[MUY CRITICO] Microsoft Browser Client Context Tool Three Vulnerabilities

07/12/2004 - 19:39 por Windows | Informe spam
(EXTREMADAMENTE CRITICO)


Microsoft Browser Client Context Tool Three Vulnerabilities
http://secunia.com/advisories/13365/

Secunia Advisory: SA13365 Print Advisory
Release Date: 2004-12-07

Critical: Highly critical

Impact:
Cross Site Scripting
System access

Where: From remote
Solution Status: Unpatched

Software: Microsoft Browser Client Context Tool (W3Who.dll)

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

CVE reference: CAN-2004-1133
CAN-2004-1134

Description:
Nicolas Gregoire has reported some vulnerabilities in Microsoft
Browser Client Context Tool (W3Who.dll), which can be exploited by
malicious people to conduct cross-site scripting attacks or
potentially compromise a vulnerable system.

1) Invalid input passed to the ISAPI extension is not properly
sanitised before being returned to users in error messages. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable web site.

Example:
http://[host]/scripts/w3who.dll?bogus=[code]

2) Input passed in HTTP headers is not properly sanitised before being
displayed. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of a vulnerable web site.

3) A boundary error within the processing of parameters can be
exploited to cause a buffer overflow by passing an overly long
parameter.

Example:
http://[host]/scripts/w3who.dll?AAAAAAAAA...[519 to
12571]AAAAAAAAAAAAA

Solution:
Remove the W3Who.dll ISAPI extension.

Provided and/or discovered by:
Nicolas Gregoire, Exaprobe.

Original Advisory:
http://www.exaprobe.com/labs/adviso...-1206.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mas referencias:
http://www.securitytracker.com/aler...12435.html
http://www.theinquirer.net/?article 086

Preguntas similare

Leer las respuestas

#1 JM Tella Llop [MVP Windows]
07/12/2004 - 17:20 | Informe spam
http://www.sysinternals.com/files/procexpnt.zip (freeware)

This is one of those tools no one should be living without:

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
What's new in Version 8.60:

a.. Multi-row tabs on process properties dialog
b.. Image signing verification on process image properties dialog
c.. Mini-CPU usage graph on toolbar
d.. Command-line option for specifying Process Explorer priority
e.. Manual refresh (F5) forces recheck of job and .NET process status
f.. Single-clicking on tray icon minimizes and restores main window

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
Respuesta Responder a este mensaje
#2 JM Tella Llop [MVP Windows]
07/12/2004 - 17:20 | Informe spam
http://www.sysinternals.com/files/procexpnt.zip (freeware)

This is one of those tools no one should be living without:

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
What's new in Version 8.60:

a.. Multi-row tabs on process properties dialog
b.. Image signing verification on process image properties dialog
c.. Mini-CPU usage graph on toolbar
d.. Command-line option for specifying Process Explorer priority
e.. Manual refresh (F5) forces recheck of job and .NET process status
f.. Single-clicking on tray icon minimizes and restores main window

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
Respuesta Responder a este mensaje
#3 JM Tella Llop [MVP Windows]
07/12/2004 - 17:20 | Informe spam
http://www.sysinternals.com/files/procexpnt.zip (freeware)

This is one of those tools no one should be living without:

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
What's new in Version 8.60:

a.. Multi-row tabs on process properties dialog
b.. Image signing verification on process image properties dialog
c.. Mini-CPU usage graph on toolbar
d.. Command-line option for specifying Process Explorer priority
e.. Manual refresh (F5) forces recheck of job and .NET process status
f.. Single-clicking on tray icon minimizes and restores main window

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.
Respuesta Responder a este mensaje
#4 Raul Miralles
07/12/2004 - 20:03 | Informe spam
Cómo pa' too' hay que saber, voy a explicartelo como a los nenes:

The Microsoft Windows 2000 Resource Kit's W3who tool is an Internet Server
API (ISAPI) filter for testing a Web site from a browser.

usuase. que todo el mundo que tiene un W2000 Server, se instala la ISAPI
esa bajandose el Resource Kitm y luego además lo deja activado.

