Three Microsoft Bugs Found Date: Wednesday, February 08 @ 17:58:38 UTC Topic: Off Topic Microsoft is warning of two bugs in its software that could potentially give unauthorized control or access over a person's computer, while a third problem has been highlighted by a security research company. One vulnerability revisits the Windows Metafile (WMF) debacle from December, but impacts fewer users. The bug is in Internet Explorer (IE) 5.01 Service Pack 4 on the Windows 2000 Service Pack 4 OS and IE 5.5 Service Pack 2 on Windows Millennium, Microsoft says. An attacker could gain control if a user opened a malicious e-mail attachment or if a user were persuaded into visiting a Web site that had a specially-crafted WMF image, Microsoft says. A patch has not been issued, but Microsoft says the issue is under investigation, and an out-of-cycle patch could be provided depending on customer needs. Microsoft typically issues patches on the second Tuesday of the month, due this month on February 14. Second Flaw Found A second vulnerability could allow a person with low-user privileges gain higher-level access, Microsoft says. Proof-of-concept code that has been released attempts to exploit overly permissive access controls on third-party application services, along with the default services of Windows XP Service Pack 1 and Windows Server 2003, the company says. No attacks have been reported. Microsoft says several factors diminish the threat of the problem. Those running Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1--the latest updates of the software--are not affected, and someone who launches an attack would need authenticated access to the affected OS, it says. Security vendor Secunia detailed a third vulnerability involving Microsoft's HTML Help Workshop, software that can create online help for a software application or Web site content. Secunia says the problem "is caused due to a boundary error within the handling of a '.hhp' file that contains an overly long string in the 'contents file' field. This can be exploited to cause a stack-based buffer overflow and allows arbitrary code execution when a malicious '.hhp' file is opened." The bug could allow arbitrary code to be executed on a computer, Secunia says. An exploit has been released, and Secunia advises that untrusted.hhp files not be opened. News-Source: http://news.yahoo.com This article comes from XBOX-HQ.COM https://www.xbox-hq.com/html The URL for this story is: https://www.xbox-hq.com/html/modules.php?name=News&file=article&sid=2877