Feb 15th: New year new bugs

GEC: Discuss gaming, computers and electronics and venture into the bizarre world of STGODs.

Moderator: Thanas

User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

TITLE:
Microsoft Jet Database Engine Database File Parsing Vulnerability

SECUNIA ADVISORY ID:
SA14896

VERIFY ADVISORY:
http://secunia.com/advisories/14896/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/

SOFTWARE:
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Access 2000
http://secunia.com/product/36/
Microsoft Access 2002
http://secunia.com/product/35/
Microsoft Access 2003
http://secunia.com/product/4904/
Microsoft Office 2000
http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/

DESCRIPTION:
HexView has discovered a vulnerability in Microsoft Jet Database
Engine, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a memory handling error when e.g.
parsing database files. This can be exploited to execute arbitrary
code by tricking a user into opening a specially crafted ".mdb" file
in Microsoft Access.

NOTE: Exploit code has been posted to a public mailing list.

The vulnerability has been confirmed on a fully patched system with
Microsoft Access 2003 (msjet40.dll version 4.00.8618.0) and Microsoft
Windows XP SP1/SP2. Other versions may also be affected.

SOLUTION:
Do not open untrusted ".mdb" database files.

PROVIDED AND/OR DISCOVERED BY:
HexView

ORIGINAL ADVISORY:
http://www.hexview.com/docs/20050331-1.txt
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Minor update but WPA-2 For Windows XP

Microsoft

If your router/ap and nic supports this then get it :)
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Ace Pace
Hardware Lover
Posts: 8456
Joined: 2002-07-07 03:04am
Location: Wasting time instead of money
Contact:

Post by Ace Pace »

No new Windows updates for May?
Brotherhood of the Bear | HAB | Mess | SDnet archivist |
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Ace Pace wrote:No new Windows updates for May?
Not yet it will come next week.

Microsoft

Security Bulletin Resources

Last Release: April 12, 2005
Next Scheduled Release: May 10, 2005
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Fucked up bug in Firefox
Description:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.

1) The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.

2) Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.

Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").

A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.

NOTE: Exploit code is publicly available.

The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.

Solution:
Disable JavaScript.

Provided and/or discovered by:
john smith
Be on a lookout for a patch really soon!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Only one patch in May.

Microsoft
Issued: May 10, 2005
Version: 1.0
Summary

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity.

Security Update Replacement: None

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:


Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 – Download the update


Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Faram wrote:Fucked up bug in Firefox

Be on a lookout for a patch really soon!
The Patch is Out

D/L Firefox 1.0.4 Here!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Not much info, just the usual MSIE and Outlook is bad, mkaaay!

eeye.com
Date Reported:
March 16, 2005

Vendor:
Microsoft

Description:
A vulnerability in default installations of the affected software that allows malicious code to be executed, contingent upon minimal user interaction.

Severity:
High (Remote Code Execution)

Software Affected:
Internet Explorer
Outlook
Additional miscellaneous titles

Operating Systems Affected:
Windows NT 4.0 (All versions)
Windows 2000 (All versions)
Windows XP (All versions)
Windows 2003 (To be determined)

Status:
Initial report stage
Might seem old, but the patch is overdue according to EEYE

And here is an advisories that expires soon.

eeye.com
Date Reported:
March 29, 2005

Vendor:
Microsoft

Description:
A vulnerability in default installations of the affected software that allows malicious code to be executed with minimal user interaction.

Severity:
High (Remote Code Execution)

Software Affected:
Internet Explorer
Outlook
Additional miscellaneous titles

Operating Systems Affected:
Windows (Various versions to be determined)

Status:
Initial report stage
All uppcomming advisories

eeye.com
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Vertigo1
Defender of the Night
Posts: 4720
Joined: 2002-08-12 12:47am
Location: Tennessee, USA
Contact:

Having internet connectivity issues lately?

Post by Vertigo1 »

http://support.microsoft.com/kb/898060/

source thread

Merged to the updates thread.

