Agnitum Güvenlik Önerileri

ASA-01-0507-4: JView Profiler Üzerindeki Güvenlik Açığı, Uzaktan Kod Çalıştırılmasına İmkan Tanıyor

Severity rating:           Critical

Date Published:           July 12, 2005

Software Vendor:       Microsoft

Affected Software:    JView Profiler, Internet Explorer 6.0 and below Affected OS: Windows XP, Windows Me, Windows 98 (incl. SE), Windows Server 2003, Windows 2000

Unaffected with -

Vulnerability class:     Remote Code Execution

Status:                        Fixed

Vulnerability details:

Tech brief:

Vulnerability is caused when Microsoft Internet Explorer instantiates the JView Profiler (Javaprxy.dll) COM object as an ActiveX control. This may corrupt system memory in such a way that an attacker could execute arbitrary code on an affected computer.

By constructing special insidious website and running malicious ActiveX scripts on it, an attacker can compromise the unprotected computer that uses Internet Explorer as a web browser and as a result take over the affected system.

If a user is logged on with administrative rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system - install programs; view, change, or delete data; or create new accounts with root access rights. 

Vendor reference information:

Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx

General Mitigating Recommendations:

• Install latest vendor patches available at http://windowsupdate.microsoft.com
• Use alternate browser such as Opera or Firefox 

How Outpost Firewall PRO and Outpost Office Firewall protect you:

The unconstrained running of Active X software within Microsoft Internet Explorer has long been considered the most vulnerable to exploits caveat. We recommend enabling the running of Active X software only for the trusted websites, and disabling it for the rest altogether. You can do that via Outpost’s Active Content plug-in.

Disclaimer:

Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.