StarDestroyer.Net BBS

A new spoofing flaw in Microsoft's Internet Explorer browser allows an improperly coded web link to send users to a diffferent URL than the one displayed in the status bar.

The flaw, which was posted to the Bugtraq mailing list by Benjamin Franz, is exploited by placing two URLs and a table within a single HTML href tag, producing a link that looks like this:
http://www.microsoft.com
displaying http://www.microsoft.com in the browser, but sending the user to Google. Franz says the exploit works in fully-patched versions of Internet Explorer and Outlook Express, meaning the HTML code can be used to create spoofed URLs in webpages and HTML e-mails.

The technique, which can be executed by anyone with basic knowledge of HTML, can be used to construct convicing fake URLs for use in phishing scams. The flaw is possible because Internet Explorer has difficulty processing improperly formed HTML. The attack opens one href tag, and then leaves that tag open while enclosing a second URL within a table. The browser displays the first URL in the status bar, but sends users to the second URL.

The flaw affects versions of IE up to 6.0.2800.1106 - which includes systems that haven't yet installed Windows XP SP2, but are current on all other critical updates from Windows Update - as well as the Safari browser for Macs. Users running Windows XP SP2 (IE version 6.0.2900) and the open source Firefox and Mozilla browsers are not affected.

Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should install the update immediately.

Crayz9000 wrote:You could turn off Automatic Updating, since it's generally an annoyance, but in that case you should regularly check Windows Update.

TITLE:
Adobe Reader / Adobe Acrobat Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA13471

VERIFY ADVISORY:
http://secunia.com/advisories/13471/

CRITICAL:
Highly critical

IMPACT:
Exposure of sensitive information, System access

WHERE:
From remote

SOFTWARE:
Adobe Reader 6.x
http://secunia.com/product/1810/
Adobe Acrobat 6.x
http://secunia.com/product/1809/

DESCRIPTION:
Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose sensitive information or compromise a user's system.

1) A format string error within the eBook plug-in when parsing ".etd" files can be exploited to execute arbitrary code via a specially crafted eBook containing format specifiers in the "title" and "baseurl" fields.

2) Multiple vulnerabilities in libpng have been acknowledged, which can be exploited by malicious people to compromise a vulnerable system.

For more information:
SA12219

3) An error within the handling of Flash files embedded in PDF documents can be exploited to read the content of files on a user's system.

For more information:
SA12809

The vulnerabilities have been reported in versions 6.0.0 through 6.0.2.

SOLUTION:
Update to version 6.0.3.

Darth Wong wrote:The KDE team has already patched the Window Injection Vulnerability in Konqueror. I just tested the patched version.

Microsoft Windows Multiple Vulnerabilities

Secunia Advisory: SA13645 Print Advisory
Release Date: 2004-12-25

Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Unpatched

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

CVE reference: CAN-2004-1305
CAN-2004-1306

Description:
Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service).

1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files.

Successful exploitation allows execution of arbitrary code.

2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files.

3) The vulnerabilities is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files.

Reportedly, all versions of Microsoft Windows are affected.

Issue 1 has been confirmed on a not fully updated Windows XP SP1 system. It has not been possible to confirm the vulnerability on a fully patched Windows XP SP1 system.

Solution:
Reportedly, Microsoft Windows XP with SP2 isn't vulnerable.

Do not visit untrusted websites and don't open documents from untrusted sources.

Pcm979 wrote:As a Mac OSX user, I proceed to laugh and thumb my noses at the MS-users. This takes a long time, what with the 5 billion-plus Windows users. My nose also starts to hurt.

Ah, what trials and tribulations await the unwary Mac user.

Secunia Advisory: SA13362 Print Advisory
Release Date: 2004-12-03

Critical:
Highly critical
Impact: Security Bypass
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS: Apple Macintosh OS X

Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07


Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Unpatched

Faram wrote:A brand "new" IE Exploit is out.

Exploit Demo

This one uses ActiveX exploits.

Read all about it here:
http://secunia.com/advisories/12889/

Secunia Advisory: SA12889
Release Date: 2004-10-20
Last Update: 2005-01-07


Critical:
Extremely critical
Impact: Security Bypass
Cross Site Scripting
System access

Where: From remote

Solution Status: Unpatched

Psycho Smiley wrote:Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.

Ace Pace wrote:Argh, okey, stupid question: Could I install everything at once? or will I have to install first some stuff, restart, install other stuff, restart, install final?

Psycho Smiley wrote:Usually you need to reboot each time. Bad enough for you and me, but pisses off the sysadmins to no end.

Latest Security Bulletins - Released on February 8, 2005

MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
MS05-014: Cumulative Security Update for Internet Explorer (867282)
MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834)
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)
MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981)
MS05-005: Vulnerability in Microsoft Office XP could allow Remote Code Execution (873352)
MS05-004: ASP.NET Path Validation Vulnerability (887219)