Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES - February 8, 2006

TITLE:
Internet Explorer Unspecified WMF Image Handling Vulnerability

SECUNIA ADVISORY ID:
SA18729

VERIFY ADVISORY:
http://secunia.com/advisories/18729/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/

DESCRIPTION:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error. This can be
exploited to execute arbitrary code on a user's system by e.g.
tricking the user to visit a malicious website that hosts a specially
crafted WMF file or via an email message containing a specially
crafted attachment.

The vulnerability has been reported in the following versions:
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
Service Pack 4
* Internet Explorer 5.5 Service Pack 2 on Microsoft Windows
Millennium.

The vulnerability does not affect the following versions of Windows:
* Windows XP Service Pack 1
* Windows XP Service Pack 2
* Windows XP Professional x64 Edition
* Windows Server 2003
* Windows Server 2003 Service Pack 1
* Windows Server 2003 for Itanium-based Systems
* Windows Server 2003 with Service Pack 1 for Itanium-based Systems
* Windows Server 2003 x64 Edition

NOTE: The vulnerability may also be exploitable through other
applications handling WMF images.

SOLUTION:
The vendor recommends users to install Internet Explorer 6 SP1, which
is unaffected.
http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx

ORIGINAL ADVISORY:
Microsoft KB913333:
http://www.microsoft.com/technet/security/advisory/913333.mspx

Discussion is locked
You are posting a reply to: VULNERABILITIES - February 8, 2006
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES - February 8, 2006
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Java Web Start Sandbox Security Bypass Vulnerability

In reply to: VULNERABILITIES - February 8, 2006

TITLE:
Java Web Start Sandbox Security Bypass Vulnerability

SECUNIA ADVISORY ID:
SA18762

VERIFY ADVISORY:
http://secunia.com/advisories/18762/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Java Web Start 1.x
http://secunia.com/product/1005/
Sun Java JDK 1.5.x
http://secunia.com/product/4621/
Sun Java JRE 1.5.x / 5.x
http://secunia.com/product/4228/

DESCRIPTION:
A vulnerability has been reported in Java Web Start, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an unspecified error, which may be
exploited by a malicious, untrusted application to read and write
local files.

The vulnerability affects Java Web Start included in J2SE releases
5.0 Update 5 and prior 5.0 releases for Windows, Solaris, and Linux.

SOLUTION:
The vulnerability has been fixed in J2SE releases 5.0 Update 6 and
later for Windows, Solaris, and Linux.
http://java.sun.com/j2se/1.5.0/download.jsp

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Peter Csepely.

ORIGINAL ADVISORY:
Sun Microsystems:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102170-1

Collapse -
Sun Java JRE "reflection" APIs Sandbox Security Bypass

In reply to: VULNERABILITIES - February 8, 2006

TITLE:
Sun Java JRE "reflection" APIs Sandbox Security Bypass
Vulnerabilities

SECUNIA ADVISORY ID:
SA18760

VERIFY ADVISORY:
http://secunia.com/advisories/18760/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Sun Java JDK 1.5.x
http://secunia.com/product/4621/
Sun Java JRE 1.3.x
http://secunia.com/product/87/
Sun Java JRE 1.4.x
http://secunia.com/product/784/
Sun Java JRE 1.5.x / 5.x
http://secunia.com/product/4228/
Sun Java SDK 1.3.x
http://secunia.com/product/1660/
Sun Java SDK 1.4.x
http://secunia.com/product/1661/

DESCRIPTION:
Seven vulnerabilities have been reported in Sun Java JRE (Java
Runtime Environment), which potentially can be exploited by malicious
people to compromise a user's system.

The vulnerabilities are caused due to various unspecified errors in
the "reflection" APIs. This may be exploited by a malicious,
untrusted applet to read and write local files or execute local
applications.

The following releases are affected by one or more of the seven
vulnerabilities on Windows, Solaris, and Linux platforms:
* JDK and JRE 5.0 Update 5 and prior
* SDK and JRE 1.4.2_09 and prior
* SDK and JRE 1.3.1_16 and prior

SOLUTION:
Update to the fixed versions.

JDK and JRE 5.0:
Update to JDK and JRE 5.0 Update 6 or later.
http://java.sun.com/j2se/1.5.0/download.jsp

SDK and JRE 1.4.x:
Update to SDK and JRE 1.4.2_10 or later.
http://java.sun.com/j2se/1.4.2/download.html

SDK and JRE 1.3.x:
Update to SDK and JRE 1.3.1_17 or later.
http://java.sun.com/j2se/1.3/download.html

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Adam Gowdiak for reporting five of the seven
vulnerabilities.

ORIGINAL ADVISORY:
Sun Microsystems:
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102171-1

Collapse -
The Bat! RFC-822 Mail Header Spoofing Weakness

In reply to: VULNERABILITIES - February 8, 2006

TITLE:
The Bat! RFC-822 Mail Header Spoofing Weakness

SECUNIA ADVISORY ID:
SA18713

VERIFY ADVISORY:
http://secunia.com/advisories/18713/

CRITICAL:
Not critical

IMPACT:
Spoofing

WHERE:
From remote

SOFTWARE:
The Bat! 2.x
http://secunia.com/product/2840/

DESCRIPTION:
3APA3A has discovered a weakness in The Bat!, which can be exploited
by malicious people to conduct spoofing attacks.

The weakness is caused due to an error in the representation of
RFC-822 headers for certain specially crafted partial mail messages.
This can e.g. be exploited to spoof the "Received" header when
viewing a malicious mail with "View -> RFC-822 headers" enabled.

The weakness has been confirmed in version 2.12.04. Other versions
may also be affected.

SOLUTION:
Update to version 3.5 or later.
http://www.ritlabs.com/en/products/thebat/download.php

PROVIDED AND/OR DISCOVERED BY:
3APA3A

ORIGINAL ADVISORY:
http://www.security.nnov.ru/advisories/thebatspoof.asp

Collapse -
Windows Insecure Service Permissions Privilege Escalation

In reply to: VULNERABILITIES - February 8, 2006

TITLE:
Windows Insecure Service Permissions Privilege Escalation

SECUNIA ADVISORY ID:
SA18756

VERIFY ADVISORY:
http://secunia.com/advisories/18756/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/

DESCRIPTION:
Sudhakar Govindavajhala and Andrew W. Appel have reported some
security issues in Microsoft Windows, which can be exploited by
malicious, local users to gain escalated privileges.

Insecure SERVICE_CHANGE_CONFIG permissions on the UPnP, NetBT,
SCardSvr, and SSDP services can be exploited to gain escalated
privileges by changing the associated program set to run by an
identified service.

Successful exploitation allows an arbitrary program to be executed
when an affected service is restarted.

The security issues have been reported in Windows XP SP1 (all listed
services) and Windows Server 2003 (NetBT service).

SOLUTION:
The vendor reports that Windows XP SP2 and Windows Server 2003 SP1
are unaffected.

Windows XP Service Pack 2:
http://www.microsoft.com/windowsxp/sp2/default.mspx

Windows Server 2003 Service Pack 1:
http://www.microsoft.com/windowsserver2003/downloads/servicepacks/sp1/default.mspx

Various workarounds are also available in the Microsoft security
advisory.

PROVIDED AND/OR DISCOVERED BY:
Sudhakar Govindavajhala and Andrew W. Appel

ORIGINAL ADVISORY:
Microsoft:
http://www.microsoft.com/technet/security/advisory/914457.mspx

Sudhakar Govindavajhala and Andrew W. Appel:
http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

OTHER REFERENCES:
US-CERT VU#953860:
http://www.kb.cert.org/vuls/id/953860

Collapse -
Lexmark X1100 Series Printing Software Privilege Escalation

In reply to: VULNERABILITIES - February 8, 2006

TITLE:
Lexmark X1100 Series Printing Software Privilege Escalation

SECUNIA ADVISORY ID:
SA18728

VERIFY ADVISORY:
http://secunia.com/advisories/18728/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Lexmark X1100 Series
http://secunia.com/product/7842/

DESCRIPTION:
Kevin Finisterre has reported a vulnerability in Lexmark X1100
Series, which can be exploited by malicious, local users to gain
escalated privileges.

The vulnerability is caused due to the printing program invoking the
browser with SYSTEM privileges rather than using the privileges of
the currently logged on user, when the user clicks on the "Additional
styles (skins) are available on the Lexmark web site" button. This can
be exploited to execute arbitrary commands with escalated privileges
by invoking cmd.exe from the browser.

The vulnerability has been reported in the driver included with
Lexmark X1185. Other versions may also be affected.

SOLUTION:
Grant only trusted users access to affected systems.

PROVIDED AND/OR DISCOVERED BY:
Kevin Finisterre

Collapse -
Lexmark Printers LexBce Server Arbitrary Code Execution

In reply to: VULNERABILITIES - February 8, 2006

TITLE:
Lexmark Printers LexBce Server Arbitrary Code Execution

SECUNIA ADVISORY ID:
SA18744

VERIFY ADVISORY:
http://secunia.com/advisories/18744/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From local network

OPERATING SYSTEM:
Lexmark X1100 Series
http://secunia.com/product/7842/

SOFTWARE:
Lexmark LexBce Server (LexPPS) 8.x
http://secunia.com/product/7856/
Lexmark LexBce Server (LexPPS) 9.x
http://secunia.com/product/7847/

DESCRIPTION:
Peter Winter-Smith of NGSSoftware has reported a vulnerability in the
LexBce Server Service included with various Lexmark printers, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error in the
printer sharing service provided by the LexBce Server Service
(LexPPS.EXE). This can be exploited to execute arbitrary code on a
system with Lexmark printer installed.

NOTE: The service is installed with the printer drivers of Lexmark
X1100 series (LexPPS version 8.29), and X2200 series (LexPPS version
9.41). Other Lexmark printers may also have the service installed.

SOLUTION:
Disable the service if printer sharing is not required.

PROVIDED AND/OR DISCOVERED BY:
Peter Winter-Smith, NGSSoftware.

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.