vulnerability
IEURL Spoofing Vulnerability 3.0
A vulnerability has been identified in Internet Explorer more>> A vulnerability has been identified in Internet Explorer, which can be exploited by malicious people to display a fake URL in the address and status bars.
The vulnerability is caused due to an input validation error, which can be exploited by including the "%01" and "%00" URL encoded representations after the username and right before the "@" character in an URL.
Successful exploitation allows a malicious person to display an arbitrary FQDN (Fully Qualified Domain Name) in the address and status bars, which is different from the actual location of the page.
This can be exploited to trick users into divulging sensitive information or download and execute malware on their systems, because they trust the faked domain in the two bars.
Example displaying only "http://www.trusted_site.com" in the two bars when the real domain is "malicious_site.com":
http://www.trusted_site.com%01%00@malicious_site.com/malicious.html
The vulnerability has been confirmed in version 6.0, and version 5.x is also affected according to Microsofts knowledge base article.<<less
Windows Vulnerability Scanner 1.9
Windows Vulnerability Scanner checks your system for Windows Vulnerabilities. more>>
This software is compatible with Windows XP (Home & Professional), Windows 2000 Server & Professional and Windows 2003. Once the Scan is completed, Protector Plus - Windows Vulnerability Scanner lists the vulnerabilities detected, their risk level and the download location of the patch.
It also creates the log file named Protector_Plus_Windows_Vulnerability_Scan.htm in the folder from where Protector Plus - Windows Vulnerability Scanner was executed.
Version restrictions:
- 30 days trial
Proland Software - Checks your system for Windows Vulnerabilities. Windows VulnerabilityLicense:Freeware
License:Freeware
NTLM Authentication Vulnerability N/A
Web Client NTLM Authentication Vulnerability bug repair. more>> Microsoft has released a patch that eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon credentials from another user when requesting an Office document from a web server.<<less
Windows 2000 LPC Vulnerability Patch
Windows 2000 LPC Vulnerability Patch is a highly-efficient, high-quality patch which eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. more>>
Windows 2000 LPC Vulnerability Patch is a highly-efficient, high-quality patch which eliminates several security vulnerabilities that could allow a range of effects, from denial of service attacks to, in some cases, privilege elevation. Several vulnerabilities have been identified in the Windows NT 4.0 and Windows 2000 implementations of LPC and LPC ports:
- The Invalid LPC Request vulnerability, which affects only Windows NT 4.0. By levying an invalid LPC request, it would be possible to make the affected system fail.
- The LPC Memory Exhaustion vulnerability, which affects both Windows NT 4.0 and Windows 2000. By levying spurious LPC requests, it could be possible to increase the number of queued LPC messages to the point where kernel memory was depleted.
- The Predictable LPC Message Identifier vulnerability, which affects both Windows NT 4.0 and Windows 2000. Any process that knows the identifier of an LPC message can access it; however, the identifiers can be predicted. In the simplest case, a malicious user could access other process LPC ports and feed them random data as a denial of service attack. In the worst case, it could be possible, under certain conditions, to send bogus requests to a privileged process in order to gain additional local privileges.
- A new variant of the previously-reported Spoofed LPC Port Request vulnerability. This vulnerability affects Windows NT 4.0 and Windows 2000, and could, under a very restricted set of conditions, allow a malicious user to create a process that would run under the security context of an already-running process, potentially including System processes.
Windows Media Encoder Vulnerability Patch
Ensure that your Windows Media Service functions properly with this Microsoft patch. more>>
Windows Media Encoder Vulnerability Patch is professionally designed as a component of the Windows Media Tools, which are part of the Windows Media Technologies. Windows Media Encoder is used to convert digital content into Windows Media Format for distribution by Windows Media Services in Windows NT and Windows 2000 Server. If a request with a particular malformation were sent to an affected encoder, it could cause it to fail, thereby denying formatted content to the Windows Media Server.
Major Features:
- Would primarily affect streaming media providers that supply real-time broadcasts of streaming media it would not prevent a Windows Media Server from distributing already-encoded data.
- Cannot be used to cause a machine to crash, nor can it be used to usurp any administrative privileges.
- Simply locating the server could be a challenge, because the IP address of the Windows Media Encoder would typically not be advertised.
- This patch will fix the problem.
Microsoft VM File Reading Vulnerability patch 1
Microsoft has released a patch that eliminates a security vulnerability in the Microsoft® virtual machine (Microsoft VM). The vulnerability could enable a malicious web site operatorto read files fro more>> <<less
Office 2000 HTML Object Tag Vulnerability Patch
Eliminate a security vulnerability that could allow an HTML file to shut down one of your programs and run malicious code. more>>
Office 2000 HTML Object Tag Vulnerability Patch is launched as an important and helpful patch which can remove a security vulnerability in Word 2000, Excel 2000, and PowerPoint 2000. This vulnerability could allow a Hypertext Markup Language (HTML) file to shut down one of these programs and potentially run malicious code.
Microsoft Word 2000 RTF Macro Vulnerability Patch
Microsoft Word 2000 RTF Macro Vulnerability Patch serves as a program solving vulnerability letting malicious code to operate in a Rich Text Format (RTF) document. more>>
Microsoft Word 2000 RTF Macro Vulnerability Patch serves as a program solving vulnerability letting malicious code to operate in a Rich Text Format (RTF) document. It is free. Under normal circumstances, you will see a warning in Word 2000 when you open a document attached to a template containing macros. However, it is possible for an RTF document to be linked to a template containing macros in such a way that a macro can run with no warning issued. This could cause damage to data or allow unauthorized retrieval of data from your system when you visit a Web site or open an e-mail message.
Microsoft Clip Art Buffer Overrun Vulnerability Patch 1
Microsoft has released a patch that eliminates a security vulnerability in the Microsoft® Clip Art Gallery. The vulnerability could allow a malicious party to cause hostile code to execute on the com more>> <<less
Personal Web Server File Access Vulnerability Patch (FrontPage 98)
Eliminate a vulnerability in your FrontPage Personal Web Server running on Windows 95/98. more>> <<less
Excel 2000 REGISTER.ID Function Vulnerability Patch
Excel 2000 REGISTER.ID Function Vulnerability Patch has come as an effective tool to resolve a vulnerability discovered in REGISTER.ID more>>
Excel 2000 REGISTER.ID Function Vulnerability Patch has come as an effective tool to resolve a vulnerability discovered in REGISTER.ID, a worksheet function, when referencing a DLL created by a malicious user. When REGISTER.ID is invoked from an Excel worksheet it can reference any DLL on the system and can be harmful if the referenced DLL contains malicious code. By design, there is no warning given to the user when REGISTER.ID calls a DLL, from a worksheet.
In order for a malicious user to exploit this vulnerability the referenced (malicious) DLL would have to reside on the affected user's computer or on a machine accessible via a UNC path on the user's network.
Internet Explorer 5.5 Scriptlet Rendering Vulnerability Patch
Eliminate a vulnerability which could allow a malicious Web site operator to read files on the computer of a visiting user. more>> <<less
IE5.5 SP1 File Upload via Form Vulnerability Patch MS00-093
Patch several vulnerabilities in IE 5.5 SP1. more>> <<less
Microsoft Excel 2000 HTML Script Vulnerability Patch
Microsoft Excel 2000 HTML Script Vulnerability Patch is a simple and salutary Update which eliminates a security vulnerability in the Excel 2000 and PowerPoint 2000 object models that could expose them to unsafe scripts when a user views a Web page or HTML e-mail message. more>>
Microsoft Excel 2000 HTML Script Vulnerability Patch is a simple and salutary Update which eliminates a security vulnerability in the Excel 2000 and PowerPoint 2000 object models that could expose them to unsafe scripts when a user views a Web page or HTML e-mail message. Once the patch is installed, Excel 2000 or PowerPoint 2000 can only be scripted if the Initialize and script ActiveX controls marked unsafe option in Microsoft Internet Explorer is set to Enable.
eEye patch for the IE createTextRange() vulnerability
eEye patch for the IE createTextRange() vulnerability is a patch which can solve the IE createTextRange() vulnerability. more>>
eEye patch for the IE createTextRange() vulnerability is a patch which can solve the IE createTextRange() vulnerability. eEye Digital Security is advising customers to the existence of exploit code that targets a critical security vulnerability in Microsoft Internet Explorer. The exploit pertains to an unpatched vulnerability that has been released on various public mailing lists.
This issue affects any Windows operating system running Internet Explorer versions 5.01 SP4 through 6.0 SP1. The vulnerability results from the method in which Internet Explorer handles HTML Objects. This flaw allows for remote code to be executed on the target system. If successfully exploited, an attacker will only have the rights of the currently logged on user. System Administrators should be careful to not use Administrator accounts for general system use.
There have been numerous reports of this vulnerability being used on various websites in attempts to install Spyware and remote control ""bot"" software for use in Distributed Denial of Service (DDoS) attacks.
The recommended action required to protect systems against this attack is to disable Active Scripting from within Internet Explorer.
Additionally, eEye Digital Security s Research Team has released a workaround for the vulnerability as a temporary measure for customers who have not yet installed Blink, eEye's host-based intrusion prevention solution. This workaround is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw.