~Faram
"I once asked Rebecca to sing Happy Birthday to me during sex. That was funny, especially since I timed my thrusts to sync up with the words. And yes, it was my birthday." - Darth Wong

Leader of the SD.Net Gargoyle Clan | Spacebattles Firstone | Twitter
User avatar
Beowulf
The Patrician
Posts: 10621
Joined: 2002-07-04 01:18am
Location: 32ULV

Post by Beowulf »

Seven year old security flaw reintroduced in firefox/mozilla.

Of course, it also works on IE

Missed that one, good find

~Faram
"preemptive killing of cops might not be such a bad idea from a personal saftey[sic] standpoint..." --Keevan Colton
"There's a word for bias you can't see: Yours." -- William Saletan
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

One line of HTML code crashed windows.

Insert this to a webpage

Code: Select all

<HTML>
<BODY>
<IMG SRC="http://domain/images/image.jpg" width="9999999" height="9999999">
</BODY>
</HTML>
And you get a BSOD, sorta pathetic!

Original advisory
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Xon
Sith Acolyte
Posts: 6206
Joined: 2002-07-16 06:12am
Location: Western Australia

Post by Xon »

Faram wrote:One line of HTML code crashed windows.

Insert this to a webpage

Code: Select all

<HTML>
<BODY>
<IMG SRC="http://domain/images/image.jpg" width="9999999" height="9999999">
</BODY>
</HTML>
And you get a BSOD, sorta pathetic!

Original advisory
Doesnt work for me, I've got a fully patched Windows XP sp2 with IE running as a limited user and DEP enabled.
"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Oh Joyt another month another bunch of patches.

Microsoft.com

Just going to list the critical ones.

SMB Not good not good at all!

HTML Help

Internet Explorer

They should be at Windowsupdate really soon.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Javascript dialog spoofing

All browsers at risk.

Here is a 3rd party solution for firefox, if you install this remember to allow sd.net ;)

No Script @ Mozilla
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Bulletin Summary:

Microsoft

Critical Bulletins:

Cumulative Security Update for Internet Explorer (896727)
http://go.microsoft.com/fwlink/?LinkId=45781

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
http://go.microsoft.com/fwlink/?LinkId=48900

Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
http://go.microsoft.com/fwlink/?LinkId=48902

Important Bulletins:

Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
http://go.microsoft.com/fwlink/?LinkId=42466

Moderate Bulletins:

Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
http://go.microsoft.com/fwlink/?LinkId=48898

Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
http://go.microsoft.com/fwlink/?LinkId=48899

Re-Released Bulletins:

Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
http://www.microsoft.com/technet/securi ... 5-023.mspx

Vulnerability in Microsoft Agent Could Allow Spoofing (890046) (890169)
http://www.microsoft.com/technet/securi ... 5-032.mspx

Now go and patch!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

Okay no patches last month, but now Microsoft is back with a vengeance!

There is a shitload of them over at:

Get them buy the dozen!
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Xon
Sith Acolyte
Posts: 6206
Joined: 2002-07-16 06:12am
Location: Western Australia

Patches! Patches! Get your Patches!

Post by Xon »

"Okay, I'll have the truth with a side order of clarity." ~ Dr. Daniel Jackson.
"Reality has a well-known liberal bias." ~ Stephen Colbert
"One Drive, One Partition, the One True Path" ~ ars technica forums - warrens - on hhd partitioning schemes.
User avatar
Keevan_Colton
Emperor's Hand
Posts: 10355
Joined: 2002-12-30 08:57pm
Location: In the Land of Logic and Reason, two doors down from Lilliput and across the road from Atlantis...
Contact:

Re: Patches! Patches! Get your Patches!

Post by Keevan_Colton »

Title updated.
"Prodesse Non Nocere."
"It's all about popularity really, if your invisible friend that tells you to invade places is called Napoleon, you're a loony, if he's called Jesus then you're the president."
"I'd drive more people insane, but I'd have to double back and pick them up first..."
"All it takes for bullshit to thrive is for rational men to do nothing." - Kevin Farrell, B.A. Journalism.
BOTM - EBC - Horseman - G&C - Vampire
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Critical windows bug read this!

Post by Einhander Sn0m4n »

http://it.slashdot.org/it/05/12/29/0039 ... 72&tid=218

I got burned by this shit, so take my warnings seriously. This fucking bullshit is dangerous, and MS has no patch yet. It's a buffer overflow in shimgvw.dll's handling of .wmf (Windows Meta Files) image files. As you can see [WMV MOVIE AHOY!], it's extremely quick and deadly.

It is extremely easy to get burned by this shit, as exploit sites are popping up like wildfire. Even Firefox and Opera users can get hit if you agree to run the file. Another thing: Programs that load a website inside their window tend to use Idiot Exploiter, so this is yet another avenue of infection. I believe this way is how I got whacked (cough*Kazaa Lite*cough).

The Workaround:

Code: Select all

REGSVR32 /U SHIMGVW.DLL
Image Image
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

If the regsvr32 /u shimgvw.dll breaks the viewing of .jpg images, to fix it just type

Code: Select all

regsvr32 shimgvw.dll
And all is back to normal.

Also if you use any other application than somthing from Microsoft, JPG viewing works just fine!

Try this one for example.

http://www.irfanview.com/
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

God Damned this is even worse that I thought!
You can get burned even while working in a DOS box! This happened on one of our test machines where we simply used the WGET command-line tool to download a malicious WMF file. That's it, it was enough to download the file. So how on earth did it have a chance to execute?

The test machine had Google Desktop installed. It seems that Google Desktop creates an index of the metadata of all images too, and it issues an API call to the vulnerable Windows component SHIMGVW.DLL to extract this info. This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime.

So, be careful out there. And disable indexing of media files (or get rid of Google Desktop) if you're handling infected files under Windows.
Please do as Microsoft advices:
Microsoft.com wrote:Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1

To un-register Shimgvw.dll, follow these steps:

1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.

2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
Edit
Fixed a typo windir% to %windir%
Last edited by Faram on 2006-01-03 05:47am, edited 1 time in total.
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
MKSheppard
Ruthless Genocidal Warmonger
Ruthless Genocidal Warmonger
Posts: 29842
Joined: 2002-07-06 06:34pm

Post by MKSheppard »

I don't have it on my computer; am I still at risk from this bug?

EDIT: by "it" I mean:

regsvr32 -u windir%\system32\shimgvw.dll

comes up as "NOT FOUND"

No wait

tried einy's

REGSVR32 /U SHIMGVW.DLL

and it unloaded it.
User avatar
Glocksman
Emperor's Hand
Posts: 7233
Joined: 2002-09-03 06:43pm
Location: Mr. Five by Five

Post by Glocksman »

MS ought to put Ilfak Guilfanov on the payroll. :D
His patch and more information on the vulnerability.
He also has a vulnerability checker available for download.
"You say that it is your custom to burn widows. Very well. We also have a custom: when men burn a woman alive, we tie a rope around their necks and we hang them. Build your funeral pyre; beside it, my carpenters will build a gallows. You may follow your custom. And then we will follow ours."- General Sir Charles Napier

Oderint dum metuant
User avatar
Faram
Bastard Operator from Hell
Posts: 5271
Joined: 2002-07-04 07:39am
Location: Fighting Polarbears

Post by Faram »

MKSheppard wrote:regsvr32 -u windir%\system32\shimgvw.dll

comes up as "NOT FOUND"

No wait

tried einy's

REGSVR32 /U SHIMGVW.DLL

and it unloaded it.
I made a typo while cutting and pasting, it should read %windir%
[img=right]http://hem.bredband.net/b217293/warsaban.gif[/img]

"Either God wants to abolish evil, and cannot; or he can, but does not want to. ... If he wants to, but cannot, he is impotent. If he can, but does not want to, he is wicked. ... If, as they say, God can abolish evil, and God really wants to do it, why is there evil in the world?" -Epicurus


Fear is the mother of all gods.

Nature does all things spontaneously, by herself, without the meddling of the gods. -Lucretius
User avatar
Einhander Sn0m4n
Insane Railgunner
Posts: 18630
Joined: 2002-10-01 05:51am
Location: Louisiana... or Dagobah. You know, where Yoda lives.

Post by Einhander Sn0m4n »

MICROSOFT WMF PATCH HERE!
Image Image
Post Reply