|
|
|
|
| |
Credit:
The information has been provided by Microsoft Security.
The original article can be found at:
http://www.microsoft.com/technet/security/bulletin/ms06-022.mspx
|
| |
Vulnerable Systems:
* Microsoft Windows XP Service Pack 1 - Download the update
* Microsoft Windows XP Service Pack 2 - Download the update
* Microsoft Windows XP Professional x64 Edition - Download the update
* Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 - Download the update
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems - Download the update
* Microsoft Windows Server 2003 x64 Edition - Download the update
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me)
Affected Components:
* Windows 2000 with the Windows 2000 AOL Image Support Update installed:
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 - Download the update
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 - Download the update
Note:
The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2.
Mitigating Factors for ART Image Rendering Vulnerability:
In a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Windows 2000 does not support AOL ART images by default. Windows 2000 is only affected if the Windows 2000 AOL Image Support Update has been installed. The files being updated with this security update does not exist on a Windows 2000 system without this AOL Image Support Update.
Workarounds for ART Image Rendering Vulnerability:
Microsoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
* Modify the Access Control List on the AOL ART files to temporarily prevent them from being displayed in Internet Explorer
To modify the Access Control List (ACL) on the AOL ART files to be more restrictive, follow these steps:
1. Click Start, click Run, type cmd, and then click OK.
2. Type the following commands at a command prompt. Make a note of the current files ACLs, including inheritance settings. You may need this list if you have to undo these modifications:
cacls %windir%\system32\jgdw400.dll
cacls %windir%\system32\jgpl400.dll
3.Type the following command at a command prompt to deny the everyone group access to this file:
echo y|cacls %windir%\system32\jgdw400.dll /d everyone
echo y|cacls %windir%\system32\jgpl400.dll /d everyone
4. Close Internet Explorer, and reopen it for the changes to take effect.
Impact of Workaround:
Applications and Web sites that contain AOL ART files will no longer display those images. To regain functionality, you must undo the modifications to the Access Control List on the AOL ART files.
* Install Microsoft Security Bulletin MS06-021, Cumulative Security Update for Internet Explorer (916281)
After installation of Microsoft Security Bulletin MS06-021: Cumulative Security Update for Internet Explorer (916281), ART files will no longer be displayed in Internet Explorer.
FAQ for ART Image Rendering Vulnerability:
What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
What causes the vulnerability?
An unchecked buffer in the ART image rendering library causes this vulnerability.
What is ART?
ART is an image file format used by the America Online (AOL) client software. Windows also includes the library and Internet Explorer displays ART images.
Note After installation of Microsoft Security Bulletin MS06-021: Cumulative Security Update for Internet Explorer (916281), ART files will no longer be displayed in Internet Explorer. We recommend installing both updates.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
How could an attacker exploit the vulnerability?
An attacker could host a specially crafted Web site or HTML e-mail message that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site or HTML e-mail message. This can also include Web sites that accept user-provided content or advertisements, Web sites that host user-provided content or advertisements, and compromised Web sites. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.
What systems are primarily at risk from the vulnerability?
Workstations and terminal servers are primarily at risk. Servers could be at more risk if users who do not have sufficient administrative permissions are given the ability to log on to servers and to run programs. However, best practices strongly discourage allowing this.
Windows 2000 does not support AOL ART images by default. Windows 2000 is only affected if the Windows 2000 AOL Image Support Update has been installed.
Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by the vulnerabilities that are addressed in this security bulletin. Critical security updates for these platforms are available, are provided as part of this security bulletin, and can be downloaded only from the Windows Update Web site. For more information about severity ratings, visit the following Web site.
What does the update do?
The update removes the vulnerability by modifying the way that the ART image rendering library validates the length of a message before it passes the message to the allocated buffer.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
CVE Information:
CVE-2006-2378
|
|
|
|
|
