|
Microsoft Windows 14 Vulnerabilities
|
|
Secunia Advisory:
|
SA11064
|
|
|
Release Date:
|
2004-04-13
|
|
Last Update:
|
2004-05-04
|
|
Popularity:
|
35,631 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Privilege escalation
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows NT 4.0 Workstation
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Embedded
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
| Software: | Windows NetMeeting 3.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Microsoft has acknowledged 14 vulnerabilities in the Windows operating system, where the most serious can be exploited by malicious people to compromise a vulnerable system.
1) A boundary error within LSASS (Local Security Authority Subsystem Service) can be exploited to cause a buffer overflow via a specially crafted message. Successful exploitation allows execution of arbitrary code with SYSTEM privileges.
The vulnerability can reportedly only be exploited remotely on Windows 2000 and Windows XP systems.
2) An error within LSASS (Local Security Authority Subsystem Service) when processing LDAP requests can be exploited by malicious people to reboot a vulnerable domain controller via a specially crafted LDAP message.
The vulnerability only affects Windows 2000 domain controllers.
3) A boundary error within the Microsoft Secure Sockets Layer (SSL) library when processing PCT (Private Communications Transport) handshake packets can be exploited to cause a buffer overflow. Successful exploitation allows execution of arbitrary code with SYSTEM privileges.
4) A boundary error within the Windows logon process (Winlogon) can be exploited by malicious users with permissions to modify domain objects to cause a buffer overflow. Successful exploitation allows execution of arbitrary code.
The vulnerability affects Windows NT 4.0, Windows 2000, and Windows XP systems that are members of a domain.
5) A boundary error within the rendering of Metafiles can be exploited to cause a buffer overflow via specially crafted files.
This may be related to:
SA10968
6) An input validation error within the "Help and Support Center" when handling HCP URLs can be exploited to execute arbitrary code on a vulnerable system via specially crafted HCP URLs. Successful exploitation requires that a user is tricked into visiting a malicious website or follow a specially crafted link.
7) An error within the Utility Manager when launching applications can be exploited by malicious, local users to gain SYSTEM privileges.
The vulnerability only affects Windows 2000 systems.
8) An error within the Windows task management may in certain circumstances allow creation of tasks, which will be executed with SYSTEM privileges. This can be exploited by malicious, local users to gain escalated privileges on a vulnerable system.
The vulnerability only affects Windows XP systems.
9) An error within a programming interface used for creating entries in the Local Descriptor Table (LDT) can be exploited to access protected memory. This may allow malicious, local users to gain escalated privileges on a vulnerable system.
10) Boundary errors within the H.323 protocol implementation can be exploited to cause a buffer overflow via specially crafted H.323 requests. Successful exploitation allows execution of arbitrary code but commonly requires NetMeeting to be running.
The vulnerability may affect the following applications and services:
* Telephony Application Programming Interface (TAPI)-based applications
* NetMeeting
* Internet Connection Firewall (ICF)
* Internet Connection Sharing
* Microsoft Routing and Remote Access service
NetMeeting is installed as part of Windows 2000, Windows XP, and Windows Server 2003. The vulnerability doesn't affect Windows NT 4.0 unless the standalone version of NetMeeting has been installed.
This may be related to:
SA10611
11) An error within the operating system component handling the Virtual DOS Machine (VDM) subsystem can be exploited to access protected kernel memory. This may allow malicious, local users to gain escalated privileges.
12) A boundary error within the Negotiate Security Software Provider (SSP) interface can be exploited to cause a buffer overflow via a specially crafted network message. Successful exploitation commonly results in a Denial of Service but may also allow execution of arbitrary code.
13) An error within the Microsoft Secure Sockets Layer (SSL) library when handling SSL messages can be exploited to cause a vulnerable system to stop accepting SSL connections or restart.
14) A "double free" error within the "ASN1BERDecZeroCharString()" function in the Microsoft ASN.1 Library ("msasn1.dll") can be exploited to corrupt memory via a specially crafted, encoded ASN.1 value. Successful exploitation commonly results in a Denial of Service but may also allow execution of arbitrary code.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
