|
View: 8352|Reply: 37
|
nah korang, untuk mengelakkan korangkerja overtime
[Copy link]
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
-----------------------------------------------------------------
Title: Cumulative Patch for Internet Explorer (822925)
Date: 20 August 2003
Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 for Windows Server 2003
Impact: Run code of the attacker's choice
Max Risk: Critical
Bulletin: MS03-032
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
http://www.microsoft.com/security/security_bulletins/ms03-032.asp
-----------------------------------------------------------------
Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and
6.0. In addition, it eliminates the following newly discovered
vulnerabilities:
- A vulnerability involving the cross-domain security model of
Internet Explorer, which keeps windows of different domains from
sharing information. This flaw could result in the execution of
script in the My Computer zone. To exploit this flaw, an attacker
would have to host a malicious Web site that contained a Web page
designed to exploit this particular vulnerability and then
persuade a user to visit that site. After the user has visited
the malicious Web site, it would be possible for the attacker to
run malicious script by misusing the method Internet Explorer
uses to retrieve files from the browser cache, and cause that
script to access information in a different domain. In the worst
case, this could enable the Web site operator to load malicious
script code onto a user's system in the security context of the
My Computer zone. In addition, this flaw could also enable an
attacker to run an executable file that was already present on
the local system or view files on the computer. The flaw exists
because a file from the Internet or intranet with a maliciously
constructed URL can appear in the browser cache running in the My
Computer zone.
- A vulnerability that occurs because Internet Explorer does not
properly determine an object type returned from a Web server. It
could be possible for an attacker who exploited this
vulnerability to run arbitrary code on a user's system. If a user
visited an attacker's Web site, it would be possible for the
attacker to exploit this vulnerability without any other user
action. An attacker could also craft an HTML-based e-mail that
would attempt to exploit this vulnerability.
This patch also sets the Kill Bit on the BR549.DLL ActiveX
control. This control implemented support for the Windows
Reporting Tool, which is no longer supported by Internet
Explorer. The control has been found to contain a security
vulnerability. To protect customers who have this control
installed, the patch prevents the control from running or from
being reintroduced onto users' systems by setting the Kill Bit
for this control. This issue is discussed further in Microsoft
Knowledge Base article 822925.
In addition to these vulnerabilities, a change has been made to
the way Internet Explorer renders HTML files. This change
addresses a flaw in the way Internet Explorer renders Web pages
that could cause the browser or Outlook Express to fail. Internet
Explorer does not properly render an input type tag. A user
visiting an attacker's Web site could allow the attacker to
exploit the vulnerability by viewing the site. In addition, an
attacker could craft a specially formed HTML-based e-mail that
could cause Outlook Express to fail when the e-mail was opened or
previewed.
This patch also contains a modification to the fix for the Object
Type vulnerability (CAN-2003-0344) corrected in Microsoft
Security Bulletin MS03-020. The modification corrects the
behavior of the fix to prevent the attack on specific languages.
To exploit these flaws, the attacker would have to create a
specially formed HTML-based e-mail and send it to the user.
Alternatively an attacker would have to host a malicious Web site
that contained a Web page designed to exploit these
vulnerabilities. The attacker would then have to persuade a user
to visit that site.
As with the previous Internet Explorer cumulative patches
released with bulletins MS03-004, MS03-015, and MS03-020 this
cumulative patch will cause window.showHelp( ) to cease to
function if you have not applied the HTML Help update. If you
have installed the updated HTML Help control from Knowledge Base
article 811630, you will still be able to use HTML Help
functionality after applying this patch.
Mitigating Factors:
====================
- By default, Internet Explorer on Windows Server 2003 runs in
Enhanced Security Configuration. This default configuration of
Internet Explorer blocks these attacks. If Internet Explorer
Enhanced Security Configuration has been disabled, the
protections put in place that prevent these vulnerabilities from
being exploited would be removed.
- In the Web-based attack scenario, the attacker would have to
host a Web site that contained a Web page used to exploit these
vulnerabilities. An attacker would have no way to force users to
visit a malicious Web site outside the HTML-based e-mail vector.
