Page 3 of 4
Posted: 2005-04-13 05:37am
by Faram
TITLE:
Microsoft Jet Database Engine Database File Parsing Vulnerability
SECUNIA ADVISORY ID:
SA14896
VERIFY ADVISORY:
http://secunia.com/advisories/14896/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
OPERATING SYSTEM:
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
SOFTWARE:
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Access 2000
http://secunia.com/product/36/
Microsoft Access 2002
http://secunia.com/product/35/
Microsoft Access 2003
http://secunia.com/product/4904/
Microsoft Office 2000
http://secunia.com/product/24/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/
DESCRIPTION:
HexView has discovered a vulnerability in Microsoft Jet Database
Engine, which can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to a memory handling error when e.g.
parsing database files. This can be exploited to execute arbitrary
code by tricking a user into opening a specially crafted ".mdb" file
in Microsoft Access.
NOTE: Exploit code has been posted to a public mailing list.
The vulnerability has been confirmed on a fully patched system with
Microsoft Access 2003 (msjet40.dll version 4.00.8618.0) and Microsoft
Windows XP SP1/SP2. Other versions may also be affected.
SOLUTION:
Do not open untrusted ".mdb" database files.
PROVIDED AND/OR DISCOVERED BY:
HexView
ORIGINAL ADVISORY:
http://www.hexview.com/docs/20050331-1.txt
Posted: 2005-05-04 05:51am
by Faram
Minor update but WPA-2 For Windows XP
Microsoft
If your router/ap and nic supports this then get it
Posted: 2005-05-04 08:19am
by Ace Pace
No new Windows updates for May?
Posted: 2005-05-04 08:29am
by Faram
Ace Pace wrote:No new Windows updates for May?
Not yet it will come next week.
Microsoft
Security Bulletin Resources
Last Release: April 12, 2005
Next Scheduled Release: May 10, 2005
Posted: 2005-05-08 03:20pm
by Faram
Fucked up bug in Firefox
Description:
Two vulnerabilities have been discovered in Firefox, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a user's system.
1) The problem is that "IFRAME" JavaScript URLs are not properly protected from being executed in context of another URL in the history list. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an arbitrary site.
2) Input passed to the "IconURL" parameter in "InstallTrigger.install()" is not properly verified before being used. This can be exploited to execute arbitrary JavaScript code with escalated privileges via a specially crafted JavaScript URL.
Successful exploitation requires that the site is allowed to install software (default sites are "update.mozilla.org" and "addons.mozilla.org").
A combination of vulnerability 1 and 2 can be exploited to execute arbitrary code.
NOTE: Exploit code is publicly available.
The vulnerabilities have been confirmed in version 1.0.3. Other versions may also be affected.
Solution:
Disable JavaScript.
Provided and/or discovered by:
john smith
Be on a lookout for a patch really soon!
Posted: 2005-05-11 02:05am
by Faram
Only one patch in May.
Microsoft
Issued: May 10, 2005
Version: 1.0
Summary
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Important
Recommendation: Customers should apply the update at the earliest opportunity.
Security Update Replacement: None
Caveats: None
Tested Software and Security Update Download Locations:
Affected Software:
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4 – Download the update
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) – Review the FAQ section of this bulletin for details about these operating systems.
Posted: 2005-05-12 04:02am
by Faram
Posted: 2005-05-16 05:40am
by Faram
Not much info, just the usual MSIE and Outlook is bad, mkaaay!
eeye.com
Date Reported:
March 16, 2005
Vendor:
Microsoft
Description:
A vulnerability in default installations of the affected software that allows malicious code to be executed, contingent upon minimal user interaction.
Severity:
High (Remote Code Execution)
Software Affected:
Internet Explorer
Outlook
Additional miscellaneous titles
Operating Systems Affected:
Windows NT 4.0 (All versions)
Windows 2000 (All versions)
Windows XP (All versions)
Windows 2003 (To be determined)
Status:
Initial report stage
Might seem old, but the patch is overdue according to EEYE
And here is an advisories that expires soon.
eeye.com
Date Reported:
March 29, 2005
Vendor:
Microsoft
Description:
A vulnerability in default installations of the affected software that allows malicious code to be executed with minimal user interaction.
Severity:
High (Remote Code Execution)
Software Affected:
Internet Explorer
Outlook
Additional miscellaneous titles
Operating Systems Affected:
Windows (Various versions to be determined)
Status:
Initial report stage
All uppcomming advisories
eeye.com
Having internet connectivity issues lately?
Posted: 2005-06-01 01:38am
by Vertigo1
Posted: 2005-06-08 04:43pm
by Beowulf
Seven year old security flaw reintroduced in firefox/mozilla.
Of course, it also works on IE
Missed that one, good find
~Faram
Posted: 2005-06-09 05:39am
by Faram
One line of HTML code crashed windows.
Insert this to a webpage
Code: Select all
<HTML>
<BODY>
<IMG SRC="http://domain/images/image.jpg" width="9999999" height="9999999">
</BODY>
</HTML>
And you get a BSOD, sorta pathetic!
Original advisory
Posted: 2005-06-09 05:59am
by Xon
Faram wrote:One line of HTML code crashed windows.
