MS Security Bulletin Summary for May, 2006
FYI...
- http://www.microsoft.com/technet/sec.../ms06-may.mspx
Published: May 9, 2006
Version: 1.0
Critical (2)
Microsoft Security Bulletin MS06-019
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803)
- http://www.microsoft.com/technet/sec.../ms06-019.mspx
...Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Affected Software:
Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004(870540)
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 2003 Service Pack 2...
Microsoft Security Bulletin MS06-020
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433)
- http://www.microsoft.com/technet/sec.../ms06-020.mspx
...Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Affected Software:
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)...
Moderate (1)
Microsoft Security Bulletin MS06-018
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580)
- http://www.microsoft.com/technet/sec.../ms06-018.mspx
Impact of Vulnerability: Denial of Service
Maximum Severity Rating: Moderate...
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems...
Revisions:
V1.0 (May 9, 2006): Bulletin published..."
-----------------------------------------
ISC Analysis:
MS06-019 (Critical)
- http://isc.sans.org/diary.php?storyid=1322
Last Updated: 2006-05-09 18:32:46 UTC
"...Exchange admins you will have your hands full, especially if you are running your own RIM/Blackberry Enterprise Server. Please read the earlier entry*... for details on the "gotcha" there. This vulnerability allows for remote code execution and is critical that it be patched.
* http://www.isc.sans.org/diary.php?storyid=1320
MS06-020 (Critical)
- http://isc.sans.org/diary.php?storyid=1323
Last Updated: 2006-05-09 18:05:03 UTC
"...This bulletin addresses flaws in older versions of Adobe's flash player. Both have been fixed for a while by Adobe. In case you haven't yet, this is your last chance to update the Adobe Flash player. MS06-020 patched this vulnerability as well. However, it only patched Flash Player 7 (or 8 ). If a user had initially Flashplayer 6 installed, MS06-020 was not applied. As a result, a user may have installed 7 or 8 later, and ended up vulnerable as a result. See the KB article above for details ( http://support.microsoft.com/kb/913433 ). The "safe" version is 8.0.24.0 (this is currently the most recent version)... This patch should be applied fast on all desktops. You may be able to wait a bit on servers, or you could just uninstall the flash player on servers (if you never use them to browse)..."
MS06-018 (Moderate)
- http://isc.sans.org/diary.php?storyid=1321
Last Updated: 2006-05-09 18:32:27 UTC
"...This update patches two vulnerabilities in MSDTC (CVE-2006-0034,CVE-2006-1184). Both represent a denial of service in MSDTC which can be exploited locally or remotely with malformed messages. This vulnerability is listed as moderate for Windows 2000 versus Low for XP and 2003 because MSDTC is enabled by default on that platform. The severity is the same on the other platforms when the service is running..."
:fear:
MS06-020 update - "flash player cannot be updated"
FYI...
- http://www.techweb.com/article/print...section=700028
May 10, 2006
"...Problems with the MS06-020 update -- the one tagged as "critical" that patched flawed Flash Players -- drove many to mark complaints on the Windows Update newsgroup. Threads with titles such as "Security Update for Flash Player," and "Flash Player" contain a slew of grievances, most of them remarking about repeated failures of the patch to install. Microsoft is aware of the problem, which it dubbed a "known issue" in a support document* posted Wednesday. The document offers a workaround that requires users to delete a pair of Flash-related files, then manually download and install the Player update. The problem, Microsoft said, involves a PC's specific history with Flash. If, for instance, a user had installed Flash Player 7 or 8 on a machine that previously had version 6, then later uninstalled version 7 or 8, Windows Update will repeatedly offer the update, and display the error "The version of Macromedia Flash you have installed does not match the update you are trying to install." ...Buried in the FAQ section of MS06-020 is a paragraph that spells it out for Windows 98 and Millennium users... Even some users who followed the rules, however, were nonplussed. "I had already gotten [updated Flash Player version] 8.0.r24 from [Adobe's] site a while ago, but Windows Update still tried to patch me up," wrote Kevin Hobbs in an e-mail to TechWeb. "Go figure..."
* http://support.microsoft.com/default.aspx/kb/913433?
:( :spider:
Microsoft Security Advisory (919637) - Word Vuln
FYI...
Microsoft Security Advisory (919637)
Vulnerability in Word Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/919637.mspx
Published: May 22, 2006
"Microsoft is investigating new public reports of limited zero-day attacks using a vulnerability in Microsoft Word XP and Microsoft Word 2003. In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. Microsoft will continue to investigate the public reports to help provide additional guidance for customers as necessary.
Microsoft is completing development of a security update for Microsoft Word that addresses this vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility and is on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.
Microsoft is concerned that this new report of a vulnerability in Word was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed..."
-----------------------------------------------
Update on Word 0-Day Issue
- http://isc.sans.org/diary.php?storyid=1351
Last Updated: 2006-05-23 03:25:51 UTC
"Microsoft and Eeye have each released advisories related to the issue this evening.
Microsoft's security advisory can be found here: http://www.microsoft.com/technet/sec...ry/919637.mspx
Eeye's advisory can be found here: http://www.eeye.com/html/resources/n...amunbmvambckmn
The information about vulnerable exploits differs a little between the two advisories. Microsoft says the vulnerability only affects Word 2002/XP and Word 2003 and that Word 2000 is not vulnerable. The Microsoft advisory contains information on workarounds including not using Word as the default mail editor in Outlook and running Word in 'Safe Mode' to disable the functionality that is affected by the vulnerability and exploit.
Eeye says that the vulnerability affects Word 2000 as well. The Eeye advisory mentions that they believe there are two variants of this exploit. Thus, it may be that the first variant only affects Word 2002/XP and 2003 and the second variant affects all three versions."
:spider:
MS Security Bulletin Advance Notification - June 2006
FYI...
- http://www.microsoft.com/technet/sec...n/advance.mspx
Updated: June 8, 2006
"On 13 June 2006 Microsoft is planning to release:
Security Updates
Nine Microsoft Security Bulletins affecting Microsoft Windows. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer and the Enterprise Scan Tool. Some of these updates will require a restart.
Note that, as discussed in Microsoft Security Bulletin MS06-013, with the release of one of these bulletins, support for the compatibility patch discussed in Microsoft Knowledge Base Article 917425 will cease.
This means that all users who apply this security update will receive the ActiveX update discussed in Microsoft Knowledge Base Article 912945 regardless of whether or not they have applied the compatibility patch discussed in Microsoft Knowledge Base Article 917425.
Administrators are encouraged to review the following articles prior to release and take appropriate steps for their environment:
Microsoft Security Advisory 912945 Non-Security Update for Internet Explorer
Microsoft Knowledge Base Article 912945
Microsoft Knowledge Base Article 917425
Information for Developers about Internet Explorer
One Microsoft Security Bulletin affecting Microsoft Exchange. The highest Maximum Severity rating for this is Important. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Note that this update will include the functionality change discussed in Microsoft Knowledge Base Article 912918. Administrators are urged to review this Knowledge Base article prior to release and take steps appropriate for their environment.
Two Microsoft Security Bulletins affecting Microsoft Office. The highest Maximum Severity rating for these is Critical. These updates will be detectable using the Microsoft Baseline Security Analyzer. These updates may require a restart.
Microsoft Windows Malicious Software Removal Tool
Microsoft will release an updated version of the Microsoft Windows Malicious Software Removal Tool on Windows Update, Microsoft Update, Windows Server Update Services and the Download Center.
Note that this tool will NOT be distributed using Software Update Services (SUS).
Non-security High Priority updates on MU, WU, WSUS and SUS
Microsoft will release 1 NON-SECURITY High-Priority Updates for Windows on Windows Update (WU) and Software Update Services (SUS).
Microsoft will release two NON-SECURITY High-Priority Updates on Microsoft Update (MU) and Windows Server Update Services (WSUS).
Although we do not anticipate any changes, the number of bulletins, products affected, restart information and severities are subject to change until released..."
--------------------------------------------------------------
Additional info w/links:
- http://blogs.technet.com/msrc/archiv...08/434186.aspx
:spider:
MS06-014 exploit on the Web
FYI...
- http://www.eweek.com/article2/0,1759...129TX1K0000614
June 8, 2006
"Malicious hackers are actively exploiting a flaw patched by Microsoft in its April batch of bulletins to hijack computers for use in botnets, according to a warning from malware hunters. Researchers at Exploit Prevention Labs, an Atlanta-based Internet security outfit, said several bot-seeding scripts are targeting the MDAC (Microsoft Data Access Components) flaw covered in the software maker's MS06-014* bulletin. ... the MDAC exploits present a serious threat to corporate Windows users who have not yet deployed the patch. "Some businesses take a long time to completely install all patches. In some cases, they are six months behind"... Windows users using Automatic Updates to apply patches should be safe, but because it's a Web-based exploit, enterprise IT departments should avoid depending entirely on firewalls for protection..."