Instead, the attacker would need to lure them there, typically by
getting them to click a link that would take them to the
attacker's site.
- Code that executed on the system would only run under the
privileges of the logged-on user.
Risk Rating:
============
- Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/ms03-
032.asp
http://www.microsoft.com/security/security_bulletins/ms03-
032.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Microsoft thanks the following for working with us to protect
customers:
- Yu-Arai of LAC for reporting the language specific variant of
the MS03-020 Object Type vulnerability (CAN-2003-0344), as well
as the Browser Cache Script Execution in My Computer Zone problem
to us.
- eEye Digital Security for reporting the Object Type
vulnerability to us.
- Greg Jones from KPMG UK for reporting the BR549.DLL Buffer
Overrun problem to us.
-----------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
-----------------------------------------------------------------
Title: Unchecked Buffer in MDAC Function Could Enable System
Compromise (823718)
Date: 20 August 2003
Software:
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
- Microsoft Data Access Components 2.7
Impact: Run code of the attacker's choice
Max Risk: Important
Bulletin: MS03-033
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-033.asp
http://www.microsoft.com/security/security_bulletins/ms03-033.asp
-----------------------------------------------------------------
Issue:
======
Microsoft Data Access Components (MDAC) is a collection of
components that are used to provide database connectivity on
Windows platforms. MDAC is a ubiquitous technology, and it is
likely to be present on most Windows systems:
- By default, MDAC is included by default as part of Microsoft
Windows XP, Windows 2000, Windows Millennium Edition, and
Windows Server 2003. (It is worth noting, though, that the
version that is installed by Windows Server 2003 does not have
this vulnerability.)
- MDAC is available for download as a stand-alone technology.
- MDAC is either included in or installed by a number of other
products and technologies. For example, MDAC is included in
the Microsoft Windows NT(r) 4.0 Option Pack and in Microsoft SQL
Server 2000. Additionally, some MDAC components are present as
part of Microsoft Internet Explorer even when MDAC itself is
not installed.
MDAC provides the underlying functionality for a number of
database operations, such as connecting to remote databases and
returning data to a client. When a client system on a network
tries to see list of computers that are running SQL Server and
that reside on the network, it sends a broadcast request to all
the devices that are on the network. Due to a flaw in a specific
MDAC component, an attacker could respond with a specially
crafted packet that could cause a buffer overflow.
An attacker who successfully exploited this flaw could gain the
same level of privileges over the system as the application that
initiated the broadcast request. The actions an attacker could
carry out would be dependent on the permissions which the
application using MDAC ran under. If the application ran with
limited privileges, an attacker would be limited accordingly;
however, if the application runs under the local system context,
the attacker would have the same level of permissions. This could
include creating, modifying, or deleting data on the system, or
reconfiguring the system. This could also include reformatting
the hard disk or running programs of the attacker's choice.
This bulletin supercedes the patch discussed in MS02-040.
Customers should install this patch as it contains the fix for
the vulnerability discussed in bulletin MS02-040 and the patch
discussed in this bulletin.
Mitigating Factors:
====================
- For an attack to be successful an attacker would need to
simulate a SQL server on the same subnet as the target system.
- Code executed on the client system would only run under the
privileges of the logged-on user.
- MDAC version 2.8 (which is the version included with Windows
Server 2003) does not contain the flaw that is addressed by
this bulletin.
Risk Rating:
============
- Important
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/ms03-
033.asp
http://www.microsoft.com/security/security_bulletins/ms03-
033.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Microsoft thanks Aaron C. Newman of Application Security, Inc.
for reporting this issue to us and for working with us to help
protect customers.
-----------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
----------------------------------------------------------------------
Title: Unchecked Buffer in MDAC Function Could Enable System
Compromise (Q326573)
Released: 31 July 2003
Revised: 20 August 2003 (version 2.0)
Software: Microsoft Data Access Components 2.5
Microsoft Data Access Components 2.6
Microsoft Data Access Components 2.7
Impact: Run code of the attacker's choice.
Max Risk: Critical
Bulletin: MS02-040
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-040.asp
http://www.microsoft.com/security/security_bulletins/MS02-040.asp
----------------------------------------------------------------------
Reason for Revision:
====================
Subsequent to the release of this bulletin, it was determined that
the vulnerability addressed is not with the OpenRowSet command
(which is a Microsoft SQL Server command) but rather that the
vulnerability is with the underlying MDAC component Open Database
Connectivity (ODBC), which is present in all versions of Windows.
Additionally, the original patch released with this did not install
correctly on some systems because of a flaw in the way that
Microsoft Windows Installer updated the System File Protection
cache. The bulletin has been updated to include this additional
information and to direct users to an updated patch.
Note: The patch for this security bulletin has been superceded by
the patch in MS03-033. Customers who are seeking the patch for
MS02-040 should instead install the patch for MS03-033.
Issue:
======
MDAC is a collection of components that are used to provide
database connectivity on Windows platforms. MDAC is a ubiquitous
technology, and it is likely to be present on most Windows systems:
By default, MDAC is included as part of Microsoft Windows XP,
Windows 2000, and Windows Millennium Edition.
MDAC is available for download as a stand-alone technology.
MDAC is either included in or installed by a number of other
products and technologies. For example, MDAC is included in the
Microsoft Windows NT(r) 4.0 Option Pack, as part of Microsoft Access,
and as part of SQL Server. Some MDAC components are also present as
part of Microsoft Internet Explorer even if MDAC itself is not
installed.
MDAC provides the underlying functionality for a number of database
operations, such as connecting to remote databases and returning
data to a client. Specifically, it is the MDAC component known as
Open Database Connectivity (ODBC) that provides this functionality.
A security vulnerability results because one of the ODBC functions
in MDAC that is used to connect to data sources contains an
unchecked buffer. An attacker could seek to exploit the
vulnerability by constructing a Web page that, when visited by the
user, could execute code of the attacker's choice with the user's
privileges. The Web page could be hosted on a Web site or sent
directly to the user in an e-mail message.
In the case of a system that is running SQL Server, an attacker
could seek to exploit this vulnerability by using the Transact-SQL
OpenRowSet command. An attacker who submits a database query that
contains a specially-malformed parameter within a call to
OpenRowSet could overrun the buffer, either to cause the computer
that is running SQL Server to fail or to cause the computer that is
running SQL Server to take actions that are dictated by the
attacker.
Mitigating Factors:
====================
- Users who read e-mail messages as plain text would have to take
an action before an attacker could exploit the vulnerability to be
exploited.
- Systems that are configured to disable active scripting in
Internet Explorer are not affected by this vulnerability.
- In the Web-based attack scenario, a user would need to visit a
malicious web site under the control of an attacker. An attacker
would have no way to force users to visit a malicious Web site
outside the HTML e-mail vector. Instead, an attacker would need to
lure them there, typically by getting the user to click a link that
took them to the attacker's site.
- The privileges that are gained through a successful attack would
be equal to those of the application under which ODBC is running.
In most cases, an attacker would gain only the same level of
privileges as the logged on user.
- By default, Outlook Express 6.0 and Outlook 2002 open HTML mail
in the Restricted Sites Zone. In addition, Outlook 98 and 2000 open
HTML mail in the Restricted Sites Zone if the Outlook Email
Security Update has been installed. Customers who use any of these
products would be at no risk from an e-mail borne attack that
attempted to exploit this vulnerability unless the user clicked a
malicious link in the email.
Risk Rating:
============
Critical
Patch Availability:
===================
A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms02-040.asp
http://www.microsoft.com/security/security_bulletins/MS02-040.asp
for information on obtaining this patch. Please note that this
patch is superceded by the patch available with
http://www.microsoft.com/technet/security/bulletin/ms03-033.asp
Acknowledgment:
===============
- David Litchfield, Next Generation Security Software Ltd.,
http://www.nextgenss.com/.
---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
----------------------------------------------------------------------
Title: Unchecked Buffer in DirectX Could Enable System
Compromise (819696)
Released: 23 July 2003
Revised: 20 August 2003 (version 2.0)
Software: Microsoft DirectX(r) 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.1 on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.0, 8.0a, 8.1, 8.1a, and 8.1b when
installed on Windows 98, Windows 98 SE, Windows
Millennium Edition or Windows 2000
Microsoft DirectX 8.1 on Windows XP or
Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98,
Windows 98 SE, Windows Millennium Edition (Windows Me),
Windows 2000, Windows XP, or Windows Server 2003
Microsoft Windows NT 4.0 Server with either Windows
Media Player 6.4 or Internet Explorer 6 Service Pack 1
installed.
Microsoft Windows NT 4.0, Terminal Server Edition with
either Windows Media Player 6.4 or Internet Explorer 6
Service Pack 1 installed.
Impact: Allow an attacker to execute code on a user's system
Max Risk: Critical
Bulletin: MS03-030
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS03-030.asp
http://www.microsoft.com/security/security_bulletins/MS03-030.asp
----------------------------------------------------------------------
Reason for Revision:
====================
Subsequent to the original release of this bulletin, customers
requested that we support additional versions of DirectX that were
not covered by the original patches. This bulletin has been updated
to provide information about this new patch.
Issue:
======
DirectX consists of a set of low-level Application Programming
Interfaces (APIs) that are used by Windows programs for multimedia
support. Within DirectX, the DirectShow technology performs client-
side audio and video sourcing, manipulation, and rendering.
There are two buffer overruns with identical effects in the
function used by DirectShow to check parameters in a Musical
Instrument Digital Interface (MIDI) file. A security vulnerability
results because it could be possible for a malicious user to
attempt to exploit these flaws and execute code in the security
context of the logged-on user.
An attacker could seek to exploit this vulnerability by creating a
specially crafted MIDI file designed to exploit this vulnerability
and then host it on a Web site or on a network share, or send it by
using an HTML-based e-mail. In the case where the file was hosted
on a Web site or network share, the user would need to open the
specially crafted file. If the file was embedded in a page the
vulnerability could be exploited when a user visited the Web page.
In the HTML-based e-mail case, the vulnerability could be exploited
when a user opened or previewed the HTML-based e-mail. A successful
attack could cause DirectShow, or an application making use of
DirectShow, to fail. A successful attack could also cause an
attacker's code to run on the user's computer in the security
context of the user.
Mitigating Factors:
====================
- By default, Internet Explorer on Windows Server 2003 runs in
Enhanced Security Configuration. This default configuration of
Internet Explorer blocks the e-mail-based vector of this attack
because Microsoft Outlook Express running on Windows Server 2003 by
default reads e-mail in plain text. If Internet Explorer Enhanced
Security Configuration were disabled, the protections put in place
that prevent this vulnerability from being exploited would be
removed.
- In the Web-based attack scenario, the attacker would have to host
a Web site that contained a Web page used to exploit these
vulnerabilities. An attacker would have no way to force users to
visit a malicious Web site outside the HTML-based e-mail vector.
Instead, the attacker would need to lure them there, typically by
getting them to click a link that would take them to the attacker's
site.
- The combination of the above means that on Windows Server 2003 an
administrator browsing only to trusted sites should be safe from
this vulnerability.
- Code executed on the system would only run under the privileges
of the logged-on user.
Risk Rating:
============
- Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/MS03-030.asp
http://www.microsoft.com/security/security_bulletins/MS03-30.asp
for information on obtaining this patch.
Acknowledgment:
===============
- eEye Digital Security, http://www.eeye.com
---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
|
Kalau OT bebayar tak kisah tu, janji duit masuk hehehe |
|
|
|
|
|
|
|
|
|
Dewa_Sakti This user has been deleted
|
|
Huiss!...penah haku bacee!... |
|
|
|
|
|
|
|
|
|
|
|
|
betul lah. takleh ke wat rumusan menatang kat atas semua tu utk apa? at least ada idea sket apa mendenya tu :p |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
----------------------------------------------------------------------
Title: Flaw in Visual Basic for Applications Could Allow
Arbitrary Code Execution (822715)
Date: 03 September 2003
Affected Software:
Microsoft Visual Basic for Applications SDK 5.0
Microsoft Visual Basic for Applications SDK 6.0
Microsoft Visual Basic for Applications SDK 6.2
Microsoft Visual Basic for Applications SDK 6.3
Products which include the affected software:
Microsoft Access 97
Microsoft Access 2000
Microsoft Access 2002
Microsoft Excel 97
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft PowerPoint 97
Microsoft PowerPoint 2000
Microsoft PowerPoint 2002
Microsoft Project 2000
Microsoft Project 2002
Microsoft Publisher 2002
Microsoft Visio 2000
Microsoft Visio 2002
Microsoft Word 97
Microsoft Word 98(J)
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Microsoft Business Solutions Great Plains 7.5
Microsoft Business Solutions Dynamics 6.0
Microsoft Business Solutions Dynamics 7.0
Microsoft Business Solutions eEnterprise 6.0
Microsoft Business Solutions eEnterprise 7.0
Microsoft Business Solutions Solomon 4.5
Microsoft Business Solutions Solomon 5.0
Microsoft Business Solutions Solomon 5.5
Impact: Run code of attackers choice
Max Risk: Critical
Bulletin: MS03-037
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-037.asp
http://www.microsoft.com/security/security_bulletins/ms03-037.asp
----------------------------------------------------------------------
Issue:
======
Microsoft VBA is a development technology for developing client
desktop packaged applications and integrating them with existing
data and systems. Microsoft VBA is based on the Microsoft Visual
Basic development system. Microsoft Office products include VBA
and make use of VBA to perform certain functions. VBA can also be
used to build customized applications based around an existing
host application.
A flaw exists in the way VBA checks document properties passed to
it when a document is opened by the host application. A buffer
overrun exists which if exploited successfully could allow an
attacker to execute code of their choice in the context of the
logged on user.
In order for an attack to be successful, a user would have to
open a specially crafted document sent to them by an attacker.
This document could be any type of document that supports VBA,
such as a Word document, Excel spreadsheet, PowerPoint
presentation. In the case where Microsoft Word is being used as
the HTML e-mail editor for Microsoft Outlook, this document could
be an e-mail, however the user would need to reply to, or forward
the mail message in order for the vulnerability to be exploited.
Mitigating Factors:
====================
-The user must open a document sent to them by an attacker in
order for this vulnerability to be exploited.
-When Microsoft Word is being used as the HTML e-mail editor in
Outlook, a user would need to reply to or forward a malicious e-
mail document sent to them in order for this vulnerability to be
exploited.
-An attacker's code could only run with the same rights as the
logged on user. The specific privileges the attacker could gain
through this vulnerability would therefore depend on the
privileges granted to the user. Any limitations on a user's
account, such as those applied through Group Policies, would also
limit the actions of any arbitrary code executed by this
vulnerability.
Risk Rating:
============
- Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-037.asp
http://www.microsoft.com/security/security_bulletins/ms03-037.asp
for information on obtaining this patch.
Acknowledgment:
===============
- eEye Digital Security, http://www.eeye.com
---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
----------------------------------------------------------------------
Title: Buffer Overrun in WordPerfect Converter Could Allow
Code Execution (827103)
Date: 03 September 2003
Software: Microsoft Office 97
Microsoft Office 2000
Microsoft Office XP
Microsoft Word 98 (J)
Microsoft FrontPage 2000
Microsoft FrontPage 2002
Microsoft Publisher 2000
Microsoft Publisher 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Impact: Run code of attacker's choice
Max Risk: Important
Bulletin: MS03-036
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-036.asp
http://www.microsoft.com/security/security_bulletins/ms03-036.asp
----------------------------------------------------------------------
Issue:
======
Microsoft Office provides a number of converters that allow users
to import and edit files that use formats that are not native to
Office. These converters are available as part of the default
installation of Office and are also available separately in the
Microsoft Office Converter Pack. These converters can be useful
to organizations that use Office in a mixed environment with
earlier versions of Office and other applications, including
Office for the Macintosh and third-party productivity
applications.
