[SECURITY-L] [cais em cais.rnp.br: CAIS-Alerta: Patch Acumulativo para o Internet Explorer (813489)]
Silvana Mieko Misuta
mieko em ccuec.unicamp.br
Qui Abr 24 16:49:04 -03 2003
----- Forwarded message from Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br> -----
From: Centro de Atendimento a Incidentes de Seguranca <cais em cais.rnp.br>
Subject: CAIS-Alerta: Patch Acumulativo para o Internet Explorer (813489)
To: rnp-alerta em cais.rnp.br, rnp-seg em cais.rnp.br
Date: Thu, 24 Apr 2003 16:39:44 -0300 (BRT)
-----BEGIN PGP SIGNED MESSAGE-----
Prezados,
O CAIS está repassando o alerta divulgado pela Microsoft, Microsoft
Security Bulletin MS03-015: Cumulative Patch for Internet Explorer
(813489), que trata da disponibilização de patch acumulativo para o
Microsoft Internet Explorer.
Sistemas Afetados:
. Microsoft Internet Explorer 5.01
. Microsoft Internet Explorer 5.5
. Microsoft Internet Explorer 6.0
Correções disponíveis:
A correção consiste na aplicação do patch recomendado pela Microsoft e
disponível em:
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Maiores informações:
http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
Identificadores do CVE: CAN-2003-0113, CAN-2003-0114, CAN-2003-0115,
CAN-2003-0116, (http://cve.mitre.org)
O CAIS recomenda aos administradores de plataformas Microsoft que
mantenham seus sistemas e aplicativos sempre atualizados.
Atenciosamente,
################################################################
# CENTRO DE ATENDIMENTO A INCIDENTES DE SEGURANCA / RNP #
# #
# cais em cais.rnp.br http://www.cais.rnp.br #
# Tel. 019-37873300 Fax. 019-37873301 #
# Chave PGP disponivel em: http://www.cais.rnp.br/cais-pgp.key #
################################################################
- -------------------------------------------------------------------
Title: Cumulative Patch for Internet Explorer (813489)
Date: 23 April 2003
Software: Microsoft (c) Internet Explorer
Impact: Run code of the attacker's choice on a user's machine.
Max Risk: Critical
Bulletin: MS03-015
Microsoft encourages customers to review the Security Bulletins at:
http://www.microsoft.com/technet/security/bulletin/MS03-015.asp
http://www.microsoft.com/security/security_bulletins/ms03-015.asp
- -------------------------------------------------------------------
Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for Internet Explorer 5.01, 5.5 and
6.0. In addition, it eliminates the following four newly discovered
vulnerabilities:
- -A buffer overrun vulnerability in URLMON.DLL that occurs because
Internet Explorer does not correctly check the parameters of
information being received from a web server. It could be possible
for an attacker to exploit this vulnerability to run arbitrary code
on a user's system. A user simply visiting an attacker's website
could allow the attacker to exploit the vulnerability without any
other user action.
- -A vulnerability in the Internet Explorer file upload control that
allows input from a script to be passed to the upload control. This
vulnerability could allow an attacker to supply a file name to the
file upload control and automatically upload a file from the user's
system to a web server.
- -A flaw in the way Internet Explorer handles the rendering of third
party files. The vulnerability results because the Internet
Explorer method for rendering third party file types does not
properly check parameters passed to it. An attacker could create a
specially formed URL that would inject script during the rendering
of a third party file format and cause the script to execute in the
security context of the user.
- -A flaw in the way modal dialogs are treated by Internet Explorer
that occurs because an input parameter is not properly checked.
This flaw could allow an attacker to use an injected script to
provide access to files stored on a user's computer. Although a
user who visited the attacker's website could allow the attacker to
exploit the vulnerability without any other user action, an
attacker would have no way to force the user to visit the website.
In addition to eliminating the above vulnerabilities, this patch
also includes a fix for Internet Explorer 6.0 SP1 that corrects the
method by which Internet Explorer displays help information in the
local computer zone. While we are not aware of a method to exploit
this vulnerability by itself, if it were possible to exploit it, it
could allow an attacker to read local files on a visiting user's
system.
This patch also sets the Kill Bit on the Plugin.ocx ActiveX control
which has a security vulnerability. This killbit has been set in
order to ensure that the vulnerable control cannot be reintroduced
onto users' systems and to ensure that users who already have the
vulnerable control on their system are protected. This issue is
discussed further in Microsoft Knowledge Base Article 813489.
Like the previous Internet Explorer cumulative patch released with
bulletin MS03-004, this cumulative patch will cause
window.showHelp( ) to cease to function if you have not applied the
HTML Help update. If you have installed the updated HTML Help
control from Knowledge Base article 811830, you will still be able
to use HTML Help functionality after applying this patch.
Mitigating factors:
====================
There are common mitigating factors across all of the
vulnerabilities:
- -The attacker would have to host a web site that contained a web
page used to exploit the particular vulnerability.
- -By default, Outlook Express 6.0 and Outlook 2002 open HTML mails
in the Restricted Sites Zone. In addition, Outlook 98 and 2000 open
HTML mails in the Restricted Sites Zone if the Outlook Email
Security Update has been installed. Customers who use any of these
products would be at no risk from an e-mail borne attack that
attempted to automatically exploit these vulnerabilities. The
attacker would have no way to force users to visit a malicious web
site. Instead, the attacker would need to lure them there,
typically by getting them to click on a link that would take them
to the attacker's site.
In addition to the common factors, there are a number of individual
mitigating factors:
URLMON.DLL Buffer Overrun:
- -Code that executed on the system would only run under the
privileges of the locally logged in user.
File Upload Control vulnerability:
- -The attacker would have to know the explicit path and name of the
file to be uploaded in advance.
Third Party plug-in rendering:
- -The third party plugin would have to be present on the user's
system in order for it to be exploited
Risk Rating:
============
- Critical
Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
Security Bulletins at
http://www.microsoft.com/technet/security/bulletin/ms03-015.asp
http://www.microsoft.com/security/security_bulletins/ms03-015.asp
for information on obtaining this patch.
- -----------------------------------------------------------------
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.
*******************************************************************
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
iQCVAwUBPqg9iOkli63F4U8VAQF9VgQArESeVpDJUYY9w2wZ12sWf5E0B9iS+hzk
P8mwYGQ5QnCy/pwJvELfmRg28D/J3lDfAtGvnQ2DoZMCwlpJ7beSmEPjoaaa9UOo
HbDTzcAUwCWHWaa76nKwgR2dwIJ3Ri+d+wyawSdqb5Rgn/A8tevWsxyRPlbRq5pO
FXJSeKuzjpk=
=7EBZ
-----END PGP SIGNATURE-----
----- End forwarded message -----
Mais detalhes sobre a lista de discussão SECURITY-L