[Am-info] Microsoft Windows showHelp and HTML Help Vulnerabilities
Fred Miller
fmiller@lightlink.com
Wed, 14 Jul 2004 00:11:18 -0400
Microsoft Windows showHelp and HTML Help Vulnerabilities
CRITICAL:
Highly critical
IMPACT:
Security Bypass, System access
WHERE:
>From remote
OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows 98
http://secunia.com/product/12/
Microsoft Windows 98 Second Edition
http://secunia.com/product/13/
Microsoft Windows Millenium
http://secunia.com/product/14/
Microsoft Windows NT 4.0 Server
http://secunia.com/product/18/
Microsoft Windows NT 4.0 Server, Terminal Server Edition
http://secunia.com/product/19/
Microsoft Windows NT 4.0 Workstation
http://secunia.com/product/15/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
DESCRIPTION:
Microsoft has issued an update for Windows. This fixes two
vulnerabilities, allowing malicious websites to compromise a
vulnerable system.
1) A problem in the handling of a specially crafted showHelp URL
allows execution of arbitrary code in the Local Security Zone.
This issue may be related to:
SA10523
2) An unspecified problem in HTML Help allows execution of arbitrary
code on a user's system if the current user has administrative
privileges.
Reportedly, all versions of Microsoft Windows running Internet
Explorer 5.5 SP2 and 6 SP1 are affected.
Microsoft will not be releasing updates for Windows 98, 98SE, and ME.
SOLUTION:
Apply patches.
Microsoft Windows 2000 (SP2, SP3 and SP4):
http://www.microsoft.com/downloads/details.aspx?FamilyId=3F2F1A7D-5CF2-4791-A7EE-07F20F75796C&displaylang=en
Microsoft Windows XP (SP1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B412C7F-44AD-4E77-8973-FD3E84CC496A&displaylang=en
Microsoft Windows XP 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0042DB67-C58B-412C-A24F-9D2AA8071897&displaylang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF0C5C4E-D986-4AD5-95E0-E87106D7C019&displaylang=en
Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B53C35D-E9ED-46AD-936C-30C8E3A7E606&displaylang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF0C5C4E-D986-4AD5-95E0-E87106D7C019&displaylang=en
Microsoft Windows NT 4.0 SP6a (with Internet Explorer 6.0 Service
Pack 1):
http://www.microsoft.com/downloads/details.aspx?FamilyId=18D026D3-3D93-4845-94AD-4F2656500D7A&displaylang=en
PROVIDED AND/OR DISCOVERED BY:
2) Brett Moore of Security-Assessment.com
ORIGINAL ADVISORY:
MS04-023 (KB840315)
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
--
"Ballmer is no more designed for the art of persuasion
than the Abrams tank is for delivering meals on wheels."