There is a flaw in the way that the Microsoft WordPerfect
converter handles Corel(r) WordPerfect documents. A security
vulnerability results because the converter does not correctly
validate certain parameters when it opens a WordPerfect document,
which results in an unchecked buffer. As a result, an attacker
could craft a malicious WordPerfect document that could allow
code of their choice to be executed if an application that used
the WordPerfect converter opened the document. Microsoft Word and
Microsoft PowerPoint (which are part of the Office suite),
FrontPage (which is available as part of the Office suite or
separately), Publisher, and Microsoft Works Suite can all use the
Microsoft Office WordPerfect converter.
The vulnerability could only be exploited by an attacker who
persuaded a user to open a malicious WordPerfect document-there
is no way for an attacker to force a malicious document to be
opened or to trigger an attack automatically by sending an e-mail
message.
Mitigating Factors:
====================
-The user must open the malicious document for an attacker to be
successful. An attacker cannot force the document to be opened
automatically.
-The vulnerability cannot be exploited automatically through e-
mail. A user must open an attachment that is sent in an e-mail
message for an e-mail-borne attack to be successful.
Risk Rating:
============
- Important
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-036.asp
http://www.microsoft.com/security/security_bulletins/ms03-036.asp
for information on obtaining this patch.
Acknowledgment:
===============
- eEye Digital Security, http://www.eeye.com
-----------------------------------------------------------------
----
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
----------------------------------------------------------------------
Title: Flaw in NetBIOS Could Lead to Information Disclosure
(824105)
Date: 03 September 2003
Software:
- Microsoft Windows NT 4.0 Server
- Microsoft Windows NT 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
Impact: Information Disclosure
Max Risk: Low
Bulletin: MS03-034
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-034.asp
http://www.microsoft.com/security/security_bulletins/ms03-034.asp
----------------------------------------------------------------------
Issue:
======
Network basic input/output system (NetBIOS) is an application
programming interface (API) that can be used by programs on a local
area network (LAN). NetBIOS provides programs with a uniform set of
commands for requesting the lower-level services required to manage
names, conduct sessions, and send datagrams between nodes on a
network.
This vulnerability involves one of the NetBT (NetBIOS over TCP)
services, namely, the NetBIOS Name Service (NBNS). NBNS is
analogous to DNS in the TCP/IP world and it provides a way to find
a system's IP address given its NetBIOS name, or vice versa.
Under certain conditions, the response to a NetBT Name Service
query may, in addition to the typical reply, contain random data
from the target system's memory. This data could, for example, be a
segment of HTML if the user on the target system was using an
Internet browser, or it could contain other types of data that
exist in memory at the time that the target system responds to the
NetBT Name Service query.
An attacker could seek to exploit this vulnerability by sending a
NetBT Name Service query to the target system and then examine the
response to see if it included any random data from that system's
memory.
If best security practices have been followed and port 137 UDP has
been blocked at the firewall, Internet based attacks would not be
possible.
Mitigating Factors:
====================
- Any information disclosure would be completely random.
- By default, the Internet Connection Firewall (ICF), which is
available with Windows XP and Windows Server 2003, blocks the
ports that are used by NetBT.
- To exploit this vulnerability, an attacker would have to be able
to send a specially-crafted NetBT request to port 137 on the
target system and then examine the response to see whether any
random data from that system's memory is included. In intranet
environments, these ports are usually accessible, but systems that
are connected to the Internet usually have these ports blocked
by a firewall.
Risk Rating:
============
- Low
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-034.asp
http://www.microsoft.com/security/security_bulletins/ms03-034.asp
for information on obtaining this patch.
