News

Wednesday, May 23, 2007

SecurityFocus Microsoft Newsletter #343

SecurityFocus Microsoft Newsletter #343
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CqBQ


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Your Space, My Space, Everybody's Space
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability
2. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
3. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
4. Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability
5. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability
6. NOD32 Multiple Buffer Overflow Vulnerabilities
7. GD Graphics Library PNG File Processing Denial of Service Vulnerability
8. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability
9. Rational Software Hidden Administrator Unspecified Authentication Bypass Vulnerability
10. Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
11. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
12. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Buffer Overflow Vulnerability
13. NewzCrawler Enclosure Element Remote Denial of Service Vulnerability
14. BitsCast PubDate Element Remote Denial Of Service Vulnerability
15. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability
16. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
17. Caucho Resin Multiple Information Disclosure Vulnerabilities
18. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability
19. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Compromising the Windows Service or Driver failure event sink
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability
BugTraq ID: 24127
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24127
Summary:
Microsoft Visual Database Tools Database Designer ActiveX Control is prone to a denial-of-service vulnerability because the application fails to handle overly-long user-supplied strings.

Attackers can exploit this issue to crash Internet Explorer or other applications that use the vulnerable ActiveX control, resulting in denial-of-service conditions.

NOTE: Due to the nature of this vulnerability, attackers may be able to leverage the issue to execute remote code, however, this has not been confirmed.

2. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24118
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24118
Summary:
Microsoft Office 2000 UA ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

3. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 24112
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24112
Summary:
eScan is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful remote exploit of this issue would result in the complete compromise of affected computers.

This issue affects eScan 9.0.715.1; other versions may also be affected.

4. Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability
BugTraq ID: 24105
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24105
Summary:
Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality.

Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible.

NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed.

5. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24099
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24099
Summary:
The Dart ZipLite Compression ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Dart ZipLite Compression ActiveX control 1.8.5.3 is vulnerable to this issue; other versions may also be affected.

6. NOD32 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24098
Remote: No
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24098
Summary:
NOD32 is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions.

These issue affects NOD32 2.7 prior to update 2.70.37.0

7. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.

8. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability
BugTraq ID: 24080
Remote: Yes
Date Published: 2007-05-21
Relevant URL: http://www.securityfocus.com/bid/24080
Summary:
The Opera Web Browser is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Exploiting this issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application.

Versions of Opera prior to 9.21 are vulnerable.

NOTE: This issue is reported to affect only Opera running on Microsoft Windows.

9. Rational Software Hidden Administrator Unspecified Authentication Bypass Vulnerability
BugTraq ID: 24049
Remote: Yes
Date Published: 2007-05-18
Relevant URL: http://www.securityfocus.com/bid/24049
Summary:
Hidden Administrator is prone to an unspecified authentication-bypass vulnerability.

Attackers can exploit this issue to execute arbitrary code on affected computers with the privileges of the application.

Hidden Administrator 1.7 is vulnerable; other versions may also be affected.

10. Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability
BugTraq ID: 24029
Remote: Yes
Date Published: 2007-05-17
Relevant URL: http://www.securityfocus.com/bid/24029
Summary:
Magic ISO Maker is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected library. Failed exploit attempts will likely result in denial-of-service conditions.

Magic ISO Maker 5.4(build239) is vulnerable; other versions may also be affected.

11. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24014
Remote: Yes
Date Published: 2007-05-16
Relevant URL: http://www.securityfocus.com/bid/24014
Summary:
PrecisionID Barcode ActiveX control is prone to a vulnerability that lets an attacker overwrite arbitrary files on the affected computer.

PrecisionID Barcode ActiveX control 1.9 is vulnerable; other versions may also be affected.

12. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24010
Remote: Yes
Date Published: 2007-05-16
Relevant URL: http://www.securityfocus.com/bid/24010
Summary:
PrecisionID Barcode ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

PrecisionID Barcode ActiveX control 1.9 is vulnerable; other versions may also be affected.

13. NewzCrawler Enclosure Element Remote Denial of Service Vulnerability
BugTraq ID: 23994
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23994
Summary:
NewzCrawler is prone to a denial-of-service vulnerability when processing an RSS feed with an invalid string.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects NewzCrawler 1.8; other versions may also be affected.

14. BitsCast PubDate Element Remote Denial Of Service Vulnerability
BugTraq ID: 23993
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23993
Summary:
BitsCast is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input contained in RSS feeds.

An attacker can exploit this issue to crash the application, effectively denying service.

BitsCast 0.13.0 is vulnerable; other versions may also be affected.

15. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability
BugTraq ID: 23991
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23991
Summary:
Media Player Classic is prone to a denial-of-service vulnerability when processing a malformed MPA file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Media Player Classic 6.4.9.0; other versions may also be affected.

16. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 23986
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23986
Summary:
The DeWizardX ActiveX control is prone to an arbitrary-file-overwrite vulnerability.

An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service
conditions.

17. Caucho Resin Multiple Information Disclosure Vulnerabilities
BugTraq ID: 23985
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23985
Summary:
Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks.

Resin 3.1.0 is vulnerable; other versions may also be affected.

NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows.

18. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability
BugTraq ID: 23957
Remote: Yes
Date Published: 2007-05-13
Relevant URL: http://www.securityfocus.com/bid/23957
Summary:
PrecisionID Barcode ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected.

19. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability
BugTraq ID: 23954
Remote: Yes
Date Published: 2007-05-13
Relevant URL: http://www.securityfocus.com/bid/23954
Summary:
ID Automation Linear Barcode ActiveX Control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed.

ID Automation Linear Barcode ActiveX Control version 1.6.0.5 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Compromising the Windows Service or Driver failure event sink
http://www.securityfocus.com/archive/88/469330

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CqBQ

No comments:

Blog Archive