Microsoft Security Advisory MS01-059 - Two unrelated buffer overflows have been found in the Microsoft UPnP service. A overflow in the NOTIFY directive allows remote attackers to execute arbitrary code. The second vulnerability crashes the machine. Windows ME and XP include native UPnP services; Windows 98 and 98SE do not include a native UPnP service, but one can be installed. Microsoft FAQ on this issue available here.
a44bee6a9162db8db90b17837abd4cad322825fb0c509ebb1aad45b1e928b6ccMicrosoft Security Advisory MS01-058 - Microsoft Internet Explorer 5.5 and 6.0 contains three remote vulnerabilities which allow attackers to run code of their choice. The first vulnerability involves a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. A security vulnerability exists because, if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was actually a different type of file -- one that it is appropriate to simply open without asking the user for confirmation. The second vulnerability is a newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-015. The third vulnerability involves a flaw related to the display of file names in the File Download dialogue box, allowing an attacker to misrepresent the name of the file in the dialogue. Microsoft FAQ on this issue available here.
4b71b24d722f93c35b45b8e98778087925732f97a78f021e2ab8ec10a761b4f8Microsoft Security Advisory MS01-057 - Outlook Web Access (OWA), a service of Exchange 5.5 Server, has a flow which allows remote attackers to take any action against the user's Exchange mailbox that the user himself was capable of, including sending, moving, or deleting messages. If an HTML message that contains specially formatted script is opened in OWA, the script executes when the message is opened. Microsoft FAQ on this issue available here.
bc463ed36dace4a8c770b85f06fab109670e05d1e090147bcfabc694edab5205Microsoft Security Advisory MS01-056 - A buffer overflow in the handling of ASF files was discovered in Windows Media Player 6.4, allows remote attackers to execute of arbitrary code with the privileges of the user running a specially crafted ASF file. Anyone running versions 6.4, 7, or 7.1 is affected.
e6c8b663e12c7020989589d518ede4f01f13fbc872e51249b2a57769ebc3249aMicrosoft Security Advisory MS01-055 - IE Cookies can be retrieved by unauthorized users who can then modify the values in them using malformed URL's. Microsoft FAQ on this issue available here.
a3e76106f19ef35eba1c78b396da6d7a6130e93cff44659550cde9d361ca6d4bMicrosoft Security Advisory MS01-054 - A vulnerability in the UPnP service which is enabled by default on Windows ME and XP allows for a remote denial of service attack causing slow performance to system failure. This vulnerability is exploited over TCP ports 1900 and 5000. Microsoft FAQ on this issue available here.
f5acb27ff833ecfef5030e5ca8940532b536b3843a9f676d8eb4b8c9adada2c4Microsoft Security Advisory MS01-053 - Binhex and Macbinary files which are downloaded in IE 5.1 for Mac OS X automatically execute, allowing attackers who run a malicious web site to run code on machines browsing the web. Microsoft FAQ on this issue available here.
be385d1247f3dee9dd93aa62656eee7ed817062606b3e9807846ede26b7d22b7Microsoft Security Advisory MS01-052 - The implementation of the Remote Data Protocol (RDP) in the terminal service in Windows NT 4.0 and Windows 2000 does not correctly handle a particular series of data packets, allowing a remote denial of service attack requiring server reboot to fix. Microsoft FAQ on this issue available here.
fc07f9ea20df5088bbd765db680ca56e58e84aca9357c8f66a02e4b7b8dcbabeMicrosoft Security Advisory MS01-051 - Three dangerous vulnerabilities have been found in Internet Explorer 5.0. The first causes sites that have no dots in the IP address to run with less security restrictions. The second allows an attacker to include HTTP requests that would be sent to the site as soon as a connection is established, appearing to have originated from the user. The third is a variation of MS01-015 which affects only NT and 2000 machines running SFU 2.0, a version of telnet which allows session transcripts. An attacker could start a transcript and stream an executable on to the users drive. Microsoft FAQ on these issues available here.
5fff8c36325b247a93e7bb0a218d464a73849be62674903e9f812f2782899b8fMicrosoft Security Advisory MS01-050 - Excel and PowerPoint contain a flaw in the macro security framework which allows malicious users to bypass all macro checking, allowing attackers to run code of their choice when an Excel or PowerPoint document is opened. Microsoft FAQ on this issue available here.
979fdaca159af66b77ef4fce08b0f0c8ef791e8fe955b61c5380ab9c0045204eMicrosoft Security Advisory MS01-049 - A security vulnerability exists in Exchange 2000 Outlook Web Access, because it will accept and process a request for an item in an authenticated user's mailbox without verifying first that the folder structure is valid. An attacker can mount a denial of service attack by repeatedly levying a request for a non-existent but deeply nested folder in his own mailbox. Microsoft FAQ on this issue available here.
94946005340865173ae7c47cce980ae07ca0a2c50db2342cc2005aa10fb1d1f3Microsoft Security Advisory MS01-048 - The Windows NT 4.0 port mapper service contains a remote denial of service vulnerability which causes all rpc service to stop until the machine is rebooted. Microsoft FAQ on this issue available here.
77274f1be1d5d4ac8bb8363d5a40875b11c2fe8d5c8b5458b744c02a551da7beMicrosoft Security Advisory MS01-047 - A vulnerability in Microsoft Exchange 5.5 allows attackers to retrieve email addresses from the global address list (GAL) by sending a properly formatted request to the back-end function that actually performs the search. Microsoft FAQ on this issue available here.
