News

Loading...

Tuesday, May 15, 2007

SecurityFocus Microsoft Newsletter #342

SecurityFocus Microsoft Newsletter #342
----------------------------------------

This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign.
Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity.
Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time for a new certification
2. 0wning Vista from the boot
II. MICROSOFT VULNERABILITY SUMMARY
1. BitsCast PubDate Element Remote Denial Of Service Vulnerability
2. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability
3. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
4. Caucho Resin Multiple Information Disclosure Vulnerabilities
5. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability
6. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability
7. CommuniGate Pro Web Mail HTML Injection Vulnerability
8. yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
9. VooDoo CIrcle Server Multiple Remote Vulnerabilities
10. NetWin WebMail Unspecified Vulnerability
11. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
12. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
13. Symantec PCAnywhere User Credential Local Information Disclosure Vulnerability
14. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
15. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
16. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
17. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
18. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
19. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
20. Microsoft Outlook Web Access Remote Script Injection Vulnerability
21. Microsoft Word Array Remote Code Execution Vulnerability
22. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
23. Microsoft Excel Filter Records Remote Code Execution Vulnerability
24. Microsoft Excel Set Font Remote Code Execution Vulnerability
25. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
26. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
27. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability
28. Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability
29. Microsoft Excel BIFF Record Remote Code Execution Vulnerability
30. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #341
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around.
http://www.securityfocus.com/columnists/443

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM.
http://www.securityfocus.com/columnists/442


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. BitsCast PubDate Element Remote Denial Of Service Vulnerability
BugTraq ID: 23993
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23993
Summary:
BitsCast is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input contained in RSS feeds.

An attacker can exploit this issue to crash the application, effectively denying service.

BitsCast 0.13.0 is vulnerable; other versions may also be affected.

2. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability
BugTraq ID: 23991
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23991
Summary:
Media Player Classic is prone to a denial-of-service vulnerability when processing a malformed MPA file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Media Player Classic 6.4.9.0; other versions may also be affected.

3. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 23986
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23986
Summary:
The DeWizardX ActiveX control is prone to an arbitrary-file-overwrite vulnerability.

An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service
conditions.

4. Caucho Resin Multiple Information Disclosure Vulnerabilities
BugTraq ID: 23985
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23985
Summary:
Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Resin 3.1.0 is vulnerable; other versions may also be affected.

NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows.

5. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability
BugTraq ID: 23957
Remote: Yes
Date Published: 2007-05-13
Relevant URL: http://www.securityfocus.com/bid/23957
Summary:
PrecisionID Barcode ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected.

6. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability
BugTraq ID: 23954
Remote: Yes
Date Published: 2007-05-13
Relevant URL: http://www.securityfocus.com/bid/23954
Summary:
ID Automation Linear Barcode ActiveX Control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

ID Automation Linear Barcode ActiveX Control version 1.6.0.5 is vulnerable; other versions may also be affected.

7. CommuniGate Pro Web Mail HTML Injection Vulnerability
BugTraq ID: 23950
Remote: Yes
Date Published: 2007-05-12
Relevant URL: http://www.securityfocus.com/bid/23950
Summary:
CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

CommuniGate Pro 5.1.8 and earlier versions are vulnerable to this issue.

Note that this issue is present only when using Microsoft Internet Explorer.

8. yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
BugTraq ID: 23948
Remote: Yes
Date Published: 2007-05-12
Relevant URL: http://www.securityfocus.com/bid/23948
Summary:
yEnc32 Decoder is prone to a heap-based buffer-overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

yEnc32 Decoder 1.0.7.207 is vulnerable.

9. VooDoo CIrcle Server Multiple Remote Vulnerabilities
BugTraq ID: 23929
Remote: Yes
Date Published: 2007-05-11
Relevant URL: http://www.securityfocus.com/bid/23929
Summary:
VooDoo cIRCle is prone to multiple remote vulnerabilities, including multiple denial-of-service issues and a buffer-overflow issue.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the application to crash, denying service to legitimate users.

These issues affect VooDoo cIRCle 1.1beta26 and prior versions.

10. NetWin WebMail Unspecified Vulnerability
BugTraq ID: 23908
Remote: Yes
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23908
Summary:
NetWin Webmail is prone to an unspecified vulnerability.

Few technical details are currently available. We will update this BID as more information emerges.

Webmail versions prior to 3.1s-4 are vulnerable. NetWin SurgeMail versions prior to 3.8i3 are also affected because they are bundled with vulnerable Webmail packages.

11. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability
BugTraq ID: 23899
Remote: Yes
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23899
Summary:
Microsoft Windows Terminal Services is prone to a remote security-restriction bypass vulnerability because the server software fails to properly enforce encryption requirements.

Users can connect to affected servers; no encryption is required. Attackers can thus bypass security requirements configured by administrators and perform man-in-the-middle attacks or eavesdrop on RDP sessions.

This issue affects Terminal Services installed on Windows 2003 Server; other versions may also be affected.

12. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability
BugTraq ID: 23890
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23890
Summary:
IBM DB2 Universal Database is prone to an unspecified remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Successful attacks can result in the compromise of the application or can cause denial-of-service conditions.

Few technical details are currently available. We will update this BID as more information emerges.

13. Symantec PCAnywhere User Credential Local Information Disclosure Vulnerability
BugTraq ID: 23875
Remote: No
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23875
Summary:
Symantec pcAnywhere is prone to a local information-disclosure vulnerability.

A local attacker may exploit this issue to gain access to sensitive information that may lead to further attacks.

14. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
BugTraq ID: 23836
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23836
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

15. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23827
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23827
Summary:
The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits will allow attackers to overwrite certain files to execute arbitrary code. This will result in a complete compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.

16. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability
BugTraq ID: 23826
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23826
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing a victim into opening a malicious Office file.

Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

17. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability
BugTraq ID: 23810
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23810
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands.

Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying further email service for legitimate users. To recover from the denial-of-service condition, administrators must restart the IIS Admin Service service.

18. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
BugTraq ID: 23809
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23809
Summary:
Microsoft Exchange is prone to a remote code-execution vulnerability because the application fails to properly decode specially crafted email messages.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to a complete compromise of affected computers.

19. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
BugTraq ID: 23808
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23808
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected iCal message content.

Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers to stop responding to further requests for sending, receiving, or accessing email. As a result, denial-of-service conditions occur for legitimate users of affected servers. A denial-of-service condition will persist until an administrator restarts the Microsoft Exchange Information Store service.

20. Microsoft Outlook Web Access Remote Script Injection Vulnerability
BugTraq ID: 23806
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23806
Summary:
Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments.

To exploit this issue, attackers must send specially crafted files through email messages to users of the affected application. When users open the file, attacker-supplied script code will be executed in the context of the affected website.

Successful exploits allow attackers to access Outlook Web Access sessions with the privileges of the targeted user. As a result, attackers may be able to obtain sensitive information and send, modify, or delete email; other attacks are also possible.

21. Microsoft Word Array Remote Code Execution Vulnerability
BugTraq ID: 23804
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23804
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

22. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23782
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23782
Summary:
The Microsoft CAPICOM ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.

23. Microsoft Excel Filter Records Remote Code Execution Vulnerability
BugTraq ID: 23780
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23780
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

24. Microsoft Excel Set Font Remote Code Execution Vulnerability
BugTraq ID: 23779
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23779
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

25. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability
BugTraq ID: 23772
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23772
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista.

26. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability
BugTraq ID: 23771
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23771
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles uninitialized or deleted objects. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

27. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability
BugTraq ID: 23770
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23770
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista.

Microsoft states that this vulnerability is a variant of the issue discussed in BID 23772 (Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability).

28. Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability
BugTraq ID: 23769
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23769
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

29. Microsoft Excel BIFF Record Remote Code Execution Vulnerability
BugTraq ID: 23760
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23760
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks.

30. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 23331
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23331
Summary:
The Blackberry TeamOn Import Object ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before using it in an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary machine-code on a vulnerable computer in the context of the victim running the affected application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #341
http://www.securityfocus.com/archive/88/468188

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign.
Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity.
Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive