ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2004-01-20-1 ------------------------------------------------------------------------- ASPR 2004-01-20-1: Internet Explorer/Outlook double null character DoS...

Sandblad #12: Inject javascript url in history list (revisited)

Sandblad advisory 12 - /--------------------------------------------------------------/ Title: Inject javascript url in history list revisited Date: 2004-02-03 Software: Internet Explorer Vendor: http://www.microsoft.com/ Status: Patched by MS04-004 Type: Cross site/zone scripting Impact: Reading...

Microsoft Internet Explorer - URL Injection in History List (MS04-004)

// Andreas Sandblad, 2004-02-03, patched by MS04-004 // Name: payload // Purpose: Run payload code called from Local Machine zone. // The code may be arbitrary such as executing shell commands. // This demo simply creates a harmless textfile on the desktop. function payload file = "sandblad.txt";...

JSinject.txt

Sandblad advisory 12 - /--------------------------------------------------------------/ Title: Inject javascript url in history list revisited Date: 2004-02-03 Software: Internet Explorer Vendor: http://www.microsoft.com/ Status: Patched by MS04-004 Type: Cross site/zone scripting Impact: Reading...

IE 6 XML Patch Bypass

IE 6 XML Patch Bypass I have recently been playing around with the xml+windows media player exploit, and it seems that even with the new Microsoft patch applied, the vulnerability works. I have tried it on 7 different people, on win2k and xp, and it worked everytime. The 8th person was using DAP...

[Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032

Since the cat somehow got out of the bag, and more importantly, this is so blatantly obvious, herewith is the "Bad News": The patch for Drew's object data=funky.hta doesn't work: http://www.malware.com/badnews.html script var oPopup = window.createPopup; function showPopup...

[NT] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

[Full-Disclosure] URLMON.DLL buffer overflow - technical details

OVERVIEW ======== Following are some technical details of the URLMON.DLL buffer overflow. An overall description can be found in this Bugtraq message: http://www.securityfocus.com/archive/1/319764 Microsoft released a patch to fix this issue in April MS03-15. It can be found here:...

Buffer overflow in Internet Explorer's HTTP parsing code

OVERVIEW ======== The code used in Microsoft Internet Explorer to parse web servers' HTTP replies contains a buffer overflow vulnerability. Specifically the faulty code is located in URLMON.DLL. A malicious user may exploit this vulnerability to execute arbitrary code on an IE user's system...

Internet Explorer Plugin.ocx heap overflow (#NISR24042003)

NGSSoftware Insight Security Research Advisory Name: Internet Explorer ActiveX Control Heap Overflow Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1 Severity: Critical Risk Category: Heap Overflow Vendor URL: http://www.microsoft.com Author: Mark Litchfield [email protected] Date: 24...

Microsoft IIS 5.0 (Windows XP2000NT 4.0) - WebDAV ntdll.dll Remote Buffer Overflow (3)

Microsoft IIS 5.0 Windows XP2000NT 4.0 - WebDAV ntdll.dll Remote Buffer Overflow 3 E-DB Note: Updated Exploit https://www.exploit-db.com/exploits/22368/ source: https://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds...

Microsoft IIS 5.0 (Windows XP2000NT 4.0) - WebDAV ntdll.dll Remote Buffer Overflow (2)

Microsoft IIS 5.0 Windows XP2000NT 4.0 - WebDAV ntdll.dll Remote Buffer Overflow 2 // source: https://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function...

Microsoft IIS 5.0 (Windows XP/2000/NT 4.0) - WebDAV 'ntdll.dll' Remote Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function "RtlDosPathNameToNtPathNameU" and may be exploited through other programs that use the library if...

MS03-007: Unchecked Buffer in ntdll.dll (815021)

The remote version of Windows contains a buffer overflow in the Windows kernel, that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. For example this vulnerability can be exploited through the WebDAV component of IIS 5.0. A public exploit is available....

Microsoft IIS 5.0 (Windows XP2000NT 4.0) - WebDAV ntdll.dll Remote Buffer Overflow (4)

Microsoft IIS 5.0 Windows XP2000NT 4.0 - WebDAV ntdll.dll Remote Buffer Overflow 4 source: https://www.securityfocus.com/bid/7116/info The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function...

Microsoft Windows ntdll.dll Buffer Overflow Vulnerability

Description The Windows library ntdll.dll includes a function that does not perform sufficient bounds checking. The vulnerability is present in the function "RtlDosPathNameToNtPathNameU" and may be exploited through other programs that use the library if an attack vector permits it. One of these...

MS02-026: ASP.NET Worker Process StateServer Mode Remote Overflow (322289)

The remote ASP.NET installation might be vulnerable to a buffer overflow when an application enables StateServer mode. An attacker could use it to cause a denial of service or run arbitrary code with the same privileges as the process being exploited typically an unprivileged account. C Tenable...

MS02-060: Flaw in WinXP Help center could enable file deletion (328940)

There is a security vulnerability in the remote Windows XP Help and Support Center which can be exploited by an attacker to delete arbitrary files on this host. To do so, an attacker needs to create malicious web pages that must be visited by the owner of the remote system. C Tenable Network...

MS02-072: Unchecked Buffer in XP Shell Could Enable System Compromise (329390)

The remote version of Windows contains a flaw in the handling of audio files MP3, WMA in the Windows Shell component, that could allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid1119...

Microsoft Security Bulletin MS02-071

Microsoft Security Bulletin MS02-071 Print Flaw in Windows WMTIMER Message Handling Could Enable Privilege Elevation 328310 Originally posted: December 11, 2002 Summary Who should read this bulletin: Customers using Microsoft® Windows® NT 4.0, Windows 2000, and Windows XP. Impact of vulnerability...