[MS] Schwachstelle in Microsoft Windows OLE Automation – MS11-038

[MS] Schwachstelle in Microsoft Windows OLE Automation - MS11-038

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.

CVE-2011-0658 – Schwachstelle in Microsoft Windows OLE Automation

Eine Schwachstelle in “Object Linking and Embedding” (OLE)-Automation
von Microsoft Windows erlaubt entfernte Codeausfuehrung. Ein Angreifer
kann dies ausnutzen, um beliebige Befehle zur Ausfuehrung zur bringen,
indem er eine Webseite erstellt, die ein praepariertes “Windows Metafile
Image” (WMF) enthaelt und dann einen Benutzer dazu bringt, die Seite zu
besuchen.

Betroffen sind die folgenden Software Pakete und Plattformen:

Microsoft Windows

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 mit SP2 fuer Itanium-basierte Systeme
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 fuer 32-bit Systeme
Windows Server 2008 fuer 32-bit Systeme Service Pack 2
Windows Server 2008 fuer x64-basierte Systeme
Windows Server 2008 fuer x64-basierte Systeme Service Pack 2
Windows Server 2008 fuer Itanium-basierte Systeme
Windows Server 2008 fuer Itanium-basierte Systeme Service Pack 2
Windows 7 fuer 32-bit Systeme
Windows 7 fuer 32-bit Systeme Service Pack 1
Windows 7 fuer x64-basierte Systeme
Windows 7 fuer x64-basierte Systeme Service Pack 1
Windows Server 2008 R2 fuer x64-basierte Systeme
Windows Server 2008 R2 fuer x64-basierte Systeme Service Pack 1
Windows Server 2008 R2 fuer Itanium-basierte Systeme
Windows Server 2008 R2 fuer Itanium-basierte Systeme Service Pack 1

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Timo Schulz

– —
Timo Schulz, M.Sc. (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen: https://www.cert.dfn.de/autowarn

– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2011.0623
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
15 June 2011

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: Microsoft Windows
Publisher: Microsoft
Operating System: Windows XP
Windows Server 2003
Windows Server 2008
Windows Vista
Windows 7
Impact/Access: Execute Arbitrary Code/Commands — Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2011-0658

Original Bulletin:
http://www.microsoft.com/technet/security/bulletin/MS11-038.mspx

– – ————————–BEGIN INCLUDED TEXT——————–

Microsoft Security Bulletin MS11-038 – Critical
Vulnerability in OLE Automation Could Allow Remote Code Execution (2476490)
Version: 1.0

General Information

Executive Summary

This security update resolves a privately reported vulnerability in Microsoft
Windows Object Linking and Embedding (OLE) Automation. The vulnerability could
allow remote code execution if a user visits a Web site containing a specially
crafted Windows Metafile (WMF) image. In all cases, however, an attacker would
have no way to force users to visit such a Web site. Instead, an attacker would
have to convince users to visit a malicious Web site, typically by getting them
to click a link in an e-mail message or Instant Messenger request.

This security update is rated Critical for all supported versions of Microsoft
Windows. For more information, see the subsection, Affected and Non-Affected
Software, in this section.

Affected Software

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service
Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit
Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for
x64-based Systems Service Pack 2**
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for
Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service
Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for
x64-based Systems Service Pack 1**
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2
for Itanium-based Systems Service Pack 1

** Server Core installation not affected. The vulnerabilities addressed by
this update do not affect supported editions of Windows Server 2008 or Windows
Server 2008 R2 as indicated, when installed using the Server Core installation
option. For more information on this installation option, see the TechNet
articles, Managing a Server Core Installation and Servicing a Server Core
Installation. Note that the Server Core installation option does not apply to
certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare
Server Core Installation Options.

Vulnerability Information

OLE Automation Underflow Vulnerability – CVE-2011-0658

A remote code execution vulnerability exists in Object Linking and Embedding
(OLE) Automation. An attacker who successfully exploited this vulnerability
could gain the same user rights as the logged-on user. If a user is logged on
with administrative user rights, an attacker could take complete control of
the affected system. An attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights. Users whose accounts
are configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.

– – ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
– —–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iD8DBQFN99wu/iFOrG6YcBERAmwfAKC5s7G+GGgztYfLPepO+jD2hDIB+QCgzKHh
RX6g/64XJ+XBNncUoUK3Blw=
=70RJ
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)

iQEcBAEBAgAGBQJN+MOzAAoJEJtyb8U7iGZB9g8H/0g/cOezKvw3D7GeyeU9ffnC
WGM1Oxog5/S2g5BNwopeO4F5+RYs+5chzsN89JIRUbRTFRVOuYiXLy0t+GAcXq3e
Hm5mPtqpVXOO/n5wDZ1jac0/PMiC27HRvdG3uhQ4by3tJGQSBnuF4Ut/rB3Ea2bd
hhHtUICEmYQGGdbmXDHR8AqBuX//S8YjtHqjCl33JGMSrBVbxNc5b3XNuVUnGf2u
HSg/lG9Zy39n0DfrrUJ1IXqO0rqazUXBQKysjHe3nKXtkoDsrMaQXpORnPKusY9/
S9UNv85XFH5/02Ppr1Haapy8Jld90zZLfn7Y5V14zseJB5gfOwHlaWQ0Bs9rJbM=
=FGdM
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben