CERT-In Advisory
CIAD-2003-0016
Multiple Vulnerabilities in Microsoft Windows Systems and Exchange Server
Original Issue Date: October 17, 2003
Severity Rating: High
Systems Affected
- Multiple versions of Microsoft Windows ME, NT 4.0, NT 4.0 TSE, 2000, XP, Server 2003
- Microsoft Exchange Server 5.5 and Microsoft Exchange Server 2000
Overview
Multiple vulnerabilities exist in Microsoft Windows systems and Microsoft Exchange Server, the most serious of which could allow remote attackers to execute arbitrary code on the victim's system.
Impact
The impact of these vulnerabilities ranges from denial of service to the ability to execute arbitrary code.
Description
There are a number of vulnerabilities in Microsoft Windows and Microsoft Exchange that could allow an attacker to gain administrative control of a vulnerable system. The most serious of these vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary code with no action required on the part of the victim. The vulnerabilities are described below:
Vulnerability in Authenticode Verification Could Allow Remote Code Execution
(
CAN-2003-0660
)
By convincing a victim to view an HTML document having Active X web page, HTML email , . the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user's system, with the same permissions as the user, without prompting the user for approval.
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution
This vulnerability allows an attacker to load and execute malicious code onto a user's system. The attacker accomplishes it through convincing a victim to view an HTML document web page, HTML email . Any limitations on the user's account would limit the actions of any arbitrary code that the attacker could execute.
Buffer Overrun in Messenger Service Could Allow Code Execution
(
CAN-2003-0717
)
Vulnerability exists in Messenger Service which can allow arbitrary code execution on a vulnerable system.
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise
(
CAN-2003-0711
)
There is a buffer overflow in the Microsoft Windows Help and Support Center that could permit an attacker to execute arbitrary code with SYSTEM privileges.
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution
(
CAN-2003-0659
)
There is a buffer overflow in a function called by the Microsoft Windows ListBox and ComboBox controls that could allow a local attacker to execute arbitrary code with privileges of the process hosting the controls. The vulnerability exists in because the ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun.
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution
(
CAN-2003-0714
)
Microsoft Exchange fails to handle certain SMTP extended verbs correctly. In Exchange Server 5.5, this can lead to a denial-of-service condition. In Exchange Server 2000, this could permit an attacker to run arbitrary code.
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack
(
CAN-2003-0712
)
A cross-site scripting XSS vulnerability results due to the way that Outlook Web Access OWA performs HTML encoding in the Compose New Message form. An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf.
Solution
Apply patches Microsoft has provided patches for these vulnerabilities Details can be found in the relevant
Microsoft Security Bulletins
Disable the Messenger Service For vulnerability in Messenger service Microsoft recommends first disabling the Messenger service and then evaluating the need to apply the patch. If the Messenger service is not required, leave it in the disabled state. Apply the patch to make sure that systems are protected, especially if the Messenger service is re-enabled. Instructions for disabling the Messenger service are given in
Microsoft Security Bulletin MS03-043
Vendor Information
Microsoft
http://www.microsoft.com/security
References
Microsoft Security Bulletin MS03-041
http://www.microsoft.com/technet/security/bulletin/MS03-041.asp
Microsoft Security Bulletin MS03-042
http://www.microsoft.com/technet/security/bulletin/MS03-042.asp
Microsoft Security Bulletin MS03-043
http://www.microsoft.com/technet/security/bulletin/MS03-043.asp
Microsoft Security Bulletin MS03-044
http://www.microsoft.com/technet/security/bulletin/MS03-044.asp
Microsoft Security Bulletin MS03-045
http://www.microsoft.com/technet/security/bulletin/MS03-045.asp
Microsoft Security Bulletin MS03-046
http://www.microsoft.com/technet/security/bulletin/MS03-046.asp
Microsoft Security Bulletin MS03-047
http://www.microsoft.com/technet/security/bulletin/MS03-047.asp
CERT/CC Advisory CA-2003-27
http://www.cert.org/advisories/CA-2003-27.html
CERT/CC Vulnerability Note VU#575892
http://www.kb.cert.org/vuls/id/575892
CERT/CC Vulnerability Note VU#422156
http://www.kb.cert.org/vuls/id/422156
CERT/CC Vulnerability Note VU#467036
http://www.kb.cert.org/vuls/id/467036
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|