WINDOWS CENTER: SecurityFocus Microsoft Newsletter #337

SecurityFocus Microsoft Newsletter #337
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and
manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000ClcR

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit 3.0 day
2. Blanket Discovery for Stolen Laptops
II. MICROSOFT VULNERABILITY SUMMARY
1. AOL AIM and ICQ Clients Directory Traversal Vulnerability
2. JustSystem Ichitaro Unspecified Remote Code Execution Vulnerability
3. Microsoft Windows Help File Unspecified Heap Overflow Vulnerability
4. Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
5. Microsoft Windows Explorer ANI File Denial of Service Vulnerability
6. ArchiveXpert Multiple Directory Traversal Vulnerabilities
7. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability
8. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability
9. Youngzsoft CMailServer Comment Parameter Cross-Site Scripting Vulnerability
10. CompreXX Multiple Directory Traversal Vulnerabilities
11. Youngzsoft CMailServer Signup.ASP Cross-Site Scripting Vulnerability
12. Winamp LibSNDFile.DLL Component Remote Code Execution Vulnerability
13. Winamp IN_Mod.DLL Plugin Remote Code Execution Vulnerability
14. ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities
15. Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow Vulnerability
16. Wserve HTTP Server GET Request Buffer Overflow Vulnerability
17. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability
18. Microsoft Agent URI Processing Remote Code Execution Vulnerability
19. Microsoft April 2007 Advance Notification Multiple Vulnerabilities
20. Microsoft Windows Unspecified Remote Code Execution Vulnerability
21. Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
22. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability
23. VMware Unspecified Double Free Memory Corruption Vulnerability
24. Microsoft Windows Explorer BMP Image Denial of Service Vulnerability
25. IrfanView Multiple BMP Denial of Service Vulnerabilities
26. ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
27. FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
28. Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness
29. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
30. Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability
31. Microsoft Vista Spoof On Bridge HELLO Packet Security Restriction Bypass Vulnerability
32. Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability
33. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
34. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability
35. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability
36. Microsoft Windows GDI WMF Remote Denial of Service Vulnerability
37. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
38. Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability
39. Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness
40. Microsoft Windows Vista ARP table Entries Denial of Service Vulnerability
41. Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability
42. Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability
43. RETIRED: Microsoft Windows SVCHost.EXE Remote Buffer Overflow Vulnerability
44. ImageMagic Multiple Integer Overflow Vulnerabilities
45. Microsoft Content Management Server Remote Code Execution Vulnerability
46. Microsoft Content Management Server Cross-Site Scripting Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. [Fwd: Finding License Codes for Re-install]
2. Running commands on workstations from domain controller
3. blocking thru IE
4. SecurityFocus Microsoft Newsletter #336
5. Discovering Active Direcory users with blank passwords
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Metasploit 3.0 day
By Federico Biancuzzi
The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.
http://www.securityfocus.com/columnists/439

2. Blanket Discovery for Stolen Laptops
By Mark Rasch
Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world.
http://www.securityfocus.com/columnists/438

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. AOL AIM and ICQ Clients Directory Traversal Vulnerability
BugTraq ID: 23391
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23391
Summary:
AOL AIM and ICQ Clients are prone to a directory-traversal vulnerability because the software fails to properly sanitize user-supplied input during a file transfer.

An attacker may exploit this issue by enticing victims into receiving a malicious file via the application.

Successful exploits will allow attackers to save files on arbitrary locations on a victim's computer.

2. JustSystem Ichitaro Unspecified Remote Code Execution Vulnerability
BugTraq ID: 23386
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23386
Summary:
Ichitaro is prone to an unspecified remotely exploitable code-execution vulnerability.

Remote attackers may exploit this issue to execute arbitrary code within the context of the affected system or to cause a denial of service.

Few details are available regarding this issue. This BID will be updated when more information emerges.

3. Microsoft Windows Help File Unspecified Heap Overflow Vulnerability
BugTraq ID: 23382
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23382
Summary:
The Microsoft Windows Help File viewer is reported prone to a heap-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers.

This vulnerability presents itself when the application handles a specially crafted Windows Help ('.hlp') file.

A successful attack may facilitate arbitrary code execution in the context of a vulnerable user who opens a malicious file. Failed exploit attempts will likely result in denial-of-service conditions.

4. Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
BugTraq ID: 23380
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23380
Summary:
Microsoft Word is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue by enticing a victim to open a malicious Word file.

Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

5. Microsoft Windows Explorer ANI File Denial of Service Vulnerability
BugTraq ID: 23373
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23373
Summary:
Windows Explorer is prone to a denial-of-service vulnerability.

An attacker could exploit this issue to cause Explorer to crash, effectively denying service. Arbitrary code execution may be possible, but this has not been confirmed.

This issue affects Windows Explorer on Microsoft Windows XP SP2; other operating systems and versions may also be affected.

6. ArchiveXpert Multiple Directory Traversal Vulnerabilities
BugTraq ID: 23372
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23372
Summary:
ArchiveXpert is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to extract files into arbitrary directories and overwrite arbitrary files. Successful exploits may aid in further attacks.

These issues affect ArchiveXpert 2.02 build 80; other versions may also be affected.

7. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 23371
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23371
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests.

To exploit this issue, an attacker must be in the same network segment as the victim.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected service. Failed exploits attempts will likely result in denial-of-service conditions.

8. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability
BugTraq ID: 23367
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23367
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because of a race condition in the Virtual DOS Machine (VDM).

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

9. Youngzsoft CMailServer Comment Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 23363
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23363
Summary:
Youngzsoft CMailServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Youngzsoft CMailServer 5.4.3 is vulnerable to this issue; other versions may also be affected.

10. CompreXX Multiple Directory Traversal Vulnerabilities
BugTraq ID: 23362
Remote: Yes
Date Published: 2007-04-09
Relevant URL: http://www.securityfocus.com/bid/23362
Summary:
CompreXX is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to extract files into arbitrary directories and overwrite arbitrary files. Successful exploits may aid in further attacks.

These issues affect CompreXX 4.1; other versions may also be affected.

11. Youngzsoft CMailServer Signup.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 23360
Remote: Yes
Date Published: 2007-04-07
Relevant URL: http://www.securityfocus.com/bid/23360
Summary:
Youngzsoft CMailServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

Youngzsoft CMailServer 5.3.4 is vulnerable to this issue; other versions may also be affected.

12. Winamp LibSNDFile.DLL Component Remote Code Execution Vulnerability
BugTraq ID: 23351
Remote: Yes
Date Published: 2007-04-06
Relevant URL: http://www.securityfocus.com/bid/23351
Summary:
Winamp is prone to a remote code-execution vulnerability resulting from an off-by-zero memory-corruption error.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application.

Winamp 5.33 is vulnerable; other versions may also be affected.

13. Winamp IN_Mod.DLL Plugin Remote Code Execution Vulnerability
BugTraq ID: 23350
Remote: Yes
Date Published: 2007-04-06
Relevant URL: http://www.securityfocus.com/bid/23350
Summary:
The IN_MOD.DLL plugin for Winamp is prone to a remote code-execution issue because it fails to handle malformed files.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application.

IN_MOD.DLL 5.33 is vulnerable; other versions may also be affected.

14. ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23347
Remote: Yes
Date Published: 2007-04-06
Relevant URL: http://www.securityfocus.com/bid/23347
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

ImageMagick 6.2.9 through 6.3.3-4 are vulnerable.

15. Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow Vulnerability
BugTraq ID: 23346
Remote: Yes
Date Published: 2007-04-06
Relevant URL: http://www.securityfocus.com/bid/23346
Summary:
Kaspersky Anti-Virus Engine is prone to a remote heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.

An attacker could leverage this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of affected computers.

16. Wserve HTTP Server GET Request Buffer Overflow Vulnerability
BugTraq ID: 23341
Remote: Yes
Date Published: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23341
Summary:
Wserve HTTP Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application.

Wserve HTTP Server 4.6 is vulnerable; prior versions may also be affected.

17. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability
BugTraq ID: 23338
Remote: No
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23338
Summary:
Microsoft Windows CSRSS (client/server run-time subsystem) is prone to local privilege-escalation vulnerability.

Successful attacks will result in the complete compromise of affected computers.

18. Microsoft Agent URI Processing Remote Code Execution Vulnerability
BugTraq ID: 23337
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23337
Summary:
The Microsoft Agent ActiveX control is prone to remote code execution.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability.

19. Microsoft April 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 23335
Remote: Yes
Date Published: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23335
Summary:
Microsoft has released advance notification that the vendor will be releasing five security bulletins on April 10, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

20. Microsoft Windows Unspecified Remote Code Execution Vulnerability
BugTraq ID: 23332
Remote: Yes
Date Published: 2007-04-05
Relevant URL: http://www.securityfocus.com/bid/23332
Summary:
Microsoft Windows is prone to an unspecified remote code-execution vulnerability. Exploiting this issue reportedly requires minimal user interaction.

Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers.

Few technical details regarding this issue are currently available. This BID will be updated as more information emerges.

21. Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability
BugTraq ID: 23326
Remote: No
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23326
Summary:
Kaspersky Internet Security Suite is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer.

An attacker could leverage this issue to execute arbitrary code with kernel-level privileges. A successful exploit could result in the complete compromise of the affected system.

Kaspersky Internet Security Suite 6.0.1.411 for Microsoft Windows is reported vulnerable; previous versions may be vulnerable as well.

22. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability
BugTraq ID: 23324
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/23324
Summary:
Microsoft Windows CSRSS (client/server run-time subsystem) MsgBox is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.

Note that this issue can also be exploited locally by an authenticated user to gain elevated privileges.

Under default settings, Windows Vista is not prone to remote attacks that attempt to exploit this issue.

Update: This issue was originally disclosed as part of BID 21688, but has now been assigned its own record.

23. VMware Unspecified Double Free Memory Corruption Vulnerability
BugTraq ID: 23323
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23323
Summary:
VMware is prone to a double-free memory-corruption vulnerability.

An attacker can exploit this issue to access potentially sensitive information or to cause denial-of-service conditions. Presumably, this issue can be leveraged to execute arbitrary code, but this has not been confirmed.

24. Microsoft Windows Explorer BMP Image Denial of Service Vulnerability
BugTraq ID: 23321
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23321
Summary:
Windows Explorer is prone to a denial-of-service vulnerability.

Few technical details regarding this issue are currently available. This BID will be updated as more information emerges.

An attacker could exploit this issue to cause denial-of-service conditions on a victim compute. Presumably, this issue stems from a buffer overflow, but this has not been confirmed.

This issue affects Windows XP SP1; other operating systems and versions may be affected as well.

25. IrfanView Multiple BMP Denial of Service Vulnerabilities
BugTraq ID: 23318
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23318
Summary:
IrfanView is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.

Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

IrfanView 3.99 is affected; other versions may also be vulnerable.

26. ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities
BugTraq ID: 23317
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23317
Summary:
ACDSee 9.0 Photo Manager is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.

Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

Version 9.0 of the application is affected; other versions may also be vulnerable.

27. FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities
BugTraq ID: 23312
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23312
Summary:
FastStone Image Viewer is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files.

Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed.

Version 2.9 of the application is affected; other versions may also be vulnerable.

28. Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness
BugTraq ID: 23301
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23301
Summary:
Windows Vistsa Teredo server is prone to a nonce-spoofing weakness due to its use of a nonce during the lifetime of certain connections.

This weakness can aid in attempts to spoof a Teredo server.

29. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Date Published: 2007-04-04
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

30. Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability
BugTraq ID: 23293
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23293
Summary:
Microsoft Windows Vista is prone to a discovery-spoofing vulnerability.

An attacker can exploit this issue to conduct redirect attacks on another host on the network. This may lead to further attacks.

Note that to exploit this issue, the attacker must have access to the local network segment of a target computer.

31. Microsoft Vista Spoof On Bridge HELLO Packet Security Restriction Bypass Vulnerability
BugTraq ID: 23280
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23280
Summary:
The Microsoft Vista operating system is prone to a security-restriction-bypass vulnerability because the software fails to properly sanitize user-supplied packet-level data.

