[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : System Monitor ActiveX Buffer Overflow Vulnerability

Title: System Monitor ActiveX Buffer Overflow Vulnerability
Released by: USSR
Date: 3rd November 2000
Printable version: Click here 
-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1



System Monitor ActiveX Buffer Overflow Vulnerability



USSR Advisory Code:  USSR-2000057



Public Disclosure Date:

November 3, 2000



Vendors Affected:



Microsoft Corporation

http://www.microsoft.com



Systems Affected:

Microsoft Windows 2000 Server

Microsoft Windows 2000 Professional

Microsoft Windows 2000 Advanced Server

Microsoft Windows 2000 Datacenter Server





Problem:

The USSR Team has found a problem in the Microsoft System Monitor

ActiveX control (class id: C4D2D8E0-D1DD-11CE-940F-008029004347,

sysmon.ocx)

in the Value field name "LogFileName",which could be used by

malicious user

to potentially run code on another user's machine.



The vulnerability can only be exploited if ActiveX controls are

enabled in Internet Explorer, Outlook or Outlook Express.





SPECIAL NOTE: USSR Labs takes no responsibility for the following

example.

It is provided for educational purposes only.



Example evil.html:



















If a user accesses a page with the above mentioned code imbedded,

IE, Outlook and Outlook Express will crash. The following error

message will appear in the event log.



"Application popup: iexplore.exe - Application Error : The

instruction at "0x64a8e132" referenced memory at "0x006100dd". The

memory could not be "written".





Online examples:



http://www.ussrback.com/microsoft/msmactivex.html

http://www.ussrback.com/microsoft/msmactivex2.html





Vendor Status:

Informed: Sunday, September 17, 2000 4:23 PM

Contacted: Sunday, September 17, 2000 5:55 PM

Patch Available: November 3, 2000



Status:



More Information:



http://www.microsoft.com/technet/security/bulletin/ms00-085.asp



Frequently Asked Questions: Microsoft Security Bulletin MS00-085

http://www.microsoft.com/technet/security/bulletin/fq00-085.asp



Microsoft Knowledge Base article Q278511 discusses this issue and

will be available soon.



Fix:

Windows 2000: (can be applied to both Gold and Service Pack 1)



http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25532





Related Links:



Underground Security Systems Research:

http://www.ussrback.com



CrunchSp Product:

http://www.crunchsp.com



About:



USSR is an emerging security company based in South America.

We are devoted to network security research, vulnerability research,

and software protection systems. One of the main objectives of USSR

is to

develop and implement cutting edge security and protection systems

that cater to an evolving market.



We believe that the way we implement security solutions can make a

difference. CrunchSP is an example, providing a solution to software

piracy.

Our solutions such as CrunchSP are devoted to protecting your

enterprise.



On a daily basis, we research, develop, discover and report

vulnerability information.  We make this information freely available

via

public forums such as BugTraq, and our advisory board located at

http://www.ussrback.com.



The USSR is a highly skilled, experienced team.  Many USSR

programmers, as well as programmers of partners and affiliates, are

seasoned

professionals, with 12 or more years of industry experience.  A

knowledge

base of numerous computer applications as well as many high and low

level

programming languages makes USSRback a diverse team of experts

prepared to

serve the needs of any customer.



USSR has assembled some of the world's greatest software developers

and security consultants to provide our customers with a wide range

of enterprise level services.  These services include:



* Network Penetration Testing

* Security Application development

* Application Security Testing and Certification

* Security Implementations

* Cryptography

* Emergency Response Team

* Firewalling

* Virtual Private Networking

* Intrusion Detection

* Support and maintenance



For more information, please contact us via email at

labs@ussrback.com.



Copyright (c) 1999-2000 Underground Security Systems Research.

Permission is hereby granted for the redistribution of this alert

electronically. It is not to be edited in any way without explicit

consent of USSR. If you wish to reprint whole or any part of this

alert in any other medium excluding electronic medium, please e-mail

labs@ussrback.com for permission.



Disclaimer:

The information within this paper may change without notice. We may

not be held responsible for the use and/or potential effects of these

programs or advisories.  Use them and read them at your own risk or

not at all. You solely are responsible for this judgment.



Feedback:



If you have any questions, comments, concerns, updates, or

suggestions please feel free to send them to:



Underground Security Systems Research

mail:labs@ussrback.com

http://www.ussrback.com



-----BEGIN PGP SIGNATURE-----

Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>



iQA/AwUBOgaIm9ybEYfHhkiVEQL9AACfZbM84UMWwahAJaao9LDtxKFqxPgAoIU/

YvT1lzjOJq9abeVZcdiJlrnN

=Gs3p

-----END PGP SIGNATURE-----





(C) 1999-2000 All rights reserved.