Results 1 to 3 of 3

Thread: Microsoft Security Bulletin MS02-014 - March 7

  1. #1
    AO French Antique News Whore
    Join Date
    Aug 2001

    Microsoft Security Bulletin MS02-014 - March 7

    - ----------------------------------------------------------------------
    Title: Unchecked Buffer in Windows Shell Could Lead to Code
    Date: 07 March 2002
    Software: Microsoft Windows 98, NT 4.0, 2000
    Impact: Run code of attacker's choice
    Max Risk: Moderate
    Bulletin: MS02-014

    Microsoft encourages customers to review the Security Bulletin at:
    - ----------------------------------------------------------------------

    The Windows Shell is responsible for providing the basic framework
    of the Windows user interface experience. It is most familiar to
    users as the Windows Desktop, but also provides a variety of other
    functions to help define the user's computing session, including
    organizing files and folders, and providing the means to start

    An unchecked buffer exists in one of the functions that helps to
    locate incompletely removed applications on the system.
    A security vulnerability results because it is possible for a
    malicious user to mount a buffer overrun attack and attempt to
    exploit this flaw. A successful attack would have the affect
    of either causing the Windows Shell to crash, or causing code
    to run in the user's context.

    Be default, this is not remotely exploitable. However, under
    very unusual conditions, it could be exploited via a web page
    - - specifically, if the user has installed an application with
    custom URL handlers and then uninstalled that application, and
    the uninstall failed to correctly remove the application
    completely. An attacker could then attempt to levy an attack
    by constructing an HTML web page that seeks to exploit the
    vulnerability, and then posting it on their web site or
    sending it by email.

    Mitigating Factors:
    - In a default installation, this vulnerability is not remotely
    exploitable and could only be exploited by introducing hostile
    code to the system.

    - The vulnerability can be remotely exploited only on machines
    that have installed and uninstalled software which implements
    customer URL handlers and the software's uninstall failed to
    completely remove the application from the system.

    - Outlook 98 and 2000 (after installing the Outlook Email
    Security Update), Outlook 2002, and Outlook Express 6 all open
    HTML mail in the Restricted Sites Zone. As a result, customers
    using these products would not be at risk from email-borne

    - The buffer overrun would allow code to run in the security
    context of the user rather than the system. The specific
    privileges the attacker could gain through this vulnerability
    would therefore depend on the privileges accorded to the user.

    Risk Rating:
    - Internet systems: Low
    - Intranet systems: Low
    - Client systems: Moderate

    Patch Availability:
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    for information on obtaining this patch.

    - - eEye Digital Security (http://www.eeye.com)

    - ---------------------------------------------------------------------
    -Simon \"SDK\"

  2. #2
    Senior Member
    Join Date
    Nov 2001
    rack 'em up danno
    another one for the good guys
    Speak softly and carry a big stick; you will go far. - Theodore Roosevelt

  3. #3
    Senior Member
    Join Date
    Nov 2001
    these guys always crack me up.

    Impact: Run code of attacker's choice
    Max Risk: Moderate

    worst case senerio: some body could do anything they want to/with your machine.

    They think thats not too bad ????

    maybe its me
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts