=============== SPONSORED BY WINDOWS NT MAGAZINE ================== Power + Speed = Windows NT Magazine Article Archive CD. Fight your NT fires quickly and intelligently with this complete collection of Windows NT Magazine articles. Search by keyword, subject, issue, author, or month, and find the right solution in seconds. Includes the entire article database from our September 1995 premiere issue to December 1999. http://winntmag.com/OurProducts/ArchiveCD/ ==================================================================== December 23, 1999 - Security UPDATE Alert - Several new security are being reported in this alert. Georgio Guninski discovered yet another problem with Internet Explorer 5.x and cross frame navigation. No patch is available at this time. USSRLabs reported a denial of service condition in ZBServer v1.5. Microsoft reported a problem with Outlook 5, as well as Internet Explorer 4.5 on Macintosh platform. The Outlook problem could lead to a Trojan infection of the local system. The IE problem pertains to certificates. Patches are now available. Microsoft reported that Internet Information Server (IIS) is prone to reveal source code under certain conditions. Patches are now available. Microsoft also revealed problems with the way IIS handles escape character parsing. Patches are available for this problem as well. Norton Antivirus 2000 was reported to contain a serious buffer overflow condition. No vendor response is known at this time. Kevork Belian shows how easy it is to crash an SQL Server 7.0 using a very simple malformed packet. Microsoft has now issued a patch for this month old problem. For complete details on each of the discoveries, please visit our Web site at the URLs listed below: - IE 5.01 Cross Frame Navigation http://www.ntsecurity.net/scripts/loader.asp?iD=/security/ie58.htm - ZBServer v1.5 Denial of Service http://www.ntsecurity.net/scripts/loader.asp?iD=/security/zbnserver1.htm - Outlook 5 and IE 4.5 for Macintosh http://www.ntsecurity.net/scripts/loader.asp?iD=/security/outlook51.htm - IIS Reveals Source Code http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis4-2.htm - IIS Escape Char Processing http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis4-3.htm - Norton Antivirus 2000 http://www.ntsecurity.net/scripts/loader.asp?iD=/security/nav20001.htm - SQL 7.0 Denial of Server http://www.ntsecurity.net/scripts/loader.asp?iD=/security/sql7-2.htm Thanks for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list! Sincerely, The Security UPDATE Team security@ntsecurity.net ======================================================================= TO UNSUBSCRIBE from this alert list DO NOT REPLY, instead send e-mail to listserv@listserv.ntsecurity.net with the words "unsubscribe securityupdate" in the body of the message without the quotes. TO SUBSCRIBE to this alert list, send e-mail to the same address listed above with the words "subscribe securityupdate anonymous" in the body of the message without the quotes. ======================================================================= Security UPDATE is powered by LISTSERV(R) software http://www.lsoft.com/LISTSERV-powered.html ======================================================================= Copyright (c) 1999 Duke Communications Intl. Inc. - ALL RIGHTS RESERVED Forwarding this email is permitted, as long as the entire message body, the mail header, and this notice are included.