Microsoft Windows Multiple Vulnerabilities
Secunia Advisory: SA12804
Release Date: 2004-10-12
Last Update: 2004-10-14
Popularity: 17,866 views

Critical:
Highly critical
Impact: Privilege escalation
DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millenium
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2004-0207
CVE-2004-0208
CVE-2004-0209
CVE-2004-0211


Description:
Multiple vulnerabilities have been reported in Microsoft Windows, which can be exploited to cause a DoS (Denial of Service), gain escalated privileges, or compromise a vulnerable system.

1) Missing restrictions on several Window Management API functions can be exploited via a malicious program to change the properties of other programs running with higher privileges.

This may allow malicious, local users to change the properties of a privileged process in a way that allows escalation of the user's privileges.

2) An error in the way memory is referenced in the component used for handling the VDM (Virtual DOS Machine) subsystem can be exploited to access protected kernel memory.

This may allow a malicious, local users to gain kernel level privileges via a specially crafted program.

3) A boundary error in the Graphics Rendering Engine when handling WMF (Windows Metafile) and EMF (Enhanced Metafile) images can be exploited to cause a buffer overflow via a specially crafted image.

This can be exploited by malicious people to compromise a user's system, but requires that a user is tricked into opening a malicious image or visit a malicious web site.

This vulnerability may be related to:
SA10968

4) An error in the Windows Kernel related to the way some values in CPU data structures are reset can be exploited by malicious, local users to cause a DoS via a specially crafted program.

Solution:
Apply patches.

Microsoft Windows NT Server 4.0 (requires SP6a):
http://www.microsoft.com/downloads/de...=533AE5CD-74CE-470A-8916-8E358084497C

Microsoft Windows NT Server 4.0 Terminal Server Edition (requires SP6):
http://www.microsoft.com/downloads/de...=3B871A96-5F64-4432-920F-FA5760DF683A

Microsoft Windows 2000 (requires SP3 or SP4):
http://www.microsoft.com/downloads/de...=4A614222-BA0B-4927-856D-D443BBBE1A42

Microsoft Windows XP (prior to SP2):
http://www.microsoft.com/downloads/de...=715E985B-7929-4BD5-9564-5CFE7D528398

Microsoft Windows XP 64-Bit Edition (requires SP1):
http://www.microsoft.com/downloads/de...=99184841-70A8-47C7-9993-44A60E999A40

Microsoft Windows XP 64-Bit Edition Version 2003
http://www.microsoft.com/downloads/de...=B4E6BBCF-F5B9-4B2D-8BC4-30911CA4FD9C

Microsoft Windows Server 2003
http://www.microsoft.com/downloads/de...=206E9842-997D-45E4-9252-61F3CE5EA66C

Microsoft Windows Server 2003 64-Bit Edition
http://www.microsoft.com/downloads/de...=B4E6BBCF-F5B9-4B2D-8BC4-30911CA4FD9C

Provided and/or discovered by:
1) Brett Moore, Security-Assessment.com.
2) Derek Soeder, eEye Digital Security.
3) Patrick Porlan and Mark Russinovich
4) hlt

Changelog:
2004-10-13: Added more information.
2004-10-14: Added more information.

Original Advisory:
MS04-032 (KB840987):
http://www.microsoft.com/technet/security/bulletin/ms04-032.mspx

eEye Digital Security:
http://www.eeye.com/html/research/advisories/AD20041012.html

Security-Assessment.com:
http://www.security-assessment.com/Papers/SetWindowLong_Shatter_Attacks.pdf

Other References:
SA10968:
http://secunia.com/advisories/10968/

US-CERT VU#218526:
http://www.kb.cert.org/vuls/id/218526

US-CERT VU#119262:
http://www.kb.cert.org/vuls/id/119262

US-CERT VU#910998:
http://www.kb.cert.org/vuls/id/910998

US-CERT VU#806278:
http://www.kb.cert.org/vuls/id/806278


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Microsoft Word Malformed Object Pointer Vulnerability // 20 views
2. Subdreamer Light Global Variables SQL Injection Vulnerability // 20 views
3. phpBB Cross Site Scripting and Unspecified Vulnerabilities // 19 views
4. PluggedOut Blog "index.php" SQL Injection Vulnerabilities // 19 views
5. Avaya Message Storage Server Input Validation Vulnerabilities // 17 views
6. phpBB BBcode Script Insertion Vulnerability // 16 views
7. CS-Cart "cs_cookies" SQL Injection Vulnerability // 14 views
8. Microsoft Office Two Code Execution Vulnerabilities // 13 views
9. Drupal Multiple Vulnerabilities // 13 views
10. Drupal Multiple Vulnerabilities // 12 views