18c4b6c3eb44aecc71e6e6a57632aab76dbf4ce6192e8552ad1c1945bbe99e0cMicrosoft Security Advisory MS01-046 - Microsoft Windows 2000 software for infrared-based devices (IRDA) contains a buffer overflow which makes it possible to send a specially crafted IRDA packet to the victim's system, causing it to reboot. Microsoft FAQ on this issue available here.
94b4b53435f83d53d7054d746f387788437c944e5c9d6bc4e2ed5d319d304939Microsoft Security Advisory MS01-038 - The Microsoft Outlook View Control is an ActiveX control that allows Outlook mail folders to be viewed via web pages. The control should only allow passive operations such as viewing mail or calendar data. In reality, though, it exposes a function that could allow the web page to manipulate Outlook data. This could enable an attacker to delete mail, change calendar information, or take virtually any other action through Outlook including running arbitrary code on the user's machine. A patch is available. Microsoft FAQ on this issue available here.
99a853d1c4881d0fb19f74361960e1fa307da80894c128435419e4819291eda0Microsoft Security Advisory MS01-045 - Three vulnerabilities have been found in ISA Server 2000. H.323 Gatekeeper Service has a memory leak, The Proxy service has a memory leak, and a cross site scripting bug can be exploited on the error page. Microsoft FAQ on this issue available here.
f383753a52efc4f4f537ff17eba9ff7e73873cfb9e768340af3d7c92518ebf61Microsoft Security Advisory MS01-044 - Five new security vulnerabilities have been discovered in IIS 4.0 and 5.0. A buffer overrun vulnerability involving the code that performs server-side include (SSI) directives. An attacker with the ability to place content onto a server can include a malformed SSI directive that, when the content was processed, results in code of the attacker's choice running in Local System context. A privilege elevation vulnerability results because of a flaw in a table that IIS 5.0 uses. The vulnerability results in any file whose name matched that of a file on the list would run in-process. Three denial of service vulnerabilities have been discovered, one of which keeps IIS 5.0 from serving content until the admin removes the spurious entry from the File Type table for the site. A cumulative patch for IIS has been released which fixes these bugs and includes the functionality of all security patches released to date for IIS 5.0, and all patches released for IIS 4.0 since Windows NT(r) 4.0 Service Pack 5. Microsoft FAQ on these issues available here.
86a6c34ac8613bb7c6bdccb36a4617a7d4f8e84039dccfea1658e58b76fba2aaMicrosoft Security Advisory MS01-043 - The NNTP service in Windows NT 4.0 and Windows 2000 contains a memory leak in a routine that processes news postings. Each time such a posting is processed that contains a particular construction, the memory leak causes a small amount of memory to no longer be available for use. If an attacker sent a large number of posts, the server memory could be depleted to the point of crashing. Microsoft FAQ on this issue available here.
dda3214336aa2b8b38f85dc3ac8b2f9efa83fe45b72894061530dc0f802ec8b9The Code Red worm is likely to start spreading again on July 31, 2001 at 8:00 EDT. All IIS 4 and 5 users MUST upgrade immediately! Fix for NT 4.0 available here.
6c9c02a04bec8e369b5d9d6a559029473f1a46e95779d6c1759e5299505cb94cMicrosoft Security Advisory MS01-041 - Several of the RPC servers associated with system services in Microsoft Exchange, SQL Server, Windows NT 4.0 and Windows 2000 do not adequately validate inputs, and are vulnerable to a remote denial of service attack. Microsoft FAQ on this issue available here.
e1f72be59317f491b185d7e733c56ed904195aa7bc19d7c27dc88996e81a8a70Microsoft Security Advisory MS01-042 - Windows Media Player v6.4, 7, and 7.1 contains a buffer overflow which allows remote code execution through opening an email or visiting a malicious web site. Microsoft FAQ on this issue available here.
dddbc16c5f5eac0683d11962bf6043a8609e6811299a36d8a3fb2053528d80b5Microsoft Security Advisory MS01-037 - The Windows 2000 SMTP service, which is installed by default, allows unauthorized users to successfully authenticate to the service using incorrect credentials. An attacker who exploited the vulnerability could gain user-level privileges on the SMTP service, thereby enabling the attacker to use the service and perform mail relaying via the server. Microsoft FAQ on this issue available here.
7d3ed4b66cfeab0d4a76065bf994f2e1498f2676ac11b99f097bc2f915034245Microsoft Security Advisory MS01-031 - This bulletin discusses seven new vulnerabilities affecting the Windows 2000 Telnet service. The vulnerabilities fall into three broad categories: privilege elevation, denial of service and information disclosure. Two of the vulnerabilities allow privilege elevation and four are denial of service attacks. Microsoft FAQ on this issue available here.
275cc644551b34ab079ae421747cbb602e4ba75e134167b2c0b19294f3a910b9Microsoft Security Advisory MS01-030 - Exchange 2000's web access (OWA) has a vulnerability which allows an attacker to send script code to users which can take action against the user's mailbox as if it were the user, including, under certain circumstances, manipulation of messages or folders. Microsoft FAQ on this issue available here.
f7f48318c3d4e4c6d067c2811d272a2e95f9a678915af7f158259f9cd09892f8Microsoft Security Bulletin (MS00-079) - Microsoft has released a patch that eliminates the "HyperTerminal Buffer Overflow" which allows malicious users to execute arbitrary code on another users system by sending a long telnet:// URL in a HTML mail message. HyperTerminal is the default Telnet client on Windows 98, 98SE and ME, but not Windows 2000. Updated hyperterminal available here.
80f7bc89cbf0b5dd6b119914307bb706cfbc08bcaefbecc2b83feaa064de2a0b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed