[INFOCON] - UNIRAS Brief - 330/02 - Microsoft - Vulnerabilitiesin File Decompression Functions, Windows Help Facility, Unix 3.

Mon, 07 Oct 2002 06:32:09 -0700 




-----Original Message-----
From: UNIRAS (UK Govt CERT
Sent: 07 October 2002 14:29
To: [EMAIL PROTECTED]
Subject: UNIRAS Brief - 330/02 - Microsoft - Vulnerabilities in File
Decompression Functions, Windows Help Facility, Unix 3.0 Interix SDK +
Patch for SQL Server

 
-----BEGIN PGP SIGNED MESSAGE-----

-
------------------------------------------------------------------------
----------
   UNIRAS (UK Govt CERT) Briefing Notice - 330/02 dated 07.10.02  Time:
14:05
 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination
Centre)
-
------------------------------------------------------------------------
---------- 
  UNIRAS material is also available from its website at
www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
-
------------------------------------------------------------------------
----------

Title
=====

Four Microsoft Security Bulletins:

1. MS02-054:Unchecked Buffer in File Decompression Functions Could Lead
to Code Execution

2. MS02-055:Unchecked Buffer in Windows Help Facility Could Enable Code
Execution 

3. MS02-056:Cumulative Patch for SQL Server 

4. MS02-057: Flaw in Services for Unix 3.0 Interix SDK Could Allow Code
Execution

Detail
====== 

1. 

Microsoft Security Bulletin - MS02-054:
Unchecked Buffer in File Decompression Functions Could Lead to Code
Execution

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-054.asp

========================================================================
=========

2. 

Microsoft Security Bulletin - MS02-055:
Unchecked Buffer in Windows Help Facility Could Enable Code Execution 

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-055.asp

========================================================================
=========

3.

Microsoft Security Bulletin - MS02-056:
Cumulative Patch for SQL Server 

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-056.asp

========================================================================
=========

4.

Microsoft Security Bulletin - MS02-057:
Flaw in Services for Unix 3.0 Interix SDK Could Allow Code Execution

Full Bulletin available at:
http://www.microsoft.com/technet/security/bulletin/MS02-057.asp

========================================================================
=========




Reprinted with permission of Microsoft Corporation.
-
------------------------------------------------------------------------
----------

For additional information or assistance, please contact the HELP Desk
by 
telephone or Not Protectively Marked information may be sent via EMail
to:

[EMAIL PROTECTED]
Tel: 020 7821 1330 Ext 4511
Fax: 020 7821 1686

-
------------------------------------------------------------------------
----------
UNIRAS wishes to acknowledge the contributions of Microsoft for the
information
contained in this Briefing. 
-
------------------------------------------------------------------------
----------
This Briefing contains the information released by the original author.
Some 
of the information may have changed since it was released. If the
vulnerability 
affects you, it may be prudent to retrieve the advisory from the
canonical site 
to ensure that you receive the most current information concerning that
problem.

Reference to any specific commercial product, process, or service by
trade 
name, trademark manufacturer, or otherwise, does not constitute or imply

its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The
views 
and opinions of authors expressed within this notice shall not be used
for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they
shall 
not be liable for any loss or damage whatsoever, arising from or in
connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams
(FIRST) 
and has contacts with other international Incident Response Teams (IRTs)
in 
order to foster cooperation and coordination in incident prevention, to
prompt 
rapid reaction to incidents, and to promote information sharing amongst
its 
members and the community at large. 
-
------------------------------------------------------------------------
----------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQCVAwUBPaGFP4pao72zK539AQH+DgP/fIPpAxOm+T9D/D1e2Prwu6VfPvP/pa7Q
dk7aic2UXfTs6cyB3uVFr0+rqUCYX3ht8xujz7ZY68hcbcUXmvoHHkztDigCqwXv
DQP3qgeMm3OXPv17iAsA6rcqyzM38ivQuFOJoG1uG15+WTt2hIWTWxq3bGGNRwab
IFxC7HxkOvM=
=tWBz
-----END PGP SIGNATURE-----




IWS INFOCON Mailing List
@ IWS - The Information Warfare Site
http://www.iwar.org.uk

















    











					Reply via email to