ActiveX, Media Player and

By Ryan Naraine  |  Posted 2005-04-07 Print this article Print

Old School">
  • HTML Help ActiveX Control Flaw:
    This vulnerability was originally reported as a bug in a previously released patch. According to research outfit GeCAD NET, at least one attack vector could successfully exploit of a known flaw in the HTML Help ActiveX control.
    The flaw is still exploitable in Windows XP Service Pack 1 or Windows 2000 Service Pack 4, even when fully patched and up-to-date (MS05-001 included). Users of Windows XP SP2 are not affected.

    In late January, Microsoft confirmed GeCAD NETs findings but said this is a new issue that does not challenge the quality of the MS05-001 patch. A spokeswoman told that GeCAD NETs publicly reported exploit points to "a different vulnerability" that has not yet been patched.
  • Windows Media Player 9 Series (Spyware Infection):
    Its been almost three months since Microsoft promised a Windows Media Player update to help thwart the threat of spyware infection but, to date, users of the WMP 9 Series remain at risk.

    When the issue first surfaced in January, Microsoft officials made it clear that the spyware infection attack scenario did not exploit a vulnerability in the software. The company later issued an update, but only for the newer WMP 10 software, which is only available on the Windows XP operating system.

    When researchers pointed out that WMP 9 users remained vulnerable, Microsoft program manager Marcus Matthias said a fix would be made available at a later date. The issue remains unresolved.
  • Old-School DoS LAND Attacks:
    A month ago, security researcher Dejan Levaja released an advisory to warn that Microsoft newest operating systems can be penetrated by an old-school-type denial-of-service attack. Levaja discovered that users of Windows Server 2003 and XP Service Pack 2 (with Windows Firewall turned off) could lead to LAND attacks, which is a denial-of-service condition caused by sending a packet to a machine with the source host/port the same as the destination host/port. The LAND attack scenario was discussed in 1997 by Carnegie Mellons CERT Coordination Center.

    Levaja found that a single LAND packet sent to a file server could cause Windows Explorer to freeze on all workstations connected to that server. "CPU on server goes 100 percent [and] network monitor on the victim server sometimes can not even sniff malicious packet," Levaja warned. He said the script could be replayed endlessly to cause a total collapse of the network.

    In response, Microsoft said a successful attack could only cause the target computer to perform sluggishly for a short period of time and cannot be exploited to run arbitrary code. A spokeswoman told that customers running the Windows Firewall, enabled by default on Windows XP SP2, are not impacted by this issue. In the absence of a patch, she suggested customers adopt TCP/IP hardening practices.

    Independent research outfit Secunia recommends that affected users filter traffic with the same IP address as source and destination address.
  • "High Risk" IE, Outlook Flaws:
    The details are scarce, but Microsoft has already confirmed it was investigating a report from eEye Digital Security about a pair of "high risk" flaws in the Internet Explorer and Outlook products. eEye, which maintains a Web page with basic information on unpatched Microsoft vulnerabilities, said the newest bugs could allow malicious hackers to run a successful exploit from anywhere on the Internet. "These are client-side vulnerabilities that could allow attacks via a Web browser or the Outlook client. The risk of a zero-day attack is quite high," eEye chief hacking officer Marc Maiffret said in an interview with

    The flaws were discovered in default installations of IE and Outlook and could allow malicious code to be executed, contingent upon minimal user interaction. Affected software includes all versions of Windows NT 4.0, Windows 2000 and Windows XP, including SP2.

    Secunias advisories database also keeps track of Microsoft product flaws that have not yet been fixed.

    Theres also a missing advisory from the batch originally scheduled for February, when Microsoft said it would release 13 bulletins. At the time, a patch with an "important" rating was withheld at the last minute because it required more quality assurance testing. There were no patches from Microsoft in March.

    Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel