[SECURITY-L] TA14-318A: Microsoft Windows OLE Automation Array Remote Code Execution Vulnerability

CSIRT - UNICAMP security em unicamp.br
Seg Nov 17 10:34:26 -02 2014 

TA14-318A: Microsoft Windows OLE Automation Array Remote Code Execution
Vulnerability

NCCIC / US-CERT

National Cyber Awareness System:

TA14-318B: Microsoft Windows OLE Automation Array Remote Code Execution
Vulnerability <https://www.us-cert.gov/ncas/alerts/TA14-318A-0>
11/14/2014 05:42 PM EST

Original release date: November 14, 2014


      Systems Affected

  * Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1
  * Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, and
    Server 2012 R2


      Overview

A vulnerability in Microsoft Windows Object Linking and Embedding (OLE)
could allow remote code execution if a user views a specially-crafted
web page in Internet Explorer.[1]
<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6332>


      Description

The Microsoft Windows OLE OleAut32.dll library provides the
SafeArrayRedim function that allows resizing of SAFEARRAY objects in
memory.[2]
<http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/>
In certain circumstances, this library does not properly check sizes of
arrays when an error occurs. The improper size allows an attacker to
manipulate memory in a way that can bypass the Internet Explorer
Enhanced Protected Mode (EPM) sandbox as well as the Enhanced Mitigation
Experience Toolkit (EMET).

This vulnerability can be exploited using a specially-crafted web page
utilizing VBscript in Internet Explorer. However, it may impact other
software that makes use of OleAut32.dll and VBscript.

Exploit code is publicly available for this vulnerability. Additional
details may be found in CERT/CC Vulnerability Note VU#158647
<http://www.kb.cert.org/vuls/id/158647>.


      Impact

Arbitrary code can be run on the computer with user privileges. If the
user is an administrator, the attacker may run arbitrary code as an
administrator, fully compromising the system. 


      Solution

An update is available from Microsoft.[3]
<https://technet.microsoft.com/library/security/MS14-064> Please see
Microsoft Security Bulletin MS14-064 for more details and mitigation
guidance, and apply the necessary updates.


      References

  * [1] NIST Vulnerability Summary for CVE-2014-6332
    <https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6332>
  * [2] IBM X-Force Researcher Finds Significant Vulnerability in
    Microsoft Windows
    <http://securityintelligence.com/ibm-x-force-researcher-finds-significant-vulnerability-in-microsoft-windows/>
  * [3] Microsoft Security Bulletin MS14-064
    <https://technet.microsoft.com/library/security/MS14-064>


      Revision History

  * November 14, 2014: Initial Release

------------------------------------------------------------------------

This product is provided subject to this Notification
<http://www.us-cert.gov/privacy/notification> and this Privacy & Use
<http://www.us-cert.gov/privacy/> policy.

------------------------------------------------------------------------
OTHER RESOURCES:
Contact Us <http://www.us-cert.gov/contact-us/> | Security Publications
<http://www.us-cert.gov/security-publications> | Alerts and Tips
<http://www.us-cert.gov/ncas> | Related Resources
<http://www.us-cert.gov/related-resources>

STAY CONNECTED:
Sign up for email updates
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>

SUBSCRIBER SERVICES:
Manage Preferences
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true>  |  Unsubscribe
<https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.7c8ce4d3117305e79fd4ab8b330b9e90&destination=daniela@ccuec.unicamp.br>  |  Help
<https://subscriberhelp.govdelivery.com/>

------------------------------------------------------------------------
This email was sent to daniela em ccuec.unicamp.br using GovDelivery, on
behalf of: United States Computer Emergency Readiness Team (US-CERT) ·
245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110
Powered by GovDelivery <http://www.govdelivery.com/portals/powered-by>

Mais detalhes sobre a lista de discussão SECURITY-L