Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
The following components on the HP ProLiant Support Pack 8.30 for Windows install versions of Microsoft Visual C++ that require security updates.
HP Network Configuration Utility for Windows Server 2003 x64 Editions
HP Network Configuration Utility for Windows Server 2003
ISC just released updates for their supported BIND versions.
Unfortunately ALL the Windows packages (BIND9.6.1-P2.zip,
BIND9.5.2-P1.zip and BIND9.4.3-P4.zip) but contain an outdated
and unsupported "Microsoft Visual C++ 2005 Redistributable"
(vcredist_x86.exe) which installs VULNERABLE runtime DLLs.
See <http://support.microsoft.com/kb/973544> and
<http://www.microsoft.com/technet/security/bulletin/MS09-035.mspx>
addresses etc. may be overwritten. Modification of proper amount of stack data causes
an exception. There are several reasons for the exception being generated. It can happen
when the filename placed in "emots.txt" is longer than the size of stack,
or in a function under 0x0052F5D0 address, called by the emoticon parsing code:
.text:00443EEE call unknown_libname_52 ; Microsoft VisualC 2-8/net runtime
to be more precise, the instruction under 0x0052F62A causes an exception, because
of the fact that EDI register value is zero in that moment:
.text:0052F62A rep movsd
The just released latest version of OpenOffice.org 3.1.1 for Windows
distributes (once again) a completely outdated and vulnerable MSVC++
runtime.
The unpacked installation archive contains in subdirectory \REDIST\
the installer of the "Microsoft Visual C++ 2008 Redistributable",
VCRedist_x86.exe, time stamp 2009-01-19, version 9.0.21022.8.
This file was digitally signed by "Microsoft Corporation" on 2007-11-07,
i.e. it contains the initial release of the VC++ 2008 runtime.
This bug has been fixed in GNU libc CVS in August 2002. I've just
checked version 2.3.6, and it does return NULL on overflow. There is,
however, a different version of calloc that GDB sees, but this is not
the real one invoked by application code.
On Windows, this bug depends on the Microsoft Visual C++ run-time
library. As a result, it's not completely determined by the Windows
version alone.
By the way, the similar operator new[] issue that has been reported in
conjunction with that calloc issue:
and
<http://downloadcenter.intel.com/Detail_Desc.aspx?agr=Y&DwnldID=18518&ProdId=3025&lang=eng>
for example.
Unfortunately ALL these driver packages but contain an outdated and
unsupported "Microsoft Visual C++ 2008 Runtime", repackaged as
VC90_CRT_{x86,ia64,x64}.msi and violating Microsofts redistribution
rules, which installs VULNERABLE runtime DLLs.
See <http://support.microsoft.com/kb/973551>,
<http://support.microsoft.com/kb/973552> and
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
The HP ProLiant Support Pack 8.30 for Windows installs versions of Microsoft Visual C++ that require security updates.
To resolve the vulnerabilities:
After installing HP ProLiant Support Pack 8.30 for Windows install the updates recommended by Microsoft in KB973923 and KB973924.
PRODUCT SPECIFIC INFORMATION
//
// To build:
//
// 1. Start Visual Studio 2008 (2005 should also work)
// 2. File -> New -> Project
// 3. Choose Visual C++: Win32: Win32 Project
// 4. Enter "iebsfix1" for the name
// 5. In the Win32 Application Wizard, choose an
// "Application type" of "DLL", and under "Additional
// options", check "Empty project"
// 6. In the Solution Explorer, right-click on "Source Files",
