This article is more than 1 year old

Serious Outlook hole patched

ActiveX threats, memory leaks, cross-site scripting and more

MS Bug Roundup MS has patched a serious vulnerability in Outlook 2002 by which an attacker could take over one's machine. At issue is an ActiveX feature, the Outlook View Control, which enables mail folders to be viewed via Web pages. In Outlook 2K the flaw doesn't give up control, but could allow for minor mischief.

MS suggested a workaround last month while it worked on a patch. The job is finished now, and the crucial 2002 patch is available here, while the more or less optional 2K patch is available here.



A CSS (

cross-site scripting

) vulnerability in Hotmail which could have allowed for considerable HTML mischief was sorted out before it became popular, thanks to

WhiteHat Security

which found it and alerted MS.

At issue is the possibility that outside content can get past HTML and JavaScript filters and into a dynamic HTML Web page, from which it could execute arbitrary code on a victim's machine.

In spite of filtering, "obfuscated content may elude the current filters and execute within the users browser environment," according to the Whitehat bulletin.

A sample exploit might be an e-mail containing HTML like this:

<HTML><BODY>
<br><STYLE TYPE="application/x-javascript">
<br>alert('JavaScript has been Executed');
<br></STYLE>
<br></BODY></HTML>

The "application/x-javascript" TYPE attribute causes the following expression to be interpreted as JavaScript, Whitehat says.

The vulnerability was reported to MS on 10 August and by the fourteenth it was fixed. It still, however, affects Netscape, and any number of other Web applications. Makes you wish you could force your e-mail client to preview and display messages as text only....



Three vulnerabilities in MS ISA (Internet Security and Acceleration) Server 2000 are being addressed in a single patch. We have the denial of service vulnerability involving the H.323 Gatekeeper Service which supports voice-over-IP traffic through the firewall, caused by a memory leak; the cross-site scripting vulnerability affecting error pages that ISA generates in response to a failed request for a web page; and the denial of service vulnerability in the in the proxy service, also caused by a memory leak. The relevant bulletin is

here

; and the patch is

here

.



A buffer overflow vulnerability in the Win-2K IrDA (infrared connection) driver could enable an attacker to cause an access violation on one's system and so cause a reboot. Since the attacker needs to be located within about two feet of the victim and have a direct line of sight to his infrared port, this one is pretty much a parlor trick. However, if anyone finds it more threatening than entertaining, MS has developed a patch for it, located

here

.

More about

TIP US OFF

Send us news


Other stories you might like