News

Wednesday, May 09, 2007

SecurityFocus Microsoft Newsletter #341

SecurityFocus Microsoft Newsletter #341
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CoNe


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
2. 0wning Vista from the boot
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
2. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
3. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
4. Microsoft SharePoint Server Cross-Site Scripting Vulnerability
5. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
6. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
7. Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities
8. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
9. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
10. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
11. Microsoft Outlook Web Access Remote Script Injection Vulnerability
12. Microsoft Word Array Remote Code Execution Vulnerability
13. RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
14. Office OCX WordViewer.OCX Word Viewer ActiveX Denial of Service Vulnerabilities
15. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
16. Cerulean Studios Trillian Pro Rendezvous XMPP HTML Decoding Heap Buffer Overflow Vulnerability
17. Microsoft Excel Filter Records Remote Code Execution Vulnerability
18. Microsoft Excel Set Font Remote Code Execution Vulnerability
19. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
20. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
21. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability
22. Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability
23. Intervations MailCOPA Subject Parameter Remote Buffer Overflow Vulnerability
24. Microsoft Excel BIFF Record Remote Code Execution Vulnerability
25. EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
26. Atomix MP3 Malformed MP3 File Buffer Overflow Vulnerability
27. Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities
28. ZoneAlarm VSdatant Driver Denial of Service Vulnerability
29. VMware Multiple Denial Of Service Vulnerabilities
30. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
31. Winamp MP4 File Parsing Buffer Overflow Vulnerability
32. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
http://www.securityfocus.com/columnists/442


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
BugTraq ID: 23899
Remote: Yes
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23899
Summary:
Microsoft Windows Terminal Services is prone to a remote security-restriction bypass vulnerability. This issue is due to a failure of the server software to properly enforce encryption requirements.

This issue allows users to connect to affected servers without utilizing encryption, bypassing security requirements configured by administrators. This may allow attackers to perform man-in-the-middle attacks, or to eavesdrop on RDP sessions.

This issue affects Terminal Services installed on Windows 2003 Server; other versions may also be affected.

2. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
BugTraq ID: 23890
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23890
Summary:
IBM DB2 Universal Database is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Successful attacks can result in the compromise of the application or can cause denial-of-service conditions.

Few technical details are currently available. We will update this BID as more information emerges.

3. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
BugTraq ID: 23836
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23836
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

4. Microsoft SharePoint Server Cross-Site Scripting Vulnerability
BugTraq ID: 23832
Remote: Yes
Date Published: 2007-05-04
Relevant URL: http://www.securityfocus.com/bid/23832
Summary:
Microsoft SharePoint Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Note: Symantec has not confirmed that the issue is not specific to the Microsoft SharePoint test server. The most recent version is believed to be affected. This BID will be updated as more information emeges.

5. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23827
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23827
Summary:
The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits will allow attackers to overwrite certain files to execute arbitrary code. This will result in a complete compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

6. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
BugTraq ID: 23826
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23826
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing a victim into opening a malicious Office file.

Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

7. Office OCX OA.OCX Office Viewer ActiveX Denial of Service Vulnerabilities
BugTraq ID: 23811
Remote: Yes
Date Published: 2007-05-04
Relevant URL: http://www.securityfocus.com/bid/23811
Summary:
Office Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Office Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.

8. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
BugTraq ID: 23810
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23810
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands.

Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying further email service for legitimate users. To recover from the denial-of-service condition, administrators must restart the IIS Admin Service service.

9. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
BugTraq ID: 23809
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23809
Summary:
Microsoft Exchange is prone to a remote code-execution vulnerability because the application fails to properly decode specially crafted email messages.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to a complete compromise of affected computers.

10. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
BugTraq ID: 23808
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23808
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected iCal message content.

Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers to stop responding to further requests for sending, receiving, or accessing email. As a result, denial-of-service conditions occur for legitimate users of affected servers. A denial-of-service condition will persist until an administrator restarts the Microsoft Exchange Information Store service.

11. Microsoft Outlook Web Access Remote Script Injection Vulnerability
BugTraq ID: 23806
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23806
Summary:
Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments.

To exploit this issue, attackers must send specially crafted files through email messages to users of the affected application. When users open the file, attacker-supplied script code will be executed in the context of the affected website.

Successful exploits allow attackers to access Outlook Web Access sessions with the privileges of the targeted user. As a result, attackers may be able to obtain sensitive information and send, modify, or delete email; other attacks are also possible.

12. Microsoft Word Array Remote Code Execution Vulnerability
BugTraq ID: 23804
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23804
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

13. RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 23800
Remote: Yes
Date Published: 2007-05-03
Relevant URL: http://www.securityfocus.com/bid/23800
Summary:
Microsoft has released advance notification that the vendor will be releasing seven security bulletins on May 8, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

These vulnerabilities have been assigned to the following BIDs:
23810 Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
23780 Microsoft Excel Filter Records Remote Code Execution Vulnerability
23809 Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
23808 Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
23806 Microsoft Outlook Web Access Remote Script Injection Vulnerability
23804 Microsoft Word Array Remote Code Execution Vulnerability
23779 Microsoft Excel Set Font Remote Code Execution Vulnerability
23760 Microsoft Excel BIFF Record Remote Code Execution Vulnerability
23771 Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
23836 Microsoft Word RTF Parsing Remote Code Execution Vulnerability
23826 Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
23827 Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
23782 Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
23772 Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
23770 Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability
23769 Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability
23470 Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability
22567 Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
19529 Microsoft Internet Explorer CHTSKDIC.DLL Arbitrary Code Execution Vulnerability
21207 Acer LunchApp.APlunch ActiveX Control Remote Code Execution Vulnerability
23331 Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability

14. Office OCX WordViewer.OCX Word Viewer ActiveX Denial of Service Vulnerabilities
BugTraq ID: 23784
Remote: Yes
Date Published: 2007-05-03
Relevant URL: http://www.securityfocus.com/bid/23784
Summary:
Word Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Word Viewer ActiveX Control 3.2.0.5 is reported vulnerable to these issues; other versions may also be affected.

15. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23782
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23782
Summary:
The Microsoft CAPICOM ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

16. Cerulean Studios Trillian Pro Rendezvous XMPP HTML Decoding Heap Buffer Overflow Vulnerability
BugTraq ID: 23781
Remote: Yes
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23781
Summary:
Trillian is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects Trillian Pro 3.1 build 121 and prior versions.

17. Microsoft Excel Filter Records Remote Code Execution Vulnerability
BugTraq ID: 23780
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23780
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

18. Microsoft Excel Set Font Remote Code Execution Vulnerability
BugTraq ID: 23779
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23779
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

19. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
BugTraq ID: 23772
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23772
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista.

20. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
BugTraq ID: 23771
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23771
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles uninitialized or deleted objects. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

21. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability
BugTraq ID: 23770
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23770
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista.

Microsoft states that this vulnerability is a variant of the issue discussed in BID 23772 (Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability).

22. Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability
BugTraq ID: 23769
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23769
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

23. Intervations MailCOPA Subject Parameter Remote Buffer Overflow Vulnerability
BugTraq ID: 23767
Remote: Yes
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23767
Summary:
MailCOPA is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue by enticing victims into opening a malicious email link.

Successful exploits may allow attackers to execute arbitrary code in the context of the application. Failed attempts may cause denial-of-service conditions.

24. Microsoft Excel BIFF Record Remote Code Execution Vulnerability
BugTraq ID: 23760
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23760
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

25. EScan Product Agent Service MWAGENT.EXE Security Bypass Vulnerability
BugTraq ID: 23759
Remote: Yes
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23759
Summary:
eScan is prone to a security-bypass vulnerability..

An attacker can exploit this issue to gain access to sensitive information and modify certain configurations in the affected application via arbitrary commands. An attacker with local access to the affected computer can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. A successful local exploit of this issue would result in the complete compromise of affected computers.

This issue affects eScan 8.0.671.1 and 9.0.714.1; other versions may also be affected.

26. Atomix MP3 Malformed MP3 File Buffer Overflow Vulnerability
BugTraq ID: 23756
Remote: Yes
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23756
Summary:
Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious MP3 file. If successful, the attacker can execute arbitrary code in the context of the affected application.

27. Office OCX ExcelViewer.OCX Excel Viewer ActiveX Denial of Service Vulnerabilities
BugTraq ID: 23755
Remote: Yes
Date Published: 2007-05-02
Relevant URL: http://www.securityfocus.com/bid/23755
Summary:
Excel Viewer ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Excel Viewer ActiveX Control 3.1 is reported vulnerable to these issues; other versions may also be affected.

28. ZoneAlarm VSdatant Driver Denial of Service Vulnerability
BugTraq ID: 23734
Remote: No
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23734
Summary:
ZoneAlarm is prone to a local denial-of-service vulnerability because the application fails to validate its input buffer.

An attacker may exploit this issue to crash affected computers, denying service to legitimate users. Arbitrary code execution may be possible, this has not been confirmed.

ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well.

29. VMware Multiple Denial Of Service Vulnerabilities
BugTraq ID: 23732
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23732
Summary:
VMware is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to cause denial-of-service conditions.

Versions prior to 5.5.4 Build 44386 are vulnerable to these issues.

30. Cerulean Studios Trillian Multiple IRC Module UTF-8 Vulnerabilities
BugTraq ID: 23730
Remote: Yes
Date Published: 2007-05-01
Relevant URL: http://www.securityfocus.com/bid/23730
Summary:
Trillian is prone to multiple buffer-overflow issues and an information leak in its IRC module. These issues occur because the application fails to properly bounds-check user-supplied data before copying it into fixed-sized memory buffers and fails to respond properly to exceptional conditions.

Remote attackers may exploit these vulnerabilities to execute arbitrary machine code in the context of vulnerable Trillian clients or to steal the contents of client-server communications.

Trillian 3.1 is affected.

Further reports suggest these issues also affect the MSN and ICQ modules; other modules may also be affected. This BID will be updated pending further investigation.

31. Winamp MP4 File Parsing Buffer Overflow Vulnerability
BugTraq ID: 23723
Remote: Yes
Date Published: 2007-04-30
Relevant URL: http://www.securityfocus.com/bid/23723
Summary:
Winamp is prone to a buffer-overflow vulnerability when it attempts to process certain files. This issue occurs because the application fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Winamp 5.02 through 5.34.

UPDATE: The vendor states that this issue will be addressed in Winamp 5.35.

32. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 23331
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23331
Summary:
The Blackberry TeamOn Import Object ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before using it in an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary machine-code on a vulnerable computer in the context of the victim running the affected application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CoNe

No comments:

Blog Archive