More Windows Exploits

Exploit codes are posted by the French Security Incident response team (FrSIRT) which they tagged as moderate risk that affects Windows XP SP2 users.


The first exploit deals with local privilege escalation. You may want to read on Microsoft’s advisory here.


The second exploit is on the Microsoft HTML “.hhp” files buffer overflow. This is not enabled by default as discussed on SANS Internet Storm Center

Quotes:

“Windows XP SP2 is not vulnerable in its default configuration. Microsoft noted that the HTML Help Workshop SDK has to be installed in order for the exploit to work. This SDK is a self contained download and at this point we are not aware of anything that would bundle this SDK. Given that is is an issue with this particular application, there is a chance that it may be exploitable on Windows versions other then XP SP2.”



Update(JoneZ, 13 February 2006 21:34:30)


So much for exploits, here’s another vulnerability on Internet Explorer Drag & Drop functionality. Securiteam just posted a good advisory about this here.

Quotes:

“Microsoft Internet Explorer suffers from a vulnerability in its handling of certain drag-and-drop events. As a result, it is possible for a malicious web site to predict and exploit the timing of a drag-and-drop operation such that any drag operation (including using scroll-bars) could potentially lead to the installation of arbitrary files in sensitive locations that may enable further system compromise.”


Workaround for the said vulnerability was also discussed, and here are the possible workarounds. For more details, kindly follow the given link above.



  • Set a Kill Bit on the Shell.Explorer Control
  • Prevent Automatic Navigation to Local Intranet Zone (Windows XP SP2, Windows Server 2003 SP1)
  • Disable Active Scripting