The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Microsoft Windows 98

vulnerability note CVE-2006-5614

Windows: denial of service of Internet Connection Sharing

Synthesis of the vulnerability

An attacker on the internal network can generate a denial of service on the computer with Internet Connection Sharing.
Impacted products: Windows 98, Windows ME, Windows XP.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 30/10/2006.
Identifiers: BID-20804, CVE-2006-5614, VIGILANCE-VUL-6264.

Description of the vulnerability

When a computer provides Internet Connection Sharing (ICS), it is connected to internet, and computers on the internal network use it as a proxy.

However, the ICS service of Windows does not correctly manage DNS queries with no Resource Record. This error occurs in ipnathlp.dll and stops svchost.exe.

An attacker on the internal network can therefore generate a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-2376

Windows 98, ME: code execution with a WMF file

Synthesis of the vulnerability

Displaying a malicious WMF file leads to code execution.
Impacted products: Windows 98, Windows ME.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 14/06/2006.
Identifiers: 918547, BID-18322, CERTA-2006-AVI-242, CVE-2006-2376, MS06-026, SYMSA-2006-004, VIGILANCE-VUL-5913, VU#909508.

Description of the vulnerability

Images in WMF (Windows Metafile) format are supported by the Graphics Rendering Engine.

A WMF image can contain a PolyPolygon object, drawing several polygons. A malicious parameter of PolyPolygon generates a memory corruption.

An attacker can therefore send a malicious image to user, or invite him to surf on a web site, in order to run code on his computer.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-0025

Windows Media Player: buffer overflow via a PNG image

Synthesis of the vulnerability

An attacker can create a malicious PNG image leading to code execution when it is displayed by Windows Media Player.
Impacted products: Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 14/06/2006.
Identifiers: 225, 917734, BID-18385, CERTA-2006-AVI-238, CVE-2006-0025, iDefense Security Advisory 06.13.06, MS06-024, VIGILANCE-VUL-5911, VU#608020.

Description of the vulnerability

The PNG image format (Portable Network Graphics) is frequently used on internet because it does not depend on patents.

The Windows Media Player software displays multimedia contents. This software can display PNG images coming from ASX of skin files for example.

However, when a PNG image is opened, some chunks are copied in a fixed size buffer. This leads to an overflow.

This vulnerability therefore permits an attacker to run code when a malicious multimedia content is opened.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2006-1313

Windows: memory corruption of JScript

Synthesis of the vulnerability

An attacker can create a malicious JScript script leading to code execution on user's computer.
Impacted products: Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 14/06/2006.
Identifiers: 917344, BID-18359, CERTA-2006-AVI-241, CVE-2006-1313, MS06-023, VIGILANCE-VUL-5910, VU#390044.

Description of the vulnerability

A script written in JScript language can be inserted in a HTML page.

When JScript parses a special script, a freed memory area is used.

This vulnerability permits a remote attacker to execute code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-2378

Windows, IE: code execution via an AOL ART image

Synthesis of the vulnerability

An attacker can create a malicious ART image leading to code execution.
Impacted products: IE, Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 14/06/2006.
Identifiers: 918439, BID-18394, CVE-2006-2378, iDefense Security Advisory 06.13.06, MS06-022, VIGILANCE-VUL-5909, VU#923236.

Description of the vulnerability

The ART image format, developed by AOL, is implemented in jgdw400.dll and jgpl400.dll DLLs of Windows.

An attacker can create an ART image corrupting memory when rendered. This memory corruption leads to code execution with a probability of 75%.

An attacker can therefore invite user to go to a website, or send him an email, containing this image. Malicious code can then be executed on user's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2006-0012

Windows, IE: code execution via a COM object

Synthesis of the vulnerability

An attacker can create a HTML page leading to code execution via a COM object.
Impacted products: Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: internet server.
Creation date: 12/04/2006.
Identifiers: BID-17453, BID-17464, CERTA-2006-AVI-148, CVE-2006-0012, MS06-015, VIGILANCE-VUL-5759, VU#641460.

Description of the vulnerability

The COM technology is used to create modular programs.

An attacker can invite user to visit a web site whose source code forces explorer to connect to a remote file server. Attacker can have stored there files or directories calling COM objects. Code can then be run without alerting user.

This vulnerability therefore permits a remote attacker to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2005-0058

Windows : vulnérabilité du service Téléphonie

Synthesis of the vulnerability

Un attaquant distant ou local peut faire exécuter du code privilégié en employant le service Téléphonie.
Impacted products: Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 3/4.
Consequences: administrator access/rights.
Provenance: intranet client.
Creation date: 10/08/2005.
Revisions dates: 18/08/2005, 15/03/2006.
Identifiers: BID-14518, CERTA-2005-AVI-303, CVE-2005-0058, MS05-040, V6-WINTAPIEXEC, VIGILANCE-VUL-5116.

Description of the vulnerability

Le service Téléphonie implémente l'interface TAPI (Telephony Application Programming Interface) assurant le support des communications voix et vidéo. L'accès à ce service :
 - est libre sous Windows 2000
 - nécessite d'être authentifié sous Windows XP ou 2003
 
Une vulnérabilité est présente dans la vérification des données et des permissions. Ses détails techniques ne sont pas connus.

Cette vulnérabilité permet donc à un attaquant, du réseau ou local, de faire exécuter du code avec les privilèges du système.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-0024

Flash Player: code execution

Synthesis of the vulnerability

Several vulnerabilities of Macromedia Flash Player permit a remote attacker to execute code on user's computer.
Impacted products: Flash Player, IE, Windows 98, Windows ME, Windows XP, Firefox, Mozilla Suite, NLD, openSUSE, RHEL, TurboLinux.
Severity: 3/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 15/03/2006.
Identifiers: 913433, 916208, APSB06-03, BID-17106, CERTA-2006-AVI-114, CVE-2006-0024, MS06-020, RHSA-2006:026, RHSA-2006:0268-01, SUSE-SA:2006:015, SUSE-SR:2006:006, TLSA-2006-7, VIGILANCE-VUL-5687, VU#945060.

Description of the vulnerability

The Macromedia Flash Player plug-in adds dynamic features to web documents.

Adobe announced several vulnerabilities in Macromedia Flash Player. Their technical details are unknown.

These vulnerabilities permit a remote attacker to run code on user's computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2006-0010

Windows: buffer overflow of Embedded Web Fonts

Synthesis of the vulnerability

When a web page is displayed or when a HTML e-mail is received, a font can be automatically downloaded and can lead to code execution.
Impacted products: Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 4/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 11/01/2006.
Identifiers: AD20060110, BID-16194, CERTA-2006-AVI-017, CVE-2006-0010, EEYEB-2000801, EEYEB-20050801, MS06-002, VIGILANCE-VUL-5507, VU#915930.

Description of the vulnerability

When a web page is displayed or when a HTML e-mail is received, if a font is not locally available, it can be automatically downloaded. The font is sent in EOT format (Embedded OpenType).

The t2embed.dll DLL loads the new font in memory. The MTX_LZCOMP_UnPackMemory() function allocates 7171 bytes (24 bits + 0x1c00 bytes) to store the uncompressed data. However, the real size of this data is not checked, which can lead to an overflow.

An attacker can then invite the user to read a malicious HTML document in order to run code on his computer.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-0143

Windows: denial of service with a WMF file

Synthesis of the vulnerability

Displaying a malicious WMF file leads to software stop.
Impacted products: Windows 2000, Windows 2003, Windows 98, Windows ME, Windows XP.
Severity: 1/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 10/01/2006.
Identifiers: BID-16167, CVE-2006-0143, VIGILANCE-VUL-5505.

Description of the vulnerability

Images in WMF (Windows Metafile) format are supported by the Graphics Rendering Engine. It is used in the Windows Picture and Fax Viewer (shimgvw.dll), which is used to pre-visualize images in explorer (Windows XP and 2003)

A malicious WMF image can generate two denials of service:
 - access to an invalid memory address with ExtCreateRegion
 - access to an invalid memory address with ExtEscape POSTSCRIPT_INJECTION
These denials of service are different from VIGILANCE-VUL-5459.

An attacker can therefore send a malicious image to user, or invite him to surf on a web site, in order to stop the software displaying the image.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.