News

Loading...

Thursday, March 29, 2007

SecurityFocus Microsoft Newsletter #335

SecurityFocus Microsoft Newsletter #335
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN


------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit 3.0 day
2. Blanket Discovery for Stolen Laptops
II. MICROSOFT VULNERABILITY SUMMARY
1. FastStone Image Viewer Unspecified Buffer Overflow Vulnerability
2. Microsoft Windows Cursor And Icon ANI Format Handling Remote Code Execution Vulnerability
3. NaviCopa Web Server GET Request Buffer Overflow Vulnerability
4. Microsoft Internet Explorer HTML Denial of Service Vulnerability
5. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability
6. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
7. SignKorea SKCommAX ActiveX Control Remote Buffer Overflow Vulnerability
8. Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
9. 0IRC IRC Client Null Pointer Dereference Remote Denial of Service Vulnerability
10. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
11. NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities
12. Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
13. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability
14. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability
15. FTPDMIN List Command Remote Denial of Service Vulnerability
16. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability
17. F-Secure Anti-Virus Client Security Local Format String Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Multiple Profile ~ XP
2. Administrivia: New List Moderators
3. Administrivia: Farewell
4. Shared drives through a firewall
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Metasploit 3.0 day
By Federico Biancuzzi
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
http://www.securityfocus.com/columnists/439

2. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. FastStone Image Viewer Unspecified Buffer Overflow Vulnerability
BugTraq ID: 23196
Remote: Yes
Date Published: 2007-03-29
Relevant URL: http://www.securityfocus.com/bid/23196
Summary:
FastStone Image Viewer is prone to an unspecified buffer-overflow vulnerability. This issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service.

Currently, limited information is currently available regarding this issue. This BID will be updated as more information becomes available.

This issue affects version 2.8; other versions may also be affected.

2. Microsoft Windows Cursor And Icon ANI Format Handling Remote Code Execution Vulnerability
BugTraq ID: 23194
Remote: Yes
Date Published: 2007-03-29
Relevant URL: http://www.securityfocus.com/bid/23194
Summary:
Microsoft Windows is prone to a vulnerability that can allow attackers to execute arbitrary remote code. This issue occurs because of a memory-corruption error caused when handling malformed cursor or icon files.

An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers.

This issue affects Windows XP SP2 and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions may also be affected.

3. NaviCopa Web Server GET Request Buffer Overflow Vulnerability
BugTraq ID: 23179
Remote: Yes
Date Published: 2007-03-28
Relevant URL: http://www.securityfocus.com/bid/23179
Summary:
NaviCOPA Web Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code with the privileges of the application. Successful attacks will result in the compromise of the application. Failed attempts will likely cause denial-of-service conditions.

Version 2.01 is vulnerable; prior versions may also be affected.

4. Microsoft Internet Explorer HTML Denial of Service Vulnerability
BugTraq ID: 23178
Remote: Yes
Date Published: 2007-03-28
Relevant URL: http://www.securityfocus.com/bid/23178
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

This issue affects Internet Explorer version 7.

5. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability
BugTraq ID: 23177
Remote: Yes
Date Published: 2007-03-28
Relevant URL: http://www.securityfocus.com/bid/23177
Summary:
Corel WordPerfect Office is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. A successful attack can result in the compromise of the application. Failed attempts will likely result in denial-of-service conditions.

WordPerfect X3 version 13.0.0.565 is vulnerable to this issue; other versions may also be affected.

6. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability
BugTraq ID: 23173
Remote: Yes
Date Published: 2007-03-28
Relevant URL: http://www.securityfocus.com/bid/23173
Summary:
IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

7. SignKorea SKCommAX ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 23149
Remote: Yes
Date Published: 2007-03-26
Relevant URL: http://www.securityfocus.com/bid/23149
Summary:
SignKorea SKCommAX ActiveX control is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that employ the vulnerable controls (typically Microsoft Internet Explorer).

SignKorea SKCommAX ActiveX Control 7.2.0.2 and 6.6.0.1 are vulnerable to this issue; other versions may also be vulnerable.

8. Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
BugTraq ID: 23103
Remote: Yes
Date Published: 2007-03-23
Relevant URL: http://www.securityfocus.com/bid/23103
Summary:
Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error.

An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application.

Note: We were unable to reproduce this vulnerability using a default Microsoft Windows Vista installation. Symantec is currently investigating this issue further.

9. 0IRC IRC Client Null Pointer Dereference Remote Denial of Service Vulnerability
BugTraq ID: 23101
Remote: Yes
Date Published: 2007-03-22
Relevant URL: http://www.securityfocus.com/bid/23101
Summary:
0irc is prone to a remote denial-of-service vulnerability.

The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may cause an affected client to crash.

0irc version 1345 build 20060823 is vulnerable to this issue; other versions may also be affected.

10. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23071
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23071
Summary:
The IASystemInfo.dll ActiveX control of InterActual Player and CinePlayer is prone to buffer-overflow vulnerabilities. This software fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer.

InterActual Player version 2.60.12.0717 is vulnerable to these issues; other versions may also be affected.

CinePlayer version 3.2 is vulnerable to these issues; other versions may also be affected.

11. NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 23059
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23059
Summary:
NETxAutomation NETxEIB is prone to multiple vulnerabilities that will allow remote attackers to execute arbitrary code on an affected computer.

Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions.

12. Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
BugTraq ID: 23058
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23058
Summary:
Mercur IMAPD is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

Version 1 SP4 is vulnerable; other versions may also be affected.

13. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 23056
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23056
Summary:
FileCopa is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed attempts may cause denial-of-service conditions.

14. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability
BugTraq ID: 23050
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23050
Summary:
Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Currently, few technical details are available. This BID will be updated as more information becomes available.

This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability).

An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

15. FTPDMIN List Command Remote Denial of Service Vulnerability
BugTraq ID: 23049
Remote: Yes
Date Published: 2007-03-20
Relevant URL: http://www.securityfocus.com/bid/23049
Summary:
FTPDMIN is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

This issue affects version 0.96; other versions may also be affected.

16. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability
BugTraq ID: 23025
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23025
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary machine code with Dispatch-level privileges or potentially crash the affected computer.

17. F-Secure Anti-Virus Client Security Local Format String Vulnerability
BugTraq ID: 23023
Remote: No
Date Published: 2007-03-19
Relevant URL: http://www.securityfocus.com/bid/23023
Summary:
F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function.

Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Multiple Profile ~ XP
http://www.securityfocus.com/archive/88/463814

2. Administrivia: New List Moderators
http://www.securityfocus.com/archive/88/463538

3. Administrivia: Farewell
http://www.securityfocus.com/archive/88/463531

4. Shared drives through a firewall
http://www.securityfocus.com/archive/88/463468

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive