SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   NetMeeting Vendors:   Microsoft
Microsoft Windows Can Be Crashed By Remote Users via Malformed NetMeeting URLs
SecurityTracker Alert ID:  1006803
SecurityTracker URL:  http://securitytracker.com/id/1006803
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 21 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): Windows 2000 Server SP3 with IE 6.0 SP1; Windows XP Pro with IE 6.0
Description:   A denial of service vulnerability was reported in the Microsoft Windows 2000 and XP operating systems in the processing of NetMeeting URLs. A remote user can create a URL that, when loaded, will cause the operating system to crash.

It is reported that a malformed NetMeeting CallTo URL (callto:msils) can trigger a 'Kmode' exception. According to this and other reports, the crash does not occur consistently, but it has been observed on the Windows 2000 SP3 and Windows XP Pro.

A demonstration exploit URL is provided:

callto:msils/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaAAAAAAAAAAAAAAAAAAAAAAAAaaaAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAA+type=directory

A Spanish language version of the advisory is available at:

http://nautopia.org/vulnerabilidades/callto_bluescreen.htm

The vendor has reportedly been notified.

Impact:   A remote user can create a URL that, when loaded by the target user, will cause the target user's operating system to crash (blue screen).
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/technet/security/ (Links to External Site)
Cause:   Exception handling error

Message History:   None.


 Source Message Contents

Subject:  Blue screen in Windows


Issue :

Blue screen in Windows


Tested versions :

W2000 Server Sp3 with IE 6.0 Sp1
XP Pro with IE 6.0


Vendor status :

MS is investigating the issue but as they spent months to just acknowledge
it I decided to publish it


Description :

With Internet Explorer you can make calls using netmeeting ,
navigating to callto Urls . On the systems tested if you try to
navigate to a specially crafted callto url Windows halt with a
particulary not after rebooting from the system halt , but the issue
was confirmed in two different computers .

shown in the BSOD .


Exploit :

In the spanish version of this advisory you can find a demonstration

http://nautopia.org/vulnerabilidades/callto_bluescreen.htm



Regards ,

David F. Madrid ,
Madrid , Spain


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC