by May 1, 1999 0 comments

Vulnerability in Forms 2.0 ActiveX control

Problem: There is a vulnerability in the Forms 2.0 ActiveX control. This
control is distributed in any application that includes Visual Basic for Applications 5. A
malicious hacker can use the Forms 2 control to read or export text on a user’s
clipboard when a user visits a Website set up by a hacker or opens an HTML-e-mail created
by a hacker.

Who’s affected: The following versions of
software that install Forms 2.0 are affected: Office 97, Outlook 98, Project 98, Visual
Basic 5 or any other third party software that includes VB for Applications 5. In order to
check whether your system is affected by this vulnerability, right-click the
“Fm20.dll” file in the Windows> System folder and choose properties from the
shortcut menu. If the date of the file is earlier than January 11, 1999, then your system
is affected by this vulnerability.

Impact and solution: The Forms 2.0 is an ActiveX
component that allows text to be pasted from your clipboard to a text- or combo-box. This
control has a vulnerability that allows text to be pasted from a user’s clipboard to
Forms 2.0 text- or combo-box. This control is installed as a standard part of applications
that use VB for Applications 5.
The Forms 2.0 is an ActiveX
component that allows text to be pasted from your clipboard to a text- or combo-box. This
control has a vulnerability that allows text to be pasted from a user’s clipboard to
Forms 2.0 text- or combo-box. This control is installed as a standard part of applications
that use VB for Applications 5.

A malicious hacker can cause the Forms 2.0 Control to read
or export text from the user’s clipboard when a user visits a Website set up by him,
or opens an HTML-e-mail created by a malicious hacker.

Patch for this vulnerability is available from Microsoft on
the Office Update site at http://officeupdate.microsoft. com/downloaddetails/fm2paste.htm.
You just have to download “Fm2paste. exe” and run it to install the patch. In
this patch Microsoft has updated two ActiveX control files: Fm20.dll and Fm20enu.dll, in
order to prevent a hacker from being able to view the contents of a user’s clipboard.

On installing this patch, a user doesn’t lose any
functionality and is still able to paste content from the clipboard to a Web page or other
document.

Vulnerability in Word 97 template

Problem: A vulnerability exists in Word 97 which permits macros to run
without warning when a user opens a document based on the template containing macros. A
hacker can exploit this vulnerability to cause malicious macro code to be run without
warning if a user opens a Word attachment that was sent by a hacker, or posted on a
Website controlled by the hacker. This macro can possibly be used to damage or retrieve
data on a user’s system.

Who’s affected: These using Word 97 will be
affected by this vulnerability.

Impact and solution: Word 97 follows a standard
safety measure by which it warns users when a document containing macros is opened.
However, it may happen that the document itself may not contain macros, but it could be
linked to a template that contains macros. In this case, Word 97 doesn’t issue any
warning.
Word 97 follows a standard
safety measure by which it warns users when a document containing macros is opened.
However, it may happen that the document itself may not contain macros, but it could be
linked to a template that contains macros. In this case, Word 97 doesn’t issue any
warning.

A hacker can exploit this vulnerability to cause malicious
macro code to run without warning. This can happen in two ways: if a user opens a Word
document attached to an e-mail sent by the hacker, or if the user opens a Word document on
a Website controlled by the hacker. This malicious macro can be used to damage or retrieve
data on a user’s system.

Microsoft has released a patch for this vulnerability.
It’s downloadable from http://officeupdate.microsoft.com/downloaddetails/wd97sp.htm.
Installing this patch doesn’t disable the use of templates or macros on templates.
However, after installing the patch, users will be issued a warning before they launch a
document containing macros.

Vulnerability in IIS "malformed FTP list
request"

Problem: There is a vulnerability in the Internet Information Server FTP
service that allows denial of service attacks against the server or under certain
conditions can allow arbitrary code to be executed on the server.

Who’s affected: This vulnerability affects
Microsoft Internet Information Server versions 3 and 4.
This vulnerability affects
Microsoft Internet Information Server versions 3 and 4.

Impact and solution: The FTP service in IIS has an
unchecked buffer in a component that processes "list" commands. This results in
a vulnerability that poses a malformed "list" request which can cause buffer
overflow error, resulting in a denial of service threat, causing the server to crash.
Also, a carefully constructed "list" request can cause arbitrary code to execute
on the server via a classic buffer overrun technique.
The FTP service in IIS has an
unchecked buffer in a component that processes "list" commands. This results in
a vulnerability that poses a malformed "list" request which can cause buffer
overflow error, resulting in a denial of service threat, causing the server to crash.
Also, a carefully constructed "list" request can cause arbitrary code to execute
on the server via a classic buffer overrun technique.

The "list" command is only available to users
after they have authenticated to the server. Therefore, only users who are authorized to
use the server would be able to mount such an attack. Their presence on the server could
be logged if the owner of the site chose to do so. However, many sites provide guest
accounts, and this could be used by a malicious user to attack the server anonymously.

Microsoft has posted hot fixes for this vulnerability on ftp://ftp.microsoft.com/bussys/iis/iis-public/fixes/usa/security/ftpls-fix/.

Versions are available for x86 and alpha versions of IIS 3
and IIS 4. However, these patches can only be installed on the top of Win NT 4 with
Service Pack 4.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<