Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Microsoft SharePoint Team Services Buffer Overflow May Let Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2003-11-12 by ReCall
Views: 344
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: Two vulnerabilities were reported in Microsoft SharePoint Team Services. A remote user can execute arbitrary code on a target user's system or cause denial of service conditions.
It is reported that there is a buffer overflow in the remote debug functionality of FPSE [CVE: CAN-2003-0822]. Due to a flaw in one of the DLL files, a remote user can send a specially crafted packet to the SharePoint Team Services to execute arbitrary code with Local System privileges.
It is also reported that there is a flaw in the SmartHTML interpreter. A remote user can make a particular type of invalid request to SharePoint Team Services to cause the target server to temporarily stop responding to requests [CVE: CAN-2003-0824]. The remote user can cause the SmartHTML interpreter to temporarily cycle, consuming all CPU resources for a temporary period of time.
Microsoft FrontPage Server Extensions is also affected [a separate Alert has been issued for FrontPage].
Microsoft credits Brett Moore of Security-Assessment.com with reporting these flaws.
Impact: A remote user can execute arbitrary code on the target system with Local System privileges.
A remote user can cause denial of service conditions on the target system, causing the system to consume all available CPU resources for a temporary period of time.
Solution: Microsoft has issued the following fixes:
Microsoft SharePoint Team Services 2002 (shipped with Office XP):
http://www.microsoft.com/downloads/details.aspx?FamilyId= 5923FC2F-D786-4E32-8F15-36A1C9E0A340&displaylang=en
Microsoft plans to include this fix in any future Service Pack for Office XP.
This update supercedes the security updates contained in the MS01-035 and MS02-053 security bulletins.
As part of this fix, Microsoft has removed the remote debugging functionality, as the function is no longer supported (Terminal Server can be used for remote debugging, the report said).
See the Microsoft advisory for a list of workarounds and a description of installation options:
http://www.microsoft.com/technet/security/bulletin/MS03-051.asp
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=529
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
