Gservo
27th November 2002, 04:13 PM
BUFFER-OVERRUN VULNERABILITY IN MICROSOFT DATA ACCESS COMPONENTS
Foundstone discovered that a Microsoft Data Access Components
(MDAC) vulnerability might let a potential attacker execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap. Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution) to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.
http://www.secadministrator.com/articles/index.cfm?articleid=27357
* MULTIPLE VULNERABILITIES IN MICROSOFT IE
eEye Digital Security discovered that Microsoft Internet Explorer
(IE) contains six newly discovered vulnerabilities, the most serious of which might let a potential attacker execute commands on the vulnerable system. Microsoft has released Security Bulletin MS02-066 (Cumulative Patch for Internet Explorer) to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch that the bulletin mentions. This cumulative patch also addresses all previously discovered IE vulnerabilities.
http://www.secadministrator.com/articles/index.cfm?articleid=27364
Foundstone discovered that a Microsoft Data Access Components
(MDAC) vulnerability might let a potential attacker execute arbitrary code on the vulnerable system. The vulnerability stems from an unchecked buffer in the Remote Data Services (RDS) Data Stub. By sending a specially malformed HTTP request to the Data Stub, a potential attacker can cause targeted data to overrun onto the heap. Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in Microsoft Data Access Components Could Lead to Code Execution) to address this vulnerability and recommends that affected users immediately apply the appropriate patch that the bulletin mentions.
http://www.secadministrator.com/articles/index.cfm?articleid=27357
* MULTIPLE VULNERABILITIES IN MICROSOFT IE
eEye Digital Security discovered that Microsoft Internet Explorer
(IE) contains six newly discovered vulnerabilities, the most serious of which might let a potential attacker execute commands on the vulnerable system. Microsoft has released Security Bulletin MS02-066 (Cumulative Patch for Internet Explorer) to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch that the bulletin mentions. This cumulative patch also addresses all previously discovered IE vulnerabilities.
http://www.secadministrator.com/articles/index.cfm?articleid=27364