-
October 3rd, 2002, 17:58 PM
#1
Triple Platinum Member
3 More Critical Updates
Title: Cumulative Patch for SQL Server (Q316333)
Date: 02 October 2002
Software: Microsoft SQL Server 7.0
Microsoft Data Engine (MSDE) 1.0
Microsoft SQL Server 2000
Microsoft Desktop Engine (MSDE) 2000
Impact: Four vulnerabilities, the most serious of which could
enable an attacker to gain control over an affected
server.
Max Risk: Critical
Bulletin: MS02-056
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/sec.../MS02-056.asp.
- ----------------------------------------------------------------------
Title: Flaw in Services for Unix 3.0 Interix SDK Could Allow
Code Execution (Q329209)
Released: 02 October 2002
Software: Services for Unix 3.0 Interix SDK
Impact: Buffer overrun and denial of service
Max Risk: Moderate
Bulletin: MS02-057
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/sec.../MS02-057.asp.
----------------------------------------------------------------------------
Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/sec.../MS02-054.asp.
Issue:
======
Zipped files (files having a .zip extension) provide a means to
store information in a way that uses less space on a hard disk. This
is accomplished by compressing the files that are put into in the
zipped file. On Windows 98 with Plus! Pack, Windows Me and Windows
XP, the Compressed Folders feature allows zipped files to be treated
as folders. The Compressed Folders feature can be used to create,
add files to, and extract files from zipped files.
Two vulnerabilities exist in the Compressed Folders function:
- An unchecked buffer exists in the programs that handles the
decompressing of files from a zipped file. A security
vulnerability results because attempts to open a file with
a specially malformed filename contained in a zipped file could
possibly result in Windows Explorer failing, or in code of the
attacker?s choice being run.
- The decompression function could place a file in a directory
that was not the same as, or a child of, the target directory
specified by the user as where the decompressed zip files should
be placed. This could allow an attacker to put a file in a known
location on the users system, such as placing a program in a
startup directory
Thor
Last edited by Thor; October 3rd, 2002 at 18:20 PM.
-
October 3rd, 2002, 21:07 PM
#2
Member
Got 'em......
-
October 4th, 2002, 03:48 AM
#3
Triple Platinum Member
1 Critical, 1Moderate, 1 Moderate>So So
Sorry. The three other updates are not all critical. One is critical. One is moderate and the other one is iffy.
Thor
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks