Home > Microsoft Security > Microsoft Security Bulletin MS02-048

Microsoft Security Bulletin MS02-048

If exploited in this way, the attacker could gain the same privileges as discussed above: On IIS 4.0, the attacker could gain complete control over the server On IIS 5.0 and Then start the IIS Administration service (NET START IISADMIN) and the SMTP service (NET START SMTPSVC). The vulnerability results because the affected services don't perform this additional checking correctly. By overrunning it with carefully chosen data, the attacker could modify the DBCC to take actions of the attacker's choosing and execute code in the context of the account SQL server check over here

Hyperlinked Excel Workbook Macro Bypass (CAN-2002-0617): What's the scope of the second vulnerability? It stores the returned certificate in an area of memory called the certificate store Here's an example of how the Certificate Enrollment Control might be used. Yes. DBCC's are utility programs provided as part of SQL Server 2000. you could try here

Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Because hyperlinks can point to any file type, hyperlinks can also be used to point to Excel workbooks. We appreciate your feedback. Previous versions are no longer supported, and may or may not be affected by these vulnerabilities.

  1. The FTP service would need to be enabled and running, and the attacker would either need logon credentials, or the server would need to be configured to allow anonymous logon.
  2. Mitigating factors: The effect of exploiting the vulnerability would depend on the specific configuration of the SQL Server service.
  3. Microsoft Customer Support Microsoft Community Forums United States (English) Sign in Security TechCenter Home Security Updates Tools Learn Library Support We’re sorry.
  4. In addition, it eliminates four newly discovered vulnerabilities.
  5. An attacker who exploited this vulnerability could use it for either of two purposes.

The vulnerabilities would not provide a way for an attacker to deliver a program of his choice to the system - the program invoked must exist on the system for the Windows 2000: To verify that the patch has been installed on the machine, confirm that the following registry key has been created on the machine: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows 2000\SP4\Q323172 To verify the individual The web sites that are most commonly visited tend to be ones operated by people who respect their visitors. There is no capability to use the vulnerability to gain privileges on the system.

At that point, any actions that the extended stored procedure take against the database is in the context of the SQL Server Service Account, which might have high privileges on the A number of other Microsoft products - notably, most Microsoft Office products and Microsoft Index Server - rely on Internet Explorer to render PNG files, and exploiting the vulnerability against such For instance, it needs to indicate how data in the request has been formatted, what web browser the client is using, what action the server should perform, and so on. this page An IIS 5.0 or 5.1 server would automatically restart the service.

In all other cases, it would only be possible to use the vulnerability for denial of service attacks. Database administrators can, of course, execute DBCCs since they have complete control over the server. In addition, a successful attack requires that Access be installed on the user's system. Security Advisories and Bulletins Security Bulletins 2002 2002 MS02-048 MS02-048 MS02-048 MS02-072 MS02-071 MS02-070 MS02-069 MS02-068 MS02-067 MS02-066 MS02-065 MS02-064 MS02-063 MS02-062 MS02-061 MS02-060 MS02-059 MS02-058 MS02-057 MS02-056 MS02-055 MS02-054 MS02-053

In a nutshell, the attacker's code would gain the privileges of the software that called it - the ASP ISAPI extension, ASP.DLL. https://technet.microsoft.com/en-us/library/security/ms02-066.aspx While it would be possible to use the vulnerability to gain control over the server, it would in most cases require fortuitous circumstances for the attacker. What's wrong with IIS? If exploited in this way, the attacker could gain the same privileges as discussed above: On IIS 4.0, the attacker could gain complete control over the server On IIS 5.0, the

Site B would need to be a site that user would ordinarily choose to go to. http://martop.net/microsoft-security/microsoft-security-bulletin-august-2006.html Obtaining other security patches: Patches for other security issues are available from the following locations: Security patches are available from the Microsoft Download Center, and can be most easily found by This would be a deliberate act by a user since the user would have to download the PNG file - as opposed to viewing it in a web page - and Knowledge Base articles can be found on the Microsoft Online Support web site.

These services should perform additional checking before granting mail privileges to a user who has authenticated to the server; however, they do not do so correctly. You said above that one of the vulnerabilities could only be exploited if the user was using a browser other than IE. Built at 2014-04-18T13:49:36Z-07:00 Show: Inherited Protected Print Export (0) Print Export (0) Share IN THIS ARTICLE Is this page helpful? http://martop.net/microsoft-security/microsoft-security-bulletin-ofr-ie-5-5-and-6.html This documentation is archived and is not being maintained.

Caveats: During removal (uninstallation) of the Windows NT 4 Option Pack patch, the uninstaller may be unable to re-start the SMTP service. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation Cross-site Scripting in IIS Help File search facility, HTTP Error Page, and Redirect Response message: The vulnerabilities could only be exploited if the attacker could entice another user into visiting a

The URLScan tool, if using its default ruleset, would prevent this vulnerability from being exploited to run code on the server even if HTR support was enabled.

Where do digital certificates come from? An attacker could not automate an attack using this vulnerability: the user would have to be enticed into taking an action after opening the attacker's workbook. Mitigating factors: The web site-based attack vector could not be exploited if ActiveX controls were disabled in the Security Zone associated with the attacker's site. Patches for consumer platforms are available from the WindowsUpdate web site Other information: Acknowledgments Microsoft thanks  Cesar Cerrudo for reporting this issue to us and working with us to protect customers.

MSDN hosts a detailed description of how replication in SQL Server works. It could be exploited in a similar manner as the preceding vulnerability, and would have the same scope. Impact of vulnerability: Four vulnerabilities, the most serious of which could enable an attacker to gain control over an affected server. have a peek at these guys By overrunning the buffer with carefully selected data, the attack could overwrite program code on the server with new program code, in essence modifying the functionality of the server software.

The updated tool is available for download at http://www.microsoft.com/technet/security/tools/urlscan.mspx. However, because your local file system is in a different domain from the web site, the cross-domain security model should prevent the web site from reading the file that is being Severity Rating: Low Internet ServersIntranet ServersClient Systems Windows 2000 LowLowLow Windows NT Server 4.0 LowLowLow Exchange Server 5.5 LowLowNone The above assessment is based on the types of systems affected by V1.1 (November 25, 2002): Add information about Microsoft Knowledge Base Article 810687 V2.0 (December 13, 2002): Updated severity and provided newly available information about PNG Image File vulnerability.

As a result, it would not be possible for the attacker to overwrite the memory belonging to the operating system. The current version of the Tool, version 2.1, provides a number of different server roles. The attacker could also use this vulnerability to read information from any cookies that used predictable name in the Temporary Internet Files folder. The URLScan tool can be configured to prevent chunked encoding requests.

What could this vulnerability enable an attacker to do? This vulnerability could enable an attacker to read the names of the Temporary Internet Files folder. This would not prevent an attacker from causing the service to fail - overrunning the buffer with virtually any data would accomplish that goal. The attacker would then have to send the source workbook to the intended victim and entice the victim to open the workbook, and click on the hyperlinked shape. The sole ISAPI filter known to generate the error that results in the access violation ships only as part of FrontPage Server Extensions and ASP.NET.

What is FTP? What could this vulnerability enable an attacker to do? This causes an access violation that results in the failure of the IIS service. Microsoft Windows NT 4.0: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41747 .

Customers using the Exchange Server 5.5 IMC should apply the Exchange Server 5.5 IMC patch. The example of such a case is an email certificate. To disable ActiveX controls in the Internet Zone (which is the zone where all Internet sites reside by default), use the following procedure: In Internet Explorer, on the Tools menu, click What are drawing shapes? As noted above, Excel provides a number of different objects that can be inserted into workbooks.

Click here https://www.auscert.org.au/render.html?cid=1&it=2366 Microsoft has updated the bulletin with additional information about Windows NT Server 4.0 Option Pack and Exchange Server 5.0 and also to direct users to a security update for Windows NT

© Copyright 2017 martop.net. All rights reserved.