News

Thursday, May 31, 2007

SecurityFocus Microsoft Newsletter #344

SecurityFocus Microsoft Newsletter #344
----------------------------------------

This Issue is Sponsored by: ByteCrusher

"Please come in and trash the place - I'll be back in 8 hours"
Fact: It can take up to 8 hours for anti-virus companies to fix a new security hole. WindowZones by ByteCrusher protects your computer in that critical 8 hour period when your Anti-Virus is "out to lunch". Learn More.

http://landing.bytecrusher.com/windowzones/sflanding1.aspx?Referrer=sf-A21sfMicro-wz1&cm_mmc=Security%20Focus-_-USA-_-Newsletter-_-Newsletter%3A%20Other%3A%20A21%3A%20sfMicro%3A%20wz1


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Analogies
2. Your Space, My Space, Everybody's Space
II. MICROSOFT VULNERABILITY SUMMARY
1. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
2. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
4. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete Vulnerability
5. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability
6. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
7. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service Vulnerability
8. Avira Antivir Antivirus Multiple Remote Vulnerabilities
9. Dart Zip Compression DartZip.DLL ActiveX Control Buffer Overflow Vulnerability
10. UltraISO Cue File Stack Buffer Overflow Vulnerability
11. Credant Mobile Guardian Shield Information Disclosure Vulnerability
12. Microsoft Visual Basic 6.0 Project Company Name Denial of Service Vulnerability
13. Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability
14. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability
15. Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability
16. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
17. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
18. Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability
19. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability
20. NOD32 Multiple Buffer Overflow Vulnerabilities
21. GD Graphics Library PNG File Processing Denial of Service Vulnerability
22. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Reconstruction of MS terminal services sessions
2. SecurityFocus Microsoft Newsletter #343
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445

2. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24239
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24239
Summary:
Avira Antivir is prone to a denial-of-service vulnerability because the application fails to handle certain TAR archives.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted TAR archives.

A successful attack may allow an attacker to cause denial-of-service conditions.

2. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
BugTraq ID: 24237
Remote: No
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24237
Summary:
Multiple F-Secure workstation and file-server products are prone to a local privilege-escalation vulnerability.

Exploiting this vulnerability allows local attackers to gain superuser or SYSTEM-level privileges, leading to a complete compromise of the affected computer.

3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BugTraq ID: 24235
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24235
Summary:
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

4. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete Vulnerability
BugTraq ID: 24230
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24230
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to an arbitrary-file-delete vulnerability.

An attacker can exploit this issue to delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions.

5. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24229
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24229
Summary:
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition. Arbitrary code execution may be possible, but has not been confirmed.

This issue affects EDraw Office Viewer Component 4.0.5.20; other versions may also be affected.

6. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24217
Remote: Yes
Date Published: 2007-05-29
Relevant URL: http://www.securityfocus.com/bid/24217
Summary:
Several Zenturi ProgramChecker ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

7. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service Vulnerability
BugTraq ID: 24188
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24188
Summary:
Microsoft DirectX Media ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to crash applications using the affected ActiveX control (typically Internet Explorer). Given the nature of this issue, remote code execution may be possible, but this has not been confirmed.

8. Avira Antivir Antivirus Multiple Remote Vulnerabilities
BugTraq ID: 24187
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24187
Summary:
Avira Antivir Antivirus is prone to multiple remote vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with elevated privileges, facilitating the complete compromise of affected computers. Attackers may also trigger denial-of-service conditions by crashing the application or causing infinite loops.

These issues affect:

Avira Antivir AVPack versions prior to 7.03.00.09
Engine versions prior to 7.04.00.24

9. Dart Zip Compression DartZip.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24163
Remote: Yes
Date Published: 2007-05-25
Relevant URL: http://www.securityfocus.com/bid/24163
Summary:
Dart Zip Compression for ActiveX is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Dart Zip Compression for ActiveX 1.8.5.3 is vulnerable to this issue; other versions may also be affected.

NOTE: Due to code reuse, this issue is similar or possibly identical to the one described in BID 24099 (Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability). This has not been confirmed.

10. UltraISO Cue File Stack Buffer Overflow Vulnerability
BugTraq ID: 24140
Remote: Yes
Date Published: 2007-05-24
Relevant URL: http://www.securityfocus.com/bid/24140
Summary:
UltraISO is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

UltraISO 8.6.2.2011 is vulnerable; other versions may also be affected.

11. Credant Mobile Guardian Shield Information Disclosure Vulnerability
BugTraq ID: 24139
Remote: Yes
Date Published: 2007-05-24
Relevant URL: http://www.securityfocus.com/bid/24139
Summary:
Credant Mobile Guardian Shield is prone to an information-disclosure vulnerability because it stores sensitive password information in plain text.

This issue affects Credant Mobile Guardian Shield 5.2.1.105 and prior versions.

12. Microsoft Visual Basic 6.0 Project Company Name Denial of Service Vulnerability
BugTraq ID: 24129
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24129
Summary:
Microsoft Visual Basic 6.0 is prone to a denial-of-service vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition. The attacker may also be able to execute arbitrary code within the context of the affected application, but this has not been confirmed.

13. Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability
BugTraq ID: 24128
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24128
Summary:
Microsoft Visual Basic 6.0 is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

14. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability
BugTraq ID: 24127
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24127
Summary:
Microsoft Visual Database Tools Database Designer ActiveX Control is prone to a denial-of-service vulnerability because the application fails to handle overly long user-supplied strings.

Attackers can exploit this issue to crash Internet Explorer or other applications that use the vulnerable ActiveX control, resulting in denial-of-service conditions.

NOTE: Given the nature of this issue, attackers may be able to execute remote code, but this has not been confirmed.

15. Symantec Enterprise Security Manager Misinterpreted Information Denial of Service Vulnerability
BugTraq ID: 24123
Remote: Yes
Date Published: 2007-05-24
Relevant URL: http://www.securityfocus.com/bid/24123
Summary:
Symantec Enterprise Security Manager is prone to a denial-of-service vulnerability caused by a race condition.

Attackers may exploit this issue to cause the application to become unresponsive, effectively denying service to legitimate users.

ESM Agent and Manager Platforms 6.5.3 for Microsoft Windows are affected.

16. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24118
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24118
Summary:
Microsoft Office 2000 UA ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

17. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 24112
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24112
Summary:
eScan is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful remote exploit of this issue would result in the complete compromise of affected computers.

This issue affects eScan 9.0.715.1; other versions may also be affected.

18. Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability
BugTraq ID: 24105
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24105
Summary:
Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality.

Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible.

NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed.

19. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24099
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24099
Summary:
The Dart ZipLite Compression ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Dart ZipLite Compression ActiveX control 1.8.5.3 is vulnerable to this issue; other versions may also be affected.

20. NOD32 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24098
Remote: No
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24098
Summary:
NOD32 is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions.

These issue affects NOD32 2.7 prior to update 2.70.37.0

21. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well.

22. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability
BugTraq ID: 24080
Remote: Yes
Date Published: 2007-05-21
Relevant URL: http://www.securityfocus.com/bid/24080
Summary:
The Opera Web Browser is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input.

Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application.

Versions of Opera prior to 9.21 are vulnerable.

NOTE: This issue is reported to affect only Opera running on Microsoft Windows.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Reconstruction of MS terminal services sessions
http://www.securityfocus.com/archive/88/469865

2. SecurityFocus Microsoft Newsletter #343
http://www.securityfocus.com/archive/88/469513

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: ByteCrusher

"Please come in and trash the place - I'll be back in 8 hours"
Fact: It can take up to 8 hours for anti-virus companies to fix a new security hole. WindowZones by ByteCrusher protects your computer in that critical 8 hour period when your Anti-Virus is "out to lunch". Learn More.

http://landing.bytecrusher.com/windowzones/sflanding1.aspx?Referrer=sf-A21sfMicro-wz1&cm_mmc=Security%20Focus-_-USA-_-Newsletter-_-Newsletter%3A%20Other%3A%20A21%3A%20sfMicro%3A%20wz1

No comments:

Blog Archive