Application patches

• zzzzland

  2 Sep 02, 12:56

  Multiple Vulnerabilities in Microsoft Excel, Office XP, and Word
  
  VERSIONS AFFECTED
  · Microsoft Excel 2002 for Windows
  · Microsoft Excel 2000 for Windows
  · Microsoft Office XP for Windows
  · Microsoft Office 2000 for Windows
  · Microsoft Word 2002 for Windows
  
  http://www.secadministrator.com/articles/index.cfm?articleid=25674
  
• zzzzland

  2 Sep 02, 13:02

  Buffer Overrun in Microsoft Exchange Server 5.5
  
  VERSION AFFECTED
  Microsoft Exchange Server 5.5
  
  DESCRIPTION
  A buffer overrun vulnerability exists in Microsoft Exchange Server 5.5 that can let an attacker remotely compromise the server. This vulnerability is the result of an unchecked buffer in the Internet Mail Connector (IMC) code that generates the response to the Extended Hello protocol command. If an attacker sends random data in a message in which the total length of the message exceeds a specific value, the data can overrun the buffer and cause the IMC to fail. If an attacker overruns the buffer with specific data, the attacker can run code under the security context of the IMC, which by default runs as an Exchange 5.5 Service Account.
  
  http://www.secadministrator.com/articles/index.cfm?articleid=26048
  
• zzzzland

  2 Sep 02, 13:09

  Macromedia Shockwave Flash Malformed Header Overflow
  
  VERSIONS AFFECTED
  · Macromedia Shockwave Flash player — All versions
  
  DESCRIPTION
  A vulnerability exists in MacromediaÂ’s Flash player that can lead to execution of arbitrary code on the vulnerable system. An attacker can exploit a hand-edited malformed Macromedia Flash movie (SWF) header by supplying more frame data than the decoder expects, resulting in a buffer overwrite condition. A more detailed explanation of this vulnerability is described in eEye Digital SecurityÂ’s advisory.
  
  http://www.secadministrator.com/articles/index.cfm?articleid=26250
• zzzzland

  2 Sep 02, 13:11

  Buffer Overrun in Winhlp32.exe
  
  VERSION AFFECTED
  · Windows 2000 Service Pack 2 (SP2) winhlp32.exe
  
  DESCRIPTION
  A buffer overrun vulnerability exists in winhlp32.exe that can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the WinHlp command's Item parameter.
  
  http://www.secadministrator.com/articles/index.cfm?articleid=26252
• zzzzland

  2 Sep 02, 13:16

  Multiple Vulnerabilities in Microsoft Internet Explorer
  
  VERSION AFFECTED
  · Microsoft Internet Explorer 6.0
  · Microsoft Internet Explorer 5.5
  · Microsoft Internet Explorer 5.01
  
  DESCRIPTION
  Five new vulnerabilities exist in MicrosoftÂ’s Internet Explorer (IE), the most serious of which could allow a potential attacker to execute arbitrary code on the vulnerable system. These five newly discovered vulnerabilities are:
  
  · A buffer overrun vulnerability affecting an ActiveX control used to display specially formatted text.
  
  · A vulnerability involving how IE handles an HTML directive that displays XML data.
  
  · A vulnerability involving how Internet Explorer represents the origin of a file in the “File Download” dialogue box.
  
  · A Cross Domain verification vulnerability that occurs because of improper domain checking in conjunction with the Object tag.
  
  · A newly reported variant of the "Cross-Site Scripting in Local HTML Resource" vulnerability originally discussed in Microsoft Security Bulletin MS02-023. This variant could enable a potential attacker to create a web page that when opened would run in the Local Computer zone security setting instead of the Internet Zone setting.
  
  The "August 2002, Cumulative Patch for Internet Explorer (Q323759)" eliminates all previously addressed security vulnerabilities affecting Internet Explorer, as well as additional newly discovered vulnerabilities. This update includes the functionality of all previously released patches. Download now to continue keeping your computer secure.
  
  http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp
• zzzzland

  9 Sep 02, 10:29

  Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
  
  Summary
  Who should read this bulletin: Customers using Microsoft® Windows®, Office for Mac, Internet Explorer for Mac, or Outlook Express for Mac.
  
  Impact of vulnerability: Identity spoofing.
  
  Maximum Severity Rating: Critical
  
  Recommendation: Administrators should install the patch immediately.
  
  Affected Software:
  
  Microsoft Windows 98
  Microsoft Windows 98 Second Edition
  Microsoft Windows Me
  Microsoft Windows NT® 4.0
  Microsoft Windows NT 4.0, Terminal Server Edition
  Microsoft Windows 2000
  Microsoft Windows XP
  Microsoft Office for Mac
  Microsoft Internet Explorer for Mac
  Microsoft Outlook Express for Mac
  
  http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-050.asp