Microsoft Security Bulletin MS02-054-October 2
The routine that decompresses the zipped file does not check the target folder to verify that it is the same as, or a child of, the directory specified by the user. Apply it only to computers that you determine are at risk of attack. A complete listing of the DBCCs available as part of SQL Server 2000 is included in the SQL Server 2000 online help facility. For this vulnerability to be exploited, a user would have to receive a zipped file from an attacker, store it locally, and attempt to decompress the zipped file. check over here
If you've installed either of these two service packs, you're already protected against the vulnerability and don't need the patch. KeyView viewing SDK o Aladdin Systems Stuffit Expander (pre 7.0) Apparently NOT VULNERABLE: o WinRAR is believed to be NOT vulnerable o WinZip 8.x is believed to be NOT vulnerable o Microsoft was notified of this issue, and a fix is available. There is no charge for support calls associated with security patches.
In the less serious case, the attacker could cause the mail client to fail. Pack to assess whether they are affected by this vulnerability. Verifying patch installation: Windows 98 with Plus!
What causes the vulnerability? Best practices suggest users not accept e-mail attachments or downloads from people who are not trusted, and this underscores why users should not download files from untrusted Internet sites. The vulnerability results because of an unchecked buffer that lies in the code that generates the warning message associated with the processing of S/MIME signed mail. What causes the vulnerability?
This patch can be installed on systems running Windows Millennium Edition. In addition, it eliminates four newly discovered vulnerabilities. Severity Rating: Unchecked buffer in SQL Server 2000 authentication function: Internet ServersIntranet ServersClient Systems SQL Server 7.0 (Including MSDE 1.0) NoneNoneNone SQL Server 2000(Including MSDE 2000) CriticalCriticalNone Unchecked buffer in Database https://technet.microsoft.com/en-us/library/security/ms02-058.aspx Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Patch availability Download locations for this patch Microsoft SQL Server 7.0:http://support.microsoft.com/default.aspx?scid=kb;en-us;327068&sd=tech Microsoft SQL Server 2000:http://support.microsoft.com/default.aspx?scid=kb;en-us;316333&sd=tech Additional information about this patch Installation platforms: The SQL Server 7.0 patch can be installed on The SQL Server 2000 patch can be installed on systems running SQL Server 2000 Service Pack 2. This is the feature that contains the vulnerability. Vendor status and information This is a partial list of affected products and vendors.
- For additional information, click the following article number to view the article in the Microsoft Knowledge Base: 322389 How to obtain the latest Windows XP service pack Windows XP hotfix information
- What does the patch do?
- Has The Elder Geek site been useful?
- has been contacted regarding this issue.
- If this happened, the user could just restart it, delete the offending mail, and continue working.
- Previous versions are no longer supported, and may or may not be affected by these vulnerabilities.
- DBCC's are utility programs provided as part of SQL Server 2000.
- Alternatively, from Outlook Express select Help, then select About Outlook Express and confirm that the msoe.dll matches the version called out in Q328676.
This documentation is archived and is not being maintained. http://www.dslreports.com/forum/r4598469.xml Maximum Severity Rating: Critical Recommendation: System administrators should apply the patch to affected systems. The system returned: (22) Invalid argument The remote host or network may be down. Disclaimer and Copyright Rapid 7, Inc.
Such code could take any desired action, limited only by the permissions of the recipient on the machine. http://martop.net/microsoft-security/microsoft-security-bulletin-august-2006.html A target folder is the destination where a file should be placed when being decompressed from a zipped file. Neither SQL Server 7.0 nor MSDE 1.0 are affected. Correct.
Obtaining other security patches: Patches for other security issues are available from the following locations: Security patches are available from the Microsoft Download Center, and can be most easily found by Many vendors have been tested and notified. See the associated Microsoft Security Bulletin to help determine the degree of risk. http://martop.net/microsoft-security/microsoft-security-bulletin-ofr-ie-5-5-and-6.html All pre-Gold versions of Lotus Notes R6 are vulnerable.
The vulnerability results because the target folder for compressed files being unzipped are not checked. The attacker would have to convince the user to receive the file from the attacker, store the file on the user's computer, and then uncompress the zipped file. Unchecked buffer in Database Console Commands: Exploiting this vulnerability would allow the attacker to escalate privileges to the level of the SQL Server service account.
What causes the vulnerability?
Join our site today to ask your question. File information The English version of this fix has the file attributes (or later) that are listed in the following table. There is a direct connection between versions of MSDE and versions of SQL Server. Does the patch include any other fixes? The patch also fixes an issue that, while not a security vulnerability per se, could nevertheless aid an attacker in taking advantage of a poorly
The decompressing function does not properly handle very long filenames inside of a zipped file. By overwriting system files with random data, the attacker could potentially cause the system to fail. The point is, ensure you have a current, tested backup of all system and data files and understand how to restore the system in case something goes very wrong. have a peek at these guys Obtaining other security patches: Patches for other security issues are available from the following locations: Security patches are available from the Microsoft Download Center, and can be most easily found by
MSDE 1.0 is based on SQL Server 7.0; MSDE 2000 is based on SQL Server 2000. Pack for Windows 98? This creates a situation in which an unprivileged user could submit a job that would create a file containing valid operating system commands in another user's Startup folder, or simply overwrite To facilitate testing efforts by vendors and customers, we have made several example ZIP files available on our website.
Download Information The patch for the "Unchecked Buffer in Zipped File Handling" vulnerability is included with Windows XP Service Pack 1 (SP1). Lotus plans to fix this issue in the next maintenance release of R5. The attacker would have to convince the user to receive the file from the attacker, store the file on the user's computer, and then uncompress the zipped file. The Compressed Folders feature enables users to store data files and folders in a compressed (or zipped) format, thereby requiring less space to store them.
Vulnerability identifiers: Unchecked Buffer in Zipped File Handling: CAN-2002-0370 Incorrect Target Path for Zipped File Decompression: CAN-2002-1139 Tested Versions: Microsoft tested Microsoft Windows XP, Windows ME, and Windows 98 with Plus! Pack: To verify that the patch has been installed, perform the following steps: Execute the QFECHECK program using Start - Run Expand the W98 tree (click on the + next to If the user opened the email, or viewed it using the preview pane, they could be at risk to this attack. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.
What could this vulnerability enable an attacker to do? Previous versions are no longer supported, and may or may not be affected by these vulnerabilities. Unchecked buffer in Database Console Commands (CAN-2002-1137): What's the scope of this vulnerability? An attacker could mount a buffer overrun attack that could result in two possible scenarios.
Technical support is available from Microsoft Product Support Services. Microsoft Security Bulletin MS03-040 Cumulative Patch for Internet Explorer (828750) Originally posted: October 3, 2003 Revised October 6, 2003 Microsoft Knowledge Base Article KB828750 This Update Remains After Installing Windows