News

Wednesday, November 22, 2006

SecurityFocus Microsoft Newsletter #318

SecurityFocus Microsoft Newsletter #318
----------------------------------------

This Issue is Sponsored by: Netgear

Stay connected even when you are out of the office
All you need is a web browser and a PC. NETGEAR's ProSafe SSL VPN Concentrator 25 uses the SSL internet protocol to securely connect up to 25 concurrent remote users to corporate resources and e-mail. No client application needed. Visit the URL below

http://newsletter.industrybrains.com/c?fe;1;632e9;16e5c;2b2;0;da4


------------------------------------------------------------------
I. FRONT AND CENTER
1. Vista's EULA Product Activation Worries
II. MICROSOFT VULNERABILITY SUMMARY
1. Windows Media Player ASX PlayList File Denial of Service Vulnerability
2. Passgo SSO Plus Local Insecure Default Directory Permisions Vulnerability
3. XMPlay Playlist Files Remote Buffer Overflow Vulnerability
4. ImageMagick SGI Image File Unspecified Remote Heap Buffer Overflow Vulnerability
5. Conti FTP Insecure Default Accounts and Directory Traversal Vulnerabilities
6. TFTPD32 Filename Remote Buffer Overflow Vulnerability
7. Alt-N MDaemon Local Insecure Default Directory Permisions Vulnerability
8. NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
9. Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
10. Pragma Systems FortressSSH Unspecified Stack Buffer Overflow Vulnerability
11. Biba Selenium Web Server Multiple Vulnerabilities
12. Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
13. Teamtek Universal FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
14. Microsoft Active Directory Unspecified Denial of Service Vulnerability
15. Conxint FTP Multiple Directory Traversal Vulnerabilities
16. WinZip ActiveX Control Remote Code Execution Vulnerability
17. AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
18. ASP Portal Default1.ASP SQL Injection Vulnerability
19. Microsoft Agent ActiveX Control Remote Code Execution Vulnerability
20. D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack Buffer Overflow Vulnerability
21. AVG Anti-Virus Multiple Remote Code Execution Vulnerabilities
22. Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
23. Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
24. Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability
25. Microsoft Client Service for Netware Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Microsoft Word Macro Security
2. DNS recursive
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Vista's EULA Product Activation Worries
By Mark Rasch
Mark Rasch looks at the license agreement for Windows Vista and how its product activation component, which can disable operation of the computer, may be like walking on thin ice.
http://www.securityfocus.com/columnists/423


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Windows Media Player ASX PlayList File Denial of Service Vulnerability
BugTraq ID: 21247
Remote: Yes
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21247
Summary:
Windows Media Player is prone to a denial-of-service issue.

An attacker can exploit this issue to crash the affected server, denying service to legitimate users.

This issue affects Windows Media Player version 10.00.00.4036; other versions may also be affected.

2. Passgo SSO Plus Local Insecure Default Directory Permisions Vulnerability
BugTraq ID: 21244
Remote: No
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21244
Summary:
Passgo SSO Plus is prone to a local insecure-default-directory-persmissions vulnerability.

A local attacker could exploit this issue to have arbitrary code execute with elevated privileges.

Versions 2.1.0.32 is vulnerable; other versions may also be affected.

3. XMPlay Playlist Files Remote Buffer Overflow Vulnerability
BugTraq ID: 21206
Remote: Yes
Date Published: 2006-11-20
Relevant URL: http://www.securityfocus.com/bid/21206
Summary:
XMPlayer is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds check user-supplied data prior to loading malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or trigger a denial-of-service condition.

XMPlayer 3.3.0.4 is vulnerable to this issue; other versions may also be affected.

4. ImageMagick SGI Image File Unspecified Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 21185
Remote: Yes
Date Published: 2006-11-20
Relevant URL: http://www.securityfocus.com/bid/21185
Summary:
ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

ImageMagick versions in the 6.x series, up to version 6.2.8, are vulnerable to this issue.

5. Conti FTP Insecure Default Accounts and Directory Traversal Vulnerabilities
BugTraq ID: 21174
Remote: Yes
Date Published: 2006-11-18
Relevant URL: http://www.securityfocus.com/bid/21174
Summary:
Conti FTP is prone to an insecure-default-accounts vulnerability and a directory-traversal vulnerability.

An attacker could exploit these issues to access or modify arbitrary files on the affected computer. This may result in the compromise of the computer; other attacks are possible.

Conti FTP 1.0 is vulnerable; other versions may also be affected.

6. TFTPD32 Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 21148
Remote: Yes
Date Published: 2006-11-17
Relevant URL: http://www.securityfocus.com/bid/21148
Summary:
TFTPD32 is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.

Version 3.01 is vulnerable.

7. Alt-N MDaemon Local Insecure Default Directory Permisions Vulnerability
BugTraq ID: 21127
Remote: No
Date Published: 2006-11-16
Relevant URL: http://www.securityfocus.com/bid/21127
Summary:
MDaemon is prone to a local insecure-default-directory-persmissions vulnerability.

A local attacker could exploit this issue to have arbitrary code execute with SYSTEM-level privileges.

Versions 9.0.5, 9.0.6, 9.51, and 9.53 are vulnerable; other versions may also be affected.

8. NetGear WG111v2 Wireless Driver Long Beacon Buffer Overflow Vulnerability
BugTraq ID: 21126
Remote: Yes
Date Published: 2006-11-16
Relevant URL: http://www.securityfocus.com/bid/21126
Summary:
NetGear WG111v2 Wireless device is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

The WG111v2.SYS driver is primarily used on the Microsoft Window operating system. Note, however, that Linux and BSD machines using the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.

Note also that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections.

Version 5.1213.6.316 of the WG111v2.SYS driver is vulnerable to this issue; Other versions may also be affected

9. Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21108
Remote: Yes
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21108
Summary:
Sky Software FileView is prone to a remote code-execution vulnerability.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control. Attackers may be able to compromise affected computers.

Sky Software FileView is included with several applications including WinZip. Versions of WinZip in the 10.0 series prior to build 7245 are vulnerable to this issue. Other unspecified packages may also include the affected ActiveX controls.

This issue is different from the one described in BID 21060 (WinZip ActiveX Control Remote Code Execution Vulnerability).

10. Pragma Systems FortressSSH Unspecified Stack Buffer Overflow Vulnerability
BugTraq ID: 21106
Remote: Yes
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21106
Summary:
Pragma Systems FortressSSH is prone to an unspecified remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

Version 4.0 is vulnerable; other versions may also be affected.

11. Biba Selenium Web Server Multiple Vulnerabilities
BugTraq ID: 21100
Remote: Yes
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21100
Summary:
Biba Selenium Web Server is prone to a cross-site scripting because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may lead to other attacks.

12. Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 21097
Remote: No
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21097
Summary:
Outpost Firewall PRO is prone to multiple local denial-of-service vulnerabilities because the application fails to properly handle unexpected input.

Exploiting these issues allows local attackers to crash affected computers, denying service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.

Outpost Firewall PRO versions 4.0 (964.582.059) and 4.0 (971.584.079) are vulnerable to these issues; other versions may also be affected.

13. Teamtek Universal FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 21085
Remote: Yes
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21085
Summary:
Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

We are currently unable to confirm the affected versions due to conflicting product information.

14. Microsoft Active Directory Unspecified Denial of Service Vulnerability
BugTraq ID: 21083
Remote: Yes
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21083
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability due to an unspecified error.

Successful exploits will result in denial-of-service conditions.

15. Conxint FTP Multiple Directory Traversal Vulnerabilities
BugTraq ID: 21081
Remote: Yes
Date Published: 2006-11-15
Relevant URL: http://www.securityfocus.com/bid/21081
Summary:
Conxint is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Exploiting these issues may allow a remote attacker to access any file on the affected webserver.

Version 2.2.0603 is vulnerable to this issue; other versions may also be affected.

16. WinZip ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21060
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21060
Summary:
WinZip is prone to a remote code-execution vulnerability in an ActiveX control that is installed with the package.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.

WinZip versions in the 10.0 series prior to build 7245 are vulnerable to this issue.

17. AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
BugTraq ID: 21058
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21058
Summary:
The ALTOOLS ALFTP server is prone to authentication-bypass and information-disclosure vulnerabilities. These issues occur when a user submits certain commands.

Exploiting these issues could allow an attacker to gain sensitive directory information or to create directories in unauthorized locations. This could aid in further attacks.

Version 4.1 BETA1 is vulnerable; other version may also be affected.

18. ASP Portal Default1.ASP SQL Injection Vulnerability
BugTraq ID: 21039
Remote: Yes
Date Published: 2006-11-13
Relevant URL: http://www.securityfocus.com/bid/21039
Summary:
ASP Portal is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

ASP Portal 4.0.0 and prior versions are vulnerable.

19. Microsoft Agent ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 21034
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21034
Summary:
The Microsoft Agent ActiveX control is prone to remote code execution.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

20. D-Link DWL-G132 ASAGU.SYS Wireless Device Driver Stack Buffer Overflow Vulnerability
BugTraq ID: 21032
Remote: Yes
Date Published: 2006-11-13
Relevant URL: http://www.securityfocus.com/bid/21032
Summary:
The D-Link Wireless Device Driver for DWL-G132 devices is prone to a stack-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

The ASAGU.SYS driver is primarily used on the Microsoft Window operating system. Note, however, that Linux and BSD machines using the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.

Note also that this vulnerability can be exploited only when an attacker is within the range of broadcast of 802.11 wireless connections.

Version 1.0.1.41 of the ASAGU.SYS driver is reported vulnerable; other versions may also be affected.

21. AVG Anti-Virus Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 21029
Remote: Yes
Date Published: 2006-11-13
Relevant URL: http://www.securityfocus.com/bid/21029
Summary:
AVG Anti-Virus is prone to multiple remote code-execution vulnerabilities because of flaws in the software's file-parsing engine.

Successfully exploiting these issues allows remote attackers to execute code with elevated privileges, facilitating the complete compromise of affected computers.

AVG Anti-Virus versions prior to 7.1.407 are vulnerable to these issues.

22. Microsoft Windows Client Service For Netware Remote Code Execution Vulnerability
BugTraq ID: 21023
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21023
Summary:
Microsoft Client Service for Netware is prone to a remote code-execution vulnerability.

A remote attacker can exploit this vulnerability to execute arbitrary code in the context of the user running the affected service.

Note that the Client Service for Netware is not installed by default on any affected operating system.

23. Microsoft Internet Explorer HTML Rendering Remote Code Execution Vulnerability
BugTraq ID: 21020
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/21020
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser renders HTML with certain layout combinations. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser.

This issue affects Internet Explorer on Windows 2000, Windows XP, and Windows Server 2003.

24. Microsoft Windows Workstation Service NetpManageIPCConnect Remote Code Execution Vulnerability
BugTraq ID: 20985
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/20985
Summary:
Microsoft Windows Workstation service is prone to a remote code-execution vulnerability.

Exploiting this issue allows remote, anonymous attackers to execute arbitrary machine code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected computers.

Attackers require administrative privileges to exploit this issue on Windows XP SP2 computers. Anonymous attackers may exploit this issue on Windows 2000 computers.

25. Microsoft Client Service for Netware Denial of Service Vulnerability
BugTraq ID: 20984
Remote: Yes
Date Published: 2006-11-14
Relevant URL: http://www.securityfocus.com/bid/20984
Summary:
Microsoft Client Service for Netware is prone to a denial-of-service vulnerability.

Exploiting this issue would cause the affected computer to crash, denying service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Microsoft Word Macro Security
http://www.securityfocus.com/archive/88/451766

2. DNS recursive
http://www.securityfocus.com/archive/88/451486

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Netgear

Stay connected even when you are out of the office
All you need is a web browser and a PC. NETGEAR's ProSafe SSL VPN Concentrator 25 uses the SSL internet protocol to securely connect up to 25 concurrent remote users to corporate resources and e-mail. No client application needed. Visit the URL below

http://newsletter.industrybrains.com/c?fe;1;632e9;16e5c;2b2;0;da4

No comments:

Blog Archive