Microsoft Corp. on Thursday released patches for three critical security vulnerabilities in three separate products, two of which could enable an attacker to read files on a users machine.
The companys Commerce Server 2000 software has an unchecked buffer in the ISAPI filter installed by default with the server. AuthFilter, which is used to provide support for several authentication methods, is vulnerable to a buffer overflow attack on a section of code that handles authentication requests.
An attacker who was able to exploit the flaw could run the code of his choice on the machine, Microsoft said in a bulletin. The Commerce Server runs in the LocalSystem security context, which would give the attacker complete control of the vulnerable machine.
A separate flaw in the way that Internet Explorer handles Visual Basic script gives an attacker the ability to read local files on a vulnerable PC. IE allows scripts from one domain in a frame in a browser window to access the information in another domain.
An attacker could exploit this by extracting data from one domain and sending it to his own Web site, enabling him to view local files on the users machine or even capture content from sites the user visits. This could reveal user data such as usernames and passwords or credit card numbers.
There is also a vulnerability in the ActiveX Control in the Microsoft XML Core Services that enables an attacker to read files on a users machine. The problem lies in the way the XMLHTTP control applies security zone settings to redirected data streams returned in response to a request for data from a Web site.
Each of these two vulnerabilities requires the user to either visit a malicious Web site or open a malicious HTML mail message. And the attacker would need to know the exact names of the files on the users machine in order to view them, Microsoft said.
Microsoft, of Redmond, Wash., has rated all three vulnerabilities as critical. Patches are available at Microsofts security Web site.
