description

   The table below provides a reference between Microsoft's Security
   Bulletins and the related US-CERT Vulnerability Notes. More
   information related to the vulnerabilities is available in these
   documents.

   _________________________________________________________________

   Format:

   Microsoft Security Bulletin

   Related US-CERT Vulnerability Note(s)
   _________________________________________________________________

   MS05-004: ASP.NET Path Validation Vulnerability (887219) 

   VU#283646 Microsoft ASP.NET fails to perform proper
   canonicalization
   _________________________________________________________________

   MS05-005: Microsoft Office XP could allow Remote Code Execution
   (873352) 
   
   VU#416001 Microsoft Office XP contains buffer overflow
   vulnerability
   _________________________________________________________________

   MS05-006: Vulnerability in Windows SharePoint Services and
   SharePoint Team Services Could Allow Cross-Site Scripting and
   Spoofing Attacks (887981)

   VU#340409 Microsoft Windows SharePoint Services and SharePoint Team
   Services contain cross-site scripting vulnerabilities
   _________________________________________________________________

   MS05-007: Vulnerability in Windows Could Allow Information
   Disclosure (888302)

   VU#939074 Microsoft Computer Browser service contains an
   information disclosure vulnerability
   _________________________________________________________________

   MS05-008: Vulnerability in Windows Shell Could Allow Remote Code
   Execution (890047)

   VU#698835 Microsoft Internet Explorer contains drag and drop flaw
   _________________________________________________________________

   MS05-009: Vulnerability in PNG Processing Could Allow Remote Code
   Execution (890261)

   VU#259890 Windows Media Player does not properly handle PNG images
   with excessive width or height values
   
   VU#817368 libpng png_handle_sBIT() performs insufficient bounds
   checking
   
   VU#388984 libpng fails to properly check length of transparency
   chunk (tRNS) data
   _________________________________________________________________

   MS05-010: Vulnerability in the License Logging Service Could Allow
   Code Execution (885834)

   VU#130433 Microsoft License Logging Service buffer overflow
   _________________________________________________________________

   MS05-011: Vulnerability in Server Message Block Could Allow Remote
   Code Execution (885250)

   VU#652537 Microsoft Windows SMB packet validation vulnerability
   _________________________________________________________________

   MS05-012: Vulnerability in OLE and COM Could Allow Remote Code
   Execution (873333)
   
   VU#597889 Microsoft COM Structured Storage Vulnerability
   
   VU#927889 Microsoft OLE input validation vulnerability
   _________________________________________________________________

   MS05-013: Vulnerability in the DHTML Editing Component ActiveX
   Control Could Allow Remote Code Execution (891781)

   VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control
   contains a cross-domain vulnerability
   _________________________________________________________________

   MS05-014: Cumulative Security Update for Internet Explorer (867282)
   
   VU#698835 Microsoft Internet Explorer contains drag and drop flaw
   
   VU#580299 Microsoft Internet Explorer contains URL decoding zone
   spoofing vulnerability
   
   VU#843771 Microsoft Internet Explorer contains a DHTML method heap
   memory corruption vulnerability
   
   VU#823971 Microsoft Internet Explorer contains a Channel Definition
   Format (CDF) cross-domain vulnerability
   _________________________________________________________________

   MS05-015: Vulnerability in Hyperlink Object Library Could Allow
   Remote Code Execution (888113)

   VU#820427 Microsoft Hyperlink Object Library buffer overflow
   _________________________________________________________________


II. Impact

   A remote, unauthenticated attacker may exploit VU#283646 to gain
   unauthorized access to secured content on an ASP.NET server.

   Exploitation of VU#416001, VU#698835, VU#259890, VU#817368,
   VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600,
   VU#580299, VU#843771, and VU#820427 would permit a remote attacker
   to execute arbitrary code on a vulnerable Windows system.

   Exploitation of VU#340409, VU#356600, and VU#823971 will have
   impacts similar to cross-site scripting vulnerabilities. For more
   information about cross-site scripting, please see CERT Advisory
   CA-2000-02.

