Four New Unpatched Windows Vulnerabilities 273
peeon writes "Right before Christmas, four new Windows NT/2k/XP vulnerabilities were posted to the Bugtraq list. This story discusses two of the vulnerabilities in the LoadImage function (buffer overflow) and Windows Help program (heap overflow), but the Chinese company discovered two more exploits in the parsing of a specially crafted ANI file (causes DoS). A Bugtraq posting has more details."
bugtraq links for the vulnerabilities / demo (Score:5, Informative)
http://www.xfocus.net/flashsky/icoExp/index.html [xfocus.net]
http://www.derkeiler.com/Mailing-Lists/securityfo
http://www.derkeiler.com/Mailing-Lists/securityfo
http://www.derkeiler.com/Mailing-Lists/securityfo
(Source: http://www.heise.de/newsticker/meldung/54610 [German])
Re:Timing of the post (Score:2, Informative)
Advisory: [AD_LAB-04006]Microsoft Windows winhlp32.exe Heap Overflow Vulnerability
Patch available... (Score:0, Informative)
http://shit.slashdot.org/article.pl?sid=04/12/24/
Give this as a gift for the holidays (Score:4, Informative)
This year I wash my hands of it and am giving them a printout of a tutorial I found that has helped some friends. It is basic, but they do not bother me as much anymore:
Simple and easy ways to keep your computer safe and secure on the Internet [bleepingcomputer.com]
what ever happened... (Score:3, Informative)
What ever happened with that? Were the bugs in firefox fixed? I remember that IE did well in that test, but I dont remember any specifics.
Anyone know?
Instant Reboot on windows (Score:3, Informative)
Warning: If you are on Windows Don't download
www.xfocus.net/flashsky/icoExp/KERNELBLUE.ani
Instant Reboot. This is a very critical vulnerability. Reminds me of the old exploits that referenced "CON" [microsoft.com] in the file path inside a webpage to trigger a BSOD.
Re:what ever happened... (Score:3, Informative)
The fuzz tester wasn't written by a lab close to Microsoft.
It isn't a "tiny" area: Browsers read files that contain HTML. No matter what, corrupt files should not crash a browser.
The Linux kernel was rewritten after Mindcraft. There was a serious problem in the way signals were handled under high load.
Mozilla has fixed the three bugs that Zalewski's original posting described. There are still issues in Firefox 1.0 that the tool discloses.
Re:Forced Upgrade. (Score:2, Informative)
Mozilla products appear safe (Score:4, Informative)
*without major user intervention, like installing an XPI or messing with the JAR files that make up Mozilla
Re:I don't get it.... (Score:5, Informative)
Now to the point: This DLL was updated quite a few times with Internet Explorer 3, 4 and 5. The versions in Windows 98, 2000 and XP are/were directly related to the matching (sub-)version of Internet Explorer. If you wrote an app for Win-95 and wanted to use one of those common controls, the recommended redistribution scenario was redistributing IE.
If they simply ripped out anything that is officially part of the "IE codebase", it's completely true that quite a few apps would fail.
This is of course even more true of some of other APIs with a more apparent connection to Internet Explorer, like WinInet for interacting with HTTP/FTP without doing sockets yourself (and using the IE cache and other stuff) or employing the IE HTML/XML parsing and possibly rendering hosted in another application. I chose common controls because they're very frequently used, and some quite significant updates were introduced through IE. These updates are still there in "Win98 lite" and whatever you would do to a Windows system to rip out IE, but retain a reasonable level of compatibility. Just because it's part of the OS and a frequently used API doesn't mean it's kernel mode. And very little IE related code is *in the kernel*.
Now to the point: LoadImage is quite a low level function. Display drivers are allowed to use it on their own and modify its functionality. That makes it belong in kernel mode. Even if they moved back some more UI stuff from the kernel, stuff like this probably belongs there, if you buy the concept of placing display drivers in kernel mode at all.
Re:Unpatched? (Score:2, Informative)
Apparently.... (Score:3, Informative)
to the allocated memory, which is suitably aligned for any
kind of variable, or NULL if the request fails.
Re:Timing of the post (Score:1, Informative)
Re:Is it really this hard... (Score:3, Informative)
Re:Forced Upgrade. (Score:2, Informative)
The only other base OS series from Microsoft is the 9x line, based on Win3.1.
Many of the divisions between those OSes were manufactured by the marketing department; 2000 Server has exactly the same files as 2000 Professional, plus a couple of registry entries and extra server-side applications.
Re:Forced Upgrade. (Score:2, Informative)
Umm, yeah it did. Before the OpenSSH hole, it was at zero.
(Speaking as someone who was rooted while trying to install the patches to that version...)