Latest Tech

Latest Posts

Technical Cyber Security Alert 2005-284A

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 2
Technical Cyber Security Alert 2005-284A
Technical Cyber Security Alert 2005-284A
Technical Cyber Security Alert 2005-284A, issued by US-CERT, warned of Technical Cyber Security Alert 2005-284A, issued by US-CERT, warned of a critical vulnerability in the Microsoft Windows Plug and Play (PnP) service.

This flaw, addressed by Microsoft Security Bulletin MS05-039, allowed unauthenticated remote attackers to execute arbitrary code or cause a denial of service. The vulnerability affected Windows 2000, XP, and Server 2003 operating systems.

Exploitation occurred by sending specially crafted Plug and Play packets to a vulnerable system. Its severity was high due to the potential for widespread, worm-like attacks without user interaction. Organizations were urged to apply the patch immediately to prevent compromise.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Technical Cyber Security Alert TA05-284A
Microsoft Windows, Internet Explorer, and Exchange Server
Vulnerabilities

Original release date: October 11, 2005
Last revised: --
Source: US-CERT

Systems Affected

* Microsoft Windows
* Microsoft Internet Explorer
* Microsoft Exchange Server

For more complete information, refer to the Microsoft Security
Bulletin Summary for October 2005.

Overview

Microsoft has released updates that address critical vulnerabilities
in Windows, Internet Explorer, and Exchange Server. Exploitation of
these vulnerabilities could allow a remote, unauthenticated attacker
to execute arbitrary code or cause a denial of service on an affected
system.

I. Description

Microsoft Security Bulletins for October 2005 address vulnerabilities
in Windows and Internet Explorer. Further information is available in
the following US-CERT Vulnerability Notes:


VU#214572 - Microsoft Plug and Play fails to properly validate user
supplied data

Microsoft Plug and Play contains a flaw in the handling of message
buffers that may result in local or remote arbitrary code execution or
denial-of-service conditions.
(CAN-2005-2120)


VU#883460 - Microsoft Collaboration Data Objects buffer overflow

A buffer overflow in Microsoft Collaboration Data Objects may allow a
remote, unauthenticated attacker to execute arbitrary code on a
vulnerable system.
(CAN-2005-1987)


VU#922708 - Microsoft Windows Shell fails to handle shortcut files
properly

Microsoft Windows Shell does not properly handle some shortcut files
and may permit arbitrary code execution when a specially-crafted file
is opened.
(CAN-2005-2122)


VU#995220 - Microsoft DirectShow buffer overflow

A buffer overflow in Microsoft DirectShow may allow a remote,
unauthenticated attacker to execute arbitrary code on a vulnerable
system.
(CAN-2005-2128)


VU#180868 - Microsoft Distributed Transaction Coordinator vulnerable
to buffer overflow via specially crafted network message

Microsoft Distributed Transaction Coordinator (MSDTC) may be
vulnerable to a flaw that allows remote, unauthenticated attackers to
execute arbitrary code.
(CAN-2005-2119)


VU#950516 - Microsoft COM+ contains a memory management flaw

Microsoft COM+ contains a vulnerability due to a memory management
flaw that may allow an attacker to take complete control of an
affected system.
(CAN-2005-1978)


VU#959049 - Several COM objects cause memory corruption in Microsoft
Internet Explorer

Microsoft Internet Explorer will initialize COM objects that were not
intended to be used in the web browser. Several COM objects have been
identified that may allow an attacker to execute arbitrary code or
crash Internet Explorer.
(CAN-2005-2127)


VU#680526 - Microsoft Internet Explorer allows non-ActiveX COM objects
to be instantiated

Microsoft Internet Explorer will initialize COM objects that were not
intended to be used in the web browser. This may allow an attacker to
execute arbitrary code or crash Internet Explorer.
(CAN-2005-0163)

II. Impact

Exploitation of these vulnerabilities may allow a remote,
unauthenticated attacker to execute arbitrary code with SYSTEM
privileges or with the privileges of the user. If the user is logged
on with administrative privileges, the attacker could take complete
control of an affected system. An attacker may also be able to cause a
denial of service.

III. Solution

Apply Updates

Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.

Workarounds

Please see the following US-CERT Vulnerability Notes for workarounds.

Appendix A. References

* Microsoft Security Bulletin Summary for October 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-oct.mspx>

* US-CERT Vulnerability Note VU#214572 -
<http://www.kb.cert.org/vuls/id/214572>

* US-CERT Vulnerability Note VU#883460 -
<http://www.kb.cert.org/vuls/id/883460>

* US-CERT Vulnerability Note VU#922708 -
<http://www.kb.cert.org/vuls/id/922708>

* US-CERT Vulnerability Note VU#995220 -
<http://www.kb.cert.org/vuls/id/995220>

* US-CERT Vulnerability Note VU#180868 -
<http://www.kb.cert.org/vuls/id/180868>

* US-CERT Vulnerability Note VU#950516 -
<http://www.kb.cert.org/vuls/id/950516>

* US-CERT Vulnerability Note VU#959049 -
<http://www.kb.cert.org/vuls/id/959049>

* US-CERT Vulnerability Note VU#680526 -
<http://www.kb.cert.org/vuls/id/680526>

* CAN-2005-2120 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2120>

* CAN-2005-1987 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1987>

* CAN-2005-2122 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2122>

* CAN-2005-2128 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2128>

* CAN-2005-2119 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2119>

* CAN-2005-1978 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1978>

* CAN-2005-2127 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2127>

* CAN-2005-0163 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0163>

* Microsoft Update - <https://update.microsoft.com/microsoftupdate>


_________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA05-284A.html>
_________________________________________________________________

Feedback can be directed to US-CERT. Please send email to:
<This email address is being protected from spambots. You need JavaScript enabled to view it.> with "TA05-284A Feedback VU#959049" in the subject.
_________________________________________________________________

Revision History

Oct 11, 2004: Initial release
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.

Terms of use

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/>.





-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQ0xBVn0pj593lg50AQJvOQf/QqIy3putm/wkUAUguQaylsCfC38Lysdc
bqbtj7oF6HEoCzhQguaqQdMGOqa4QJnrObnkHN29xFhYovKWOIYkYsh6c3IXaNLK
PdImVbcMFNn9VsBNNRVr2dqPXJPvgFFzQKsDcKkknnZyxLf5mshwDJoKFsKDGr9c
1P9yxwyagQ8G73gTq6hPV/Wl/6zElXH/chlh6haXe6XN9ArTmz8A3OCAN+BZQUqe
/9T4US8oxLeLlNDcQc/PV5v3VuXXW0v9kjEjqAVEH5tRKH/oIkVdgpj7gdrAzDjM
MUojHfl1v2/JwWubQ9DFQsBx4Jxv5YvJEREsU7RbVJotn02+Yaaeog==
=5hXu
-----END PGP SIGNATURE-----

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.