News

Wednesday, December 20, 2006

SecurityFocus Microsoft Newsletter #322

SecurityFocus Microsoft Newsletter #322
----------------------------------------

This Issue is Sponsored by: SecureWave

Free Pod Slurping Whitepaper - Stop Data Theft Now
The 4 most important steps your organization should take to prevent data loss via ipods, mp3 players or any other removable usb devices.

http://newsletter.industrybrains.com/c?fe;1;633a9;16eaa;2ce;0;da4

------------------------------------------------------------------
I. FRONT AND CENTER
1. All I Want For Christmas
2. Password Management Concerns with IE and Firefox, part two
II. MICROSOFT VULNERABILITY SUMMARY
1. NOD32 Anti-Virus Multiple File Parsing Vulnerabilities
2. Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability
3. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
4. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability
5. Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability
6. MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
7. Star FTP Server RETR Command Remote Denial of Service Vulnerability
8. Sambar FTP Server Remote Denial of Service Vulnerability
9. Microsoft Windows Explorer and Media Player Denial of Service Vulnerability
10. Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
11. Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
12. Moodle Multiple Input Validation Vulnerabilities
13. Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
14. Computer Associates Anti-Virus Drivers Multiple Local Denial Of Service Vulnerabilities
15. Microsoft Word Code Execution Vulnerability
16. Nexuiz Remote Command Execution and Denial of Service Vulnerabilities
17. SiteKiosk About Prefix Zone-Bypass Vulnerability
18. Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities
19. Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability
20. Microsoft Windows Manifest File Privilege Escalation Vulnerability
21. FileZilla Server Null Pointer Dereference Multiple Denial of Service Vulnerabilities
22. Microsoft Internet Explorer DHTML Script Function Remote Code Execution Vulnerability
23. FileZilla Server Null Pointer Dereference Denial of Service Vulnerability
24. Microsoft Windows SNMP Service Remote Code Execution Vulnerability
25. Golden FTP Server Remote Denial of Service Vulnerability
26. Microsoft Word Unspecified Code Execution Vulnerability
27. Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability
28. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
29. Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability
30. Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
31. Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Expiring inactive accounts
2. Strange modifications to HD
3. Is explorer.exe (XP) a high risk process
4. strange new virus
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. All I Want For Christmas
By Mark Rasch
Mark Rasch takes a step back and offers his holiday and New Year's wish list of all things security - items that should exist, be made available and be easy to use for everyone over the coming year.
http://www.securityfocus.com/columnists/426

2. Password Management Concerns with IE and Firefox, part two
By Mikhael Felker
This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0.
http://www.securityfocus.com/infocus/1883


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. NOD32 Anti-Virus Multiple File Parsing Vulnerabilities
BugTraq ID: 21682
Remote: Yes
Date Published: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21682
Summary:
NOD32 antivirus is prone to multiple remote vulnerabilities because the application fails to properly parse specially crafted files.

An attacker can exploit one of issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. The other vulnerability will trigger denial-of-service conditions.

Versions prior to 1.1743 are vulnerable to these issues.

2. Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability
BugTraq ID: 21679
Remote: No
Date Published: 2006-12-20
Relevant URL: http://www.securityfocus.com/bid/21679
Summary:
Ozeki HTTP-SMS Gateway is prone to a local information-disclosure vulnerability because the application fails to protect sensitive information to unprivileged users.

A local attacker can exploit this issue to gain access to sensitive information. This may lead to other attacks.

This issue affects version 1.0; other versions may also be affected.

3. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities
BugTraq ID: 21668
Remote: Yes
Date Published: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21668
Summary:
The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird.

These vulnerabilities allow attackers to:

- execute arbitrary code
- perform cross-site scripting attacks
- inject arbitrary content
- gain escalated privileges
- crash affected applications and potentially execute arbitrary code.

Other attacks may also be possible.

4. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability
BugTraq ID: 21657
Remote: Yes
Date Published: 2006-12-19
Relevant URL: http://www.securityfocus.com/bid/21657
Summary:
AstonSoft DeepBurner is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers.

AstonSoft DeepBurner version 1.8.0 is affected; previous versions may be vulnerable as well.

5. Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability
BugTraq ID: 21649
Remote: Yes
Date Published: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21649
Summary:
The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control.

Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available.

6. MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability
BugTraq ID: 21645
Remote: Yes
Date Published: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21645
Summary:
MailEnable is prone to a stack-based buffer-overflow vulnerability in the POP service because the application fails to properly bounds-check user-supplied data.

A successful exploit may allow remote attackers to execute arbitrary code in the context of the vulnerable server. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects version 2.35 of the Professional and Enterprise Editions; other versions may be vulnerable.

7. Star FTP Server RETR Command Remote Denial of Service Vulnerability
BugTraq ID: 21630
Remote: Yes
Date Published: 2006-12-18
Relevant URL: http://www.securityfocus.com/bid/21630
Summary:
Star FTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

Version 1.10 is vulnerable; other versions may also be affected.

8. Sambar FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 21617
Remote: Yes
Date Published: 2006-12-15
Relevant URL: http://www.securityfocus.com/bid/21617
Summary:
Sambar FTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

Version 6.4 is vulnerable; other versions may also be affected.

9. Microsoft Windows Explorer and Media Player Denial of Service Vulnerability
BugTraq ID: 21612
Remote: Yes
Date Published: 2006-12-15
Relevant URL: http://www.securityfocus.com/bid/21612
Summary:
Microsoft Windows Explorer and Windows Media Player are prone to a denial-of-service vulnerability.

A remote attacker may exploit this vulnerability by presenting a malicious 'WMV' or 'MID' file to a victim user. When either application processes this image, the application crashes, effectively denying service.

It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.

10. Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
BugTraq ID: 21611
Remote: Yes
Date Published: 2006-12-15
Relevant URL: http://www.securityfocus.com/bid/21611
Summary:
Microsoft Project Server 2003 is prone to an information-disclosure vulnerability because the application fails to protect private information.

Authenticated attackers may exploit this issue to retrieve sensitive information that may aid in further attacks.

11. Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability
BugTraq ID: 21610
Remote: Yes
Date Published: 2006-12-15
Relevant URL: http://www.securityfocus.com/bid/21610
Summary:
Multiple BitDefender products are prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun.

An attacker can exploit this issue to execute arbitrary code with administrative privileges, facilitating the complete compromise of the affected application. Failed exploit attempts will result in a denial of service.

12. Moodle Multiple Input Validation Vulnerabilities
BugTraq ID: 21596
Remote: Yes
Date Published: 2006-12-14
Relevant URL: http://www.securityfocus.com/bid/21596
Summary:
Moodle is reported prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML injection issue, because the application fails to properly sanitize user-supplied input data.

The cross-site scripting vulnerability is reported to affect version 1.6.1; the HTML-injection vulnerability affects version 1.5.

13. Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities
BugTraq ID: 21594
Remote: Yes
Date Published: 2006-12-14
Relevant URL: http://www.securityfocus.com/bid/21594
Summary:
Hilgraeve HyperACCESS is prone to multiple remote command-execution vulnerabilities.

Attackers can exploit these issues to execute arbitrary application commands with the privileges of the affected application. A successful exploit could result in the compromise of affected computers.

Version 8.4 is vulnerable to these issues; prior versions may also be vulnerable.

14. Computer Associates Anti-Virus Drivers Multiple Local Denial Of Service Vulnerabilities
BugTraq ID: 21593
Remote: No
Date Published: 2006-12-14
Relevant URL: http://www.securityfocus.com/bid/21593
Summary:
Computer Associates Anti-Virus is prone to multiple local denial-of-service vulnerabilities because the application fails to properly handle NULL buffers.

An attacker may exploit these issues to crash the affected computer, denying further service to legitimate users.

15. Microsoft Word Code Execution Vulnerability
BugTraq ID: 21589
Remote: Yes
Date Published: 2006-12-14
Relevant URL: http://www.securityfocus.com/bid/21589
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.

Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability).

16. Nexuiz Remote Command Execution and Denial of Service Vulnerabilities
BugTraq ID: 21574
Remote: Yes
Date Published: 2006-12-13
Relevant URL: http://www.securityfocus.com/bid/21574
Summary:
Nexuiz is prone is prone to multiple remote vulnerabilities, including a remote command-execution issue and a denial-of-service issue.

A remote attacker can exploit these issues to execute arbitrary commands within the context of the affected application or to cause the affected application to crash, denying service to legitimate users.

Versions prior to 2.2.1 are vulnerable to these issues.

17. SiteKiosk About Prefix Zone-Bypass Vulnerability
BugTraq ID: 21567
Remote: No
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21567
Summary:
SiteKiosk is prone to a zone-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary scripts and gain access to the victim's filesystem. This may lead to other attacks.

Versions prior to 6.5.150 are vulnerable to this issue.

18. Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21563
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21563
Summary:
Sophos antivirus scanning engine is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions.

Versions prior to 2.4.0 are vulnerable to this issue.

19. Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability
BugTraq ID: 21552
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors. An attacker may exploit this vulnerability to execute arbitrary code in the context of the user running the affected browser.

20. Microsoft Windows Manifest File Privilege Escalation Vulnerability
BugTraq ID: 21550
Remote: No
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21550
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because the software fails to properly process and manage file manifests.

An attacker may exploit this issue to manipulate file manifests to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.

21. FileZilla Server Null Pointer Dereference Multiple Denial of Service Vulnerabilities
BugTraq ID: 21549
Remote: Yes
Date Published: 2006-12-11
Relevant URL: http://www.securityfocus.com/bid/21549
Summary:
FileZilla server is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Versions prior to 0.9.22 are vulnerable to these issues.

22. Microsoft Internet Explorer DHTML Script Function Remote Code Execution Vulnerability
BugTraq ID: 21546
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21546
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser renders DHTML script functions or nonexistent DHTML elements. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser.

23. FileZilla Server Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 21542
Remote: Yes
Date Published: 2006-12-11
Relevant URL: http://www.securityfocus.com/bid/21542
Summary:
FileZilla server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Versions prior to 0.9.22 are vulnerable to this issue.

24. Microsoft Windows SNMP Service Remote Code Execution Vulnerability
BugTraq ID: 21537
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21537
Summary:
Microsoft Windows SNMP service is prone to a memory-corruption vulnerability because the software fails to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected computers.

25. Golden FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 21530
Remote: Yes
Date Published: 2006-12-11
Relevant URL: http://www.securityfocus.com/bid/21530
Summary:
Golden FTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users.

Version 1.92 is vulnerable; other versions may also be affected.

26. Microsoft Word Unspecified Code Execution Vulnerability
BugTraq ID: 21518
Remote: Yes
Date Published: 2006-12-10
Relevant URL: http://www.securityfocus.com/bid/21518
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.

This issue is being actively exploited in the wild in limited targeted attacks.

Note that this issue is distinct from BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability).

27. Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability
BugTraq ID: 21507
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21507
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

28. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
BugTraq ID: 21505
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21505
Summary:
Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.

29. Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability
BugTraq ID: 21501
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21501
Summary:
Microsoft Outlook Express is prone to a remote code-execution vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

A remote attacker can exploit this issue to execute arbitrary code with the privileges of the unsuspecting victim. A successful exploit may aid in the remote compromise of the underlying computer.

30. Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
BugTraq ID: 21495
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21495
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

A remote attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in a complete compromise of vulnerable computers.

Note that this issue affects only Microsoft Windows 2000. Note also that the Remote Installation Services (RIS) is not installed by default on Microsoft Windows 2000.

31. Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability
BugTraq ID: 21494
Remote: Yes
Date Published: 2006-12-12
Relevant URL: http://www.securityfocus.com/bid/21494
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to access sensitive information that may aid in further attacks.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Expiring inactive accounts
http://www.securityfocus.com/archive/88/454928

2. Strange modifications to HD
http://www.securityfocus.com/archive/88/454540

3. Is explorer.exe (XP) a high risk process
http://www.securityfocus.com/archive/88/454402

4. strange new virus
http://www.securityfocus.com/archive/88/454248

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SecureWave

Free Pod Slurping Whitepaper - Stop Data Theft Now
The 4 most important steps your organization should take to prevent data loss via ipods, mp3 players or any other removable usb devices.

http://newsletter.industrybrains.com/c?fe;1;633a9;16eaa;2ce;0;da4

No comments:

Blog Archive