Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

   


   


   

















      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: iDefense Security Advisory 06.12.07: Microsoft License Manager andurlmon.dll COM Object Interaction Invalid Memory Access Vulnerability



> 
> Microsoft License Manager and urlmon.dll COM Object 
> Interaction Invalid
> Memory Access Vulnerability
> 
> iDefense Security Advisory 06.12.07
> http://labs.idefense.com/intelligence/vulnerabilities/
> Jun 12, 2007
> 
> I. BACKGROUND
> 
> Internet Explorer is a set of core technologies in Microsoft Windows
> operating systems that provide web browsing functionality. Further
> information is available at URL shown below.
> 
> http://www.microsoft.com/windows/ie/default.mspx
> 
> II. DESCRIPTION
> 
> Remote exploitation of an invalid memory access vulnerability 
> in various
> Microsoft products, including Internet Explorer, while 
> creating certain
> COM objects may allow an attacker to execute arbitrary code.
> 
> When creating certain COM objects in Internet Explorer, memory
> corruption can occur, which may allow an attacker to execute arbitrary
> code. When calling the IObjectSafety function, uninitialized memory is
> accessed in a way that can allow code execution to occur. The
> IObjectSafety function is used by COM objects to determine if 
> an object
> is safe to load in a particular context.
> 
> III. ANALYSIS
> 
> Exploitation of this vulnerability could allow a remote attacker to
> execute arbitrary code in the context of the currently logged in user.
> 
> One method of exploiting this vulnerability would be to craft 
> a website
> that performs the required operations. It also may be 
> possible to embed
> the controls in an Office document.
> 
> iDefense Labs successfully constructed exploit code for this
> vulnerability that causes code execution, although not in a reliable
> manner. It may be possible to increase the reliability using other
> techniques.
> 
> IV. DETECTION
> 
> iDefense confirmed the existence of this vulnerability using Internet
> Explorer 6 on Windows XP SP2 and Windows Server 2000 SP4. Although
> Windows Server 2003 contains an affected version, the 
> Enhanced Security
> Configuration mitigates exposure to this vulnerability.
> 
> Microsoft reports that Internet Explorer 7 is not affected.
> 
> Other applications that can load COM objects from documents 
> may also be
> affected.
> 
> V. WORKAROUND
> 
> Setting the kill-bits for the CLSIDs associated with urlmon.dll will
> prevent them from loading as ActiveX controls. While disabling the
> ability to create these controls from a Web page did not appear to
> cause any change in behavior, some sites or applications may exhibit
> changes in functionality.
> 
> VI. VENDOR RESPONSE
> 
> Microsoft has addressed this vulnerability within MS07-033. For more
> information, consult their bulletin at the following URL.
> 
> http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx
> 
> VII. CVE INFORMATION
> 
> The Common Vulnerabilities and Exposures (CVE) project has 
> assigned the
> name CVE-2007-0218 to this issue. This is a candidate for inclusion in
> the CVE list (http://cve.mitre.org/), which standardizes names for
> security problems.
> 
> VIII. DISCLOSURE TIMELINE
> 
> 10/24/2006  Initial vendor notification
> 01/03/2007  Initial vendor response
> 06/12/2007  Coordinated public disclosure
> 
> IX. CREDIT
> 
> The discoverer of this vulnerability wishes to remain anonymous.
> 
> Get paid for vulnerability research
> http://labs.idefense.com/methodology/vulnerability/vcp.php
> 
> Free tools, research and upcoming events
> http://labs.idefense.com/
> 
> X. LEGAL NOTICES
> 
> Copyright (c) 2007 iDefense, Inc.
> 
> Permission is granted for the redistribution of this alert
> electronically. It may not be edited in any way without the express
> written consent of iDefense. If you wish to reprint the whole or any
> part of this alert in any other medium other than electronically,
> please e-mail customerservice@xxxxxxxxxxxx for permission.
> 
> Disclaimer: The information in the advisory is believed to be accurate
> at the time of publishing based on currently available 
> information. Use
> of the information constitutes acceptance for use in an AS IS 
> condition.
>  There are no warranties with regard to this information. Neither the
> author nor the publisher accepts any liability for any direct,
> indirect, or consequential loss or damage arising from use of, or
> reliance on, this information.
> _______________________________________________
> To unsubscribe, go here:
> http://www.idefense.com/mailman/listinfo/idlabs-advisories
> 



 




Copyright © Lexa Software, 1996-2009.