Network Security News – Wednesday, November 02, 2005 Events
Microsoft IIS Upgrade ism.dll Local Privilege Escalation
When Microsoft Internet Information Server (IIS) 4.0 is upgraded from version 2.0 or 3.0 the ism.dll file is left in the /scripts/iisadmin directory. This script discloses sensitive information via a specially crafted URL which could lead to elevated privileges. An attacker could use this to gain access to the administrator's password.. Read more at osvdb.org/273
Microsoft Virtual Machine COM Object Arbitrary Code Execution
Microsoft Java Virtual Machine allows untrusted Java applets to access COM (Component Object Model) objects. An attack may be able to compromise a vulnerable system by including a malicious Java applet that will execute arbitrary code via COM. Normally only trusted Java applets should be able to access COM objects.. Read more at osvdb.org/13417
Microsoft Windows POSIX Subsystem Privilege Escalation
A local overflow exists in Microsoft Windows POSIX Subsystem. The Microsoft Windows POSIX Subsystem fails to check the length of certain parameters resulting in a buffer overflow overflow. With a specially crafted request, an attacker can run code with elevated privileges, resulting in a loss of confidentiality, integrity, and availability.. Read more at osvdb.org/7800
Microsoft Windows NetDDE Agent WM_COPYDATA Message Arbitrary Code Execution (shatter)
The Microsoft Windows NetDDE Agent in Windows 2000, NT, and XP contains a vulnerability that could allow a local attacker to elevate their privileges. An attacker could exploit this by sending specially crafted input to the NetDDE Agent via a WM_COPYDATA message, and then sending specially crafted input via WM_TIMER message, causing the request to be executed under higher privileges.. Read more at osvdb.org/13416
Microsoft Windows HTML Help (CHM) File Overflow
A remote overflow exists in Microsoft Windows via the "ms-its" protocol specification. Microsoft Windows fails to check the size field resulting in a heap overflow. Specifying a very high value will cause a buffer overflow. With a specially crafted request, an attacker can cause Internet Explorer to open a malicious .CHM file and cause an excessive memory copy that overwrites portions of memory resulting in a loss of availability and possibly remote code execution.. Read more at osvdb.org/17305
Microsoft Windows WINS Server Remote Overflow
A remote overflow exists in all server versions of Microsoft Windows running Windows Internet Name Service (WINS). The WINS fails to validate the length of certain packets resulting in a remote overflow. With a specially crafted request, an attacker can cause the service terminated or execute malicious
code, resulting in a loss of integrity or availability.. Read more at osvdb.org/3903
Subdreamer imagemanager.php Arbitrary File Upload
Subdreamer contains a flaw that may allow a malicious user to upload arbitrary files via the 'imagemanager.php' script. It is possible since images in "Image Manager" administration panel are not checked for expansion of the file, and the flaw may allow arbitrary file uploads resulting in a loss of integrity.. Read more at osvdb.org/20383
Sun Java Plug-in Arbitrary Package Access
Java contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the reflection API to access packages which are supposed to be private to the Virtual Machine, and may allow access to memory or unauthorized privileges. This flaw may lead to a loss of integrity.. Read more at osvdb.org/12095
VERITAS Backup Exec Server Unauthenticated Remote Registry Access
VERITAS Backup Exec Server (beserver.exe) contains a flaw that may allow a remote attacker to modify the Windows registry with administrative level permissions. The issue is due to RPC calls not properly authenticating callers of methods on TCP port 6106. This may allow an attacker to modify the registry of a host leading to a completely compromise.. Read more at osvdb.org/17627
Leave a Reply