News

Loading...

Tuesday, November 28, 2006

SecurityFocus Microsoft Newsletter #319

SecurityFocus Microsoft Newsletter #319
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Ce5v

------------------------------------------------------------------
I. FRONT AND CENTER
1. A Hard Lesson in Privacy
2. Vulnerability Scanning Web 2.0 Client-Side Components
II. MICROSOFT VULNERABILITY SUMMARY
1. Quinnware Quintessential Player Playlist Files Remote Memory Corruption Vulnerability
2. MailEnable WebAdmin Unauthorized Access Vulnerability
3. WarHound General Shopping Cart Item.ASP SQL Injection Vulnerability
4. 3Com 3CTftpSvc Filename Remote Buffer Overflow Vulnerability
5. Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
6. 3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability
7. MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability
8. Microsoft Office HTMLMARQ.OCX Library Denial of Service Vulnerability
9. Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability
10. MailEnable IMAP Service Unspecified Buffer Overflow Vulnerability
11. NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
12. Windows Media Player ASX PlayList File Denial of Service Vulnerability
13. Passgo SSO Plus Local Insecure Default Directory Permisions Vulnerability
14. XMPlay Playlist Files Remote Buffer Overflow Vulnerability
15. ImageMagick SGI Image File Unspecified Remote Heap Buffer Overflow Vulnerability
16. Conti FTP Insecure Default Accounts and Directory Traversal Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. 'conflict' between offline files and SMB signing?
2. SecurityFocus Microsoft Newsletter #318
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A Hard Lesson in Privacy
By Scott Granneman
Scott Granneman looks at a hard lesson in personal privacy and security through the lens of a very public and well-known female television show host in Europe.
http://www.securityfocus.com/columnists/424

2. Vulnerability Scanning Web 2.0 Client-Side Components
By Shreeraj Shah
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
http://www.securityfocus.com/infocus/1881


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Quinnware Quintessential Player Playlist Files Remote Memory Corruption Vulnerability
BugTraq ID: 21331
Remote: Yes
Date Published: 2006-11-28
Relevant URL: http://www.securityfocus.com/bid/21331
Summary:
Quinnware Quintessential Player is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or trigger a denial-of-service condition.

Quintessential Player version 4.50.1.82 is vulnerable to this issue; other versions may also be affected.

2. MailEnable WebAdmin Unauthorized Access Vulnerability
BugTraq ID: 21325
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21325
Summary:
MailEnable is prone to a vulnerability that can allow remote attackers to gain unauthorized access to the Web administration console of the application.

MailEnable Professional Edition 2.32 and Enterprise Edition 2.32 are reported to be affected by this issue. Other versions may be vulnerable as well.

3. WarHound General Shopping Cart Item.ASP SQL Injection Vulnerability
BugTraq ID: 21324
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21324
Summary:
WarHound General Shopping Cart is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

4. 3Com 3CTftpSvc Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 21322
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21322
Summary:
3CTftpSvc is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.

3CTftpSvc 2.0.1 and prior versions are reported to be vulnerable. Other versions may be affected as well.

5. Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 21320
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21320
Summary:
AT-TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.

AT-TFTP 1.9 is reported to be vulnerable. Other versions may be affected as well.

6. 3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability
BugTraq ID: 21301
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21301
Summary:
3Com TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.

Version 2.0.1 is vulnerable; other versions may also be affected.

7. MidiCart ASP Item_Show.ASP ID2006quant Parameter SQL Injection Vulnerability
BugTraq ID: 21273
Remote: Yes
Date Published: 2006-11-24
Relevant URL: http://www.securityfocus.com/bid/21273
Summary:
MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

8. Microsoft Office HTMLMARQ.OCX Library Denial of Service Vulnerability
BugTraq ID: 21262
Remote: Yes
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21262
Summary:
The Microsoft Office HTMLMARQ.OCX library is prone to a denial-of-service issue.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Remote code execution may also be possible, but this has not been confirmed.

This issue affects Microsoft Office 97 for Windows; other versions may also be affected.

9. Business Objects Crystal Reports XI Professional File Handling Buffer Overflow Vulnerability
BugTraq ID: 21261
Remote: Yes
Date Published: 2006-11-23
Relevant URL: http://www.securityfocus.com/bid/21261
Summary:
Business Objects Crystal Reports XI Professional is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An atacker may exploit this issue by enticing a victim user into opening a malicious document file, resulting in the execution of arbitrary code with privileges of the vulnerable application. Failed exploit attemtps will likely result in denial-of-service conditions.

10. MailEnable IMAP Service Unspecified Buffer Overflow Vulnerability
BugTraq ID: 21252
Remote: Yes
Date Published: 2006-11-23
Relevant URL: http://www.securityfocus.com/bid/21252
Summary:
MailEnable is prone to a buffer-overflow vulnerability in the IMAP service because the application fails to properly bounds-check unspecified user-supplied data.

This issue is reported to affect the following MailEnable versions, but other versions may also be vulnerable:

1.9-1.82 Professional Edition
1.1-1.30 Enterprise Edition
2.0-2.32 Professional Edition
2.0-2.32 Enterprise Edition

11. NetGear WG311v1 Wireless Driver SSID Heap Buffer Overflow Vulnerability
BugTraq ID: 21251
Remote: Yes
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21251
Summary:
NetGear WG311v1 Wireless devices are prone to a heap-based buffer-overflow vulnerability because the driver fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the kernel hosting the vulnerable driver. Failed attempts will likely crash the kernel, resulting in denial-of-service conditions.

Although the WG311v1ND5.SYS driver is used primarily on Microsoft Windows, users of Linux and BSD machines running the 'ndiswrapper' tool should determine if they are using a vulnerable instance of the driver.

Version 2.3.1.10 of the WG311v1ND5.SYS driver is vulnerable to this issue; other versions may also be affected.

12. Windows Media Player ASX PlayList File Denial of Service Vulnerability
BugTraq ID: 21247
Remote: Yes
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21247
Summary:
Windows Media Player is prone to a denial-of-service issue.

An attacker can exploit this issue to crash the affected server, denying service to legitimate users.

This issue affects Windows Media Player version 10.00.00.4036; other versions may also be affected.

13. Passgo SSO Plus Local Insecure Default Directory Permisions Vulnerability
BugTraq ID: 21244
Remote: No
Date Published: 2006-11-22
Relevant URL: http://www.securityfocus.com/bid/21244
Summary:
Passgo SSO Plus is prone to a local insecure-default-directory-persmissions vulnerability.

A local attacker could exploit this issue to have arbitrary code execute with elevated privileges.

Passgo SSO Plus 2.1.0.32 is vulnerable; other versions may also be affected.

14. XMPlay Playlist Files Remote Buffer Overflow Vulnerability
BugTraq ID: 21206
Remote: Yes
Date Published: 2006-11-20
Relevant URL: http://www.securityfocus.com/bid/21206
Summary:
XMPlay is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to loading malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or trigger a denial-of-service condition.

XMPlay 3.3.0.4 is vulnerable to this issue; other versions may also be affected.

15. ImageMagick SGI Image File Unspecified Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 21185
Remote: Yes
Date Published: 2006-11-20
Relevant URL: http://www.securityfocus.com/bid/21185
Summary:
ImageMagick is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

ImageMagick versions in the 6.x series, up to version 6.2.8, are vulnerable to this issue.

16. Conti FTP Insecure Default Accounts and Directory Traversal Vulnerabilities
BugTraq ID: 21174
Remote: Yes
Date Published: 2006-11-18
Relevant URL: http://www.securityfocus.com/bid/21174
Summary:
Conti FTP is prone to an insecure-default-accounts vulnerability and a directory-traversal vulnerability.

An attacker could exploit these issues to access or modify arbitrary files on the affected computer. This may result in the compromise of the computer; other attacks are possible.

Conti FTP 1.0 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. 'conflict' between offline files and SMB signing?
http://www.securityfocus.com/archive/88/452549

2. SecurityFocus Microsoft Newsletter #318
http://www.securityfocus.com/archive/88/452452

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps
The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities.

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Ce5v

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive