Forums Últimos mensajes - Powered by IBM
 
Tags Palabras claves

Microsoft IE MSN 'heartbeat.ocx' Component Has Unspecified Flaw

15/10/2004 - 21:39 por \\\\ MeMMiTo // | Informe spam
Ayuda Hacer una pregunta
SecurityTracker Alert ID: 1011678
SecurityTracker URL: http://securitytracker.com/id?1011678
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 14 2004
Impact: Not specified
Fix Available: Yes Vendor Confirmed: Yes
Advisory: NGSEC
Description: A vulnerability was reported in the Microsoft MSN
'heartbeat.ocx' component, used by Internet Explorer on some MSN
gaming sites. The impact was not specified.

NGSSoftware reported that there is a flaw in 'heartbeat.ocx', but did
not provide any details.

NGSSoftware will release details on January 19, 2005.
Impact: The impact was not specified.
Solution: Microsoft has set the kill bit for 'heartbeat.ocx' in the
MS04-038 security update, available at:

http://www.microsoft.com/technet/se...4-038.mspx
Vendor URL: www.microsoft.com/technet/security/bulletin/MS04-038.mspx
(Links to External Site)
Cause: Not specified
Underlying OS: Windows (Any)
Reported By: "NGSSoftware Insight Security Research"
<nisr@ngssoftware.com>
Message History: None.

Source Message Contents
Date: Wed, 13 Oct 2004 15:37:26 +0100
From: "NGSSoftware Insight Security Research" <nisr@ngssoftware.com>
Subject: MSN Gaming Heartbeat Component Buffer Overflow



John Heasman of NGSSoftware has discovered a high risk
vulnerability in the Heartbeat component used on MSN related
gaming sites.

This vulnerability has now been fixed by Microsoft, and a fix
can be downloaded from the Microsoft Security website:

http://www.microsoft.com/technet/se...4-038.mspx

NGSSoftware are going to withhold details of this flaw for three
months. Full details will be published on the 19th of January 2005.
This three month window will allow users of MSN gaming related
sites the time needed to obtain the patch before the details are
released to the general public. This reflects NGSSoftware's new
approach to responsible disclosure.

This vulnerability, including many others identified and fixed by
Microsoft in this month's Cumulative Security Update, can be
detected by Typhon III - NGSSoftware's advanced vulnerability
scanner. Typhon III will rapidly detect hosts on your network
susceptible to these vulnerabilities and enable your organisation
to manage risk. For existing Typhon III customers, please use the
Typhon III update option to include these new vulnerability checks.


NGSSoftware Insight Security Research
http://www.databasesecurity.com/
http://www.nextgenss.com/
+44(0)208 401 0070








Go to the Top of This SecurityTracker Archive Page




Home | View Topics | Search | Contact Us | Help

Copyright 2004, SecurityGlobal.net LLC
http://www.securitytracker.com/aler...11678.html
email Siga el debateRespuesta 11 respuestasRespuesta Tengo una respuesta
DRAGON AGE™: INQUISITION – Matadragones
 

Leer las respuestas

#1 Carlos Lasarte
15/10/2004 - 21:48 | Informe spam
puro spam

Espero que esto resuelva tu problema, sino, no dudes en preguntar de nuevo
Para la Seguridad de tu equipo, instala el SP2 de Windows XP
http://www.microsoft.com/downloads/...p;FamilyID9c9dbe-3b8e-4f30-8245-9e368d3cdb5a

Saludos
Carlos Lasarte

Windows XP Home
"\\ MeMMiTo //" escribió en el mensaje
news:1r8ujaek7gq6s$
SecurityTracker Alert ID: 1011678
SecurityTracker URL: http://securitytracker.com/id?1011678
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Oct 14 2004
Impact: Not specified
Fix Available: Yes Vendor Confirmed: Yes
Advisory: NGSEC
Description: A vulnerability was reported in the Microsoft MSN
'heartbeat.ocx' component, used by Internet Explorer on some MSN
gaming sites. The impact was not specified.

NGSSoftware reported that there is a flaw in 'heartbeat.ocx', but did
not provide any details.

NGSSoftware will release details on January 19, 2005.
Impact: The impact was not specified.
Solution: Microsoft has set the kill bit for 'heartbeat.ocx' in the
MS04-038 security update, available at:

http://www.microsoft.com/technet/se...4-038.mspx
Vendor URL: www.microsoft.com/technet/security/bulletin/MS04-038.mspx
(Links to External Site)
Cause: Not specified
Underlying OS: Windows (Any)
Reported By: "NGSSoftware Insight Security Research"

Message History: None.

Source Message Contents
Date: Wed, 13 Oct 2004 15:37:26 +0100
From: "NGSSoftware Insight Security Research"
Subject: MSN Gaming Heartbeat Component Buffer Overflow



John Heasman of NGSSoftware has discovered a high risk
vulnerability in the Heartbeat component used on MSN related
gaming sites.

This vulnerability has now been fixed by Microsoft, and a fix
can be downloaded from the Microsoft Security website:

http://www.microsoft.com/technet/se...4-038.mspx

NGSSoftware are going to withhold details of this flaw for three
months. Full details will be published on the 19th of January 2005.
This three month window will allow users of MSN gaming related
sites the time needed to obtain the patch before the details are
released to the general public. This reflects NGSSoftware's new
approach to responsible disclosure.

This vulnerability, including many others identified and fixed by
Microsoft in this month's Cumulative Security Update, can be
detected by Typhon III - NGSSoftware's advanced vulnerability
scanner. Typhon III will rapidly detect hosts on your network
susceptible to these vulnerabilities and enable your organisation
to manage risk. For existing Typhon III customers, please use the
Typhon III update option to include these new vulnerability checks.


NGSSoftware Insight Security Research
http://www.databasesecurity.com/
http://www.nextgenss.com/
+44(0)208 401 0070








Go to the Top of This SecurityTracker Archive Page




Home | View Topics | Search | Contact Us | Help

Copyright 2004, SecurityGlobal.net LLC
http://www.securitytracker.com/aler...11678.html

Preguntas similares

 

Busqueda sugerida :