|
|
By Dennis Fisher
Microsoft Corp. on Wednesday issued patches for three flaws in various versions of Windows, two of which give attackers the ability to run whatever code they wish on vulnerable machines.
The most serious of the vulnerabilities affects all currently supported versions of Windows, from Windows 98 up through Windows Server 2003. The problem lies in the HTML converter, which allows users to handle HTML files. A vulnerability results from the way the converter handles conversion requests during cut-and-paste operations.
An attacker who could create a special conversion request could cause the converter to fail in a way that enables the attacker to execute code on the user's machine. The code would run with the user's privileges. The patch for this flaw is here.
The second vulnerability affects Windows NT 4.0, Windows 2000 and XP Professional and results from a buffer overrun in a portion of the operating system that handles Server Message Block requests. When the Windows server receives SMB packets, it fails to validate the length of the buffer established by the packet. As a result, an attacker could use a malicious SMB request to overrun the buffer, which would cause one of three things to happen: data corruption, a system failure or code execution.
However, in order to exploit this flaw, the attacker would need to be authenticated to the server. The patch for this issue is located here.
Source and more
|
|
|
 |
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 5
Votes: 1
|
|
|