* http://www.microsoft.com/technet/sec.../MS06-014.mspx
:fear:
MS Security Bulletin Summary - June, 2006
FYI...
- http://www.microsoft.com/technet/sec.../ms06-jun.mspx
"Published: June 13, 2006
Version: 1.0...
--------------------
Critical ( 8 )
--------------------
Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)
- http://www.microsoft.com/technet/sec.../MS06-021.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Caveats:
Microsoft Knowledge Base Article 916281 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 916281.
Microsoft is releasing an additional security update included with Microsoft Security Bulletin MS06-023: Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344). We recommend that you install both security updates at the same time as an update in Microsoft Security Bulletin MS06-021: Cumulative Security Update for Internet Explorer (916281) could expose the JScript vulnerability or cause application compatibility issues.
This security update also replaces the cumulative update for Internet Explorer that was released on February 28, 2006. For more information about this update, see Microsoft Knowledge Base Article 912945.
This security update also replaces the compatibility patch released on April 11, 2006. That compatibility patch temporarily returned Internet Explorer to the previous functionality for handling ActiveX controls, to help enterprise customers who needed more time to prepare for the ActiveX update changes discussed in Microsoft Knowledge Base Article 912945. This security update replaces that compatibility patch, and makes the changes in Microsoft Knowledge Base Article 912945 permanent. For more information about these changes, see Microsoft Knowledge Base Article 912945 and the product documentation...
Microsoft Security Bulletin MS06-022
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439)
- http://www.microsoft.com/technet/sec.../MS06-022.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS06-023
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)
- http://www.microsoft.com/technet/sec.../MS06-023.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS06-024
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734)
- http://www.microsoft.com/technet/sec.../MS06-024.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS06-025
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280)
- http://www.microsoft.com/technet/sec.../MS06-025.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS06-026
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547)
- http://www.microsoft.com/technet/sec.../MS06-026.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS06-027
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336)
- http://www.microsoft.com/technet/sec.../MS06-027.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
Microsoft Security Bulletin MS06-028
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
- http://www.microsoft.com/technet/sec.../MS06-028.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical...
--------------------
Important (3)
--------------------
Microsoft Security Bulletin MS06-029
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442)
- http://www.microsoft.com/technet/sec.../MS06-029.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important...
Microsoft Security Bulletin MS06-030
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)
- http://www.microsoft.com/technet/sec.../MS06-030.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important...
Microsoft Security Bulletin MS06-032
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)
- http://www.microsoft.com/technet/sec.../MS06-032.mspx
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important...
--------------------
Moderate (1)
--------------------
Microsoft Security Bulletin MS06-031
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736)
- http://www.microsoft.com/technet/sec.../MS06-031.mspx
Impact of Vulnerability: Spoofing
Maximum Severity Rating: Moderate...
--------------------
...Revisions:
V1.0 (June 13, 2006): Bulletin published..."
=====================================
ISC Analysis:
- http://isc.sans.org/diary.php?storyid=1404
Last Updated: 2006-06-13 20:48:25 UTC
"...
* MS06-021 Cumulative patch for Internet Explorer - Critical
- http://isc.sans.org/diary.php?storyid=1400
* MS06-022 ART image library buffer overflow - Critical
- http://isc.sans.org/diary.php?storyid=1401
* MS06-023 Microsoft JScript memory corruption - Critical
- http://isc.sans.org/diary.php?storyid=1402
* MS06-024 Windows media player - Critical
- http://isc.sans.org/diary.php?storyid=1406
* MS05-025 RRAS - Critical
- https://isc.sans.org/diary.php?storyid=1409
* MS06-026 Graphics rendering engine remote code execution - Critical
- http://isc.sans.org/diary.php?storyid=1403
(** This vulnerability ONLY applies to Windows 98, 98SE, and ME... Windows 2000, XP and beyond are not vulnerable **)
* MS06-027 Word remote code execution - Critical
- http://isc.sans.org/diary.php?storyid=1405
* MS06-028 Powerpoint remote code execution -Critical
- http://isc.sans.org/diary.php?storyid=1407
* MS06-029 Exchange - Important
- http://isc.sans.org/diary.php?storyid=1414
* MS06-030 SMB privilege escalation - Important
- http://isc.sans.org/diary.php?storyid=1412
* MS06-031 RPC mutual authentication spoofing - Moderate
- http://isc.sans.org/diary.php?storyid=1413
* MS06-032 IP source routing allows remote code execution - Important
- http://isc.sans.org/diary.php?storyid=1410
...also re-released one: * MS06-011
- http://isc.sans.org/diary.php?storyid=1408 ..."
.
Exploits already out for 6.13.06 MS Patches
FYI...
- http://isc.sans.org/diary.php?storyid=1415
Last Updated: 2006-06-14 11:31:15 UTC
"After yesterday's patchday, we start to receive a number of reports about newly released exploits for vulnerabilities announced on Tuesday. Here a quick lists of what we have seen so far:
MS06-024: Windows Media Player.
Exploit released by penetration testing vendor to customers.
MS06-025: RRAS
Exploit released by penetration testing vendor to customers.
MS06-027: Word remote code execution
Exploit available -before- release of patch.
MS06-030: SMB Priviledge Escalation.
Two exploits released to the public.
MS06-032: IP Source Routing Exploit.
DoS exploits released privately (trivial exploit) ..."
==========================================
- http://www.techweb.com/article/print...section=700028
June 14, 2006 (5:41 PM EDT)
"Although security experts said Tuesday that the previous day's patching of 21 Microsoft vulnerabilities shouldn't present users with any major threats, closer examination of the updates a day later indicates different. Exploits or proof-of-concept code samples are already available for more than a third of the patched bugs... VeriSign iDefense also noted that almost 20 percent (4 out of 21) of the patches fixed bugs that had previously been disclosed in public forums. Two of the four went public in May and one in April, but the fourth harks back to December 2005..."
:fear: :spider:
Potential Patch Problem with MS06-025
FYI...
- http://isc.sans.org/diary.php?compare=1&storyid=1423
Last Updated: 2006-06-17 20:55:03 UTC
"...UPDATE: We received an email from one of our readers today indicating that the MS06-025 update is causing problems with the iPassConnect program. I would recommend if you are using the iPassConnect program then test with the update before rolling the update out."
- http://blogs.technet.com/msrc/archiv...17/436882.aspx
- http://support.microsoft.com/kb/911280
Last Review: June 17, 2006
Revision: 1.1 ...
"Known Issues
An issue has been confirmed involving dial-up connections which use the terminal window or dial-up scripting. Dial-up terminal windows or scripting is an older technology rarely used by most modern dial-up connections. If dial-up scripting is used in a connection, the connection may stop responding. This does not affect any dial-up connections that do not use dial-up scripting. This issue may affect direct dial connections to a corporate or university network or to some ISPs (Internet Service Providers). Microsoft is working on developing and testing a revision to this update which will address this issue. If you need to use these dial-up scripting or terminal window features do not install security update MS06-025 (KB911280) until the revised version is available. More information on dial-up scripting can be found at http://www.microsoft.com/technet/arc...ork/xns10.mspx . Virtual private network (VPN) connections are not affected by this issue; dial-up scripting is not supported in VPN scenarios..."
========================================
EDIT/ADD:
- http://www.microsoft.com/technet/sec.../ms06-025.mspx
"V1.1 (June 19, 2006): FAQ and Vulnerability Details sections updated to provide clarification on affected RASMAN component. Caveats section updated to include known issues.
V1.2 (June 21, 2006): Bulletin updated to provide additional differentiation between RRAS, RAS, and RASMAN components."
- http://support.microsoft.com/kb/911280
Last Review: June 20, 2006
Revision: 3.0
"...If you must use dial-up scripting or terminal window features, do not install security update 911280 (MS06-025) until the revised version is available*..."
*(Currently still -un-available.)
:fear:
Microsoft Security Advisory (921365) - Excel vuln
FYI...
Microsoft Security Advisory (921365)
Vulnerability in Excel Could Allow Remote Code Execution
- http://www.microsoft.com/technet/sec...ry/921365.mspx
Published: June 19, 2006
"Microsoft is investigating new public reports of limited zero-day attacks using a vulnerability in Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac. In order for this attack to be carried out, a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker. Opening the Excel document out of email will prompt the user to be careful about opening the attachment. As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit this vulnerability. Microsoft is also actively sharing information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks...
