MS04-025 - More details on vulnerabilities - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

MS04-025 - More details on vulnerabilities

This update from the Internet Storm Center provides more details on the vulnerabilities corrected by the MS04-025 security udpate.

http://www.incidents.org/diary.php?date=2004-07-30

Microsoft Releases a Critical Patch for Internet Explorer

Today Microsoft released a patch to Internet Explorer that addresses critical vulnerabilities that may allow malicious sites to run arbitrary code on unpatched systems. These vulnerabilities have been known for some time. One of them was being actively exploited by the Scob/Ject attack that we described in:

http://www.incidents.org/diary.php?date=2004-06-25

Considering the severity of these vulnerabilities, we recommend installing this patch as soon as possible, and hope that you have a chance to consider this security bulletin before heading home for the weekend:

http://www.microsoft.com/technet/security/bulletin/ms04-025.mspx

The following break-down of the vulnerabilities addressed by this security update is based on CVE database entries

http://www.cve.mitre.org

CAN-2004-0549: The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.

CAN-2004-0566: Integer signedness error in imgbmp.cxx for Windows 2000 allows remote attackers to execute arbitrary code via a BMP image with a large bfOffBits value.

CAN-2003-1048: mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code due to a malformed GIF image that triggers a buffer overflow.

Posted: Jul 31 2004, 09:04 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.