Insert this to a webpage
Code: Select all
<HTML>
<BODY>
<IMG SRC="http://domain/images/image.jpg" width="9999999" height="9999999">
</BODY>
</HTML>
And you get a BSOD, sorta pathetic!
Original advisory
Doesnt work for me, I've got a fully patched Windows XP sp2 with IE running as a limited user and DEP enabled.
Posted: 2005-06-14 03:32pm
by Faram
Oh Joyt another month another bunch of patches.
Microsoft.com
Just going to list the critical ones.
SMB Not good not good at all!
HTML Help
Internet Explorer
They should be at Windowsupdate really soon.
Posted: 2005-06-28 03:46am
by Faram
Javascript dialog spoofing
All browsers at risk.
Here is a 3rd party solution for firefox, if you install this remember to allow sd.net
No Script @ Mozilla
Posted: 2005-08-10 03:03am
by Faram
Bulletin Summary:
Microsoft
Critical Bulletins:
Cumulative Security Update for Internet Explorer (896727)
http://go.microsoft.com/fwlink/?LinkId=45781
Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)
http://go.microsoft.com/fwlink/?LinkId=48900
Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)
http://go.microsoft.com/fwlink/?LinkId=48902
Important Bulletins:
Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)
http://go.microsoft.com/fwlink/?LinkId=42466
Moderate Bulletins:
Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)
http://go.microsoft.com/fwlink/?LinkId=48898
Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)
http://go.microsoft.com/fwlink/?LinkId=48899
Re-Released Bulletins:
Vulnerabilities in Microsoft Word May Lead to Remote Code Execution (890169)
http://www.microsoft.com/technet/securi ... 5-023.mspx
Vulnerability in Microsoft Agent Could Allow Spoofing (890046) (890169)
http://www.microsoft.com/technet/securi ... 5-032.mspx
Now go and patch!
Posted: 2005-10-11 04:04pm
by Faram
Okay no patches last month, but now Microsoft is back with a vengeance!
There is a shitload of them over at:
Get them buy the dozen!
Patches! Patches! Get your Patches!
Posted: 2005-12-13 03:27pm
by Xon
Re: Patches! Patches! Get your Patches!
Posted: 2005-12-13 04:08pm
by Keevan_Colton
Critical windows bug read this!
Posted: 2005-12-28 11:28pm
by Einhander Sn0m4n
http://it.slashdot.org/it/05/12/29/0039 ... 72&tid=218
I got burned by this shit, so take my warnings seriously. This fucking bullshit is dangerous, and MS has no patch yet. It's a buffer overflow in shimgvw.dll's handling of .wmf (Windows Meta Files) image files.
As you can see [WMV MOVIE AHOY!], it's extremely quick and deadly.
It is extremely easy to get burned by this shit, as exploit sites are popping up like wildfire. Even Firefox and Opera users can get hit if you agree to run the file. Another thing: Programs that load a website inside their window tend to use Idiot Exploiter, so this is yet another avenue of infection. I believe this way is how I got whacked (cough*Kazaa Lite*cough).
The Workaround:
Posted: 2005-12-29 02:40pm
by Faram
If the regsvr32 /u shimgvw.dll breaks the viewing of .jpg images, to fix it just type
And all is back to normal.
Also if you use any other application than somthing from Microsoft, JPG viewing works just fine!
Try this one for example.
http://www.irfanview.com/
Posted: 2005-12-29 05:41pm
by Faram
God Damned this is even worse that I thought!
You can get burned even while working in a DOS box! This happened on one of our test machines where we simply used the WGET command-line tool to download a malicious WMF file. That's it, it was enough to download the file. So how on earth did it have a chance to execute?
The test machine had Google Desktop installed. It seems that Google Desktop creates an index of the metadata of all images too, and it issues an API call to the vulnerable Windows component SHIMGVW.DLL to extract this info. This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime.
So, be careful out there. And disable indexing of media files (or get rid of Google Desktop) if you're handling infected files under Windows.
Please do as Microsoft advices:
Microsoft.com wrote:Un-register the Windows Picture and Fax Viewer (Shimgvw.dll) on Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
To un-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
Edit
Fixed a typo windir% to %windir%
Posted: 2006-01-02 11:59pm
by MKSheppard
I don't have it on my computer; am I still at risk from this bug?
EDIT: by "it" I mean:
regsvr32 -u windir%\system32\shimgvw.dll
comes up as "NOT FOUND"
No wait
tried einy's
REGSVR32 /U SHIMGVW.DLL
and it unloaded it.
Posted: 2006-01-03 12:51am
by Glocksman
MS ought to put Ilfak Guilfanov on the payroll.
His patch and more information on the vulnerability.
He also has a
vulnerability checker available for download.
Posted: 2006-01-03 05:47am
by Faram
MKSheppard wrote:regsvr32 -u windir%\system32\shimgvw.dll
comes up as "NOT FOUND"
No wait
tried einy's
REGSVR32 /U SHIMGVW.DLL
and it unloaded it.
I made a typo while cutting and pasting, it should read %windir%
Posted: 2006-01-06 07:11pm
by Einhander Sn0m4n
MICROSOFT WMF PATCH HERE!