※ 本文转录自 [Lan] 信箱 作者: [email protected] (TWCERT/CC Fellows) 标题: 【TWCERT/CC安全通报】TW-CA-2005-019-[TA05-039A 时间: Fri Feb 18 11:15:18 2005 -----BEGIN PGP SIGNED MESSAGE----- TW-CA-2005-019-[TA05-039A: Multiple Vulnerabilities in Microsoft Windows Components Precedence: list] ──────────────────────────────────────── TWCERT/CC发布日期：2005-02-18 原漏洞发布日期：2005-02-08 原漏洞最新更新日期：-- 通用安全漏洞编号： 分类：Miscellaneous 来源参考：TA05-039A ──── 简述 ───────────────────────────────── 微软在 2005 年二月时发布了一则安全性公告摘要。摘要中说明了一些 Windows 应用程 式和元件所存在的漏洞。远端攻击者可利用这些漏洞在主机上执行任意程式码。关於这 些漏洞及其影响之细节，可参考以下说明。 ──── 说明 ───────────────────────────────── 下列表格是关於US-CERT 对这次微软安全性公告的记载，可由这份文件取得关於弱点更 详细的资讯。 _________________________________________________________________ 格式： 微软安全性公告 相关 US-CERT 弱点 _________________________________________________________________ MS05-004: ASP.NET 路径验证弱点 (887219) VU#283646 微软 ASP.NET 无法正确的显示 canonicalization（canonicalization 是 ASP.NET 上的路径对应函式） _________________________________________________________________ MS05-005: 微软 Office XP 可能会允许远端程式码执行 (873352) VU#416001 微软 Office XP 存在缓冲区溢位弱点 _________________________________________________________________ MS05-006: Windows SharePoint Services 和 SharePoint Team Services 中的弱点可能会允许跨网站指令码和伪造攻击 (887981) VU#340409 微软 Windows SharePoint Services 以及 SharePoint Team Services 存在跨网站指令码攻击弱点 _________________________________________________________________ MS05-007: Windows 中的弱点可能会导致资讯泄露 (888302) VU#939074 微软电脑浏览服务有资讯泄漏的弱点 _________________________________________________________________ MS05-008: Windows Shell 的弱点可能会允许远端程式码执行 (890047) VU#698835 微软 Internet Explorer有拖曳的弱点 _________________________________________________________________ MS05-009: PNG 处理弱点可能会允许远端执行程式码 (890261) VU#259890 Windows Media Player 无法处理超过合理宽度或长度的 PNG 影像 VU#817368 libpng png_handle_sBIT() 无法充分的确认边界 VU#388984 libpng 无法确认 transparencychunk (tRNS) 资料的长度 _________________________________________________________________ MS05-010: License Logging 服务的弱点可能允许程式码执行 (885834) VU#130433 微软 License Logging 服务存在缓冲区溢位弱点 _________________________________________________________________ MS05-011: 伺服器讯息区中的弱点可能会允许远端执行程式码 (885250) VU#652537 微软 Windows SMB 封包验证缺点 _________________________________________________________________ MS05-012: OLE 及 COM 中的弱点可能会允许远端执行程式码 (873333) VU#597889 微软 COM 储存结构的弱点 VU#927889 微软 OLE 输入验证弱点 _________________________________________________________________ MS05-013: DHTML 编辑元件 ActiveX 控制项中的弱点可能会允许程式码执行 (891781) VU#356600 微软 Internet Explorer DHTML 编辑 ActiveX 控制项存在跨网域 弱点 _________________________________________________________________ MS05-014: Internet Explorer 积存安全性更新 (867282) VU#698835 微软 Internet Explorer 存在拖曳漏洞 VU#580299 微软 Internet Explorer 存在 URL 解码区域伪装漏洞 VU#843771 微软 Internet Explorer 存在 DHTML 方法堆积记忆体误用弱点 VU#823971 微软 Internet Explorer 存在 Channel Definition Format (CDF) 跨网域弱点 _________________________________________________________________ MS05-015: 超连结物件程式库中的弱点可能会允许远端执行程式码 (888113) VU#820427 微软超连结物件程式库存在缓冲区溢位弱点 _________________________________________________________________ ──── 影响平台 ─────────────────────────────── 微软 Windows 作业系统 ──── 修正方式 ─────────────────────────────── 更新档 微软已於安全性公告及 Windows Update 提供数个弱点的更新档。 附录A 参考 * Microsofts Security Bulletin Summary for February, 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx> * US-CERT Vulnerability Note VU#283646 - <http://www.kb.cert.org/vuls/id/283646> * US-CERT Vulnerability Note VU#416001 - <http://www.kb.cert.org/vuls/id/416001> * US-CERT Vulnerability Note VU#340409 - <http://www.kb.cert.org/vuls/id/340409> * US-CERT Vulnerability Note VU#939074 - <http://www.kb.cert.org/vuls/id/939074> * US-CERT Vulnerability Note VU#698835 - <http://www.kb.cert.org/vuls/id/698835> * US-CERT Vulnerability Note VU#259890 - <http://www.kb.cert.org/vuls/id/259890> * US-CERT Vulnerability Note VU#817368 - <http://www.kb.cert.org/vuls/id/817368> * US-CERT Vulnerability Note VU#388984 - <http://www.kb.cert.org/vuls/id/388984> * US-CERT Vulnerability Note VU#130433 - <http://www.kb.cert.org/vuls/id/130433> * US-CERT Vulnerability Note VU#652537 - <http://www.kb.cert.org/vuls/id/652537> * US-CERT Vulnerability Note VU#597889 - <http://www.kb.cert.org/vuls/id/597889> * US-CERT Vulnerability Note VU#927889 - <http://www.kb.cert.org/vuls/id/927889> * US-CERT Vulnerability Note VU#356600 - <http://www.kb.cert.org/vuls/id/356600> * US-CERT Vulnerability Note VU#580299 - <http://www.kb.cert.org/vuls/id/580299> * US-CERT Vulnerability Note VU#843771 - <http://www.kb.cert.org/vuls/id/843771> * US-CERT Vulnerability Note VU#823971 - <http://www.kb.cert.org/vuls/id/823971> * US-CERT Vulnerability Note VU#820427 - <http://www.kb.cert.org/vuls/id/820427> * CERT Advisory CA-2000-002 - <http://www.cert.org/advisories/CA-2000-02.html#impact> ──── 影响结果 ─────────────────────────────── 远端未经验证的攻击者可利用 VU#283646 以非法手段取得 ASP.NET 伺服器中的安全内容。 利用 VU#416001，VU#698835，VU#259890，VU#817368，VU#388984， VU#130433，VU#65253 7，VU#597889，VU#927889，VU#356600，VU#580299，VU#843771，VU#820427，可在有弱点 的视窗系统执行任意程式码。 利用 VU#340409，VU#356600，VU#823971 会有跨站台攻击的影响。（详见 CA-2000-02） 远端攻击者可使用 VU#939074 回复已开启连结的使用者名称，来分享 Windows资源。 ──── 联络TWCERT/CC ───────────────────────────── Tel: 886-7-5250211 FAX: 886-7-5250212 886-2-23563303 886-2-23924082 Email: [email protected] URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm ──────────────────────────────────────── 附件：[ Multiple Vulnerabilities in Microsoft Windows Components Precedence: list] ──── 原文 ───────────────────────────────── Hash: SHA1 Technical Cyber Security Alert TA05-039A Multiple Vulnerabilities in Microsoft Windows Components Original release date: February 8, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows Systems Overview Microsoft has released a Security Bulletin Summary for February, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Exploitation of some vulnerabilities can result in the remote execution of arbitrary code by a remote attacker. Details of the vulnerabilities and their impacts are provided below. I. Description The table below provides a reference between Microsofts Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents. _________________________________________________________________ Format: Microsoft Security Bulletin Related US-CERT Vulnerability Note(s) _________________________________________________________________ MS05-004: ASP.NET Path Validation Vulnerability (887219) VU#283646 Microsoft ASP.NET fails to perform proper canonicalization _________________________________________________________________ MS05-005: Microsoft Office XP could allow Remote Code Execution (873352) VU#416001 Microsoft Office XP contains buffer overflow vulnerability _________________________________________________________________ MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) VU#340409 Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities _________________________________________________________________ MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) VU#939074 Microsoft Computer Browser service contains an information disclosure vulnerability _________________________________________________________________ MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) VU#698835 Microsoft Internet Explorer contains drag and drop flaw _________________________________________________________________ MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) VU#259890 Windows Media Player does not properly handle PNG images with excessive width or height values VU#817368 libpng png_handle_sBIT() performs insufficient bounds checking VU#388984 libpng fails to properly check length of transparency chunk (tRNS) data _________________________________________________________________ MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834) VU#130433 Microsoft License Logging Service buffer overflow _________________________________________________________________ MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) VU#652537 Microsoft Windows SMB packet validation vulnerability _________________________________________________________________ MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) VU#597889 Microsoft COM Structured Storage Vulnerability VU#927889 Microsoft OLE input validation vulnerability _________________________________________________________________ MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability _________________________________________________________________ MS05-014: Cumulative Security Update for Internet Explorer (867282) VU#698835 Microsoft Internet Explorer contains drag and drop flaw VU#580299 Microsoft Internet Explorer contains URL decoding zone spoofing vulnerability VU#843771 Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability VU#823971 Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability _________________________________________________________________ MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) VU#820427 Microsoft Hyperlink Object Library buffer overflow _________________________________________________________________ II. Impact A remote, unauthenticated attacker may exploit VU#283646 to gain unauthorized access to secured content on an ASP.NET server. Exploitation of VU#416001, VU#698835, VU#259890, VU#817368, VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600, VU#580299, VU#843771, and VU#820427 would permit a remote attacker to execute arbitrary code on a vulnerable Windows system. Exploitation of VU#340409, VU#356600, and VU#823971 will have impacts similar to cross-site scripting vulnerabilities. For more information about cross-site scripting, please see CERT Advisory CA-2000-02. A remote attacker could use VU#939074 to retrieve the names of users who have open connections to a shared Windows resource. III. Solution Apply a patch Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update. Appendix A. References * Microsofts Security Bulletin Summary for February, 2005 - <http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx> * US-CERT Vulnerability Note VU#283646 - <http://www.kb.cert.org/vuls/id/283646> * US-CERT Vulnerability Note VU#416001 - <http://www.kb.cert.org/vuls/id/416001> * US-CERT Vulnerability Note VU#340409 - <http://www.kb.cert.org/vuls/id/340409> * US-CERT Vulnerability Note VU#939074 - <http://www.kb.cert.org/vuls/id/939074> * US-CERT Vulnerability Note VU#698835 - <http://www.kb.cert.org/vuls/id/698835> * US-CERT Vulnerability Note VU#259890 - <http://www.kb.cert.org/vuls/id/259890> * US-CERT Vulnerability Note VU#817368 - <http://www.kb.cert.org/vuls/id/817368> * US-CERT Vulnerability Note VU#388984 - <http://www.kb.cert.org/vuls/id/388984> * US-CERT Vulnerability Note VU#130433 - <http://www.kb.cert.org/vuls/id/130433> * US-CERT Vulnerability Note VU#652537 - <http://www.kb.cert.org/vuls/id/652537> * US-CERT Vulnerability Note VU#597889 - <http://www.kb.cert.org/vuls/id/597889> * US-CERT Vulnerability Note VU#927889 - <http://www.kb.cert.org/vuls/id/927889> * US-CERT Vulnerability Note VU#356600 - <http://www.kb.cert.org/vuls/id/356600> * US-CERT Vulnerability Note VU#580299 - <http://www.kb.cert.org/vuls/id/580299> * US-CERT Vulnerability Note VU#843771 - <http://www.kb.cert.org/vuls/id/843771> * US-CERT Vulnerability Note VU#823971 - <http://www.kb.cert.org/vuls/id/823971> * US-CERT Vulnerability Note VU#820427 - <http://www.kb.cert.org/vuls/id/820427> * CERT Advisory CA-2000-002 - <http://www.cert.org/advisories/CA-2000-02.html#impact> _________________________________________________________________ Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, and Jeff Havrilla _________________________________________________________________ This document is available from: <http://www.us-cert.gov/cas/techalerts/TA05-039A.html> _________________________________________________________________ Copyright 2004 Carnegie Mellon University. Terms of use: <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History February 8, 2005: Initial release Last updated February 08, 2005 ──────────────────────────────────────── -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQEVAwUBQhVcIacyQYefg2/NAQHMxAf+LsmaEAGbqecpl6tx4Qj3jmiBK7H7JqBz d4lgQ2mB7FPofTlETc329mmcZSfjuNmyAcEQSqT3d5fSZke0/PTTKTttm7gbHFUi ymgRH7KoBlCL40119FuRW51KW0YCJViK2uMW2firDS2LOEqHXY3h5SEBWPLlN7W6 OaTvD85UHRXJhdkayGzV624n2rgzdvvTLGm293ija+v91u/nsQKuRgumkMY/MDwf 7u0fbJCaQSFj6lnW3v/nikoIyUjRSRvXYCnV7XT6WaxDmlytYcMqiTRpIhu5ZcUx ZXR/bs9p8XwUtnnHzDRKkX6emY4spQ/E2+0VB4MMxa8vOjXBoknKeg== =AZ+8 -----END PGP SIGNATURE----- -- Taiwan Computer Emergency Response Team Security Advisory mailing list. Mail to : [email protected] and include a line "subscribe advisory". Please visit http://www.cert.org.tw/. PGP key : http://www.cert.org.tw/eng/pgp.htm