Multiple Vulnerabilities

• Internet Explorer

  Multiple Vulnerabilities in Microsoft Internet Explorer
  Versions Affected: Microsoft Internet Explorer 6.0, 5.5, and 5.01
  
  1. IE can be forced to use the intranet zone to open a site rather than the correct Internet zone.
  2. By encoding an URL in a particular way, an attacker can include and send HTTP requests to the site after establishing a connection and it will look like a qualified user sent the requests. If exploited against a Web-based service (such as a Web-based mail service), the attacker can take action on the user’s behalf, including sending a request to delete data.
  3. An attacker can use the logging option to start a Telnet session, and stream an executable file onto the user’s system in a location that automatically executes the file the next time the user boots the machine. The vulnerability doesn't lie in the Telnet client, but in IE, which shouldn't let an attacker start Telnet remotely with command-line arguments.

• Excel and Powerpoint

  Excel and Powerpoint Macro Checking Bypass
  Versions Affected:
  • Microsoft Excel 98, 2000, 2001, 2002
  • Microsoft PowerPoint 98, 2000, 2001, 2002
  The vulnerability might let a malicious user bypass macro-checking to automatically execute a script when opening a document.

• AoL Instant Messenger

  Denial of Service in AOL Instant Messenger
  Versions Affected: America Online (AOL) Instant Messenger 4.7.2480 and 4.3.2229
  A Denial of Service (DoS) condition exists in AOL Instant Messenger. An attacker who can send instant messages to a user signed on to the AOL Instant Messenger service can crash that user's AOL Instant Messenger. The default settings let anyone send instant messages to the user. When an attacker sends text message of "<!-- " repeatedly (approximately 640 or more times), the instant messenger client crashes. To minimize exposure to this vulnerability, users should restrict the ability to receive instant messages to only the people the users select.

Previous TCS Virus Alerts:

• Vote Virus
• Nimda
• Multiple Virus Reports SirCam and Code Red
• AOL Virus Hoax
• SULFNBK Hoax
• Homepage Virus
• NakedWife worm deletes Windows files
• Tennis Star - Anna virus alert
• Navidad
• Pikachu Virus
• Two Threats
• Net Zip Spy
• LIFE_STAGES.TXT
• New Love
• I Love You
• 911 Virus Report
• Denial of Service Attacks
• NewApt
• MiniZip