Bugtraq mailing list archives
Microsoft Security Bulletin (MS00-028)
From: secnotif () MICROSOFT COM (Microsoft Product Security)
Date: Fri, 21 Apr 2000 15:05:06 -0700
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. ******************************** -----BEGIN PGP SIGNED MESSAGE----- Microsoft Security Bulletin (MS00-028) - -------------------------------------- Procedure Available to Eliminate "Server-Side Image Map Components" Vulnerability Originally Posted: April 21, 2000 Summary ======= A procedure is available to eliminate a security vulnerability affecting several web server products. The vulnerability could potentially allow a malicious web site visitor to perform actions that the system permissions authorize him to perform, but which he previously may have had no means of actually carrying out. Frequently asked questions regarding this vulnerability and the remediation for it can be found at http://www.microsoft.com/technet/security/bulletin/fq00-028.asp Issue ===== The FrontPage 97 and 98 Server Extensions include two components, Htimage.exe and Imagemap.exe, that provide CERN- and NCSA-compliant server side image mapping support, respectively, for legacy browsers. Both components contain unchecked buffers that could be used to run arbitrary code. Although part of the Server Extensions, these components also install as part of several other web server products. The risk posed by this vulnerability is significantly restricted by the fact that the affected components run "out of process" and in the security context of the user. Thus, there is no capability through this vulnerability to cause either the web service or the server itself to crash, nor is there an opportunity to run code in an elevated security context. However, it still could be possible for a malicious user to perform actions that, though permitted, he would otherwise be unable to take because the functionality was not exposed via a web page or script. Affected Software Versions ========================== The affected components are part of the FrontPage 97 and 98 Server Extensions. However, they also are distributed with several other web server products. The complete list of products in which these components ship is: - FrontPage 97 Server Extensions, which ship as part of FrontPage 97 - FrontPage 98 Server Extensions, which ship as part of FrontPage 98 - Microsoft(r) Windows NT(r) 4.0 Option Pack, which is the primary distribution mechanism for Internet Information Server 4.0 - Personal Web Server 4.0, which ships as part of Windows(r) 95 and 98 Remediation =========== To eliminate this vulnerability, customers who are hosting web sites using any of the affected products should delete all copies of the files Htimage.exe and Imagemap.exe from their servers. The FAQ provides step-by-step instructions for doing this. The only functionality lost by deleting the file is the ability to support image mapping for web site visitors using legacy browser products. ISPs and other customers who allow others to self-manage web sites should be aware that users who use FrontPage 97 or 98 to manage their sites could unknowingly re-introduce the affected components onto their sites when they upload content to it. This would not endanger the server at large, but could nevertheless be cause for concern. The FAQ discusses how to use functionality provided as part of the Server Extensions to prevent this from happening. More Information ================ Please see the following references for more information related to this issue. - Frequently Asked Questions: Microsoft Security Bulletin MS00-028, http://www.microsoft.com/technet/security/bulletin/fq00-028.asp - Microsoft Knowledge Base article Q260267 discusses this issue and will be available soon. - Microsoft TechNet Security web site, http://www.microsoft.com/technet/security/default.asp Obtaining Support on this Issue =============================== Information on contacting Microsoft Technical Support is available at http://support.microsoft.com/support/contact/default.asp. Revisions ========= - April 21, 2000: Bulletin Created. - ---------------------------------------------------------------------- THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Last updated April 21, 2000 (c) 2000 Microsoft Corporation. All rights reserved. Terms of use. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 iQEVAwUBOQDQkI0ZSRQxA/UrAQEKcgf9Ejn3jVZISZYVY774xgsZZlyT/t0XIlX9 PPR0PRc0wHlis2vub/dmAILchL5Pf4cUnveDvJbkySrz5TlX6zIDEPbGROWpYO7f /BAgKFhQJ0oBdkOyWsrV73l9C5cVN8znboBp83hnmO0q4cbQB+AXcbIIuLTzKzpa 0EGD9/b2ENqnWF1OAQ6sE7fdBJM0Qlp+/Gh5b+FUQRUlYs/jQDXx6rpdM8J3Qeyx 2pHJLcJ0BAB0G0UgZSxfKRqieXgrYbZxHa7Z63osJ3nwiZkpaLBXmMmXSp933tXR ulzcGy+mUHdPWyDnbSig7FiuOq/AEFkZ9ygtdiG97asqY9/uv3zc8w== =mrV7 -----END PGP SIGNATURE----- ******************************************************************* You have received this e-mail bulletin as a result of your registration to the Microsoft Product Security Notification Service. You may unsubscribe from this e-mail notification service at any time by sending an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST () ANNOUNCE MICROSOFT COM The subject line and message body are not used in processing the request, and can be anything you like. To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp. For more information on the Microsoft Security Notification Service please visit http://www.microsoft.com/technet/security/notify.asp. For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.
Current thread:
- Microsoft Security Bulletin (MS00-028) Microsoft Product Security (Apr 21)