Acknowledgment:
===============
Mike Price of Foundstone Labs, http://www.foundstone.com
---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
--------------------------------------------------------------------
Title: Unchecked buffer in Microsoft Access Snapshot Viewer
Could Allow Code Execution (827104)
Date: September 3, 2003
Software: Microsoft Access 97
Microsoft Access 2000
Microsoft Access 2002
Impact: Elevation of Privilege
Max Risk: Moderate
Bulletin: MS03-038
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
http://www.microsoft.com/security/security_bulletins/MS03-038.asp
--------------------------------------------------------------------
Issue:
======
With Microsoft Access Snapshot Viewer, you can distribute a snapshot
of a Microsoft Access database that allows the snapshot to be viewed
without having Access installed. For example, a customer may want to
send a supplier an invoice that is generated by using an Access
database. With Microsoft Access Snapshot Viewer, the customer can
package the database so that the supplier can view it and print it
without having Access installed.
The Microsoft Access Snapshot Viewer is available with all versions
of Access - though it is not installed by default - and is also
available as a separate stand-alone. The Snapshot Viewer is
implemented by using an ActiveX control.
A vulnerability exists because of a flaw in the way that Snapshot
Viewer validates parameters. Because the parameters are not correctly
checked, a buffer overrun can occur, which could allow an attacker to
execute the code of their choice in the security context of the
logged-on user.
For an attack to be successful, an attacker would have to persuade a
user to visit a malicious Web site that is under the attacker's
control.
Mitigating Factors:
====================
* The Microsoft Access Snapshot Viewer is not installed with
Microsoft Office by default.
* An attacker would need to persuade a user to visit a website
under the attacker's control for an attack to be successful.
* An attacker's code would run with the same permissions as the
user. If a user's permissions were restricted the attacker would
be similarly restricted.
Risk Rating:
============
-Moderate
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/MS03-038.asp
http://www.microsoft.com/security/security_bulletins/MS03-
038.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Oliver Lavery ([email protected])
---------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE
FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
-------------------------------------------------------------------
Title: Flaw in Microsoft Word Could Enable Macros to Run
Automatically (827653)
Date: September 3, 2003
Software: Microsoft Word 97
Microsoft Word 98 (J)
Microsoft Word 2000
Microsoft Word 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2002
Microsoft Works Suite 2003
Impact: Run macros without warning
Max Risk: Important
Bulletin: MS03-035
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
http://www.microsoft.com/security/security_bulletins/MS03-035.asp
-------------------------------------------------------------------
Issue:
======
A macro is a series of commands and instructions that can be
grouped together as a single command to accomplish a task
automatically. Microsoft Word supports the use of macros to allow
the automation of commonly performed tasks. Since macros are
executable code it is possible to misuse them, so Microsoft Word
has a security model designed to validate whether a macro should be
allowed to execute depending on the level of macro security the
user has chosen.
A vulnerability exists because it is possible for an attacker to
craft a malicious document that will bypass the macro security
model. If the document was opened, this flaw could allow a
malicious macro embedded in the document to be executed
automatically, regardless of the level at which macro security is
set. The malicious macro could take the same actions that the user
had permissions to carry out, such as adding, changing or deleting
data or files, communicating with a web site or formatting the hard
drive.
The vulnerability could only be exploited by an attacker who
persuaded a user to open a malicious document - there is no way for
an attacker to force a malicious document to be opened.
Mitigating Factors:
====================
- The user must open the malicious document for an attacker to be
successful. An attacker cannot force the document to be opened
automatically.
- The vulnerability cannot be exploited automatically through e-
mail. A user must open an attachment sent in e-mail for an e-
mail borne attack to be successful.
- By default, Outlook 2002 block programmatic access to the
Address Book. In addition, Outlook 98 and 2000 block
programmatic access to the Outlook Address Book if the Outlook
Email Security Update has been installed. Customers who use any
of these products would not be at risk of propagating an e-mail
borne attack that attempted to exploit this vulnerability.
- The vulnerability only affects Microsoft Word - other members of
the Office product family are not affected.
Risk Rating:
============
-Important
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/MS03-035.asp
http://www.microsoft.com/security/security_bulletins/MS03-035.asp
for information on obtaining this patch.
Acknowledgment:
===============
- Jim Bassett of Practitioners Publishing Company
(http://www.ppcnet.com)
-------------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
********* *BEGIN ENCRYPTED or SIGNED PART* *********
- -----------------------------------------------------------------
Title: Buffer Overrun In RPCSS Service Could Allow Code
Execution (824146)
Date: September 10, 2003
Software: Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Server(r) 4.0
Microsoft Windows NT Server 4.0, Terminal Server
Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Impact: Run code of attacker's choice
Max Risk: Critical
Bulletin: MS03-039
Microsoft encourages customers to review the Security Bulletins
at:
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
http://www.microsoft.com/security/security_bulletins/MS03-039.asp
- -----------------------------------------------------------------
Issue:
======
The fix provided by this patch supersedes the one included in
Microsoft Security Bulletin MS03-026.
Remote Procedure Call (RPC) is a protocol used by the Windows
operating system. RPC provides an inter-process communication
mechanism that allows a program running on one computer to
seamlessly access services on another computer. The protocol
itself is derived from the Open Software Foundation (OSF) RPC
protocol, but with the addition of some Microsoft specific
extensions.
There are three identified vulnerabilities in the part of RPCSS
Service that deals with RPC messages for DCOM activation- two
that could allow arbitrary code execution and one that could
result in a denial of service. The flaws result from incorrect
handling of malformed messages. These particular vulnerabilities
affect the Distributed Component Object Model (DCOM) interface
within the RPCSS Service. This interface handles DCOM object
activation requests that are sent from one machine to another.
An attacker who successfully exploited these vulnerabilities
could be able to run code with Local System privileges on an
affected system, or could cause the RPCSS Service to fail. The
attacker could then be able to take any action on the system,
including installing programs, viewing, changing or deleting
data, or creating new accounts with full privileges.
To exploit these vulnerabilities, an attacker could create a
program to send a malformed RPC message to a vulnerable system
targeting the RPCSS Service.
Microsoft has released a tool that can be used to scan a network
for the presence of systems which have not had the MS03-039 patch
installed. More details on this tool are available in Microsoft
Knowledge Base article 827363. This tool supersedes the one
provided in Microsoft Knowledge Base article 826369. If the tool
provided in Microsoft Knowledge Base Article 826369 is used
against a system which has installed the security patch provided
with this bulletin, the superseded tool will incorrectly report
that the system is missing the patch provided in MS03-026.
Microsoft encourages customers to run the latest version of the
tool available in Microsoft Knowledge Base article 827363 to
determine if their systems are patched.
Mitigating Factors:
====================
- Firewall best practices and standard default firewall
configurations can help protect networks from remote attacks
originating outside of the enterprise perimeter. Best practices
recommend blocking all ports that are not actually being used.
For this reason, most systems attached to the Internet should
have a minimal number of the affected ports exposed.
Risk Rating:
============
- Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read
the Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/MS03-039.asp
http://www.microsoft.com/security/security_bulletins/MS03-039.asp
for information on obtaining this patch.
Acknowledgment:
===============
- eEye Digital Security (http://www.eeye.com/html)
- NSFOCUS Security Team (http://www.nsfocus.com)
- Xue Yong Zhi and Renaud Deraison from Tenable Network Security
(http://www.tenablesecurity.com)
for reporting the buffer overrun vulnerabilities and working with
us to protect customers.
- -----------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS
BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT
ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
********** *END ENCRYPTED or SIGNED PART* ********** |
|
|
|
|
|
|
|
|
|
|
|
boleh translet bahasa melayu tak???
 |
|
|
|
|
|
|
|
|
|
|
|
aah tidak.. panjang nya.. tp mmg laa... kalau dah nama produk tu microsoftnya.. mmg la possible nak kena hack tinggi... kalau tak mau kena hack... jgn la guna internet... 
tak pun guna Lotus 123 ke... ok gak cam opis aku walaupun tak user frenly.. |
|
|
|
|
|
|
|
|
|
|
|
hehehe
ramai tak paham ...
takpe .. biasanya kalau korang tak paham, it don't really concern u .. kesimpulan thread ni ... rajin rajinlah guna windowsupdate |
|
|
|
|
|
|
|
|
|
| |
|
Post time 21-8-2003 08:38 PM
变色卡
Author
