Threat Level: green Handler on Duty: Russ McRee

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)

Published: 2006-08-08
Last Updated: 2006-08-08 19:36:36 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)
MS06-050:  Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)

https://www.microsoft.com/technet/security/bulletin/ms06-050.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3086
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3438

Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1
   for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
 
Impact:  Remote Code Execution
Severity:  Important
Replaces:  MS05-015


Description:  This update actually addresses two separate issues.  One is the Hyperlink COM Object Buffer Overflow Vulnerability and the other is the Hyperlink Object Function Vulnerability.  Each of these will be addressed seperately below.

Hyperlink COM Object Buffer Overflow Vulnerability:  There is a buffer overflow in the Hyperlink Object Library which is used to handle hyperlinks.  An attacker who created a malicious hyperlink could take complete control of the system.  The attacker only gains the rights as the user logged on the system.  Good Admins don't let users run as Administrator!

Hyperlink Object Function Vulnerability:  From Microsoft:  "This problem exists when the Hyperlink Object Library uses a file containing a malformed function while handling hyperlinks."  This is the result of another buffer overflow in the Hyperlink Object Library.  Again, the attacker only gains the rights of the user logged on the system. 

Even though the severity rating of these are listed as Important, I would venture to say they are under rated and would recommend patching ASAP. 

 
Keywords:
0 comment(s)
Diary Archives