News

Wednesday, June 06, 2007

SecurityFocus Microsoft Newsletter #345

SecurityFocus Microsoft Newsletter #345
----------------------------------------

This Issue is Sponsored by: Norwich University

Norwich University's Master of Science in Information Assurance Program compliments the skills of information security professionals while preparing them to take on management roles in an organization-wide information security program, such as Chief Security Officers, Security Administrators and Chief Information Security Officers. This 18 month program is conveniently delivered online and is accredited by The National Security Agency and Department of Homeland Security as a "Center for Academic Excellence in Information Assurance Education"

For more information, visit http://www.msia.norwich.edu/msec


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Analogies
2. Your Space, My Space, Everybody's Space
II. MICROSOFT VULNERABILITY SUMMARY
1. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
2. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
3. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
4. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
6. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
7. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
8. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
9. SNMPC Username/Password Remote Denial of Service Vulnerability
10. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
11. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
12. DVD X Player PLF File Buffer Overflow Vulnerability
13. Microsoft Active Directory Logon Hours Username Enumeration Weakness
14. Acoustica MP3 CD Burner PlayList Files Buffer Overflow Vulnerability
15. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
16. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
17. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
18. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete Vulnerability
19. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability
20. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
21. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service Vulnerability
22. Avira Antivir Antivirus Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #344
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445

2. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24348
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24348
Summary:
Computer Associates ARCserve Backup for Laptops & Desktops is prone to multiple unspecified remote buffer-overflow vulnerabilities. These issues occur because the application fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

No further details are currently available. We will update this BID as more information emerges.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers.

ARCserve Backup for Laptops & Desktops r11.1 is reported vulnerable.

2. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
BugTraq ID: 24346
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24346
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.

An attacker may exploit this issue by enticing victims into opening a malicious file.

Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable.

3. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities.

No further information is currently available. This BID will be updated as more information is disclosed.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Specific vulnerable Yahoo! Messenger versions are not known, but versions in the 8 series for Microsoft Windows are reportedly affected.

4. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected.

5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
BugTraq ID: 24324
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24324
Summary:
A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds.

An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer.

Beatnik 1.0 is vulnerable; other versions may also be affected.

6. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.

A successful attack may allow an attacker to cause denial-of-service conditions.

Versions prior to ClamAV 0.90.3 are affected.

7. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
BugTraq ID: 24303
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24303
Summary:
Mozilla Firefox is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

An attacker can exploit this issue to access arbitrary files on an unsuspecting user's computer. Successful exploits can expose potentially sensitive information that could aid in further attacks.

This issue was introduced as part of the fix for BID 24191 (Mozilla Firefox Resource Directory Traversal Vulnerability) in Firefox 2.0.0.4.

8. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
BugTraq ID: 24298
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24298
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

9. SNMPC Username/Password Remote Denial of Service Vulnerability
BugTraq ID: 24292
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24292
Summary:
SNMPc is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

This issue is reported to affect versions of SNMPc prior to 7.0.19.

10. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

11. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24283
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24283
Summary:
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones.

UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed.

UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected.

12. DVD X Player PLF File Buffer Overflow Vulnerability
BugTraq ID: 24278
Remote: Yes
Date Published: 2007-06-02
Relevant URL: http://www.securityfocus.com/bid/24278
Summary:
DVD X Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

This issue affects DVD X Player 4.1; other versions may also be affected.

13. Microsoft Active Directory Logon Hours Username Enumeration Weakness
BugTraq ID: 24248
Remote: Yes
Date Published: 2007-05-31
Relevant URL: http://www.securityfocus.com/bid/24248
Summary:
Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input.

Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks.

Microsoft Active Directory on Microsoft Windows Server 2003 Standard Edition is vulnerable; other versions may also be affected.

14. Acoustica MP3 CD Burner PlayList Files Buffer Overflow Vulnerability
BugTraq ID: 24247
Remote: Yes
Date Published: 2007-05-31
Relevant URL: http://www.securityfocus.com/bid/24247
Summary:
Acoustica MP3 CD Burner is prone to a a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

15. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24239
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24239
Summary:
Avira Antivir is prone to a denial-of-service vulnerability because the application fails to handle certain TAR archives.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted TAR archives.

A successful attack may allow attackers to cause denial-of-service conditions.

16. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability
BugTraq ID: 24237
Remote: No
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24237
Summary:
Multiple F-Secure workstation and file-server products are prone to a local privilege-escalation vulnerability.

Exploiting this vulnerability allows local attackers to gain superuser or SYSTEM-level privileges, leading to a complete compromise of the affected computer.

17. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BugTraq ID: 24235
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24235
Summary:
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files.

18. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete Vulnerability
BugTraq ID: 24230
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24230
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to an arbitrary-file-delete vulnerability.

An attacker can exploit this issue to delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions.

19. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24229
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24229
Summary:
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition. Arbitrary code execution may be possible, but has not been confirmed.

This issue affects EDraw Office Viewer Component 4.0.5.20; other versions may also be affected.

20. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24217
Remote: Yes
Date Published: 2007-05-29
Relevant URL: http://www.securityfocus.com/bid/24217
Summary:
Several Zenturi ProgramChecker ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

21. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service Vulnerability
BugTraq ID: 24188
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24188
Summary:
Microsoft DirectX Media ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to crash applications using the affected ActiveX control (typically Internet Explorer). Given the nature of this issue, remote code execution may be possible, but this has not been confirmed.

22. Avira Antivir Antivirus Multiple Remote Vulnerabilities
BugTraq ID: 24187
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24187
Summary:
Avira Antivir Antivirus is prone to multiple remote vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with elevated privileges, facilitating the complete compromise of affected computers. Attackers may also trigger denial-of-service conditions by crashing the application or causing infinite loops.

These issues affect:

Avira Antivir AVPack versions prior to 7.03.00.09
Engine versions prior to 7.04.00.24

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #344
http://www.securityfocus.com/archive/88/470135

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Norwich University

Norwich University's Master of Science in Information Assurance Program compliments the skills of information security professionals while preparing them to take on management roles in an organization-wide information security program, such as Chief Security Officers, Security Administrators and Chief Information Security Officers. This 18 month program is conveniently delivered online and is accredited by The National Security Agency and Department of Homeland Security as a "Center for Academic Excellence in Information Assurance Education"

For more information, visit http://www.msia.norwich.edu/msec

No comments:

Blog Archive