News

Loading...

Wednesday, July 11, 2007

SecurityFocus Microsoft Newsletter #350

SecurityFocus Microsoft Newsletter #350
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Achtung! New German Laws on Cybercrime
2. Don't Be Evil
II. MICROSOFT VULNERABILITY SUMMARY
1. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
2. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
3. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
4. Microsoft Excel Unspecified Security Vulnerability
5. Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability
6. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability
7. Media Player Classic .FLV Remote Denial Of Service Vulnerability
8. Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities
9. Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities
10. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability
11. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability
12. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
13. Microsoft Excel Workspace Designation Remote Code Execution Vulnerability
14. Microsoft Excel Version Information Validation Remote Code Execution Vulnerability
15. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
16. Visual IRC Join Response Buffer Overflow Vulnerability
17. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
18. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
19. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
20. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
21. Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
22. Microsoft Internet Explorer Zone Denial of Service Vulnerability
23. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability
24. Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. USB device control software
2. SecurityFocus Microsoft Newsletter #349
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448

2. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators.
http://www.securityfocus.com/columnists/447


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
BugTraq ID: 24856
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24856
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.

Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.

2. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24854
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24854
Summary:
Centericq is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

3. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
BugTraq ID: 24850
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24850
Summary:
Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets.

Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks.

Sun Java System Web Server 7.0 for the following operating systems is affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows
- HP-UX

Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows

4. Microsoft Excel Unspecified Security Vulnerability
BugTraq ID: 24843
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24843
Summary:
Microsoft Excel is prone to an unspecified security vulnerability.

Very little information is currently available regarding this issue. We will update this BID as more information emerges.

5. Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers inject commands through the 'FirefoxURL' protocol handler.

Exploiting the issue allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' process by employing the 'FirefoxURL' handler.

An attacker can also employ this issue to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox's resources.

Exploiting the issue would permit remote attackers to influence command options that can be called through the 'FirefoxURL' handler and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

6. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability
BugTraq ID: 24834
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24834
Summary:
Innovasys DockStudioXP ActiveX control is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

7. Media Player Classic .FLV Remote Denial Of Service Vulnerability
BugTraq ID: 24830
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24830
Summary:
Media Player Classic is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application. Reports indicate that remote code execution may also be possible, but this has not been confirmed.

Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected.

8. Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities
BugTraq ID: 24827
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24827
Summary:
Eltima Software Virtual Serial Port ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Virtual Serial Port 5.0 is vulnerable; other versions may also be affected.

9. Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities
BugTraq ID: 24826
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24826
Summary:
Norton Ghost is prone to multiple denial-of-service vulnerabilities.

Successful exploits may allow an attacker to cause denial-of-service conditions.

10. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability
BugTraq ID: 24825
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24825
Summary:
Symantec Norton Ghost is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Symantec Ghost 12.0; other versions may also be affected.

11. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 24816
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24816
Summary:
Microsoft Windows Vista is prone to an unspecified remote denial-of-service vulnerability.

Attackers may exploit this issue to crash the affected operating system, denying further service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.

12. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
BugTraq ID: 24811
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24811
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.

13. Microsoft Excel Workspace Designation Remote Code Execution Vulnerability
BugTraq ID: 24803
Remote: Yes
Date Published: 2007-07-06
Relevant URL: http://www.securityfocus.com/bid/24803
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls).

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

14. Microsoft Excel Version Information Validation Remote Code Execution Vulnerability
BugTraq ID: 24801
Remote: Yes
Date Published: 2007-07-06
Relevant URL: http://www.securityfocus.com/bid/24801
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

15. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
BugTraq ID: 24800
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24800
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because Microsoft Active Directory fails to handle specially crafted user-supplied Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

16. Visual IRC Join Response Buffer Overflow Vulnerability
BugTraq ID: 24798
Remote: Yes
Date Published: 2007-07-06
Relevant URL: http://www.securityfocus.com/bid/24798
Summary:
Visual IRC (ViRC) is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of a user running the affected application. Successful attacks will compromise the application. Failed exploits will likely cause denial-of-service conditions.

ViRC 2.0 is vulnerable; other versions may also be affected.

17. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 24796
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24796
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory fails to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users.

18. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
BugTraq ID: 24791
Remote: Yes
Date Published: 2007-07-06
Relevant URL: http://www.securityfocus.com/bid/24791
Summary:
Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.

An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible.

19. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
BugTraq ID: 24779
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24779
Summary:
Windows Firewall for Windows Vista is prone to a vulnerability that may permit a bypass of existing firewall rules.

An attacker may trigger this vulnerability by sending malicious network data through the Teredo network transport system to obtain sensitive information; other attacks are also possible.

Note that Windows Vista systems configured with a 'Public' network profile are not vulnerable to this issue.

20. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
BugTraq ID: 24778
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24778
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.

21. Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 24771
Remote: Yes
Date Published: 2007-07-05
Relevant URL: http://www.securityfocus.com/bid/24771
Summary:
Microsoft has released advance notification that the vendor will be releasing six security bulletins on July 10, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

These vulnerabilities have been assigned to the following BIDs:
24800 Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
24796 Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
24778 Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
24791 Microsoft .Net Framework Null Byte Injection Vulnerability
24811 Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
20753 Microsoft .NET Framework Request Filtering Bypass Vulnerability
24779 Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
24801 Microsoft Excel Version Information Validation Remote Code Execution Vulnerability
22555 Microsoft Excel Worksheet Remote Code Execution Vulnerability
24803 Microsoft Excel Workspace Designation Remote Code Execution Vulnerability
24843 Microsoft Excel Unspecified Security Vulnerability
22702 Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability
15921 Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability

22. Microsoft Internet Explorer Zone Denial of Service Vulnerability
BugTraq ID: 24744
Remote: Yes
Date Published: 2007-07-02
Relevant URL: http://www.securityfocus.com/bid/24744
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

Remote attackers can exploit this issue to cause the application to hang when viewing arbitrary websites.

This issue affects Internet Explorer 6 and 7.

23. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability
BugTraq ID: 24721
Remote: Yes
Date Published: 2007-07-01
Relevant URL: http://www.securityfocus.com/bid/24721
Summary:
phpEventCalendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

phpEventCalendar 0.2.3 and prior versions are reported prone to this issue.

24. Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow Vulnerability
BugTraq ID: 23897
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23897
Summary:
Symantec Veritas Backup Exec for Windows Server is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. USB device control software
http://www.securityfocus.com/archive/88/472910

2. SecurityFocus Microsoft Newsletter #349
http://www.securityfocus.com/archive/88/472860

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Blog Archive