From: Russ (Russ.CooperRC.ON.CA)
Date: Tue Oct 21 2003 - 16:18:17 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bulletin URL:
http://www.microsoft.com/technet/security/bulletin/MS03-044.asp

Summary:
  Version Number: V1.0
  Revision Date: 10-15-2003
  Impact of Vulnerability: Remote Code Execution
  Maximum Severity Rating: Critical
  Patch(es) Replaced: None
  Caveats: None
  CVE Number(s): CAN-2003-0711

Tested Software:
  Affected Software:
  * Microsoft Windows Millennium Edition
<http://www.ntbugtraq.com/link/7D6F4228-0E31-4F46-9795-5CDD566BB3B8.asp>
  * Microsoft Windows NT Workstation 4.0, Service Pack 6a
<http://www.ntbugtraq.com/link/88BCDC9A-E370-47D8-B818-4E659C7F95AE.asp>
  * Microsoft Windows NT Server 4.0, Service Pack 6a
<http://www.ntbugtraq.com/link/735602AC-BA6E-40D4-8A20-3441F02A25CB.asp>
  * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
Pack 6
<http://www.ntbugtraq.com/link/5C16FFAB-9CE7-4444-9AA5-BC6ABE3FD479.asp>
  * Microsoft Windows 2000, Service Pack 2
<http://www.ntbugtraq.com/link/62B23A0C-67F0-4F11-A95E-E4FB080A63C6.asp>
  * Microsoft Windows 2000, Service Pack 3, Service Pack 4
<http://www.ntbugtraq.com/link/C2AB63FD-35CA-4D33-9F8C-8BF5DE2D1117.asp>
  * Microsoft Windows XP Gold, Service Pack 1
<http://www.ntbugtraq.com/link/84317458-0BEB-4B2C-A095-66CA09DFDAC6.asp>
  * Microsoft Windows XP 64-bit Edition
<http://www.ntbugtraq.com/link/97F4868A-5E41-4657-B9FC-7EA13954B982.asp>
  * Microsoft Windows XP 64-bit Edition Version 2003
<http://www.ntbugtraq.com/link/8B990946-84C8-4C91-899C-5A44EC13174E.asp>
  * Microsoft Windows Server 2003
<http://www.ntbugtraq.com/link/40F25862-A815-4674-9175-E3640E3EFD49.asp>
  * Microsoft Windows Server 2003 64-bit Edition
<http://www.ntbugtraq.com/link/A37ACD92-8204-4F42-B21A-8E9444F5A08E.asp>

  Software Not Affected:
  * None

Technical Description:
A security vulnerability exists in the Help and Support Center function
which ships with Windows XP and Windows Server 2003. The affected code
is also included in all other supported Windows operating systems,
although no known attack vector has been identified at this time because
the HCP protocol is not supported on those platforms. The vulnerability
results because a file associated with the HCP protocol contains an
unchecked buffer. An attacker could exploit the vulnerability by
constructing a URL that, when clicked on by the user, could execute code
of the attacker's choice in the Local Computer security context. The URL
could be hosted on a web page, or sent directly to the user in email. In
the web based scenario, where a user then clicked on the URL hosted on a
website, an attacker could have the ability to read or launch files
already present on the local machine. The risk of attack from the HTML
email vector can be significantly reduced if the following conditions
are met:
  * You have applied the patch included with Microsoft Security bulletin
MS03-040
  * You are using Internet Explorer 6 or later
  * You are using the Microsoft Outlook Email Security Update or
Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or
higher in their default configuration.

This email is sent to NTBugtraq automatically as a service to my
subscribers. (v2.0)

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

-----
Marcus Ranum's new book "The Myth of Homeland Security" is now out and
is available from http://www.amazon.com/ranum In this hard-hitting
review of the homeland security business, Ranum shows us how the problem
is vastly harder than it's being made to sound, and how special
interests, butt covering, and bureaucracy are threatening to derail any
chance of making progress.
-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]