| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 37389 | 2003-09-06 00:41:00 | Security Alerts and Patches, September 6, 2003 | Babe Ruth (416) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 173283 | 2003-09-06 00:41:00 | Security Alerts and Patches, September 6, 2003 Here is a list of some more patches for your systems, these affect NetBIOS, Macro Execution in Word, MS WordPerfect Converter, Vulnerability in VBA, Vulnerability in Access Snapshot Viewer Happy patching, Cheers, Babe. Information Disclosure Vulnerability in NetBIOS Mike Price of Foundstone Labs discovered that a vulnerability in Microsoft NetBIOS can result in information disclosure. This vulnerability stems from a flaw in the NetBIOS Name Service (NBNS). An attacker can exploit this vulnerability by sending a NetBT Name Service query to a system, then examining the response to see if it includes random data from that system's memory. Microsoft has released Security Bulletin MS03-034, "Flaw in NetBIOS Could Lead to Information Disclosure (824105)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. www.secadministrator.com Automatic Macro Execution in Word Jim Bassett of Practitioners Publishing Company discovered that a vulnerability in Microsoft Word can result in the automatic execution of a macro. As a result of this vulnerability, an attacker can craft a malicious document that bypasses the macro security model. When a user opens the document, a malicious embedded macro will execute automatically, regardless of the level at which you've set macro security. The malicious macro can take actions that the user has permissions to carry out, such as adding, changing, or deleting data or files; communicating with a Web site; and formatting the hard disk. Microsoft has released Security Bulletin MS03-035, "Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. www.secadministrator.com Arbitrary Code Execution Vulnerability in WordPerfect Converter eEye Digital Security discovered that a vulnerability in Microsoft WordPerfect Converter can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way Microsoft's WordPerfect converter handles Corel WordPerfect documents. Because the converter doesn't correctly validate certain parameters when it opens a WordPerfect document, an unchecked buffer opens. An attacker can therefore craft a malicious WordPerfect document to allow code of his or her choice to execute in an application that used the WordPerfect converter to open the document. Microsoft has released Security Bulletin MS03-036, "Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. www.secadministrator.com Arbitrary Code Execution Vulnerability in VBA eEye Digital Security discovered that a vulnerability in Microsoft Visual Basic for Applications (VBA) can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the way VBA checks document properties passed to it when the host application opens a document. The resulting buffer overrun can permit an attacker to execute code of his or her choice under the logged-on user's security context. Microsoft has released Security Bulletin MS03-037, "Flaw in Visual Basic for Applications Could Allow Arbitrary Code Execution (822715)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. www.secadministrator.com Arbitrary Code Execution Vulnerability in Access Snapshot Viewer Oliver Lavery discovered that a Microsoft Access vulnerability can result in the execution of arbitrary code on the vulnerable system. Because the Snapshot Viewer doesn't correctly validate parameters, a buffer overrun can permit an attacker to execute code of his or her choice under the logged-on user's security context. Microsoft has released Security Bulletin MS03-038, "Unchecked Buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)," to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. www.secadministrator.com |
Babe Ruth (416) | ||
| 1 | |||||