home *** CD-ROM | disk | FTP | other *** search
- =============== SPONSORED BY WINDOWS NT MAGAZINE ==================
- Power + Speed = Windows NT Magazine Article Archive CD. Fight your
- NT fires quickly and intelligently with this complete collection of
- Windows NT Magazine articles. Search by keyword, subject, issue,
- author, or month, and find the right solution in seconds. Includes
- the entire article database from our September 1995 premiere issue
- to December 1999.
- http://winntmag.com/OurProducts/ArchiveCD/
- ====================================================================
-
- December 23, 1999 - Security UPDATE Alert - Several new security
- are being reported in this alert. Georgio Guninski discovered
- yet another problem with Internet Explorer 5.x and cross frame
- navigation. No patch is available at this time.
-
- USSRLabs reported a denial of service condition in ZBServer v1.5.
-
- Microsoft reported a problem with Outlook 5, as well as Internet
- Explorer 4.5 on Macintosh platform. The Outlook problem could lead
- to a Trojan infection of the local system. The IE problem pertains
- to certificates. Patches are now available.
-
- Microsoft reported that Internet Information Server (IIS) is prone
- to reveal source code under certain conditions. Patches are now
- available.
-
- Microsoft also revealed problems with the way IIS handles escape
- character parsing. Patches are available for this problem as well.
-
- Norton Antivirus 2000 was reported to contain a serious buffer
- overflow condition. No vendor response is known at this time.
-
- Kevork Belian shows how easy it is to crash an SQL Server 7.0 using
- a very simple malformed packet. Microsoft has now issued a patch for
- this month old problem.
-
- For complete details on each of the discoveries, please visit our
- Web site at the URLs listed below:
-
- - IE 5.01 Cross Frame Navigation
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/ie58.htm
- - ZBServer v1.5 Denial of Service
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/zbnserver1.htm
- - Outlook 5 and IE 4.5 for Macintosh
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/outlook51.htm
- - IIS Reveals Source Code
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis4-2.htm
- - IIS Escape Char Processing
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/iis4-3.htm
- - Norton Antivirus 2000
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/nav20001.htm
- - SQL 7.0 Denial of Server
- http://www.ntsecurity.net/scripts/loader.asp?iD=/security/sql7-2.htm
-
- Thanks for subscribing to Security UPDATE.
-
- Please tell your friends about this newsletter and alert list!
-
- Sincerely,
- The Security UPDATE Team
- security@ntsecurity.net
-
- =======================================================================
- TO UNSUBSCRIBE from this alert list DO NOT REPLY, instead send e-mail
- to listserv@listserv.ntsecurity.net with the words "unsubscribe
- securityupdate" in the body of the message without the quotes.
-
- TO SUBSCRIBE to this alert list, send e-mail to the same address listed
- above with the words "subscribe securityupdate anonymous" in the body
- of the message without the quotes.
- =======================================================================
- Security UPDATE is powered by LISTSERV(R) software
- http://www.lsoft.com/LISTSERV-powered.html
- =======================================================================
- Copyright (c) 1999 Duke Communications Intl. Inc. - ALL RIGHTS RESERVED
- Forwarding this email is permitted, as long as the entire message body,
- the mail header, and this notice are included.
-
-
