Results 1 to 3 of 3

Thread: Vulnerability on Windows Server 2003

  1. #1
    Senior Member
    Join Date
    Aug 2002

    Vulnerability on Windows Server 2003

    Hi guys/girls,

    I just found this site and they found vurnerability on WS Server 2003 .
    High (Remote Code Execution)

    Systems Affected:
    Microsoft Internet Explorer 5.01
    Microsoft Internet Explorer 5.5
    Microsoft Internet Explorer 6.0
    Microsoft Internet Explorer 6.0 for Windows Server 2003

    The "Object" tag is used to insert objects such as ActiveX components into HTML pages. The "Type" property of the "Object" tag is used to set or retrieve the MIME type of the object. Typical valid MIME types include "plain/text" or "application/hta", "audio/x-mpeg", etc. A buffer overflow has been discovered in the "Type" property of the "Object" tag. While there is buffer checking in place, the buffer checking can be overcome by using a special character. From there, the exploitation is a simple, stack-based overflow that allows the remote attacker to run code of his/her choice on the target system.

    This attack may be utilized wherever IE parses HTML, so this vulnerability, affects newsgroups, mailing lists, or websites.
    It's just been reported to Microsoft and you need to get a patch updated.

    The link http://www.eeye.com/html/Research/Ad...D20030604.html


    Not an image or image does not exist!
    Not an image or image does not exist!

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Washington D.C. area
    LOL, need I say more?

    I posted quite a few write ups on this POS and I knew it wouldn't be long before we saw our first patch. *sigh* Once again uncle Billy has dissapointed us but hey, upgrade quickly or else you will not get all the benefits of this "trustworthy computing" platform.

    <dismount soapbox>
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Due to the popularity and prevalence of ActiveX on the Internet, users running Windows 2003 "Enhanced Security Configuration" Mode may have chosen to re-activate the ability to view active content for all websites instead of continually adding websites to the "Internet" or "Trusted" zones on a per-site basis. These users should be aware that they are at risk for this vulnerability and should apply the necessary patch.

    somehow seeing "Enhanced Security Configuration" Mode dosn't make me want to trust the world or even MS security any more than i do now.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts