Dear Bill Gates: Do you actually believe that we think this was
accidental? HANG, you
communist ba$tard!!! (For those of you who think Bill Gates is "the good
guy,"
I suggest you learn the NetBIOS exploit on Windows 95/98. Accidental MY
ASS!!!!
ASSESSMENT 00-049
Microsoft E-mail and Script Vulnerabilities
Issued at 8:00 p.m. EDT, 07/19/2000
Microsoft Corp. has released an advisory on a component shared by
Outlook and Outlook Express
which contains an unchecked buffer in email headers. In addition, the
System Administration,
Networking & Security Institute (SANS) has issued an advisory on HTML
and IE Script
Vulnerabilities. The SANS advisory covers two separate issues
concerning vulnerabilities in
Active X controls.
Malformed E-mail Header Vulnerability
See Microsoft Security Advisory MS00-043
http://www.microsoft.com/technet/security/bulletin/MS00-043
Posted July 18, 2000
This vulnerability could allow unwanted code (e.g. a virus or trojan
horse) to become executed
on your computer without opening any email attachments. A component
shared by Outlook and
Outlook Express contains an unchecked buffer in the functionality that
parses e-mail headers
when downloading mail via either pop3 or IMAP4. By sending an e-mail
that overruns the buffer, a
malicious user could cause either of two effects to occur when the
mail was downloaded from the
server by an affects e-mail client: If the affected field were filled
with random data, the
e-mail could be made to crash, or if the affected field were filled
with carefully-crafted data,
the e-mail client could be made to run code of the malicious user's
choice.
Internet Explorer Script & Office HTML Script
Vulnerabilities
See SANS Flash Advisory: Dangerous Windows Flaw
http://www.sans.org/newlook/resources/win_flaw.html Posted
July 17, 2000
Internet Explorer (IE) Script
This vulnerability could allow ActiveX controls to be loaded on your
computer even if you have
disabled Active Scripting. Internet Explorer allows the use of an
object tag to load an ActiveX
control. The data property of the object tag is the ActiveX control to
be loaded. An ActiveX
control is normally an executable, however, Microsoft Office documents
are also ActiveX
controls. In a default installation, ActiveX controls load silently,
without prompting the user,
thus automatically executing the exploit. Internet Explorer can be
configured to prompt the user
to load ActiveX controls. The problem occurs in the sequence of
execution, whereby the IE
actually opens the Access database before it asks the user to open it.
Office HTML Script
Excel 2000 and PowerPoint 97 and 2000 can be scripted from inside
Internet Explorer to save a
file to an arbitrary location on the user's hard drive as long as the
user has access to that
location. This would enable an attacker to save files to locations
such as the Startup folder.
This vulnerability is not exploitable if Active Scripting and/or
Running ActiveX controls is
disabled. Therefore, it is considerably less dangerous than the Access
problem. The root cause
of this problem is that Excel and PowerPoint are marked as safe for
scripting. The patch by
Microsoft Corp. eliminates this by marking them unsafe for scripting.
Microsoft Corp. has made
this fix available at http://officeupdate.microsoft.com.
As always, users are advised to maintain awareness of new
vulnerabilities that are reported by
security entities from CERT/CC, SANS Institute, Microsoft Corp. and
other cognizant
organizations.
Please report any illegal or malicious activities to your local FBI
office or the NIPC, and to
your military or civilian computer incident response group, as
appropriate.
