Next Page >>
XPSP3
Windows Virtual PC and Microsoft Virtual PC 2007 are system
virtualization desktop applications from Microsoft used to run one or
many virtual hosts on a single physical system. Windows 7 relies on
Virtual PC technology to implement the backward compatibility XP Mode
for legacy Windows applications. Using XP Mode, Windows 7 users can run
Windows applications on a virtualized Windows XP SP3 operating system
directly from the Windows 7 desktop but in doing so they may be
inadvertently increasing their risk due to a bug that makes standard
Windows anti-exploitation mechanisms ineffective.
A vulnerability found in the memory management of the Virtual Machine
Affected Software:
Microsoft Wordpad on Windows XP SP3
Description of Vulnerability:
Microsoft Wordpad (on Windows XP SP3) contains a vulnerability that can allow an attacker to cause a denial of service.
The vulnerability is due to a memory exhaustion error when a user tries to view a malicious .RTF file.
An attacker can exploit the vulnerability by creating a malicious RTF file that will allocate large amounts of
memory and cause a denial of service condition.
Vulnerable version:
>
>> Is not that a simple design decission? (truly brain-dead, but a
>> conscious decission).
>
> David, it's very bad design decision. As for Microsoft (if we will be
> claiming that it's hole in Windows XP), as for Acer (because they use
> their own program for first OS initialization process, so it's
> definitely vulnerability in Acer).
>
> And also for Asus - recently I wrote to bugtraq about similar
> vulnerability in Asus notebook.
> Is not that a simple design decission? (truly brain-dead, but a conscious
> decission).
David, it's very bad design decision. As for Microsoft (if we will be
claiming that it's hole in Windows XP), as for Acer (because they use their
own program for first OS initialization process, so it's definitely
vulnerability in Acer).
And also for Asus - recently I wrote to bugtraq about similar vulnerability
in Asus notebook.
MustLive wrote:
> Hello Susan!
>
> If Microsoft did it, than it's good. But better for my opinion to do
> such as
> in Windows XP Professional - not to disable admin account by default,
> but to
> make password of default admin account similar to password of first admin
> (during installation process). Because if default admin account will be
> enabled later (with empty password) and will forget to set new password,
> than it'll be much worse.
4. *Vulnerable packages*
. Internet Explorer 5.01 SP4 on Windows 2000 sp4
. Internet Explorer 6sp1 on Windows 2000 sp4
. Internet Explorer 6sp2 on Windows XP sp2
. Internet Explorer 6sp2 on Windows XP sp3
. Internet Explorer 7 on Windows XP sp2
. Internet Explorer 7 on Windows XP sp3
. Internet Explorer 7 on Windows Vista sp1
. Internet Explorer 7 on Windows Vista sp2
Testing was successfully performed using Java(TM)
SE Runtime Environment (build 1.6.0_21-b07) and the
following browsers:
- Mozilla Firefox 3.5.8 (Windows XP)
- Opera 10.60 (Windows XP)
- Internet Explorer 6.0.2900.5512 (Windows XP)
- Google Chrome 5.0.375.9 (Windows XP)
- Internet Explorer 8.0.6001.18702 (Windows XP)
- Safari 5.0 (7533.16) (Windows XP)
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
protocol handler the command line parameter /fromhcp is passed to the help
centre application. This flag switches the help centre into a restricted mode,
> ----------------------------------------------------------------------------
>
> Help and Support Centre is the default application provided to access online
> documentation for Microsoft Windows. Microsoft supports accessing help documents
> directly via URLs by installing a protocol handler for the scheme "hcp",
> a typical example is provided in the Windows XP Command Line Reference,
> available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
>
> Using hcp:// URLs is intended to be safe, as when invoked via the registered
> protocol handler the command line parameter /fromhcp is passed to the help
> centre application. This flag switches the help centre into a restricted mode,
----------------------------------------------------------------------------
Help and Support Centre is the default application provided to access online
documentation for Microsoft Windows. Microsoft supports accessing help documents
directly via URLs by installing a protocol handler for the scheme "hcp",
a typical example is provided in the Windows XP Command Line Reference,
available at http://technet.microsoft.com/en-us/library/bb490918.aspx.
Using hcp:// URLs is intended to be safe, as when invoked via the registered
protocol handler the command line parameter /fromhcp is passed to the help
centre application. This flag switches the help centre into a restricted mode,
Microsoft Security Bulletin MS09-048 - Critical: Vulnerabilities in
Windows TCP/IP Could Allow Remote Code Execution (967723):
http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx
<P><B>If Windows XP is listed as an affected product, why is Microsoft
not issuing an update for it?</B><BR>By default, Windows XP Service Pack
2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition
Service Pack 2 do not have a listening service configured in the client
firewall and are therefore not affected by this vulnerability. Windows
XP Service Pack 2 and later operating systems include a stateful host
Hello Susan!
If Microsoft did it, than it's good. But better for my opinion to do such as
in Windows XP Professional - not to disable admin account by default, but to
make password of default admin account similar to password of first admin
(during installation process). Because if default admin account will be
enabled later (with empty password) and will forget to set new password,
than it'll be much worse.
I'm not using Vista, so I can't check this issue on any of my computers. And
This vulnerability was verified by the authors on the following platforms:
Windows NT4 SP1
Windows Server 2003 SP2
Windows XP SP3
Windows Vista x32
Windows 7 x32 RC
However, all versions of Windows implementing NTLMv1 are suspected to be
affected.
>
> Testing was successfully performed using Java(TM)
> SE Runtime Environment (build 1.6.0_21-b07) and the
> following browsers:
>
> - Mozilla Firefox 3.5.8 (Windows XP)
> - Opera 10.60 (Windows XP)
> - Internet Explorer 6.0.2900.5512 (Windows XP)
> - Google Chrome 5.0.375.9 (Windows XP)
> - Internet Explorer 8.0.6001.18702 (Windows XP)
> - Safari 5.0 (7533.16) (Windows XP)
1) Introduction
===========
"Novell Client™ 4.91 for Windows XP is workstation software that brings an easy-to-use, secure,
and manageable networking environment to Windows XP and Windows 2003 users.
It enables you to access NetWare® services from Windows XP workstations or 2003 Windows servers,
and tightly integrates either product into your NetWare network. For example,
with Novell Client for Windows XP, you can browse through authorized NetWare directories,
transfer files, print documents and use advanced NetWare services directly from a Windows XP workstation or Windows Server 2003."
IV. DETECTION
iDefense has confirmed the existence of this vulnerability in the
Embedded OpenType Font Engine for Windows Vista SP1 (T2EMBED.DLL
version 6.0.6001.18000) and Windows XP SP3 (T2EMBED.DLL version
5.1.2600.5512). Previous versions may also be affected.
Microsoft comfirms/reports the following products are vulnerable:
Microsoft Windows 2000 SP 4
Jeroen
-----Original Message-----
From: Andrew Barkley <barkley@usa.net>
To: Jeroen <nowhereman@moenen.org>
Subject: Re: Circumventing Critical Security in Windows XP
Date: Sat, 20 Feb 2010 04:20:46 -0000
Hi,
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: CVE-2007-3872
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50, v7.51 running XPL earlier than 03.10.040 on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux
BACKGROUND
CVSS 2.0 Base Metrics
===============================================
A potential vulnerability has been identified with HP OpenView Network Node Manager (OV NNM) running Shared Trace Service. The vulnerability could be remotely exploited to execute arbitrary code.
References: None
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
- -> HP OpenView Network Node Manager (OV NNM) v6.41, v7.01, v7.50, v7.51 running XPL earlier than 03.10.040 on HP-UX, Solaris, Windows NT, Windows 2000, Windows XP, and Linux
BACKGROUND
For a PGP signed version of this security bulletin please write to: security-alert@hp.com
The Hewlett-Packard Company thanks Cody Pierce of TippingPoint DV Labs (dvlabs.tippingpoint.com) for reporting this vulnerability to security-alert@hp.com.
###########################################################
#
# Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition
# Coded By: k4mr4n_st@yahoo.com
# Found By: k4mr4n (Securitylab.ir Member)
# Tested On: Windows XPSP3 English
# Note: This script sets up a fake SMTP server
# Note: Set the client to this address and check your mail
#
##########################################################
>
> The quote that stands out most for me:
> <snip>
> During the Q&A, however, Windows users repeatedly asked Microsoft's
> security team to explain why it wasn't patching XP, or if, in certain
> scenarios, their machines might be at risk. "We still use Windows XP
> and we do not use Windows Firewall," read one of the user questions.
> "We use a third-party vendor firewall product. Even assuming that we
> use the Windows Firewall, if there are services listening, such as
> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>
Application: Microsoft Outlook Express
Microsoft Windows Mail
Platforms: Windows 2000
Windows XP
Windows Vista
Windows server 2003
Windows Server 2008 SR2
Exploitation: Remote Exploitable
>>>> security team to explain why it wasn't patching XP, or if, in
>>>>
>> certain
>>
>>>> scenarios, their machines might be at risk. "We still use Windows
XP
>>>> and we do not use Windows Firewall," read one of the user
questions.
>>>> "We use a third-party vendor firewall product. Even assuming that
we
>>>> use the Windows Firewall, if there are services listening, such as
4. *Vulnerable packages*
. Microsoft Windows 2000 (SP4 and previous)
. Microsoft Windows XP (SP3, SP2 and previous)
. Microsoft Windows 2003 (SP2 and previous)
. Microsoft Windows 2008 (SP2 and previous)
. Microsoft Windows 2008 R2
. Microsoft Exchange Server 2003 (SP3, SP2 and previous)
. Microsoft Exchange Server 2007 (SP2, SP1 and previous)
by nine:situations:group::pyrokinesis
site: http://retrogod.altervista.org/
software site: http://pack.google.com/intl/it/pack_installer.html
tested against: Internet Explorer 8, windows xp sp3
Internet Explorer 7, windows xp sp3
Google Chrome 2.0.172.43
vulnerability:
through the vulnerable googleapps.url.mailto:// deprecated uri handler, registered as follows:
>>>> security team to explain why it wasn't patching XP, or if, in
>>>>
>> certain
>>
>>>> scenarios, their machines might be at risk. "We still use Windows
XP
>>>> and we do not use Windows Firewall," read one of the user
questions.
>>>> "We use a third-party vendor firewall product. Even assuming that
we
>>>> use the Windows Firewall, if there are services listening, such as
Thanks for the link. The problem here is that not enough information is given, and what IS given is obviously watered down to the point of being ineffective.
The quote that stands out most for me:
<snip>
During the Q&A, however, Windows users repeatedly asked Microsoft's security team to explain why it wasn't patching XP, or if, in certain scenarios, their machines might be at risk. "We still use Windows XP and we do not use Windows Firewall," read one of the user questions. "We use a third-party vendor firewall product. Even assuming that we use the Windows Firewall, if there are services listening, such as remote desktop, wouldn't then Windows XP be vulnerable to this?"
"Servers are a more likely target for this attack, and your firewall should provide additional protections against external exploits," replied Stone and Bryant.
</snip>
If an employee managing a product that my company owned gave answers like that to a public interview with Computerworld, they would be in deep doo. First off, my default install of XP Pro SP2 has remote assistance inbound, and once you join to a domain, you obviously accept necessary domain traffic. This "no inbound traffic by default so you are not vulnerable" line is crap. It was a direct question - "If RDP is allowed through the firewall, are we vulnerable?" A:"Great question. Yes, servers are the target. A firewall should provide added protection, maybe. Rumor is that's what they are for. Not sure really. What was the question again?"
Both ingredients provide for an exploitable heap corruption as attackers
control how much data is allocated on the heap and also how much data
is copied into the allocated buffer. It was possible to successfully
exploit this issue on the following Windows versions:
- Windows XP Professional SP3 32-bit (with 4GB RAM)
- Windows Vista Home Premium SP2 32-bit
- Windows Vista Business SP2 32-bit and 64-bit
- Windows 7 Home Premium SP1 64-bit
- Windows 7 Professional SP1 64-bit
- Windows 7 Enterprise SP1 32-bit and 64-bit
and a TOTALLY unresponsive vendor.
The current version 6.3 of Terratec's TV software HomeCinema
<http://ftp.terratec.de/Receiver/TerraTec_HomeCinema/TerraTec_Home_Cinema_6.3.exe>
from 2009-05-05 installs outdated and vulnerable .DLLs (the
test system used is a fully patched german Windows XP SP3):
1. Version 1.2.2 of ZLIB1.DLL is installed as
"%ProgramFiles%\TerraTec\TerraTec HomeCinema\zlib1.dll".
>>>> During the Q&A, however, Windows users repeatedly asked Microsoft's
>>>> security team to explain why it wasn't patching XP, or if, in
>>>>
>> certain
>>
>>>> scenarios, their machines might be at risk. "We still use Windows XP
>>>> and we do not use Windows Firewall," read one of the user questions.
>>>> "We use a third-party vendor firewall product. Even assuming that we
>>>> use the Windows Firewall, if there are services listening, such as
>>>> remote desktop, wouldn't then Windows XP be vulnerable to this?"
>>>>
Next Page>>
|
