Computing.Net > Forums > Security and Virus > Microsoft Apps Share Mozilla Bug

Specialty Forums
Security and Virus
General Hardware
CPUs/Overclocking
Networking
Digital Photo/Video
Office Software
PC Gaming
Console Gaming
Programming
Database
Web Development
Digital Home

General Forums
Windows XP
Windows Vista
Windows 95/98
Windows Me
Windows NT
Windows 2000
Win Server 2008
Win Server 2003
Windows 3.1
Linux
PDAs
BeOS
Novell Netware
OpenVMS
Solaris
Disk Op. System
Unix
Mac
OS/2

The Lounge

Drivers
Driver Scan
Driver Forum

Software
Automatic Updates

BIOS Updates

My Computing.Net

Howtos

Site Search

Message Find

Data Recovery

About

Microsoft Apps Share Mozilla Bug

Reply to Message Icon
Original Message
Name: IronMan
Date: July 14, 2004 at 10:58:57 Pacific
Subject: Microsoft Apps Share Mozilla Bug
OS: XP
CPU/Ram: P4 512MB
Comment:


It never stops; few are surprised. Published in PC World.
__________________________________

Vulnerability patched in browser last week also exists in Messenger, Word.

Paul Roberts

Popular Microsoft products may be vulnerable to a security vulnerability that is similar to one patched for the Mozilla Web browsers last week.

Microsoft's MSN Messenger and Word both support a feature that could give remote users access to functions that could be used launch applications on Windows computers, according to an alert from Secunia, which tracks software vulnerabilities.

A Microsoft spokesperson says the company is investigating the reports, but is not aware of any attacks using the vulnerabilities.

The applications both fail to restrict access to the "shell:" URI (Universal Resource Identifier). The feature allows Windows users or software applications to launch programs associated with specific file extensions such as doc (associated with Word) or txt (associated with Notepad, the Windows text editing program), says Secunia, of Copenhagen.

Malicious hackers could launch programs associated with specific extensions using links embedded in Word documents or instant messages sent using MSN. However, the vulnerability does not allow attackers to pass instructions to the programs, which would allow more sophisticated attacks, Secunia says.

Last week, the Mozilla Foundation issued patches for a similar flaw in Windows versions of its Web browsers, Firefox and Thunderbird, and the Mozilla Application Suite.

News of the Mozilla flaws came amid increasing interest in alternative Web browsers after news broke about a number of serious security vulnerabilities in Microsoft's Internet Explorer Web browser that were being used in stealthy Web-based attacks.

According to data compiled by WebSideStory, a San Diego Web measurement company, Internet Explorer's share of the browser market dropped by 1 percent in the last month, the first noticeable decline since the company began tracking the browser market in late 1999.

On July 2, Microsoft released a software update that disables a Windows component called ADODB.Stream, which was used in the Web attacks, and promised more updates for Windows and Internet Explorer to address the security issues.

If necessary, Microsoft could issue a fix for the MSN Messenger and Word flaws through its monthly software update process or an emergency patch, the company spokesperson says.

Microsoft expressed displeasure at the release of information on the product vulnerabilities, which were first publicized in the Full Disclosure discussion list, a public online forum for those interested in computer software vulnerabilities.

"We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality patches for security vulnerabilities with no exposure to malicious attackers while the update is being developed," Microsoft says in an e-mail statement.


Report Offensive Message For Removal








Use following form to reply to current message: 

   Name: From My Computing.Net Settings
 E-Mail: From My Computing.Net Settings

Subject: Microsoft Apps Share Mozilla Bug

Comments:
            
         

 


  Homepage URL (*): 
Homepage Title (*): 
         Image URL:
 
Data Recovery Software



Have you ever used OpenOffice?

Yes, as my main suite.
Yes, occationally.
Yes, but only once.
No, never.


View Results

Poll Finishes In 5 Days.
Discuss in The Lounge


Bootable cd and start SIW

western digital 80GB HD problem.

windows remote access vpn auth

can't get logged in on myspace, hel

Adware, Virus

All Posts Awaiting Replies