News

Wednesday, December 06, 2006

SecurityFocus Microsoft Newsletter #320

SecurityFocus Microsoft Newsletter #320
----------------------------------------

This Issue is Sponsored by: Watchfire

Watchfire announces AppScan 7.0! The industry's only web application security scanner with new features that include Privilege Escalation Testing, Validation Highlighting and Reasoning and Complex Authentication Support to automate even more scanning and provide greater visibility and control for security professionals, penetration testers and QA staff. See for yourself. Download an evaluation copy of AppScan now!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTx

------------------------------------------------------------------
I. FRONT AND CENTER
1. Christmas Shopping: Vista Over XP?
2. Vulnerability Scanning Web 2.0 Client-Side Components
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Word Unspecified Remote Code Execution Vulnerability
2. Microsoft Internet Explorer Frame Src Denial Of Service Vulnerability
3. JustSystems Multiple Products Unspecified Buffer Overflow Vulnerability
4. SMF Image File HTML Injection Vulnerability
5. Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
6. BlazeVideo HDTV PLF Stack Buffer Overflow Vulnerability
7. CoolPlayer Multiple Buffer Overflow Vulnerabilities
8. Outpost Firewall PRO Security Bypass Weakness
9. Invision Gallery Index.PHP IMG Parameter SQL Injection Vulnerability
10. Palm Desktop Application Directory Local Insecure Permissions Vulnerability
11. AtomixMP3 M3U File Path Buffer Overflow Vulnerability
12. Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
13. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
14. MailEnable IMAP Service Multiple Buffer Overflow Vulnerabilities
15. Business Objects Crystal Reports Predictable Session Identifiers Session Hijacking Vulnerability
16. Songbird Media Player Denial of Service Vulnerability
17. Telnet-FTP Server Remote Denial of Service Vulnerability
18. Telnet-FTP Server Directory Traversal Vulnerability
19. BlazeVideo BlazeDVD Playlist Files Remote Memory Corruption Vulnerability
20. Quinnware Quintessential Player Playlist Files Remote Memory Corruption Vulnerability
21. MailEnable WebAdmin Unauthorized Access Vulnerability
22. WarHound General Shopping Cart Item.ASP SQL Injection Vulnerability
23. 3Com 3CTftpSvc Filename Remote Buffer Overflow Vulnerability
24. Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
25. 3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability
26. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #320
2. DNS recursive
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Christmas Shopping: Vista Over XP?
By Federico Biancuzzi
Microsoft has announced Vista's release dates. From a security standpoint what choice should consumers take during this Christmas shopping season? Most will be faced with Windows XP only or Windows XP with Microsoft's Express Upgrade option to Vista. Federico Biancuzzi interviewed a wide range of security researchers and anti-virus folks to get some consensus on the security of Vista over Windows XP for consumers, with some advice for corporate users as well.
http://www.securityfocus.com/columnists/425

2. Vulnerability Scanning Web 2.0 Client-Side Components
By Shreeraj Shah
This article discusses the challenges faced when vulnerability scanning Web 2.0 applications, and then provides a methodology to detect vulnerabilities in Web 2.0 client-side application components.
http://www.securityfocus.com/infocus/1881


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 21451
Remote: Yes
Date Published: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21451
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

2. Microsoft Internet Explorer Frame Src Denial Of Service Vulnerability
BugTraq ID: 21447
Remote: Yes
Date Published: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21447
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

3. JustSystems Multiple Products Unspecified Buffer Overflow Vulnerability
BugTraq ID: 21445
Remote: Yes
Date Published: 2006-12-05
Relevant URL: http://www.securityfocus.com/bid/21445
Summary:
Multiple JustSystems products are prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

A successful attack may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attack attempts may cause denial-of-service conditions.


http://secunia.com/product/12805/

4. SMF Image File HTML Injection Vulnerability
BugTraq ID: 21431
Remote: Yes
Date Published: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21431
Summary:
SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Note that this vulnerability may be triggered only in the Internet Explorer browser.

SMF version 1.1 is vulnerable to this issue.

5. Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability
BugTraq ID: 21401
Remote: Yes
Date Published: 2006-12-02
Relevant URL: http://www.securityfocus.com/bid/21401
Summary:
Microsoft Windows Print Spooler service is prone to a denial-of-service vulnerability.

A remote attacker can exploit this issue to crash the affected service, denying service to legitimate users.

Reports indicate that this issue affects Print Spooler on Microsoft Windows 2000 SP4; other versions may also be vulnerable.

6. BlazeVideo HDTV PLF Stack Buffer Overflow Vulnerability
BugTraq ID: 21399
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21399
Summary:
BlazeVideo HDTV is prone to a stack-based buffer-overflow vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

BlazeVideo HDTV 2.1 and prior versions are vulnerable to this issue.

7. CoolPlayer Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21396
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21396
Summary:
CoolPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.

CoolPlayer 215 and prior versions are vulnerable to this issue; other versions may also be affected.

8. Outpost Firewall PRO Security Bypass Weakness
BugTraq ID: 21390
Remote: No
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21390
Summary:
Outpost Firewall PRO is prone to a weakness that may allow local privileged attackers to bypass security restrictions.

Successful exploits may allow local privileged attackers to bypass security restrictions to crash the affected application and potentially execute malicious code in the context of the vulnerable application.

Outpost Firewall PRO version 4.0 is affected by this issue; other versions may also be affected.

9. Invision Gallery Index.PHP IMG Parameter SQL Injection Vulnerability
BugTraq ID: 21388
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21388
Summary:
Invision Gallery is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

10. Palm Desktop Application Directory Local Insecure Permissions Vulnerability
BugTraq ID: 21382
Remote: No
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21382
Summary:
Palm Desktop is prone to an insecure-permissions vulnerability.

A local attacker could exploit this issue to gain access to sensitive data. Information obtained may aid in further attacks.

Version 4.1.4 is vulnerable; other versions may also be affected.

11. AtomixMP3 M3U File Path Buffer Overflow Vulnerability
BugTraq ID: 21380
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.securityfocus.com/bid/21380
Summary:
AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

This issue affects AtomixMP3 2.3 and prior versions.

12. Xerox WorkCentre and WorkCentre Pro Multiple Vulnerabilities
BugTraq ID: 21365
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.securityfocus.com/bid/21365
Summary:
Xerox WorkCentre and WorkCentre Pro are prone to multiple vulnerabilities. The issues affect the ESS/Network controler firmware and the MicroServer Web Server application on the vulnerable devices.

Successful exploits may allow an attacker to gain unauthorized access to affected devices, make unauthorized changes to system configuration, and bypass security restrictions or anonymously retrieve secure files. Note that the attacker may not be able to obtain password or user information.

WorkCentre version 12.060.17.000, WorkCentre Pro version 13.060.17.000, and WorkCentre with PostScript option version 14.060.17.000 are vulnerable.

13. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
BugTraq ID: 21363
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.securityfocus.com/bid/21363
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

This issue affects version 2.44; earlier versions may also be vulnerable.

14. MailEnable IMAP Service Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21362
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.securityfocus.com/bid/21362
Summary:
MailEnable is prone to multiple buffer-overflow vulnerabilities in the IMAP service because the application fails to properly bounds-check various types of user-supplied data.

An attacker may leverage these issues to execute arbitrary code in the context of the running application or to crash the application, causing a denial of service.

This issues are reported to affect the following MailEnable versions, but other versions may also be vulnerable:

1.6-1.86 Professional Edition
1.1-1.40 Enterprise Edition
2.0-2.33 Professional Edition
2.0-2.33 Enterprise Edition

15. Business Objects Crystal Reports Predictable Session Identifiers Session Hijacking Vulnerability
BugTraq ID: 21350
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21350
Summary:
Crystal Reports is prone to a session-hijacking vulnerability.

An attacker can exploit this issue to gain access to the affected application.

Crystal Reports Enterprise versions 9 and 10 are vulnerable to this issue.

16. Songbird Media Player Denial of Service Vulnerability
BugTraq ID: 21343
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21343
Summary:
Songbird Media Player is prone to a denial-of-service vulnerability.

An attacker may exploit this issue to cause applications that use the vulnerable library to consume excessive CPU and memory resources and crash, denying further service to legitimate users. Remote code execution may also possible.

Songbird Media Player 0.2 and prior versions are vulnerable.

17. Telnet-FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 21340
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21340
Summary:
Telnet-Ftp Server is prone to a remote denial-of-service vulnerability because it fails to properly handle user-supplied input.

Exploiting this issue allows remote attackers to crash affected server, denying service to legitimate users.

Telnet-Ftp Server 1.0 build 1.250 is confirmed vulnerable; other versions may be affected as well.

18. Telnet-FTP Server Directory Traversal Vulnerability
BugTraq ID: 21339
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21339
Summary:
Telnet-FTP Server is prone to a directory-traversal vulnerability.

A remote attacker can exploit this issue to gain access to files in the context of the affected FTP server.

Telnet-FTP Server 1.0 is vulnerable; other versions may also be affected.

19. BlazeVideo BlazeDVD Playlist Files Remote Memory Corruption Vulnerability
BugTraq ID: 21337
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.securityfocus.com/bid/21337
Summary:
BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or trigger a denial-of-service condition.

BlazeDVD 5.0 Professional and Standard versions are vulnerable to this issue.

20. Quinnware Quintessential Player Playlist Files Remote Memory Corruption Vulnerability
BugTraq ID: 21331
Remote: Yes
Date Published: 2006-11-28
Relevant URL: http://www.securityfocus.com/bid/21331
Summary:
Quinnware Quintessential Player is prone to a remote memory-corruption vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or trigger a denial-of-service condition.

Quintessential Player version 4.50.1.82 is vulnerable to this issue; other versions may also be affected.

21. MailEnable WebAdmin Unauthorized Access Vulnerability
BugTraq ID: 21325
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21325
Summary:
MailEnable is prone to a vulnerability that can allow remote attackers to gain unauthorized access to the application's web-administration console.

MailEnable Professional Edition 2.32 and Enterprise Edition 2.32 are reported affected; other versions may be vulnerable as well.

22. WarHound General Shopping Cart Item.ASP SQL Injection Vulnerability
BugTraq ID: 21324
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21324
Summary:
WarHound General Shopping Cart is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

23. 3Com 3CTftpSvc Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 21322
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21322
Summary:
3CTftpSvc is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.

3CTftpSvc 2.0.1 and prior versions are reported to be vulnerable. Other versions may be affected as well.

24. Allied Telesyn AT-TFTP Server Filename Remote Buffer Overflow Vulnerability
BugTraq ID: 21320
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21320
Summary:
AT-TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code and gain unauthorized remote access to a vulnerable computer. A denial-of-service condition may arise as well.

AT-TFTP 1.9 is reported vulnerable; other versions may be affected as well.

25. 3Com TFTP Transporting Mode Remote Buffer Overflow Vulnerability
BugTraq ID: 21301
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.securityfocus.com/bid/21301
Summary:
3Com TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution.

Version 2.0.1 is vulnerable; other versions may also be affected.

26. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability
BugTraq ID: 21300
Remote: Yes
Date Published: 2006-12-04
Relevant URL: http://www.securityfocus.com/bid/21300
Summary:
ThinClientServer is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #320
http://www.securityfocus.com/archive/88/453645

2. DNS recursive
http://www.securityfocus.com/archive/88/451486

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

Watchfire announces AppScan 7.0! The industry's only web application security scanner with new features that include Privilege Escalation Testing, Validation Highlighting and Reasoning and Complex Authentication Support to automate even more scanning and provide greater visibility and control for security professionals, penetration testers and QA staff. See for yourself. Download an evaluation copy of AppScan now!

https://www.watchfire.com/securearea/appscancamp.aspx?id=701500000008YTx

No comments:

Blog Archive