News

Loading...

Thursday, June 14, 2007

SecurityFocus Microsoft Newsletter #346

SecurityFocus Microsoft Newsletter #346
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Embedded Problems
2. Security Analogies
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability
2. OpenOffice RTF File Parser Buffer Overflow Vulnerability
3. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
4. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities
5. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
6. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
7. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
8. Microsoft Windows CE MSXML Multiple Vulnerabilities
9. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities
10. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
11. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
12. Microsoft Windows SChannel Security Remote Code Execution Vulnerability
13. Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability
14. Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
15. Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
16. Microsoft Windows CE Internet Explorer Remote Denial of Service Vulnerability
17. Microsoft Windows CE Internet Explorer SSL Unspecified Denial Of Service Vulnerability
18. Microsoft Windows CE Internet Explorer Content-Type Denial of Service Vulnerability
19. Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability
20. Microsoft Windows CE Malformed RNDIS Packet Remote Denial of Service Vulnerability
21. Microsoft Visio Packed Objects Remote Code Execution Vulnerability
22. Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
23. Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
24. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
25. RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
26. ClamAV Multiple Unspecified Vulnerabilities
27. Microsoft Visio Version Number Remote Code Execution Vulnerability
28. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
29. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
30. RETIRED: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
31. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
32. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
33. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
34. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
35. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
36. SNMPC Username/Password Remote Denial of Service Vulnerability
37. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
38. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Embedded Problems
By Federico Biancuzzi
Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router.
http://www.securityfocus.com/columnists/446

2. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating the masses on security concepts.
http://www.securityfocus.com/columnists/445


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 24462
Remote: Yes
Date Published: 2007-06-13
Relevant URL: http://www.securityfocus.com/bid/24462
Summary:
Microsoft Office MSODataSourceControl ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

2. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

3. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
BugTraq ID: 24448
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24448
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents of the Navigation canceled page. This may assist in phishing or other attacks that rely on content spoofing.

NOTE: This BID is being retired because this issue was previously reported in BID 22966: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability.

4. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities
BugTraq ID: 24446
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24446
Summary:
Apple Safari for Microsoft Windows is prone to multiple unspecified vulnerabilities.

Few technical details are currently available. We will update this BID as more information emerges.

Safari 3 public beta for Windows is reported vulnerable.

5. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities
BugTraq ID: 24444
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24444
Summary:
Components of the .NET Compact Framework for Microsoft Windows CE are prone to multiple vulnerabilities.

Exploiting these issues may allow remote attackers to cause denial-of-service conditions, corrupt memory, or execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Other attacks are also possible.

6. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24440
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24440
Summary:
TBarCode ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files.

The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

7. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
BugTraq ID: 24429
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24429
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability because of a race-condition in its language-pack installation support.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

8. Microsoft Windows CE MSXML Multiple Vulnerabilities
BugTraq ID: 24428
Remote: Yes
Date Published: 2007-06-11
Relevant URL: http://www.securityfocus.com/bid/24428
Summary:
Microsoft Windows CE is prone to multiple denial-of-service vulnerabilities and a cross-site scripting vulnerability.

An attacker can exploit these issues to cause infinite-loop conditions and denial-of-service conditions or to run arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

9. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities
BugTraq ID: 24426
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24426
Summary:
Microsoft Internet Explorer is prone to multiple buffer-overflow vulnerabilities when instantiating certain COM objects.

An attacker may exploit these issues by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

10. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
BugTraq ID: 24423
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24423
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

11. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
BugTraq ID: 24418
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24418
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when accessing objects that are improperly instantiated or deleted.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

12. Microsoft Windows SChannel Security Remote Code Execution Vulnerability
BugTraq ID: 24416
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24416
Summary:
The Microsoft Windows Schannel security package is prone to a remote code-execution vulnerability.

This vulnerability occurs when processing and validating server-sent digital signatures by the client application.

A remote attacker could exploit this issue by convincing a victim to visit a malicious website. Remote code execution is possible, but may be extremely difficult. In most cases, denial-of-service conditions will occur.

13. Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability
BugTraq ID: 24411
Remote: No
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24411
Summary:
Microsoft Windows Vista is prone to a local information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may allow them to gain unauthorized access to the affected computer.

14. Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
BugTraq ID: 24410
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24410
Summary:
Outlook Express is prone to a cross-domain information-disclosure vulnerability.

This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive information (such as cookies or passwords) that is associated with the external domain.

15. Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability
BugTraq ID: 24405
Remote: No
Date Published: 2007-06-07
Relevant URL: http://www.securityfocus.com/bid/24405
Summary:
Novell NetWare Modular Authentication Service (NMAS) is prone to a local information-disclosure vulnerability because 'NMASINST' dumps the admin account and password into a log file in clear text.

The flaw presents itself in NMAS 3.1.2; prior versions are also affected.

16. Microsoft Windows CE Internet Explorer Remote Denial of Service Vulnerability
BugTraq ID: 24395
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24395
Summary:
Microsoft Windows CE Internet Explorer is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted webserver responses.

Successful exploits will result in denial-of-service conditions on the affected application.

Windows CE 5.0 is vulnerable to this issue.

17. Microsoft Windows CE Internet Explorer SSL Unspecified Denial Of Service Vulnerability
BugTraq ID: 24394
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24394
Summary:
Microsoft Internet Explorer for Windows CE is prone to a denial-of-service vulnerability when running custom Secure Sockets Layer (SSL) web-based programs.

Few technical details are currently available. We will update this BID as more information emerges.

Attackers can exploit this issue to cause denial-of-service conditions.