   A remote attacker could use VU#939074 to retrieve the names of
   users who have open connections to a shared Windows resource.


III. Solution

Apply a patch

   Microsoft has provided the patches for these vulnerabilities in the
   Security Bulletins and on Windows Update.

Appendix A. References

     * Microsoft's Security Bulletin Summary for February, 2005 -
       <http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx>

     * US-CERT Vulnerability Note VU#283646 -
       <http://www.kb.cert.org/vuls/id/283646>

     * US-CERT Vulnerability Note VU#416001 -
       <http://www.kb.cert.org/vuls/id/416001>

     * US-CERT Vulnerability Note VU#340409 -
       <http://www.kb.cert.org/vuls/id/340409>

     * US-CERT Vulnerability Note VU#939074 -
       <http://www.kb.cert.org/vuls/id/939074>

     * US-CERT Vulnerability Note VU#698835 -
       <http://www.kb.cert.org/vuls/id/698835>

     * US-CERT Vulnerability Note VU#259890 -
       <http://www.kb.cert.org/vuls/id/259890>

     * US-CERT Vulnerability Note VU#817368 -
       <http://www.kb.cert.org/vuls/id/817368>

     * US-CERT Vulnerability Note VU#388984 -
       <http://www.kb.cert.org/vuls/id/388984>

     * US-CERT Vulnerability Note VU#130433 -
       <http://www.kb.cert.org/vuls/id/130433>

     * US-CERT Vulnerability Note VU#652537 -
       <http://www.kb.cert.org/vuls/id/652537>

     * US-CERT Vulnerability Note VU#597889 -
       <http://www.kb.cert.org/vuls/id/597889>

     * US-CERT Vulnerability Note VU#927889 -
       <http://www.kb.cert.org/vuls/id/927889>

     * US-CERT Vulnerability Note VU#356600 -
       <http://www.kb.cert.org/vuls/id/356600>

     * US-CERT Vulnerability Note VU#580299 -
       <http://www.kb.cert.org/vuls/id/580299>

     * US-CERT Vulnerability Note VU#843771 -
       <http://www.kb.cert.org/vuls/id/843771>

     * US-CERT Vulnerability Note VU#823971 -
       <http://www.kb.cert.org/vuls/id/823971>

     * US-CERT Vulnerability Note VU#820427 -
       <http://www.kb.cert.org/vuls/id/820427>

     * CERT Advisory CA-2000-002 -
       <http://www.cert.org/advisories/CA-2000-02.html#impact>
   _________________________________________________________________

   Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
   Chad Dougherty, Ken MacInnis, and Jeff Havrilla
   _________________________________________________________________


   This document is available from: 
   
      <http://www.us-cert.gov/cas/techalerts/TA05-039A.html>      
   
   _________________________________________________________________

   Copyright 2004 Carnegie Mellon University.
   
   Terms of use: <http://www.us-cert.gov/legal.html>
   _________________________________________________________________



   Revision History

   February 8, 2005: Initial release

                      Last updated February 08, 2005 




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQglyjBhoSezw4YfQAQJHvwf+MJrGdbRzuV+xr5SgRZQXCmL+0uSedhZZ
5c+NuO1p9wKex+9Q6a7UCvCykf0KgWumy0MkE5htZzxDqrTLMQxWOIa0JkHtqZGy
CklUEhEbB+4UeuVx0Jcgwkq7nLUaFJW86elSp0GyxiPVKQUFFwSRFYPzOUPYPe7+
Pv/JdiME6gejCdpTfiNxEvx7JKa/pWc/ntD/35bPWFkJkj+5VZPQQf/gaG7qmTll
zG0e21aufLjsfqZPYFyHr4ADmgeMkWutolZYnooEDNvOo1zhtrPkoZEMLLk68WMX
tia8bq0ScAhOg9gwQBvagBPqYyPGXbAsWLwPVB6nlWN68IbUezCzqw==
=I8H5
-----END PGP SIGNATURE-----
Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology