copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

AL-2006.0051 -- [Win] -- Microsoft Hyperlink Object Library stack buffer overflow

Date: 23 June 2006
References: AU-2006.0021  ESB-2006.0564  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2006.0051 -- AUSCERT ALERT
                                   [Win]
         Microsoft Hyperlink Object Library stack buffer overflow
                               23 June 2006

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:              Microsoft Windows
                      Applications using HLINK.DLL to handle hyperlinks
Publisher:            US-CERT
Impact:               Execute Arbitrary Code/Commands
Access:               Remote/Unauthenticated
CVE Names:            CVE-2006-3086

Ref:                  AU-2006.0021

Original Bulletin:    http://www.kb.cert.org/vuls/id/394444

Comment: This advisory provides further information on the vulnerability
         reported in AU-2006-0021.
         
         Currently Microsoft Office applications are confirmed as using
         the vulnerable component. Other software may also be affected.
         Exploit code for this vulnerability is publicly available.
         
         No official advisory or fix is available from Microsoft at
         this point.

- --------------------------BEGIN INCLUDED TEXT--------------------

US-CERT Vulnerability Note VU#394444
Microsoft Hyperlink Object Library stack buffer overflow

Overview

	The Microsoft Windows system library for handling hyperlinks contains
	a buffer overflow. Exploitation of this vulnerability may allow an
	attacker to execute arbitrary code.

I. Description

	Microsoft Hyperlink Object Library (HLINK.DLL)

	The Hyperlink Object Library provides interfaces for handling
	hyperlinks. More information is available in the Microsoft Hyperlinks
	Guide.

The Problem

	There is a stack-based buffer overflow in the Microsoft Hyperlink
	Object Library. The overflow may be triggered by clicking a specially
	crafted hyperlink. Note that any program that links to the HLINK.DLL
	library may be vulnerable, including Microsoft Office applications.

	Exploit code for this vulnerability is publicly available.

II. Impact

	By convincing a user to access a specially crafted hyperlink, an
	attacker could execute arbitrary code with the privileges of the
	attacked user. If the user is logged in with administrative privileges,
	the attacker could take complete control of a vulnerable system.

III. Solution

	There is currently no patch or update to correct this problem. Until
	a solution is available, refer to the workaround below.

	Do not follow unsolicited hyperlinks

	Do not click on unsolicited links received in email or embedded in
	Office documents. Exploitation of this vulnerability requires a user
	to click a specially crafted link. By only accessing hyperlinks from
	known and trusted sources, the chances of exploitation are reduced.

Systems Affected

	Vendor	Status	Date Updated
	Microsoft Corporation	Vulnerable	21-Jun-2006

References

	http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
	http://msdn.microsoft.com/workshop/misc/hlink/reference/ifaces/ihlink/ihlink.asp
	http://msdn.microsoft.com/library/default.asp?url=/workshop/misc/hlink/overview/overview.asp

Credit

	This vulnerability was reported by kcope.

	This document was written by Jeff Gennari.
	Other Information
	Date Public	06/18/2006
	Date First Published	06/21/2006 02:49:04 PM
	Date Last Updated	06/21/2006
	CERT Advisory	 
	CVE Name	CVE-2006-3086
	Metric	37.50
	Document Revision	53

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRJtSeih9+71yA2DNAQIGoQP/aH4U5OXP1mXQx2+qaxyXHvknuQb8ZmDX
FqOtmgfo6JtDF5bBgC8Px9vLzCaYF2gb5gFNxS1jGIoKK+vr85EBQE8yiV94VS0a
6flSvVEscencegZXOhFzreOx8YBQcI09n9coz9jgPhVxqBp9ZIKrfgiKhyDq0P2w
89AyLQTESyA=
=2CO1
-----END PGP SIGNATURE-----