Feb 15th: New year new bugs

Crayz9000 · Post by **Crayz9000** » 2004-10-30 03:37pm

Yo, somebody update the thread title PLEASE.

New Spoofing Flaw found in Internet Explorer, pre IE6 SP2

A new spoofing flaw in Microsoft's Internet Explorer browser allows an improperly coded web link to send users to a diffferent URL than the one displayed in the status bar.

The flaw, which was posted to the Bugtraq mailing list by Benjamin Franz, is exploited by placing two URLs and a table within a single HTML href tag, producing a link that looks like this:
http://www.microsoft.com
displaying http://www.microsoft.com in the browser, but sending the user to Google. Franz says the exploit works in fully-patched versions of Internet Explorer and Outlook Express, meaning the HTML code can be used to create spoofed URLs in webpages and HTML e-mails.

The technique, which can be executed by anyone with basic knowledge of HTML, can be used to construct convicing fake URLs for use in phishing scams. The flaw is possible because Internet Explorer has difficulty processing improperly formed HTML. The attack opens one href tag, and then leaves that tag open while enclosing a second URL within a table. The browser displays the first URL in the status bar, but sends users to the second URL.

The flaw affects versions of IE up to 6.0.2800.1106 - which includes systems that haven't yet installed Windows XP SP2, but are current on all other critical updates from Windows Update - as well as the Safari browser for Macs. Users running Windows XP SP2 (IE version 6.0.2900) and the open source Firefox and Mozilla browsers are not affected.

As of now, the only solution is to upgrade to Windows XP SP2 if you haven't done so already (impossible to do so if you run Windows 2000 or before), or don't use IE and Outlook Express. As usual.

Faram · Post by **Faram** » 2004-12-02 02:43am

New Cumulative patch for MS IE

Info Here

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should install the update immediately.

Windows XP SP2 is NOT affected.

Jade Falcon · Post by **Jade Falcon** » 2004-12-02 11:08am

I'm getting a prompt for that update. First off, I'm using Mozilla Firefox, and secondly I have Service Pack 2 installed anyway. Is there any way to basically just tell the upgrade program that I don't wish to install it.

Crayz9000 · Post by **Crayz9000** » 2004-12-02 02:22pm

You could turn off Automatic Updating, since it's generally an annoyance, but in that case you should regularly check Windows Update.

Ace Pace · Post by **Ace Pace** » 2004-12-02 02:30pm

Crayz9000 wrote:You could turn off Automatic Updating, since it's generally an annoyance, but in that case you should regularly check Windows Update.

Automatic updates could also happen at the weirdest times, such as in the middle of a gaming tourney match.

Faram · Post by **Faram** » 2004-12-09 02:59am

New Browser Hi-Jack, all browsers are at risk.

Demo

Scary stuff this!

Jade Falcon · Post by **Jade Falcon** » 2004-12-09 12:23pm

Seems that I'm okay.

Faram · Post by **Faram** » 2004-12-14 03:03pm

Some security updates from Microsoft.

Summary for December

Critical flaw in MSIE

Wordpad is a risk!

A bunch of other updates at the first link but those shold not affect a home user.

Faram · Post by **Faram** » 2004-12-16 04:46am

Adobe Acrobat critical flaw:

TITLE:
Adobe Reader / Adobe Acrobat Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA13471

VERIFY ADVISORY:
http://secunia.com/advisories/13471/

CRITICAL:
Highly critical

IMPACT:
Exposure of sensitive information, System access

WHERE:
From remote

SOFTWARE:
Adobe Reader 6.x
http://secunia.com/product/1810/
Adobe Acrobat 6.x
http://secunia.com/product/1809/

DESCRIPTION:
Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.

1) A format string error within the eBook plug-in when parsing ".etd" files can be exploited to execute arbitrary code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields.

2) Multiple vulnerabilities in libpng have been acknowledged, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA12219

3) An error within the handling of Flash files embedded in PDF documents can be exploited to read the content of files on a user's system.

For more information:
SA12809

The vulnerabilities have been reported in versions 6.0.0 through 6.0.2.

SOLUTION:
Update to version 6.0.3.

Post by **Darth Wong** » 2004-12-16 10:28am

The KDE team has already patched the Window Injection Vulnerability in Konqueror. I just tested the patched version.

Crayz9000 · Post by **Crayz9000** » 2004-12-16 04:58pm

Darth Wong wrote:The KDE team has already patched the Window Injection Vulnerability in Konqueror. I just tested the patched version.

If that's the case, Safari should have a similar fix coming up soon, seeing as it's built on KHTML.

Faram · Post by **Faram** » 2004-12-27 05:36am

A christmas gift from Microsoft in the form of a critical bug

http://secunia.com/advisories/13645/

Microsoft Windows Multiple Vulnerabilities

Secunia Advisory: SA13645 Print Advisory
Release Date: 2004-12-25

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Unpatched

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2004-1305
CAN-2004-1306

Description:
Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files.

Successful exploitation allows execution of arbitrary code.

2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files.

3) The vulnerabilities is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files.

Reportedly, all versions of Microsoft Windows are affected.

Issue 1 has been confirmed on a not fully updated Windows XP SP1 system. It has not been possible to confirm the vulnerability on a fully patched Windows XP SP1 system.

Solution:
Reportedly, Microsoft Windows XP with SP2 isn't vulnerable.

Do not visit untrusted websites and don't open documents from untrusted sources.

Just what I needed...

I don't have any demos of this exploit yet but it might be bad

Pcm979 · Post by **Pcm979** » 2004-12-27 06:20am

As a Mac OSX user, I proceed to laugh and thumb my noses at the MS-users. This takes a long time, what with the 5 billion-plus Windows users. My nose also starts to hurt.

Ah, what trials and tribulations await the unwary Mac user.

Faram · Post by **Faram** » 2004-12-27 07:08am

Pcm979 wrote:As a Mac OSX user, I proceed to laugh and thumb my noses at the MS-users. This takes a long time, what with the 5 billion-plus Windows users. My nose also starts to hurt.

Ah, what trials and tribulations await the unwary Mac user.

Like This?

Secunia Advisory: SA13362 Print Advisory
Release Date: 2004-12-03

Critical:
Highly critical
Impact: Security Bypass
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X

http://secunia.com/advisories/13362/

No os is bug free!

Pcm979 · Post by **Pcm979** » 2004-12-27 07:14am

I know no OS is bug free, but you can't sit there and type that OSX has anything like as many bugs as Windows with a straight face. Not if you're sane, anyway.

Faram · Post by **Faram** » 2005-01-09 01:43am

A brand "new" IE Exploit is out.

Exploit Demo

This one uses ActiveX exploits.

Read all about it here:
http://secunia.com/advisories/12889/

Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07

Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Unpatched

Faram · Post by **Faram** » 2005-01-13 04:38am

Faram wrote:A brand "new" IE Exploit is out.

Exploit Demo

This one uses ActiveX exploits.

Read all about it here:
http://secunia.com/advisories/12889/

Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07

Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Unpatched

A bunch of updates released last Tusday

Microsoft.com

Fixes some of this active-x mess 2 of 3...

Get them from windowsupdate.

Faram · Post by **Faram** » 2005-02-04 02:48am

Advance Notification

Get ready for a shitload load of patches Feb 8

• 9 Microsoft Security Bulletins affecting Microsoft Windows. The greatest aggregate, maximum severity rating for these security updates is Critical. Some of these updates will require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft SharePoint Services and Office. The greatest aggregate, maximum severity rating for this security bulletin is Moderate. These updates may or may not require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft .NET Framework. The greatest aggregate, maximum severity rating for this security bulletin is Important. This update will require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft Office and Visual Studio. The greatest aggregate, maximum severity rating for this security bulletin is Critical. These updates will require a restart.

• 1 Microsoft Security Bulletin affecting Microsoft Windows, Windows Media Player, and MSN Messenger. The greatest aggregate, maximum severity rating for these security updates is Critical. These updates will require a restart.

No additional details about bulletin severities or vulnerabilities will be made available until February 8, 2005.

Guess I have some overtime soon...

And thank you Bill Gate$, don't release the patches ASAP no let the sysadmins worry about the systems for a week.

Ace Pace · Post by **Ace Pace** » 2005-02-04 03:44am

Argh, okey, stupid question: Could I install everything at once? or will I have to install first some stuff, restart, install other stuff, restart, install final?

Psycho Smiley · Post by **Psycho Smiley** » 2005-02-04 05:24am

Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.

Faram · Post by **Faram** » 2005-02-04 08:47am

Psycho Smiley wrote:Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.

Well this thread is getting spammy.

But anyways qchain.exe is the tool of choise for multiple installations of hotfixes.

qchain.exe info

And also qfecheck.exe is a great timesaver

qfecheck.exe Info

If anyone wants a quik tutorial in the use of those tools pm me.

Xon · Post by **Xon** » 2005-02-04 09:13am

Ace Pace wrote:Argh, okey, stupid question: Could I install everything at once? or will I have to install first some stuff, restart, install other stuff, restart, install final?

All of these patches can be DLed and installed all at once via the Windows Updates website.

There are very few updates which require to be installed by themselves. DirectX 9c is the only one I can remember recently.

Psycho Smiley wrote:Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.

Not really. Queue all the patches to be downloaded & installed roughly at the same time overnight/early morning and the machine is backup before anyone is in.

You can use wake-on-lan + scheduled jobs to wake computers which are off.

Any distributed programming should be able to handle a node going down, and no one should expect 100% update for desktops, if nothing else having lots of people working around them can cause stuff to break.

As for servers, if you really need the update do it when there is no one around or have multipule redundant servers.

Faram · Post by **Faram** » 2005-02-08 01:46pm

Latest Security Bulletins - Released on February 8, 2005

MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
MS05-014: Cumulative Security Update for Internet Explorer (867282)
MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834)
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)
MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
MS05-004: ASP.NET Path Validation Vulnerability (887219)

http://www.microsoft.com/technet/Security/default.mspx

Do the update dance.

Crayz9000 · Post by **Crayz9000** » 2005-03-14 07:08pm

There's a new exploit spreading that uses Java to get around the alternative browser protection of MSIE. It affects every single browser that runs Java: see The Register, and the VitalSecurity report.

The solution for this is to CLICK NO IF YOU ARE PROMPTED. The Java sandbox mechanism is working just fine in this case, and prompting the user before the sandbox is breached. So if you deny it access, you will not be infected.

So, happy browsing. Oh, yeah, and this doesn't affect non-Win32 platforms because the Java installer does nothing besides download a Windows EXE.

Faram · Post by **Faram** » 2005-04-12 02:47pm