Mitigating Factors for Microsoft Excel Remote Code Execution Vulnerability:
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
On Excel 2002 and Excel 2003, the vulnerability could not be exploited automatically through e-mail. For an attack to be successful a user must accept a prompt confirming that they Open, Save or Cancel the attachment that is sent in an e-mail message before the exploit could occur.
This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
Note: Excel 2000 does not prompt the user to Open, Save, or Cancel before opening a document..."
=====================================
EDIT/ADD:
MS Office Long Link Buffer Overflow Vuln
- http://secunia.com/advisories/20748/
Release Date: 2006-06-20
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software:
Microsoft Excel 2000, Microsoft Excel 2002, Microsoft Excel 2003, Microsoft Excel Viewer 2003, Microsoft Office 2000, Microsoft Office 2003 Professional Edition, Microsoft Office 2003 Small Business Edition, Microsoft Office 2003 Standard Edition, Microsoft Office 2003 Student and Teacher Edition, Microsoft Office XP ...
...The vulnerability is caused due to a boundary error in hlink.dll within the handling of Hyperlinks in e.g. Excel documents. This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted Hyperlink in a malicious Excel document. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed in Microsoft Excel 2003 SP2 (fully updated). Other versions and Office products may also be affected.
NOTE: Secunia is currently not aware of this vulnerability being actively exploited and working exploit code is not currently publicly available. However, the vulnerability is quite simple to exploit and it is therefore likely that exploit code is published soon.
Solution:
Do not open untrusted Microsoft Office documents.
Do not follow links in Microsoft Office documents..."
- http://isc.sans.org/diary.php?storyid=1432
Last Updated: 2006-06-20 17:34:08 UTC
"...the organizations that really need to be concerned about 0day are the ones responsible for protecting military/government assets, financial institutions, and critical infrastructure agencies. Since you know 0day exists and if you are a target, what are you doing to protect yourself? How do you protect against, detect, and respond to unknown vulnerabilities?
For the rest of the folks out there (small/medium businesses, hobbyists)... Should you worry about 0day? Usually not, but if you have all the other critical security components in place then go ahead... There is also a good list of commercial products for Windows... here: http://isc.sans.org/diary.php?storyid=635
In summary, you should expect 0day to be alive and well for your favorite operating systems, daemons, and applications. And if it concerns you, then do something about it instead of waiting to get smacked with it later. You will sleep better at night and not be frustrated at your favorite software vendor when they take 6+ months to patch simple little vulnerabilities."
Suggested reads:
- http://isc.sans.org/diary.php?storyid=635
- Data Execution Protection (DEP): http://support.microsoft.com/kb/875352
========================================
EDIT/ADD:
Microsoft Hyperlink Object Library stack buffer overflow
- http://www.kb.cert.org/vuls/id/394444
Last Updated: 06/21/2006
"...The Problem
There is a stack-based buffer overflow in the Microsoft Hyperlink Object Library. The overflow may be triggered by clicking a specially crafted hyperlink. Note that any program that links to the HLINK.DLL library may be vulnerable, including Microsoft Office applications. Exploit code for this vulnerability is publicly available...
Solution: There is currently no patch or update to correct this problem. Until a solution is available, refer to the workaround below.
- Do not follow unsolicited hyperlinks
- Do not click on unsolicited links received in email or embedded in Office documents. Exploitation of this vulnerability requires a user to click a specially crafted link. By only accessing hyperlinks from known and trusted sources, the chances of exploitation are reduced..."
:fear:
...Third Zero-Day Excel Flaw
FYI...
- http://www.techweb.com/article/print...section=700028
June 22, 2006
...Excel 'Shockwave Flash Object' Lets Remote Users Execute Code...
- http://www.securitytracker.com/alert...n/1016344.html
CVE Reference: CVE-2006-3014 ...
Date: Jun 20 2006
Impact: Execution of arbitrary code via network, User access via network
Vendor Confirmed: Yes
Description: A vulnerability was reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can create an Excel file that includes a malicious Flash file embedded using the Excel 'Shockwave Flash Object' function. When the target user opens the Excel file, the Flash code will execute automatically without user interaction. The code will run with the privileges of the target user. The vendor was notified on May 3, 2006...
Impact: A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
Microsoft indicates that customers can set ActiveX control kill bits to prevent the observed behavior. Information on setting kill bits is available at: http://support.microsoft.com/kb/240797/EN-US/ ..."
:fear: :fear: :fear: