Seven MS Security Bulletins issued today.
This bulletin replaces MS04-013: Cumulative Update for Outlook Express and any prior Cumulative Security Updates for Outlook Express.
If a user is running Outlook Express and receives a specially crafted e-mail message, Outlook Express would fail. If the preview pane is enabled, the user would have to manually remove the message, and then restart Outlook Express to resume functionality.
This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system.
This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem).
This update resolves a newly-discovered, privately reported buffer overrun vulnerability. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
The vulnerability is caused by an unchecked buffer in the IIS 4.0 redirect function.
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of the way that it handles application name validation. There are many ways that a system could be vulnerable to this attack. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.
This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public.
A remote code execution vulnerability exists in the processing of a specially crafted showHelp URL. The vulnerability could allow malicious code to run in the Local Machine security zone in Internet Explorer, which could allow an attacker to take complete control of an affected system.
A remote code execution vulnerability exists in HTML Help that could allow remote code execution on an affected system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. An attacker could exploit the vulnerability if a user visited a malicious Web site. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
Paul has reported some vulnerabilities in Internet Explorer, allowing malicious people to bypass security restrictions and potentially compromise a vulnerable system.
- It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.
- Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".
- It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.
- It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.
An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.
Issues 1-4 has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1.
Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system.
- A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files.
- A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone.
Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. It has been reported that the preliminary SP2 prevents exploitation by denying access.
A 6 year old vulnerability has been discovered in multiple browsers, allowing malicious people to spoof the content of websites.
The problem is that the browsers don't check if a target frame belongs to a website containing a malicious link, which therefore doesn't prevent one browser window from loading content in a named frame in another window.
Successful exploitation allows a malicious website to load arbitrary content in an arbitrary frame in another browser window owned by e.g. a trusted site.