[ISN] Microsoft Warns of Flaws in ActiveX Control

From: InfoSec News (isnat_private)
Date: Fri Aug 23 2002 - 00:33:07 PDT

Next message: InfoSec News: "[ISN] [infowarrior] - An Open Letter to CEOs Regarding Information Security"

Previous message: InfoSec News: "[ISN] ToorCon Computer Security Conference 2002 Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.eweek.com/article2/0,3959,480448,00.asp

August 22, 2002
By Dennis Fisher

There are three security vulnerabilities in an ActiveX control
included in several of Microsoft Corp.'s most popular applications
that give an attacker the ability to execute code and read files on a
remote machine.

The flaw itself is in the Office Web Components (OWC) 2000 and 2002
software, which is included with Office 2000 and XP, BackOffice Server
2000, Internet Security and Acceleration Server 2000 and several other
Microsoft applications. With OWC, users get limited Office
functionality in a Web browser without having to install the entire
Office application.

Each of the three vulnerabilities can be exploited either with a Web
page or an HTML mail message. They are all the result of
implementation errors in functions that the Active X controls expose.

The flaw in the Host () function - which provides access to
application object models on a user's system - could enable an
attacker to open an Office application on a user's system and use
commands that would execute operating-system commands as the user,
Microsoft said in an advisory released Wednesday night.

The LoadText () function is used to load text into a browser window.
The flaw allows an attacker to circumvent a safeguard that ensures Web
pages can only load text that they host. An attacker can specify a
text source within the Web page's domain and then use a server-side
redirect of the text to a file on a user's system.

The attacker could them read any file on the compromised machine.

There is also a problem in the Copy()/Paste() functions, which ignore
a security setting in Internet Explorer. The result is that an
attacker can access the copy buffer and read any text it contains.

The patch for these vulnerabilities is available here. [1]

Other affected applications include BackOffice Server 2000, BizTalk
Server 2000 and 2002, Commerce Server 2000 and 2002, Money 2002 and
2003, Project 2000 and Project Server 2002 and Small Business Server
2000.

[1] http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-044.asp

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] [infowarrior] - An Open Letter to CEOs Regarding Information Security"
Previous message: InfoSec News: "[ISN] ToorCon Computer Security Conference 2002 Announcement"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 23 2002 - 03:01:52 PDT