—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgende Warnung des Microsoft Product Security
Notification Service. Wir geben diese Informationen unveraendert an Sie
weiter.
CVE-2009-1528 / CVE-2009-1529 / CVE-2009-1530 / CVE-2009-1531 /
CVE-2009-1532 – Verletzungen von Speicherstrukturen im Internet Explorer
Bei der Ausfuehrung von Javascript-Code oder ActiveX-Controls kann es
zu einer Verletzung von Speicherstrukturen im Internet Explorer
kommen. Ein entfernter Angreifer kann diese Schwachstellen mittels
einer speziell konstruierten HTML-Seite ausnutzen, um beliebige
Befehle mit den Rechten des Benutzers auszufuehren.
CVE-2009-1141 – Schwachstelle im Internet Explorer bei der Darstellung
von DHTML
Dynamisches HTML (DHTML) verwendet Script-Sprachen, um die aktuelle
HTML-Seite beim Anzeigen dynamisch zu veraendern. Eine Sequenz von
DHTML Funktionen kann zur Verletzung von Speicherstrukturen fuehren.
Ein entfernter Angreifer kann diese Schwachstelle mittels einer
speziell konstruierten HTML-Seite ausnutzen, um beliebige Befehle mit
den Rechten des Benutzers auszufuehren.
CVE-2009-1140 – Schwachstelle im Zonenmodell des Internet Explorers
Das Zonenmodell ist das zentrale Sicherheitsmodell des Internet
Explorers und verhindert unter Anderem, dass HTML-Seiten aus dem
Internet lokale Dateien lesen koennen. Allerdings existiert bei der
Implementierung eine Schwachstelle, falls die URI in der UNC-Kodierung
vorliegt (z.B. \\[COMPUTERNAME|127.0.0.1]\C$\
Angreifer kann diese Schwachstelle mittels einer speziell
konstruierten HTML-Seite ausnutzen, um an vertrauliche Informationen
des Benutzers (z.B. beliebige Cookies) zu gelangen. Die Ausnutzung
dieser Schwachstelle ist bereits ausfuehrlich beschrieben worden.
CVE-2007-3091 – Cross-Domain Scripting Schwachstelle im Internet
Explorer
Im Internet Explorer 6 und 7 existiert eine Race-Condition, wenn eine
Seite per Javascript Inhalte aus einer anderen Domaene laedt. Als
Konsequenz koennen speziell konstruierte Javascript-Programme mit den
Rechten der alten Seite ausgefuehrt werden. Dies sollte das
Sicherheitsmodell des Browsers (same-domain origin policy) verhindern.
Ein Angreifer kann diese Schwachstelle ausnutzen, um an vertrauliche
Informationen wie Cookies oder Formulardaten des Benutzers zu gelangen
(Cross-Domain Scripting). Beispielsweise kann diese Schwachstelle im
Rahmen von Phishing ausgenutzt werden.
Betroffen sind die folgenden Software Pakete und Plattformen:
Internet Explorer 5.01
Internet Explorer 6
Internet Explorer 7
Internet Explorer 8
Microsoft Windows 2000
Windows XP Service Pack 2 und 3
Windows Server 2003 (x86, x64 und Itanium)
Windows Server 2008 (x86, x64 und Itanium)
Windows Vista (x86 und x64)
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
http://www.microsoft.com/technet/security/bulletin/ms09-019.mspx
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Jan Kohlrausch (CSIRT), Phone +49 40 808077-555
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
CarmentiS – Early Warning Expertise
https://www.carmentis.org
– —–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
===========================================================================
A U S C E R T A L E R T
AL-2009.0047 — AUSCERT ALERT
[Win]
Internet Explorer: Execute Arbitrary Code
10 June 2009
===========================================================================
AusCERT Alert Summary
———————
Product: Internet Explorer
Publisher: Microsoft
Operating System: Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Impact: Execute Arbitrary Code/Commands
Inappropriate Access
Read-only Data Access
Access: Remote/Unauthenticated
CVE Names: CVE-2009-1532 CVE-2009-1531 CVE-2009-1530
CVE-2009-1529 CVE-2009-1528 CVE-2009-1141
CVE-2009-1140 CVE-2007-3091
Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS09-019.mspx
– – ————————–BEGIN INCLUDED TEXT——————–
Microsoft Security Bulletin MS09-019 – Critical
Cumulative Security Update for Internet Explorer (969897)
Published: June 9, 2009
Version: 1.0
General Information
Executive Summary
This security update resolves seven privately reported vulnerabilities
and one publicly disclosed vulnerability in Internet Explorer. The more
severe of the vulnerabilities could allow remote code execution if a
user views a specially crafted Web page using Internet Explorer. Users
whose accounts are configured to have fewer user rights on the system
could be less impacted than users who operate with administrative user
rights.
This security update is rated Critical for Internet Explorer 5.01 and
Important for Internet Explorer 6 Service Pack 1, running on supported
editions of Microsoft Windows 2000; Critical for Internet Explorer 6,
Internet Explorer 7, and Internet Explorer 8 running on supported
editions of Windows XP and Windows Vista; and Moderate for Internet
Explorer 6, Internet Explorer 7, and Internet Explorer 8 running on
supported editions of Windows Server 2003 and Windows Server 2008. For
more information, see the subsection, Affected and Non-Affected
Software, in this section.
The security update addresses these vulnerabilities by modifying the
way that Internet Explorer handles scripts and cached content and
initializes memory.
Affected Software
Internet Explorer 5.01 Service Pack 4 when installed on
Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 when installed on
Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 for
Windows XP Service Pack 2 and
Windows XP Service Pack 3
Internet Explorer 6 for
Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 6 for
Windows Server 2003 Service Pack 2
Internet Explorer 6 for
Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 6 for
Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 for
Windows XP Service Pack 2 and
Windows XP Service Pack 3
Internet Explorer 7 for
Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 7 for
Windows Server 2003 Service Pack 2
Internet Explorer 7 for
Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 7 for
Windows Server 2003 with SP2 for Itanium-based Systems
Internet Explorer 7 in
Windows Vista,
Windows Vista Service Pack 1, and
Windows Vista Service Pack 2
Internet Explorer 7 in
Windows Vista x64 Edition,
Windows Vista x64 Edition Service Pack 1, and
Windows Vista x64 Edition Service Pack 2
Internet Explorer 7 in
Windows Server 2008 for 32-bit Systems and
Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
Internet Explorer 7 in
Windows Server 2008 for x64-based Systems and
Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
Internet Explorer 7 in
Windows Server 2008 for Itanium-based Systems and
Windows Server 2008 for Itanium-based Systems Service Pack 2
Internet Explorer 8 for
Windows XP Service Pack 2 and
Windows XP Service Pack 3
Internet Explorer 8 for
Windows XP Professional x64 Edition Service Pack 2
Internet Explorer 8 for
Windows Server 2003 Service Pack 2
Internet Explorer 8 for
Windows Server 2003 x64 Edition Service Pack 2
Internet Explorer 8 in
Windows Vista,
Windows Vista Service Pack 1, and
Windows Vista Service Pack 2
Internet Explorer 8 in
Windows Vista x64 Edition,
Windows Vista x64 Edition Service Pack 1, and
Windows Vista x64 Edition Service Pack 2
Internet Explorer 8 in
Windows Server 2008 for 32-bit Systems and
Windows Server 2008 for 32-bit Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
Internet Explorer 8 in
Windows Server 2008 for x64-based Systems and
Windows Server 2008 for x64-based Systems Service Pack 2
(Windows Server 2008 Server Core installation not affected)
Vulnerability Information
Race Condition Cross-Domain Information Disclosure Vulnerability –
CVE-2007-3091
An information disclosure vulnerability exists in Internet Explorer that
could allow script to gain access to the content in another browser
window in another domain or Internet Explorer zone. An attacker could
exploit the vulnerability by constructing a specially crafted Web page
that could allow information disclosure if a user viewed the Web page.
An attacker who successfully exploited this vulnerability could view
data from a Web page in another Internet Explorer domain
Cross-Domain Information Disclosure Vulnerability – CVE-2009-1140
An information disclosure vulnerability exists in the way that Internet
Explorer caches data and incorrectly allows the cached content to be
called, potentially bypassing Internet Explorer domain restriction. An
attacker could exploit the vulnerability by constructing a specially
crafted Web page that could allow information disclosure if a user
viewed the Web page. An attacker who successfully exploited this
vulnerability could view content from the local computer or another
browser window in another domain or Internet Explorer zone.
DHTML Object Memory Corruption Vulnerability – CVE-2009-1141
A remote code execution vulnerability exists in the way Internet
Explorer displays a Web page that contains certain unexpected method
calls to HTML objects. As a result, system memory may be corrupted in
such a way that an attacker could execute arbitrary code if a user
visited a specially crafted Web site. An attacker who successfully
exploited this vulnerability could gain the same user rights as the
logged-on user.
HTML Object Memory Corruption Vulnerability – CVE-2009-1528
A remote code execution vulnerability exists in the way Internet
Explorer accesses an object that has not been correctly initialized or
has been deleted. An attacker could exploit the vulnerability by
constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged-on user. If a user is logged on with
administrative user rights, an attacker who successfully exploited this
vulnerability could take complete control of an affected system. An
attacker could then install programs; view, change, or delete data; or
create new accounts with full user rights.
Uninitialized Memory Corruption Vulnerability – CVE-2009-1529
A remote code execution vulnerability exists in the way Internet
Explorer accesses an object that has not been correctly initialized or
has been deleted. An attacker could exploit the vulnerability by
constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged-on user. If a user is logged on with administrative
user rights, an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights.
HTML Objects Memory Corruption Vulnerability – CVE-2009-1530
A remote code execution vulnerability exists in the way Internet
Explorer accesses an object that has not been correctly initialized or
has been deleted. An attacker could exploit the vulnerability by
constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged-on user. If a user is logged on with administrative
user rights, an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights.
HTML Object Memory Corruption Vulnerability – CVE-2009-1531
A remote code execution vulnerability exists in the way Internet
Explorer accesses an object that has not been correctly initialized or
has been deleted. An attacker could exploit the vulnerability by
constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged-on user. If a user is logged on with administrative
user rights, an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights.
HTML Object Memory Corruption Vulnerability – CVE-2009-1532
A remote code execution vulnerability exists in the way Internet
Explorer accesses an object that has not been correctly initialized or
has been deleted. An attacker could exploit the vulnerability by
constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged-on user. If a user is logged on with administrative
user rights, an attacker who successfully exploited this vulnerability
could take complete control of an affected system. An attacker could
then install programs; view, change, or delete data; or create new
accounts with full user rights.
– – ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
– —–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKLvwMNVH5XJJInbgRAtghAJ4nhNPWLFpMrR711+eOhRFrSSXJxgCfYALg
v5MljoDVdXS+15eQj95Q3UA=
=/pB/
– —–END PGP SIGNATURE—–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFKL5qUk0kIxZMiiQ8RAporAJ9whQPPor2N3WZfYiwimLGaVH7GBgCeOIZS
tOeJQFL1weQa3WW4Ikqhyo8=
=yLBF
—–END PGP SIGNATURE—–
