Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Security Load Image & Help Vulnerabilities


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:12:53 AM

Posted 25 December 2004 - 09:05 AM

Posted Image

PLEASE BE VERY CAREFUL WITH ALL WEB SITES AND EMAIL. There are already Proof-of-Concept (POC) exploits circulating in-the-wild related to brand new unpatched flaws in Microsoft Windows. With POC code circulating in the public, this provides the "bad guys" with tools to quickly build viruses, phishing attacks, and spyware around these Windows Security holes.

This is called a "Zero Day Attack", where the vendor has yet to patch the security hole and there are exploits circulating in the wild. Do not install HELP FILES and follow further breaking news on what to avoid. Finally, some AV Vendors are offering protection as noted in the McAfee examples below. Please update and protect your PC environment.

QUOTE: Because the flaws are in a library used by Windows programs, almost all browsers and e-mail clients are likely affected by the flaws, said Alfred Huger, senior director of engineering at Symantec.

New Windows Security Load Image & Help Vulnerabilities
http://isc.sans.org//diary.php?date=2004-12-23

The holiday news continues to be bleak, with a pair of critical vulnerabilities for Windows NT/2000/2003/XP. First, unless you're running XP SP2, there is a buffer overflow in the LoadImage API, resulting in bitmaps, icons, and animated cursor data files (.bmp, .cur, .ico, and .ani) that can be exploited via HTML delivered either via email or a website. This vulnerability can be used to execute code. Secondly, there is a heap overflow in winhlp32.exe while processing help files on Windows, including XP SP2, apparently. Try not to install help files until some Tuesday in, we hope, January.

Exploits released for new Windows flaws
http://www.dozleng.com/updates/index.php?showtopic=3383

LoadImage API Integer Buffer overflow
http://vil.nai.com/vil/content/v_130605.htm

This detection covers code attempting to exploit a Microsoft Windows LoadImage API Integer Buffer overflow vulnerability that was announced on December 23, 2004. Reportedly, the vulnerability exists on the following operating systems:

* Windows NT4
* Windows 2000
* Windows XP (SP2 is not vulnerable)
* Windows 2003

Kernel ANI File Parsing Crash Vulnerability
http://vil.nai.com/vil/content/v_130604.htm

This detection covers code attempting to exploit a Microsoft Windows Kernel ANI File Parsing Crash Vulnerability that was announced on December 23, 2004. Reportedly, the vulnerability exists on the following operating systems:

* Windows NT4
* Windows 2000
* Windows XP (SP2 is not vulnerable)
* Windows 2003

PROOF-OF-CONCEPT TESTS & MORE DETAILED INFORMATION

I would encourage our members to be VERY CAREFUL in selecting links to install or test their PCs as these POC tests may crash your PC requiring a reboot and you might even loose information you were working on at the time. Please just read the comments only

Windows Issues, original notification
http://www.xfocus.net/flashsky/icoExp/index.html

Bugtraq Discussion
http://www.securityfocus.com/archive/1/385...21/2004-12-27/0
http://www.securityfocus.com/archive/1/385...21/2004-12-27/0
http://www.securityfocus.com/archive/1/385...21/2004-12-27/0

BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users