Cada dia das noticias peores, pero claro, si no las entiendes, ¿que vas a
decir?.


"Windows" escribió en el mensaje
news:
(EXTREMADAMENTE CRITICO)


Microsoft Browser Client Context Tool Three Vulnerabilities
http://secunia.com/advisories/13365/

Secunia Advisory: SA13365 Print Advisory
Release Date: 2004-12-07

Critical: Highly critical

Impact:
Cross Site Scripting
System access

Where: From remote
Solution Status: Unpatched

Software: Microsoft Browser Client Context Tool (W3Who.dll)

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

CVE reference: CAN-2004-1133
CAN-2004-1134

Description:
Nicolas Gregoire has reported some vulnerabilities in Microsoft
Browser Client Context Tool (W3Who.dll), which can be exploited by
malicious people to conduct cross-site scripting attacks or
potentially compromise a vulnerable system.

1) Invalid input passed to the ISAPI extension is not properly
sanitised before being returned to users in error messages. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable web site.

Example:
http://[host]/scripts/w3who.dll?bogus=[code]

2) Input passed in HTTP headers is not properly sanitised before being
displayed. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of a vulnerable web site.

3) A boundary error within the processing of parameters can be
exploited to cause a buffer overflow by passing an overly long
parameter.

Example:
http://[host]/scripts/w3who.dll?AAAAAAAAA...[519 to
12571]AAAAAAAAAAAAA

Solution:
Remove the W3Who.dll ISAPI extension.

Provided and/or discovered by:
Nicolas Gregoire, Exaprobe.

Original Advisory:
http://www.exaprobe.com/labs/adviso...-1206.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mas referencias:
http://www.securitytracker.com/aler...12435.html
http://www.theinquirer.net/?article 086
Respuesta Responder a este mensaje
#5 Raul Miralles
07/12/2004 - 20:03 | Informe spam
Cómo pa' too' hay que saber, voy a explicartelo como a los nenes:

The Microsoft Windows 2000 Resource Kit's W3who tool is an Internet Server
API (ISAPI) filter for testing a Web site from a browser.

usuase. que todo el mundo que tiene un W2000 Server, se instala la ISAPI
esa bajandose el Resource Kitm y luego además lo deja activado.

Cada dia das noticias peores, pero claro, si no las entiendes, ¿que vas a
decir?.


"Windows" escribió en el mensaje
news:
(EXTREMADAMENTE CRITICO)


Microsoft Browser Client Context Tool Three Vulnerabilities
http://secunia.com/advisories/13365/

Secunia Advisory: SA13365 Print Advisory
Release Date: 2004-12-07

Critical: Highly critical

Impact:
Cross Site Scripting
System access

Where: From remote
Solution Status: Unpatched

Software: Microsoft Browser Client Context Tool (W3Who.dll)

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

CVE reference: CAN-2004-1133
CAN-2004-1134

Description:
Nicolas Gregoire has reported some vulnerabilities in Microsoft
Browser Client Context Tool (W3Who.dll), which can be exploited by
malicious people to conduct cross-site scripting attacks or
potentially compromise a vulnerable system.

1) Invalid input passed to the ISAPI extension is not properly
sanitised before being returned to users in error messages. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable web site.

Example:
http://[host]/scripts/w3who.dll?bogus=[code]

2) Input passed in HTTP headers is not properly sanitised before being
displayed. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of a vulnerable web site.

3) A boundary error within the processing of parameters can be
exploited to cause a buffer overflow by passing an overly long
parameter.

Example:
http://[host]/scripts/w3who.dll?AAAAAAAAA...[519 to
12571]AAAAAAAAAAAAA

Solution:
Remove the W3Who.dll ISAPI extension.

Provided and/or discovered by:
Nicolas Gregoire, Exaprobe.

Original Advisory:
http://www.exaprobe.com/labs/adviso...-1206.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Mas referencias:
http://www.securitytracker.com/aler...12435.html
http://www.theinquirer.net/?article 086
Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaSiguiente Respuesta Tengo una respuesta
Search Busqueda sugerida