If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
Full Disclosure of area of Windows Security Concern
Note: Due Diligence was done to try and have this completely patched by Microsoft if it has not been done and appears to affect both Windows 98 Second Edition and Windows 2000 Professional which is still in support phase until July 13, 2010. http://secunia.com/advisories/13645/ Secunia Advisory SA13645 Microsoft Windows Multiple Vulnerabilities Secunia Advisory SA13645 Get alerted and manage the vulnerability life cycle Free Trial Release Date 2004-12-25 Last Update 2005-11-21 Popularity 50,286 views Comments 0 comments Criticality level Highly critical Highly critical Impact DoS System access Where From remote Authentication level Available in Customer Area Report reliability Available in Customer Area Solution Status Partial Fix Systems affected Available in Customer Area Approve distribution Available in Customer Area Operating System Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millenium Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows NT 4.0 Workstation Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Embedded Microsoft Windows XP Home Edition Microsoft Windows XP Professional Secunia CVSS Score Available in Customer Area CVE Reference(s) CVE-2004-1049 CVSS available in Customer Area CVE-2004-1305 CVSS available in Customer Area CVE-2004-1306 CVSS available in Customer Area CVE-2004-1361 CVSS available in Customer Area Description Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service). 1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files. Successful exploitation allows execution of arbitrary code. 2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files. 3) The vulnerability is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files. All versions of Microsoft Windows are affected except Microsoft Windows XP with Service Pack 2. Solution 3) Do not visit untrusted web sites and don't open documents from untrusted sources. Further details available in Customer Area Provided and/or discovered by 1) Discovered independently by: * Flashsky * eEye Digital Security 2) Flashsky (Microsoft credits Sylvain Bruyere). 3) Keji Changelog Further details available in Customer Area Original Advisory MS05-002 (KB891711): http://www.microsoft.com/technet/sec.../MS05-002.mspx Flashsky: http://www.xfocus.net/flashsky/icoExp/ eEye Digital Security: http://www.eeye.com/html/research/ad...D20050111.html Other references Further details available in Customer Area Deep Links Links available in Customer Area |
#2
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
On 05/21/2010 02:18 AM, Dan wrote:
Full Disclosure of area of Windows Security Concern Note: Due Diligence was done to try and have this completely patched by Microsoft if it has not been done and appears to affect both Windows 98 Second Edition and Windows 2000 Professional which is still in support phase until July 13, 2010. http://secunia.com/advisories/13645/ Secunia Advisory SA13645 Microsoft Windows Multiple Vulnerabilities Secunia Advisory SA13645 Get alerted and manage the vulnerability life cycle Free Trial Release Date 2004-12-25 Last Update 2005-11-21 Popularity 50,286 views Comments 0 comments Criticality level Highly critical Highly critical Impact DoS System access Where From remote Authentication level Available in Customer Area Report reliability Available in Customer Area Solution Status Partial Fix Systems affected Available in Customer Area Approve distribution Available in Customer Area Operating System Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millenium Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows NT 4.0 Workstation Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Embedded Microsoft Windows XP Home Edition Microsoft Windows XP Professional Secunia CVSS Score Available in Customer Area CVE Reference(s) CVE-2004-1049 CVSS available in Customer Area CVE-2004-1305 CVSS available in Customer Area CVE-2004-1306 CVSS available in Customer Area CVE-2004-1361 CVSS available in Customer Area Description Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service). 1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files. Successful exploitation allows execution of arbitrary code. 2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files. 3) The vulnerability is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files. All versions of Microsoft Windows are affected except Microsoft Windows XP with Service Pack 2. Solution 3) Do not visit untrusted web sites and don't open documents from untrusted sources. Further details available in Customer Area Provided and/or discovered by 1) Discovered independently by: * Flashsky * eEye Digital Security 2) Flashsky (Microsoft credits Sylvain Bruyere). 3) Keji Changelog Further details available in Customer Area Original Advisory MS05-002 (KB891711): http://www.microsoft.com/technet/sec.../MS05-002.mspx Flashsky: http://www.xfocus.net/flashsky/icoExp/ eEye Digital Security: http://www.eeye.com/html/research/ad...D20050111.html Other references Further details available in Customer Area Deep Links Links available in Customer Area Uh, did you happen to notice the update offered via WU.. Was it ever FULLY patched? You're testing the Win98 OS supposedly, why not tell us if it was, rather than us telling you if it was or wasn't [hint, it was 891711]. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#3
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
On 05/21/2010 02:18 AM, Dan wrote:
Full Disclosure of area of Windows Security Concern Note: Due Diligence was done to try and have this completely patched by Microsoft if it has not been done and appears to affect both Windows 98 Second Edition and Windows 2000 Professional which is still in support phase until July 13, 2010. http://secunia.com/advisories/13645/ Secunia Advisory SA13645 Microsoft Windows Multiple Vulnerabilities Secunia Advisory SA13645 Get alerted and manage the vulnerability life cycle Free Trial Release Date 2004-12-25 Last Update 2005-11-21 Popularity 50,286 views Comments 0 comments Criticality level Highly critical Highly critical Impact DoS System access Where From remote Authentication level Available in Customer Area Report reliability Available in Customer Area Solution Status Partial Fix Systems affected Available in Customer Area Approve distribution Available in Customer Area Operating System Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Professional Microsoft Windows 2000 Server Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millenium Microsoft Windows NT 4.0 Server Microsoft Windows NT 4.0 Server, Terminal Server Edition Microsoft Windows NT 4.0 Workstation Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Embedded Microsoft Windows XP Home Edition Microsoft Windows XP Professional Secunia CVSS Score Available in Customer Area CVE Reference(s) CVE-2004-1049 CVSS available in Customer Area CVE-2004-1305 CVSS available in Customer Area CVE-2004-1306 CVSS available in Customer Area CVE-2004-1361 CVSS available in Customer Area Description Flashsky has reported some vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system or cause a DoS (Denial of Service). 1) The vulnerability is caused due to an integer overflow in the LoadImage API which can be exploited to cause a heap based buffer overflow. This can be exploited through a website by using maliciously crafted icon, cursor, animated cursor, or bitmap files. Successful exploitation allows execution of arbitrary code. 2) Some errors in the Windows Kernel when parsing ANI files may cause the system to crash. This can be exploited through specially crafted ANI files. 3) The vulnerability is caused due to a heap overflow and an integer overflow in "winhlp32.exe" when handling HLP files. This can be exploited through specially crafted HLP files. All versions of Microsoft Windows are affected except Microsoft Windows XP with Service Pack 2. Solution 3) Do not visit untrusted web sites and don't open documents from untrusted sources. Further details available in Customer Area Provided and/or discovered by 1) Discovered independently by: * Flashsky * eEye Digital Security 2) Flashsky (Microsoft credits Sylvain Bruyere). 3) Keji Changelog Further details available in Customer Area Original Advisory MS05-002 (KB891711): http://www.microsoft.com/technet/sec.../MS05-002.mspx Flashsky: http://www.xfocus.net/flashsky/icoExp/ eEye Digital Security: http://www.eeye.com/html/research/ad...D20050111.html Other references Further details available in Customer Area Deep Links Links available in Customer Area Uh, did you happen to notice the update offered via WU.. Was it ever FULLY patched? You're testing the Win98 OS supposedly, why not tell us if it was, rather than us telling you if it was or wasn't [hint, it was 891711]. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#4
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
Snip
Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. |
#5
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
Snip
Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. |
#6
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
On 05/21/2010 10:52 AM, Dan wrote:
Snip Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. If you look through the list of files for W2K Prof. you can compare them to later updates offered. Again, only extensive personal testing might ensure your knowledge regarding the matter of a complete and unfailing fix/patch in the NT environments. Win9X was obviously left with the provided "fix" [it was apparently a kludge "work-around" requiring an exe, a dll, and registry settings]. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#7
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
On 05/21/2010 10:52 AM, Dan wrote:
Snip Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. If you look through the list of files for W2K Prof. you can compare them to later updates offered. Again, only extensive personal testing might ensure your knowledge regarding the matter of a complete and unfailing fix/patch in the NT environments. Win9X was obviously left with the provided "fix" [it was apparently a kludge "work-around" requiring an exe, a dll, and registry settings]. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
#8
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
Thanks, Meb. My main interest was mainly in Windows 98 Second Edition being
fully patched in this case. I remember seeing the 891711 in the add/remove programs of Windows 98 Second Edition. It certainly was a clunky way to patch it on 98SE but as long as it was fully patched on at least 98SE, then I am glad. :- I may primarily use the NT source code instead of 9x source code now but will soon have more options as I delve into Linux. "MEB" wrote: On 05/21/2010 10:52 AM, Dan wrote: Snip Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. If you look through the list of files for W2K Prof. you can compare them to later updates offered. Again, only extensive personal testing might ensure your knowledge regarding the matter of a complete and unfailing fix/patch in the NT environments. Win9X was obviously left with the provided "fix" [it was apparently a kludge "work-around" requiring an exe, a dll, and registry settings]. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- . |
#9
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
Thanks, Meb. My main interest was mainly in Windows 98 Second Edition being
fully patched in this case. I remember seeing the 891711 in the add/remove programs of Windows 98 Second Edition. It certainly was a clunky way to patch it on 98SE but as long as it was fully patched on at least 98SE, then I am glad. :- I may primarily use the NT source code instead of 9x source code now but will soon have more options as I delve into Linux. "MEB" wrote: On 05/21/2010 10:52 AM, Dan wrote: Snip Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. If you look through the list of files for W2K Prof. you can compare them to later updates offered. Again, only extensive personal testing might ensure your knowledge regarding the matter of a complete and unfailing fix/patch in the NT environments. Win9X was obviously left with the provided "fix" [it was apparently a kludge "work-around" requiring an exe, a dll, and registry settings]. -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- . |
#10
|
|||
|
|||
Was This Vulnerability Ever Completely Patched
On 05/21/2010 01:57 PM, Dan wrote:
Thanks, Meb. My main interest was mainly in Windows 98 Second Edition being fully patched in this case. I remember seeing the 891711 in the add/remove programs of Windows 98 Second Edition. It certainly was a clunky way to patch it on 98SE but as long as it was fully patched on at least 98SE, then I am glad. :- Well, I didn't say it was, I merely directed to what Microsoft had supplied to deal with the purported issue. We [the group] did have several discussions regarding this particular Win98 "fix" when it was current. I may primarily use the NT source code instead of 9x source code now but will soon have more options as I delve into Linux. It is an interesting alternative. Don't get daunted by what it contains, just spend some time finding what you want to try, spend time in the support forums and groups, and you will likely develop an enjoyment for the experience. "MEB" wrote: On 05/21/2010 10:52 AM, Dan wrote: Snip Thanks for the information, MEB. I guess Secunia.com needs to update their information because they claim it was only a partial patch and not a complete patch. I have never found out if a cracker could take advantage of this if it is true that it is not a complete patch. I guess I can contact Secunia and Micorosoft for more information about whether it was a full patch and not just partially fixed. Since it applies to Windows 2000 Professional as well as Windows Server 2003 there should be a complete patch. I don't know if I will get anywhere trying to contact them about this but I can try at least. If you look through the list of files for W2K Prof. you can compare them to later updates offered. Again, only extensive personal testing might ensure your knowledge regarding the matter of a complete and unfailing fix/patch in the NT environments. Win9X was obviously left with the provided "fix" [it was apparently a kludge "work-around" requiring an exe, a dll, and registry settings]. -- MEB -- MEB http://peoplescounsel.org/ref/windows-main.htm Windows Info, Diagnostics, Security, Networking http://peoplescounsel.org The "real world" of Law, Justice, and Government ___--- |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Can i remove Win 88 completely? | Luke.Davis | Software & Applications | 0 | November 3rd 06 08:53 AM |
How do I get rid of Norton completely? | PSYCHOPIXIE | General | 7 | April 4th 05 07:38 PM |
PC doesn't turn off completely. | Paradoxdb3 | General | 9 | January 14th 05 01:02 AM |
Can I turn off completely? | RobertVA | General | 4 | January 11th 05 06:39 PM |
install shut down pc completely | General | 1 | June 5th 04 01:45 AM |