Five MS Security Bulletin issued today. All are rated important. Four are 'Remote Code Execution' vulnerabilities and one is an 'Elevation of Privilege' Vulnerability.
A remote code execution vulnerability exists in the Microsoft Word for Windows 6.0 Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system.
The Word for Windows 6.0 Converter helps users convert documents from Word 6.0 formats to the WordPad file format and is included on all affected operating systems.
The vulnerability is due to boundary errors in the table and font conversion in the Word for Windows 6.0 converter. This can (for example) be exploited via a malicious ".wri", ".rtf", or ".doc" document.
Kostya Kortchinsky has reported two vulnerabilities in Microsoft Windows NT, allowing malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system
- The vulnerability is caused due to an unchecked buffer during logging of a certain value from specific network packets. This can be exploited to cause the DHCP service to stop responding
- The vulnerability is caused due to an unchecked buffer in the handling of DHCP request traffic. This can be exploited to cause a buffer overflow and allow execution of arbitrary code
Brett Moore has reported a vulnerability in Microsoft HyperTerminal, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to boundary errors in the handling of HyperTerminal session files and telnet URLs. This can be exploited to cause a buffer overflow by tricking a user into opening a malicious HyperTerminal session file (.ht) or clicking a specially crafted telnet URL in a malicious e-mail or on a website.
Successful exploitation can lead to execution of arbitrary code.
NOTE: Exploitation via a telnet URL requires that HyperTerminal is set as the default telnet client (not default setting).
Cesar Cerrudo has reported two vulnerabilities in Microsoft Windows, allowing malicious, local users to escalate their privileges.
- The vulnerability is caused due to an unchecked buffer in the handling of data sent through a LPC (Local Procedure Call) port. This can be exploited to cause a buffer overflow and lead to execution of arbitrary code with elevated privileges.
- The vulnerability is caused due to an error in the validation of identity tokens in LSASS (Local Security Authority Subsystem Service). This can be exploited to gain elevated privileges.
Kostya Kortchinsky has reported two vulnerabilities in Microsoft Windows, allowing malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unchecked buffer in the handling of the "Name" parameter from certain packets. This can be exploited to cause a buffer overflow and lead to execution of arbitrary code.