MS02-071: WM_TIMER Message Handler Privilege Elevation (328310)

The remote version of Windows contains a flaw in the handling of WMTIMER messages for interactive processes that could allow a local user to execute arbitrary code on the remote host with the SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11191;...

Notes on MS02-068, extensive downplaying of severity

Following the release of the cumulative MS02-066 patch from the previous week, Microsoft has released yet another cumulative patch for Internet Explorer - MS02-068, which can be found at http://www.microsoft.com/technet/security/bulletin/MS02-068.asp The sole vulnerability that MS02-068 patches i...

MS02-048: Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (323172)

The remote host contains a version of the Certificate Enrollment control that may allow an attacker to delete certificates. To exploit this vulnerability an attacker must create a rogue web server with SSL and lure the user to visit this site. C Tenable Network Security, Inc. include"compat.inc";...

Buffer Overflow in IE/Outlook HTML Help

NGSSoftware Insight Security Research Advisory Name: Windows Help System Buffer Overflow Systems: Windows XP,2000,NT,ME and 98 Severity: High Risk Category: Buffer Overflow Vulnerability Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...

Microsoft Internet Explorer executes scripts when scripting has been disabled after bypassing initial security checks

Overview A vulnerability exists in Microsoft Internet Explorer that could permit an attacker to execute arbitrary script, even if the user has specifically disabled active scripting. Description Internet Explorer permits users to customize settings that enable and disable the ability of scripts t...

Technical information about the vulnerabilities fixed by MS-02-52

These are some technical details about some of the Java vulnerabilities we reported to Microsoft in August. These issues are corrected by the patch MS-02-52 which Microsoft released September 18. The patch and Microsoft's bulletin are available at...

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...

Microsoft Internet Explorer 5.5 print template ActiveX control allows arbitrary command execution

Overview The Internet Explorer 5.5 Print Template feature contains a vulnerability that allows a web page author to execute arbitrary code as the user viewing the web page. Description Internet Explorer version 5.5 supports a feature called "print templates" which allows a web page author to...

MS Excel XLM Text Macro execution fails to trigger warning when default medium security set

Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...

Microsoft ASP.NET contains buffer overflow

Overview Microsoft ASP.NET contains buffer overflow in routine that handles the processing of cookies in StateServer mode. Description ASP.NET is a programming framework provided by Microsoft. For more details about this framework, please see the official web page.A remotely exploitable buffer...

MS02-029: Windows RAS Local Overflow (318138)

An overflow in the RAS phonebook service allows a local user to execute code on the system with the privileges of LocalSystem. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11029; scriptversion"1.41"; scriptcvsdate"Date: 2018/11/15 20:50:29";...

Microsoft Windows 2000 System Monitor ActiveX Control contains buffer overflow

Overview There is a buffer overflow in the System Monitor ActiveX control that ships with Windows 2000. Description The System Monitor ActiveX control sysmon.ocx included with Windows 2000 contains a buffer overflow. For more information, see...

RE: Update and comments on the MS02-023 patch, holes still remain

In my comments I wrote that the cssText vulnerability appeared to be patched. After further testing and research I will have to correct myself, as the issue is not patched at all. To sum it up: On February 18, GreyMagic discovered a vulnerability in the cssText property of imported stylesheets...

MS02-023 does not patch actual issue!

Hello, Microsoft released a cumulative patch yesterday, which, among other issues, allegedly patches the dialogArguments vulnerability http://jscript.dk/adv/TL002/. In their bulletin Microsoft makes several severe errors: 1. "A cross-site scripting vulnerability in a Local HTML Resource..." No,...

Update and comments on the MS02-023 patch, holes still remain

The latest cumulative patch from Microsoft, http://www.microsoft.com/technet/security/bulletin/MS02-023.asp , promises to eliminate "six newly discovered vulnerabilities", but fails to do so. First, we find what MS calls "A cross-site scripting vulnerability in a Local HTML Resource". This is...

iis.asp.overflow.txt

Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow Release Date: 00/00/2002 Severity: High Remote code execution IWAMMACHINE Privilege Level Systems Affected: Microsoft Windows NT 4.0 Internet Information Services 4.0 Microsoft Windows 2000 Internet Information Services 5.0 Description: A...

MS02-009: IE VBScript Handling patch (318089)

The remote host is running a version of Internet Explorer that may allow an attacker to read local files on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website. C Tenable Network Security, Inc. include"compat.inc"; if...

MS02-008: XML Core Services patch (318203)

The remote host is running a version of Internet Explorer that could allow an attacker to read local files on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website. C Tenable Network Security, Inc. include"compat.inc"; if...

[ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically

GFI Security Labs Advisory http://www.gfi.com/ ----Title: GFISEC04102001 Internet Explorer and Access allow macros to be executed automatically ----Published: 12.FEB.2002 ----Vendor Status: Microsoft has been informed and we have worked with them to release a patch. ----Systems Affected: Windows...

SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446)

Dear, Some of you may be interested in information about Microsoft Q280446 issue patch included into SP2. Just to throw the light on it we've decided to publish information because Microsoft declared the deadline for official Windows NT 4.0 support. Topic: Windows NT/2000 DoS via stream3 flood...