Attackers can exploit this issue to bypass the security restrictions and gain unauthorized access to restricted sites. This may allow attackers to bypass the security restrictions enforced by the Microsoft Vista operating system.

32. Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability
BugTraq ID: 23279
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23279
Summary:
The Microsoft Windows Vista operating system is prone to a security-restriction-bypass vulnerability because the software fails to properly sanitize user-supplied packet-level data.

Attackers can exploit this issue to bypass the security restrictions and gain unauthorized access to restricted sites. This may allow attackers to bypass the security restrictions enforced by the Vista operating system.

33. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability
BugTraq ID: 23278
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23278
Summary:
Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

34. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability
BugTraq ID: 23277
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23277
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

35. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability
BugTraq ID: 23276
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23276
Summary:
Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions.

36. Microsoft Windows GDI WMF Remote Denial of Service Vulnerability
BugTraq ID: 23275
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23275
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because the software fails to handle malicious WMF files.

Exploiting this issue may cause Microsoft Windows to crash, denying service to legitimate users.

37. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability
BugTraq ID: 23273
Remote: No
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23273
Summary:
Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability.

Successful exploits may result in a complete compromise of affected computers.

38. Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability
BugTraq ID: 23271
Remote: Yes
Date Published: 2007-04-03
Relevant URL: http://www.securityfocus.com/bid/23271
Summary:
Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions.

An attacker can exploit this issue to cause a mapping failure, denying further service to legitimate users.

39. Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness
BugTraq ID: 23267
Remote: No
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23267
Summary:
Microsoft Windows Vista is prone to a weakness that may result in a false sense of security.

Teredo protocol can become activated without user interaction, which is contradictory to the documentation.

As a result, an affected computer can become vulnerable to attacks that leverage latent Teredo protocol vulnerabilities.

40. Microsoft Windows Vista ARP table Entries Denial of Service Vulnerability
BugTraq ID: 23266
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23266
Summary:
Microsoft Windows Vista is prone to a denial-of-service vulnerability.

Remote attackers may exploit this issue by submitting malicious ARP requests to the vulnerable computer.
To exploit this issue the attacker must have access to the local network segment of a target computer.

A remote attacker can exploit this issue to cause the network interface to stop responding, denying further service to legitimate users.

41. Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability
BugTraq ID: 23263
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23263
Summary:
Microsoft Windows Vista is prone to a vulnerability that permits an attacker to spoof arbitrary hosts through a network-based race condition.

An attacker can exploit this issue to impersonate another host on the network. This may lead to further attacks.

42. Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability
BugTraq ID: 23260
Remote: No
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23260
Summary:
Ipswitch WS_FTP is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects version 5.05; other versions may also be affected.

43. RETIRED: Microsoft Windows SVCHost.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 23255
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23255
Summary:
Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

A successful attack will result in denial-of-service conditions. Arbitrary code execution may also be possible, but this has not yet been confirmed.

NOTE: This BID is being retired because the reporter has admitted that the issue is a hoax.

44. ImageMagic Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23252
Remote: Yes
Date Published: 2007-04-02
Relevant URL: http://www.securityfocus.com/bid/23252
Summary:
ImageMagic is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

45. Microsoft Content Management Server Remote Code Execution Vulnerability
BugTraq ID: 22861
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/22861
Summary:
Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input.

Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application.

46. Microsoft Content Management Server Cross-Site Scripting Vulnerability
BugTraq ID: 22860
Remote: Yes
Date Published: 2007-04-10
Relevant URL: http://www.securityfocus.com/bid/22860
Summary:
Microsoft Content Management Server (MCMS) is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. [Fwd: Finding License Codes for Re-install]
http://www.securityfocus.com/archive/88/465217

2. Running commands on workstations from domain controller
http://www.securityfocus.com/archive/88/465105

3. blocking thru IE
http://www.securityfocus.com/archive/88/465056

4. SecurityFocus Microsoft Newsletter #336
http://www.securityfocus.com/archive/88/464824

5. Discovering Active Direcory users with blank passwords
http://www.securityfocus.com/archive/88/464483

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000ClcR

News

Tuesday, April 10, 2007

SecurityFocus Microsoft Newsletter #337

No comments:

WINDOWS CENTER

Blog Archive