Microsoft Corp. on Wednesday issued a raft of new patches, including one for a vulnerability in a component of Windows that gives an attacker the ability to run any code of choice on remote systems.
The vulnerability lies in an ActiveX control found in the Windows HTML Help Facility. One of the functions exposed by the control contains a an unchecked buffer, which an attacker could exploit with a malicious Web page or HTML mail message.
A successful exploitation of the flaw would give the attacker the ability to run code in the same context as the user.
A second flaw in the Help Facility involves the way the service handles compiled HTML Help files that contain shortcuts. The shortcuts should only be used by the Help files, but in a case where a Web page or HTML mail message delivers a Help file to the Temporary Internet Files folder and then executes it, the Help Facility handles the file in the Local Computer zone. The file is thus considered to be a trusted one and is allowed to use the shortcut, which is capable of taking any action on the machine.
The patch for these problems is available here.
Microsoft also issued a new cumulative patch for SQL Server 7 and 2000 that fixes four newly discovered vulnerabilities, as well. The most serious of the new flaws is a buffer overrun in one of the Database Console Commands. An attacker exploiting this vulnerability would be able to gain complete control of the SQL server, Microsoft said in its advisory.
Another buffer overrun in a section of code in SQL Server 2000 associated with user authentication gives an attacker the ability to run code in the context of the SQL Server service.
The SQL patch is available here.
The Redmond, Wash., company issued two other patches Wednesday for somewhat less serious problems. The first is for two vulnerabilities in the file decompression function in Windows 98 Plus, Me and XP, one of which could allow an attacker to run arbitrary code on a vulnerable machine. That patch is located here.
The other patch is for three flaws in the Interix SDK that ships with Microsofts Service for Unix 3.0. The fix is available here.
Related Stories:
- Bugbear Virus Still Running Wild
- More Security Coverage