【TWCERT/CC安全通報】TW-CA-2005-019-[TA05-039A: Multiple Vulner
※ 本文轉錄自 [Lan] 信箱
作者: twcert@cert.org.tw (TWCERT/CC Fellows)
標題: 【TWCERT/CC安全通報】TW-CA-2005-019-[TA05-039A
時間: Fri Feb 18 11:15:18 2005
-----BEGIN PGP SIGNED MESSAGE-----
TW-CA-2005-019-[TA05-039A: Multiple Vulnerabilities in Microsoft Windows
Components Precedence: list]
────────────────────────────────────────
TWCERT/CC發布日期:2005-02-18
原漏洞發布日期:2005-02-08
原漏洞最新更新日期:--
通用安全漏洞編號:
分類:Miscellaneous
來源參考:TA05-039A
──── 簡述 ─────────────────────────────────
微軟在 2005 年二月時發佈了一則安全性公告摘要。摘要中說明了一些 Windows 應用程
式和元件所存在的漏洞。遠端攻擊者可利用這些漏洞在主機上執行任意程式碼。關於這
些漏洞及其影響之細節,可參考以下說明。
──── 說明 ─────────────────────────────────
下列表格是關於US-CERT 對這次微軟安全性公告的記載,可由這份文件取得關於弱點更
詳細的資訊。
_________________________________________________________________
格式:
微軟安全性公告
相關 US-CERT 弱點
_________________________________________________________________
MS05-004: ASP.NET 路徑驗證弱點 (887219)
VU#283646 微軟 ASP.NET 無法正確的顯示 canonicalization(canonicalization
是 ASP.NET 上的路徑對應函式)
_________________________________________________________________
MS05-005: 微軟 Office XP 可能會允許遠端程式碼執行 (873352)
VU#416001 微軟 Office XP 存在緩衝區溢位弱點
_________________________________________________________________
MS05-006: Windows SharePoint Services 和 SharePoint Team Services
中的弱點可能會允許跨網站指令碼和偽造攻擊 (887981)
VU#340409 微軟 Windows SharePoint Services 以及 SharePoint Team
Services 存在跨網站指令碼攻擊弱點
_________________________________________________________________
MS05-007: Windows 中的弱點可能會導致資訊洩露 (888302)
VU#939074 微軟電腦瀏覽服務有資訊洩漏的弱點
_________________________________________________________________
MS05-008: Windows Shell 的弱點可能會允許遠端程式碼執行 (890047)
VU#698835 微軟 Internet Explorer有拖曳的弱點
_________________________________________________________________
MS05-009: PNG 處理弱點可能會允許遠端執行程式碼 (890261)
VU#259890 Windows Media Player 無法處理超過合理寬度或長度的 PNG 影像
VU#817368 libpng png_handle_sBIT() 無法充分的確認邊界
VU#388984 libpng 無法確認 transparencychunk (tRNS) 資料的長度
_________________________________________________________________
MS05-010: License Logging 服務的弱點可能允許程式碼執行 (885834)
VU#130433 微軟 License Logging 服務存在緩衝區溢位弱點
_________________________________________________________________
MS05-011: 伺服器訊息區中的弱點可能會允許遠端執行程式碼 (885250)
VU#652537 微軟 Windows SMB 封包驗證缺點
_________________________________________________________________
MS05-012: OLE 及 COM 中的弱點可能會允許遠端執行程式碼 (873333)
VU#597889 微軟 COM 儲存結構的弱點
VU#927889 微軟 OLE 輸入驗證弱點
_________________________________________________________________
MS05-013: DHTML 編輯元件 ActiveX 控制項中的弱點可能會允許程式碼執行
(891781)
VU#356600 微軟 Internet Explorer DHTML 編輯 ActiveX 控制項存在跨網域
弱點
_________________________________________________________________
MS05-014: Internet Explorer 積存安全性更新 (867282)
VU#698835 微軟 Internet Explorer 存在拖曳漏洞
VU#580299 微軟 Internet Explorer 存在 URL 解碼區域偽裝漏洞
VU#843771 微軟 Internet Explorer 存在 DHTML 方法堆積記憶體誤用弱點
VU#823971 微軟 Internet Explorer 存在 Channel Definition Format (CDF)
跨網域弱點
_________________________________________________________________
MS05-015: 超連結物件程式庫中的弱點可能會允許遠端執行程式碼 (888113)
VU#820427 微軟超連結物件程式庫存在緩衝區溢位弱點
_________________________________________________________________
──── 影響平台 ───────────────────────────────
微軟 Windows 作業系統
──── 修正方式 ───────────────────────────────
更新檔
微軟已於安全性公告及 Windows Update 提供數個弱點的更新檔。
附錄A 參考
* Microsofts Security Bulletin Summary for February, 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx>
* US-CERT Vulnerability Note VU#283646 -
<http://www.kb.cert.org/vuls/id/283646>
* US-CERT Vulnerability Note VU#416001 -
<http://www.kb.cert.org/vuls/id/416001>
* US-CERT Vulnerability Note VU#340409 -
<http://www.kb.cert.org/vuls/id/340409>
* US-CERT Vulnerability Note VU#939074 -
<http://www.kb.cert.org/vuls/id/939074>
* US-CERT Vulnerability Note VU#698835 -
<http://www.kb.cert.org/vuls/id/698835>
* US-CERT Vulnerability Note VU#259890 -
<http://www.kb.cert.org/vuls/id/259890>
* US-CERT Vulnerability Note VU#817368 -
<http://www.kb.cert.org/vuls/id/817368>
* US-CERT Vulnerability Note VU#388984 -
<http://www.kb.cert.org/vuls/id/388984>
* US-CERT Vulnerability Note VU#130433 -
<http://www.kb.cert.org/vuls/id/130433>
* US-CERT Vulnerability Note VU#652537 -
<http://www.kb.cert.org/vuls/id/652537>
* US-CERT Vulnerability Note VU#597889 -
<http://www.kb.cert.org/vuls/id/597889>
* US-CERT Vulnerability Note VU#927889 -
<http://www.kb.cert.org/vuls/id/927889>
* US-CERT Vulnerability Note VU#356600 -
<http://www.kb.cert.org/vuls/id/356600>
* US-CERT Vulnerability Note VU#580299 -
<http://www.kb.cert.org/vuls/id/580299>
* US-CERT Vulnerability Note VU#843771 -
<http://www.kb.cert.org/vuls/id/843771>
* US-CERT Vulnerability Note VU#823971 -
<http://www.kb.cert.org/vuls/id/823971>
* US-CERT Vulnerability Note VU#820427 -
<http://www.kb.cert.org/vuls/id/820427>
* CERT Advisory CA-2000-002 -
<http://www.cert.org/advisories/CA-2000-02.html#impact>
──── 影響結果 ───────────────────────────────
遠端未經驗證的攻擊者可利用 VU#283646 以非法手段取得 ASP.NET 伺服器中的安全內容。
利用 VU#416001,VU#698835,VU#259890,VU#817368,VU#388984, VU#130433,VU#65253
7,VU#597889,VU#927889,VU#356600,VU#580299,VU#843771,VU#820427,可在有弱點
的視窗系統執行任意程式碼。
利用 VU#340409,VU#356600,VU#823971 會有跨站台攻擊的影響。(詳見 CA-2000-02)
遠端攻擊者可使用 VU#939074 回復已開啟連結的使用者名稱,來分享 Windows資源。
──── 聯絡TWCERT/CC ─────────────────────────────
Tel: 886-7-5250211 FAX: 886-7-5250212
886-2-23563303 886-2-23924082
Email: twcert@cert.org.tw
URL: http://www.cert.org.tw/
PGP key: http://www.cert.org.tw/eng/pgp.htm
────────────────────────────────────────
附件:[ Multiple Vulnerabilities in Microsoft Windows Components Precedence:
list]
──── 原文 ─────────────────────────────────
Hash: SHA1
Technical Cyber Security Alert TA05-039A
Multiple Vulnerabilities in Microsoft Windows Components
Original release date: February 8, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows Systems
Overview
Microsoft has released a Security Bulletin Summary for February, 2005.
This summary includes several bulletins that address vulnerabilities
in various Windows applications and components. Exploitation of some
vulnerabilities can result in the remote execution of arbitrary code
by a remote attacker. Details of the vulnerabilities and their impacts
are provided below.
I. Description
The table below provides a reference between Microsofts Security
Bulletins and the related US-CERT Vulnerability Notes. More
information related to the vulnerabilities is available in these
documents.
_________________________________________________________________
Format:
Microsoft Security Bulletin
Related US-CERT Vulnerability Note(s)
_________________________________________________________________
MS05-004: ASP.NET Path Validation Vulnerability (887219)
VU#283646 Microsoft ASP.NET fails to perform proper
canonicalization
_________________________________________________________________
MS05-005: Microsoft Office XP could allow Remote Code Execution
(873352)
VU#416001 Microsoft Office XP contains buffer overflow
vulnerability
_________________________________________________________________
MS05-006: Vulnerability in Windows SharePoint Services and
SharePoint Team Services Could Allow Cross-Site Scripting and
Spoofing Attacks (887981)
VU#340409 Microsoft Windows SharePoint Services and SharePoint Team
Services contain cross-site scripting vulnerabilities
_________________________________________________________________
MS05-007: Vulnerability in Windows Could Allow Information
Disclosure (888302)
VU#939074 Microsoft Computer Browser service contains an
information disclosure vulnerability
_________________________________________________________________
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code
Execution (890047)
VU#698835 Microsoft Internet Explorer contains drag and drop flaw
_________________________________________________________________
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code
Execution (890261)
VU#259890 Windows Media Player does not properly handle PNG images
with excessive width or height values
VU#817368 libpng png_handle_sBIT() performs insufficient bounds
checking
VU#388984 libpng fails to properly check length of transparency
chunk (tRNS) data
_________________________________________________________________
MS05-010: Vulnerability in the License Logging Service Could Allow
Code Execution (885834)
VU#130433 Microsoft License Logging Service buffer overflow
_________________________________________________________________
MS05-011: Vulnerability in Server Message Block Could Allow Remote
Code Execution (885250)
VU#652537 Microsoft Windows SMB packet validation vulnerability
_________________________________________________________________
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code
Execution (873333)
VU#597889 Microsoft COM Structured Storage Vulnerability
VU#927889 Microsoft OLE input validation vulnerability
_________________________________________________________________
MS05-013: Vulnerability in the DHTML Editing Component ActiveX
Control Could Allow Remote Code Execution (891781)
VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control
contains a cross-domain vulnerability
_________________________________________________________________
MS05-014: Cumulative Security Update for Internet Explorer (867282)
VU#698835 Microsoft Internet Explorer contains drag and drop flaw
VU#580299 Microsoft Internet Explorer contains URL decoding zone
spoofing vulnerability
VU#843771 Microsoft Internet Explorer contains a DHTML method heap
memory corruption vulnerability
VU#823971 Microsoft Internet Explorer contains a Channel Definition
Format (CDF) cross-domain vulnerability
_________________________________________________________________
MS05-015: Vulnerability in Hyperlink Object Library Could Allow
Remote Code Execution (888113)
VU#820427 Microsoft Hyperlink Object Library buffer overflow
_________________________________________________________________
II. Impact
A remote, unauthenticated attacker may exploit VU#283646 to gain
unauthorized access to secured content on an ASP.NET server.
Exploitation of VU#416001, VU#698835, VU#259890, VU#817368,
VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600,
VU#580299, VU#843771, and VU#820427 would permit a remote attacker
to execute arbitrary code on a vulnerable Windows system.
Exploitation of VU#340409, VU#356600, and VU#823971 will have
impacts similar to cross-site scripting vulnerabilities. For more
information about cross-site scripting, please see CERT Advisory
CA-2000-02.
A remote attacker could use VU#939074 to retrieve the names of
users who have open connections to a shared Windows resource.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.
Appendix A. References
* Microsofts Security Bulletin Summary for February, 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx>
* US-CERT Vulnerability Note VU#283646 -
<http://www.kb.cert.org/vuls/id/283646>
* US-CERT Vulnerability Note VU#416001 -
<http://www.kb.cert.org/vuls/id/416001>
* US-CERT Vulnerability Note VU#340409 -
<http://www.kb.cert.org/vuls/id/340409>
* US-CERT Vulnerability Note VU#939074 -
<http://www.kb.cert.org/vuls/id/939074>
* US-CERT Vulnerability Note VU#698835 -
<http://www.kb.cert.org/vuls/id/698835>
* US-CERT Vulnerability Note VU#259890 -
<http://www.kb.cert.org/vuls/id/259890>
* US-CERT Vulnerability Note VU#817368 -
<http://www.kb.cert.org/vuls/id/817368>
* US-CERT Vulnerability Note VU#388984 -
<http://www.kb.cert.org/vuls/id/388984>
* US-CERT Vulnerability Note VU#130433 -
<http://www.kb.cert.org/vuls/id/130433>
* US-CERT Vulnerability Note VU#652537 -
<http://www.kb.cert.org/vuls/id/652537>
* US-CERT Vulnerability Note VU#597889 -
<http://www.kb.cert.org/vuls/id/597889>
* US-CERT Vulnerability Note VU#927889 -
<http://www.kb.cert.org/vuls/id/927889>
* US-CERT Vulnerability Note VU#356600 -
<http://www.kb.cert.org/vuls/id/356600>
* US-CERT Vulnerability Note VU#580299 -
<http://www.kb.cert.org/vuls/id/580299>
* US-CERT Vulnerability Note VU#843771 -
<http://www.kb.cert.org/vuls/id/843771>
* US-CERT Vulnerability Note VU#823971 -
<http://www.kb.cert.org/vuls/id/823971>
* US-CERT Vulnerability Note VU#820427 -
<http://www.kb.cert.org/vuls/id/820427>
* CERT Advisory CA-2000-002 -
<http://www.cert.org/advisories/CA-2000-02.html#impact>
_________________________________________________________________
Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
Chad Dougherty, Ken MacInnis, and Jeff Havrilla
_________________________________________________________________
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA05-039A.html>
_________________________________________________________________
Copyright 2004 Carnegie Mellon University.
Terms of use: <http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
February 8, 2005: Initial release
Last updated February 08, 2005
────────────────────────────────────────
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQEVAwUBQhVcIacyQYefg2/NAQHMxAf+LsmaEAGbqecpl6tx4Qj3jmiBK7H7JqBz
d4lgQ2mB7FPofTlETc329mmcZSfjuNmyAcEQSqT3d5fSZke0/PTTKTttm7gbHFUi
ymgRH7KoBlCL40119FuRW51KW0YCJViK2uMW2firDS2LOEqHXY3h5SEBWPLlN7W6
OaTvD85UHRXJhdkayGzV624n2rgzdvvTLGm293ija+v91u/nsQKuRgumkMY/MDwf
7u0fbJCaQSFj6lnW3v/nikoIyUjRSRvXYCnV7XT6WaxDmlytYcMqiTRpIhu5ZcUx
ZXR/bs9p8XwUtnnHzDRKkX6emY4spQ/E2+0VB4MMxa8vOjXBoknKeg==
=AZ+8
-----END PGP SIGNATURE-----
--
Taiwan Computer Emergency Response Team Security Advisory mailing list.
Mail to : Majordomo@cert.org.tw and include a line "subscribe advisory".
Please visit http://www.cert.org.tw/.
PGP key : http://www.cert.org.tw/eng/pgp.htm
NetSecurity 近期熱門文章
PTT數位生活區 即時熱門文章
