|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 42 - MS (45 candidates)
The following cluster contains 45 candidates, all of which are associated with a Microsoft Security Advisory. Proposed: 12/8 Scheduled Proposed: 12/6 Scheduled Interim Decision: 12/20 Scheduled Final Decision: 12/24 Summary of votes to use (in ascending order of "severity"): ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ================================= Candidate: CAN-1999-0668 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991123 Category: SF Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs Reference: MS:MS99-032 Reference: CIAC:J-064 Reference: BID:598 The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. VOTE: ================================= Candidate: CAN-1999-0669 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991123 Category: SF Reference: MS:MS99-032 Reference: CIAC:J-064 The Eyedog ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy. VOTE: ================================= Candidate: CAN-1999-0670 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991123 Category: SF Reference: MS:MS99-032 Reference: CIAC:J-064 Buffer overflow in the Eyedog ActiveX control allows a remote attacker to execute arbitrary commands. VOTE: ================================= Candidate: CAN-1999-0680 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-028 Reference: MSKB:Q238600 Reference: CIAC:J-057 Reference: BID:571 Reference: XF:nt-terminal-dos Windows NT Terminal Server performs extra work before a client is authenticated, allowing for a denial of service. VOTE: ================================= Candidate: CAN-1999-0682 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: XF:exchange-relay Reference: MS:MS99-027 Reference: MSKB:Q237927 Reference: BID:567 Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled. VOTE: ================================= Candidate: CAN-1999-0700 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MSKB:Q237185 Reference: MS:MS99-026 Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry. VOTE: ================================= Candidate: CAN-1999-0701 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-036 Reference: BID:626 After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password. VOTE: ================================= Candidate: CAN-1999-0702 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs Reference: MS:MS99-037 Reference: MSKB:Q241631 Reference: BID:627 Internet Explorer 5.0 allows remote attackers to modify files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability. VOTE: ================================= Candidate: CAN-1999-0715 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: BUGTRAQ:Buffer Overruns in RAS allows execution of arbitary code as system Reference: MS:MS99-016 Reference: MSKB:Q230667 Reference: XF:nt-ras-bo Buffer overflow in Remote Access Service (RAS) client via a malformed phonebook entry. VOTE: ================================= Candidate: CAN-1999-0716 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: XF:nt-helpfile-bo Reference: MSKB:Q231605 Reference: MS:MS99-015 Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. VOTE: ================================= Candidate: CAN-1999-0717 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-014 A remote attacker can disable the virus warning mechanism in Microsoft Excel 97. VOTE: ================================= Candidate: CAN-1999-0721 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: BINDVIEW:Phantom Technical Advisory Reference: MSKB:Q231457 Reference: MS:MS99-020 Reference: CIAC:J-049 Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request. VOTE: ================================= Candidate: CAN-1999-0723 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-021 Reference: CIAC:J-049 Reference: XF:nt-csrss-dos Reference: MSKB:Q231323 The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input. VOTE: ================================= Candidate: CAN-1999-0725 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MSKB:Q233335 Reference: MS:MS99-022 Reference: XF:iis-double-byte-code-page When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page". VOTE: ================================= Candidate: CAN-1999-0726 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-023 Reference: MSKB:Q234557 An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header. VOTE: ================================= Candidate: CAN-1999-0728 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-024 Reference: MSKB:Q236359 A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them. VOTE: ================================= Candidate: CAN-1999-0736 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: L0PHT:May7,1999 Reference: MS:MS99-013 Reference: MSKB:Q232449 Reference: MSKB:Q231368 The showcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. VOTE: ================================= Candidate: CAN-1999-0737 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-013 Reference: MSKB:Q231656 The viewcode.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. VOTE: ================================= Candidate: CAN-1999-0738 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-013 Reference: MSKB:Q232449 Reference: MSKB:Q231368 The code.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. VOTE: ================================= Candidate: CAN-1999-0739 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-013 Reference: MSKB:Q232449 Reference: MSKB:Q231368 The codebrws.asp sample file in IIS and Site Server allows remote attackers to read arbitrary files. VOTE: ================================= Candidate: CAN-1999-0749 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable Reference: MS:MS99-033 Reference: XF:win-ie5-telnet-heap-overflow Reference: BID:586 Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument. VOTE: ================================= Candidate: CAN-1999-0755 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: XF:nt-ras-pwcache Reference: MSKB:Q230681 Reference: MS:MS99-017 Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option. VOTE: ================================= Candidate: CAN-1999-0766 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-031 Reference: MSKB:Q240346 Reference: BID:600 The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment. VOTE: ================================= Candidate: CAN-1999-0777 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-039 Reference: BID:658 IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions. VOTE: ================================= Candidate: CAN-1999-0793 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-043 Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet. VOTE: ================================= Candidate: CAN-1999-0794 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-044 Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file. VOTE: ================================= Candidate: CAN-1999-0802 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991125 Category: SF Reference: MS:MS99-018 Reference: MSKB:Q231450 Internet Explorer 5 has a buffer overflow that allows remote attackers to crash the browser by providing a malformed Favorites icon. VOTE: ================================= Candidate: CAN-1999-0839 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991207 Category: SF Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation Reference: MS:MS99-051 Reference: BID:828 Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled. VOTE: ================================= Candidate: CAN-1999-0858 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991207 Category: SF Reference: MS:MS99-054 Reference: MSKB:Q247333 Reference: BID:846 Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server. VOTE: ================================= Candidate: CAN-1999-0861 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991207 Category: SF Reference: MS:MS99-053 Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext. VOTE: ================================= Candidate: CAN-1999-0867 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-029 Reference: MSKB:Q238349 Reference: CIAC:J-058 Reference: BID:579 Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers. VOTE: ================================= Candidate: CAN-1999-0869 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS98-020 Reference: MSKB:167614 Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. VOTE: ================================= Candidate: CAN-1999-0870 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS98-015 Reference: MSKB:169245 Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste. VOTE: ================================= Candidate: CAN-1999-0871 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS98-013 Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability. VOTE: ================================= Candidate: CAN-1999-0874 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-019 Reference: MSKB:Q234905 Reference: EEYE:AD06081999 Reference: CERT:CA-99-07 Reference: CIAC:J-048 Buffer overflow in IIS via a malformed request for files with .HTR, ..IDC, or .STM extensions. VOTE: ================================= Candidate: CAN-1999-0877 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MSKB:Q243638 Reference: MS:MS99-042 Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. VOTE: ================================= Candidate: CAN-1999-0886 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: unknown Reference: MSKB:Q242294 Reference: MS:MS99-041 Reference: BID:645 The security descriptor for RASMAN allows users to point to an alternate location via tha Windows NT Service Control Manager. VOTE: ================================= Candidate: CAN-1999-0891 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-040 Reference: MSKB:Q242542 The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect. VOTE: ================================= Candidate: CAN-1999-0898 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-047 Reference: MSKB:Q243649 Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request. VOTE: ================================= Candidate: CAN-1999-0899 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-047 Reference: MSKB:Q243649 The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. VOTE: ================================= Candidate: CAN-1999-0909 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: NAI:Windows IP Source Routing Vulnerability Reference: BID:646 Reference: MS:MS99-038 Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options. VOTE: ================================= Candidate: CAN-1999-0910 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-035 Reference: BID:625 Microsoft Site Server and Commercial Internet System (MCIS) do not set an expiration for a cookie, which could then be cached by a proxy and inadvertently used by a different user. VOTE: ================================= Candidate: CAN-1999-0917 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: MS:MS99-018 Reference: MSKB:Q231452 The Preloader ActiveX control used by Internet Explorer allows remote attackers to read atrbitrary files. VOTE: ================================= Candidate: CAN-1999-0918 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000 Reference: MSKB:Q238329 Reference: MS:MS99-034 Reference: BID:514 Denial of service in Windows 98 and Windows 2000 systems via malformed IGMP packets. VOTE: ================================= Candidate: CAN-1999-0969 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991208 Assigned: 19991208 Category: SF Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork Reference: MS:MS98-014 The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork. VOTE:
|
||||