18. Microsoft Windows CE Internet Explorer Content-Type Denial of Service Vulnerability
BugTraq ID: 24393
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24393
Summary:
Microsoft Internet Explorer for Windows CE is prone to a denial-of-service vulnerability because the software fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. Given the nature of this vulnerability, a possible cause for the problem may be a buffer overflow, but this has not been confirmed.

This issue affects Internet Explorer for Windows CE 6.

19. Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability
BugTraq ID: 24392
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24392
Summary:
Outlook Express is prone to a cross-domain information-disclosure vulnerability.

This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.

20. Microsoft Windows CE Malformed RNDIS Packet Remote Denial of Service Vulnerability
BugTraq ID: 24391
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24391
Summary:
Microsoft Windows CE is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted network packets and file data.

Successful exploits will result in denial-of-service conditions on applications using the affected RNDIS device driver.

Microsoft Windows CE 5.0 is vulnerable to this issue.

21. Microsoft Visio Packed Objects Remote Code Execution Vulnerability
BugTraq ID: 24384
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24384
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

22. Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability
BugTraq ID: 24382
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24382
Summary:
Zenturi ProgramChecker ActiveX control is prone to a vulnerability that may allow attackers to execute arbitrary local files.

Attackers can exploit this issue to execute an arbitrary file on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

23. Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities
BugTraq ID: 24380
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.securityfocus.com/bid/24380
Summary:
Zenturi ProgramChecker ActiveX control is prone to multiple vulnerabilities that attackers can exploit to delete arbitrary files. The issue occurs because the software fails to properly sanitize user-supplied input.

Attackers can exploit these issues to delete arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

24. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
BugTraq ID: 24372
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24372
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

25. RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 24366
Remote: Yes
Date Published: 2007-06-07
Relevant URL: http://www.securityfocus.com/bid/24366
Summary:
Microsoft has released advance notification that the vendor will be releasing six security bulletins on June 12, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

These vulnerabilities have been assigned to the following BIDs:
24448 Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability
24426 Microsoft Internet Explorer Speech API 4 COM Object Instantiation Memory Corruption Vulnerability
24418 Microsoft Internet Explorer Unspecified Uninitialized Memory Corruption Vulnerability
24416 Microsoft Windows SChannel Security Remote Code Execution Vulnerability
24429 Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability
24423 Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
24372 Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability
24410 Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability
24370 Microsoft Win32 API Parameter Validation Remote Code Execution Vulnerability
24411 Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability
24392 Microsoft Outlook Express MHTML URL Redirect Information Disclosure Vulnerability
24349 Microsoft Visio Version Number Remote Code Execution Vulnerability
24384 Microsoft Visio Packed Objects Remote Code Execution Vulnerability
23103 Microsoft Windows Vista Windows Mail Local File Execution Vulnerability
17717 Outlook Express MHTML URI Handler Information Disclosure Vulnerability

26. ClamAV Multiple Unspecified Vulnerabilities
BugTraq ID: 24358
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24358
Summary:
ClamAV is prone to multiple unspecified vulnerabilities.

These issues arise because the software incorrectly calculates the end of a buffer and gives improper permissions to temporary files.

Versions prior to ClamAV 0.90.3 are vulnerable to these issues.

27. Microsoft Visio Version Number Remote Code Execution Vulnerability
BugTraq ID: 24349
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.securityfocus.com/bid/24349
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attempts will result in denial-of-service conditions.

28. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24348
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24348
Summary:
Computer Associates ARCserve Backup for Laptops & Desktops is prone to multiple unspecified remote buffer-overflow vulnerabilities. These issues occur because the application fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

No further details are currently available. We will update this BID as more information emerges.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers.

ARCserve Backup for Laptops & Desktops r11.1 is reported vulnerable.

Update - June 7 2007: The vendor has announced that a patches are being developed to address these issues.

29. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability
BugTraq ID: 24346
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24346
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files.

An attacker may exploit this issue by enticing victims into opening a malicious file.

Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable.

30. RETIRED: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities.

No further details are currently available. We will update this BID as more information emerges.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.

Specific vulnerable versions of Yahoo! Messenger are not known, but versions in the 8 series for Microsoft Windows are reported affected.

UPDATE (June 7, 2007): The vendor announced that a fix is being developed to address this issue.

This BID has been replaced by the following writeups:

BID 24355 Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability
BID 24354 Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability

31. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.securityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.

MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected.

32. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability
BugTraq ID: 24324
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.securityfocus.com/bid/24324
Summary:
A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds.

An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer.

Beatnik 1.0 is vulnerable; other versions may also be affected.

33. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files.

A successful attack may allow an attacker to cause denial-of-service conditions.

Versions prior to ClamAV 0.90.3 are affected.

34. Mozilla Firefox Resource Variant Directory Traversal Vulnerability
BugTraq ID: 24303
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24303
Summary:
Mozilla Firefox is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data.

An attacker can exploit this issue to access arbitrary files on an unsuspecting user's computer. Successful exploits can expose potentially sensitive information that could aid in further attacks.

This issue was introduced as part of the fix for BID 24191 (Mozilla Firefox Resource Directory Traversal Vulnerability) in Firefox 2.0.0.4.

35. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability
BugTraq ID: 24298
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24298
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

36. SNMPC Username/Password Remote Denial of Service Vulnerability
BugTraq ID: 24292
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24292
Summary:
SNMPc is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

This issue is reported to affect versions of SNMPc prior to 7.0.19.

37. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

38. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability
BugTraq ID: 24283
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.securityfocus.com/bid/24283
Summary:
The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations.

This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones.

UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed.

UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive