News

Wednesday, July 18, 2007

SecurityFocus Microsoft Newsletter #351

SecurityFocus Microsoft Newsletter #351
----------------------------------------

This Issue is Sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. MICROSOFT VULNERABILITY SUMMARY
1. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Multiple Insecure Methods Vulnerabilities
2. QuickerSite Default.ASP Cross-Site Scripting Vulnerability
3. Marshal MailMarshal SMTP Spam Quarantine Interface User Password Change Vulnerability
4. Trend Micro OfficeScan Management Console Authentication Bypass Vulnerability
5. InterActual Player IAMCE and IAKey Remote Buffer Overflow Vulnerabilities
6. Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment Vulnerability
7. Zenturi ProgramChecker SASATL.DLL ActiveX Control DebugMsgLog Method Buffer Overflow Vulnerability
8. EldoS SecureBlackbox PGPBBox.dll ActiveX Control Arbitrary File Overwrite Vulnerability
9. Apple QuickTime Information Disclosure and Multiple Code Execution Vulnerabilities
10. QuarkXPress Word Document Text-Import Font Handling Stack Buffer Overflow Vulnerability
11. AVG Anti-Virus Local Privilege Escalation Vulnerability
12. Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
13. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
14. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
15. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
16. Microsoft Excel Unspecified Security Vulnerability
17. Microsoft Internet Explorer Multiple Browser URI Handler Command Injection Vulnerability
18. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability
19. Media Player Classic .FLV Remote Denial Of Service Vulnerability
20. Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities
21. Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities
22. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability
23. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability
24. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
25. Symantec AntiVirus Corporate Edition Local Privilege Escalation Vulnerability
26. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
28. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
29. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
30. Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
31. Symantec Veritas Backup Exec for Windows Server RPC Heap Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Sync Domain Account password and Local Account password
2. Restrict access
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449

2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control Multiple Insecure Methods Vulnerabilities
BugTraq ID: 24959
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24959
Summary:
Data Dynamics ActiveBar ActiveX control is prone to multiple vulnerabilities caused by insecure methods. The problem stems from a design error in the affected application.

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in a denial-of-service condition.

These issues affect version 3.1; other versions may also be affected.

2. QuickerSite Default.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 24948
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.securityfocus.com/bid/24948
Summary:
QuickerSite is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

3. Marshal MailMarshal SMTP Spam Quarantine Interface User Password Change Vulnerability
BugTraq ID: 24936
Remote: Yes
Date Published: 2007-07-17
Relevant URL: http://www.securityfocus.com/bid/24936
Summary:
Marshal MailMarshal SMTP is prone to a vulnerability that may permit attackers to change arbitrary passwords.

Exploiting this issue may allow an attacker to change an arbitrary user's password, bypass the authentication mechanism, and gain unauthorized access to the affected application. This may lead to other attacks.

Versions prior to MailMarshal SMTP6.2.1 are vulnerable.

4. Trend Micro OfficeScan Management Console Authentication Bypass Vulnerability
BugTraq ID: 24935
Remote: Yes
Date Published: 2007-07-17
Relevant URL: http://www.securityfocus.com/bid/24935
Summary:
Trend Micro OfficeScan is prone to an authentication-bypass vulnerability because it fails to adequately handle user-supplied input.

Attackers can exploit this issue to gain unauthorized access to the application's web-based management console. Successful attacks will compromise the application.

OfficeScan 7.3 is vulnerable; other versions may also be affected.

5. InterActual Player IAMCE and IAKey Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24919
Remote: Yes
Date Published: 2007-07-16
Relevant URL: http://www.securityfocus.com/bid/24919
Summary:
InterActual Player contains multiple ActiveX controls that are prone to buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

An attacker could exploit these issues by creating a malicious web page that would initialize the affected ActiveX controllers and execute arbitrary code within the context of the user.

Exploiting this issue could allow an attacker to execute arbitrary code.

These issues affect InterActual Player 2.60.12.0717; other versions may be vulnerable as well.

6. Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment Vulnerability
BugTraq ID: 24911
Remote: Yes
Date Published: 2007-07-14
Relevant URL: http://www.securityfocus.com/bid/24911
Summary:
Microsoft Internet Explorer is prone to a vulnerability that allows attackers to trap users at a particular webpage and spoof page transitions.

Attackers may exploit this via a malicious page to spoof the contents and origin of a page that the victim may trust. This vulnerability may be useful in phishing or other attacks that rely on content spoofing.

Internet Explorer 7 is vulnerable to this issue; other versions may also be affected.

7. Zenturi ProgramChecker SASATL.DLL ActiveX Control DebugMsgLog Method Buffer Overflow Vulnerability
BugTraq ID: 24883
Remote: Yes
Date Published: 2007-07-12
Relevant URL: http://www.securityfocus.com/bid/24883
Summary:
The Zenturi ProgramChecker 'sasatl.dll' ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

8. EldoS SecureBlackbox PGPBBox.dll ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24882
Remote: Yes
Date Published: 2007-07-12
Relevant URL: http://www.securityfocus.com/bid/24882
Summary:
SecureBlackbox ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files.

The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This may cause denial-of-service conditions and may also allow the attacker to execute arbitrary code on the victim's computer, which may facilitate a remote compromise.

9. Apple QuickTime Information Disclosure and Multiple Code Execution Vulnerabilities
BugTraq ID: 24873
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24873
Summary:
Apple QuickTime is prone to an information-disclosure and multiple remote code-execution vulnerabilities.

Remote attackers may exploit these issues by enticing victims into opening maliciously crafted files or visiting maliciously crafted websites.

Successful exploits may allow attackers to execute arbitrary code in the context of a user running the vulnerable application or to obtain sensitive information. Failed exploit attempts of remote code-execution issues may result in denial-of-service conditions. Successful exploits of the information-disclosure issue may lead to further attacks.

10. QuarkXPress Word Document Text-Import Font Handling Stack Buffer Overflow Vulnerability
BugTraq ID: 24872
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24872
Summary:
QuarkXPress is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted Word (.doc) files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects QuarkXpress 7.2 for Microsoft Windows. Other versions may also be affected.

11. AVG Anti-Virus Local Privilege Escalation Vulnerability
BugTraq ID: 24870
Remote: No
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24870
Summary:
AVG Anti-Virus is prone to a local privilege-escalation vulnerability because the application fails to properly limit unprivileged users from functionality that allows them to write arbitrary data to arbitrary kernel memory.

Successfully exploiting this issue allows local attackers to gain SYSTEM-level privileges, facilitating the complete compromise of affected computers.

AVG Anti-Virus Free Edition 7.5.446 and AVG Anti-Virus 7.5.438 are vulnerable; other versions may also be affected.

12. Multiple Vendors RAR Handling Remote Null Pointer Dereference Vulnerability
BugTraq ID: 24866
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24866
Summary:
Multiple applications using RAR are prone to a NULL-pointer dereference vulnerability.

A successful attack will result in denial-of-service conditions. Attackers may also be able to exploit this issue to execute arbitrary code, but this has not been confirmed.

This issue affects the following:

ClamAV prior to 0.91
'UnRAR' 3.70; other versions may also be vulnerable.

Other applications using the vulnerabile 'UnRAR' utility are affected by this issue. We will update this BID as more information emerges.

13. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
BugTraq ID: 24856
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24856
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.

Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.

14. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24854
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24854
Summary:
Centericq is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

15. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
BugTraq ID: 24850
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24850
Summary:
Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets.

Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks.

Sun Java System Web Server 7.0 for the following operating systems is affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows
- HP-UX

Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows

16. Microsoft Excel Unspecified Security Vulnerability
BugTraq ID: 24843
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24843
Summary:
Microsoft Excel is prone to an unspecified security vulnerability.

Very little information is currently available regarding this issue. We will update this BID as more information emerges.

17. Microsoft Internet Explorer Multiple Browser URI Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers inject commands through the 'firefoxurl' and 'navigatorurl' protocol handlers.

Exploiting these issues allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' and 'navigator.exe' processes by employing the 'firefoxurl' and 'navigatorurl' handlers.

An attacker can also employ these issues to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox and Netscape Navigator's resources.

Exploiting these issues would permit remote attackers to influence command options that can be called through the 'firefoxurl' and 'navigatorurl' handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

18. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability
BugTraq ID: 24834
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24834
Summary:
Innovasys DockStudioXP ActiveX control is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

19. Media Player Classic .FLV Remote Denial Of Service Vulnerability
BugTraq ID: 24830
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24830
Summary:
Media Player Classic is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the application. Reports indicate that remote code execution may also be possible, but this has not been confirmed.

Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected.

20. Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities
BugTraq ID: 24827
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24827
Summary:
Eltima Software Virtual Serial Port ActiveX control is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

Virtual Serial Port 5.0 is vulnerable; other versions may also be affected.

21. Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities
BugTraq ID: 24826
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24826
Summary:
Norton Ghost is prone to multiple denial-of-service vulnerabilities.

Successful exploits may allow an attacker to cause denial-of-service conditions.

22. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability
BugTraq ID: 24825
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24825
Summary:
Symantec Norton Ghost is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Symantec Ghost 12.0; other versions may also be affected.

23. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 24816
Remote: Yes
Date Published: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24816
Summary:
Microsoft Windows Vista is prone to an unspecified remote denial-of-service vulnerability.

Attackers may exploit this issue to crash the affected operating system, denying further service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.

24. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
BugTraq ID: 24811
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24811
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.

25. Symantec AntiVirus Corporate Edition Local Privilege Escalation Vulnerability
BugTraq ID: 24810
Remote: No
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24810
Summary:
Symantec AntiVirus Corporate Edition is prone to a local privilege-escalation vulnerability because the application fails to properly drop privileges.

A local attacker can exploit this issue to elevate privileges to the SYSTEM level. This could facilitate a complete compromise of the affected computer.

26. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
BugTraq ID: 24800
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24800
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because Microsoft Active Directory fails to handle specially crafted user-supplied Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 24796
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24796
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory fails to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users.

28. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
BugTraq ID: 24779
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24779
Summary:
Windows Firewall for Windows Vista is prone to a vulnerability that may permit a bypass of existing firewall rules.

An attacker may trigger this vulnerability by sending malicious network data through the Teredo network transport system to obtain sensitive information; other attacks are also possible.

Note that Windows Vista systems configured with a 'Public' network profile are not vulnerable to this issue.

29. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
BugTraq ID: 24778
Remote: Yes
Date Published: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24778
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.

30. Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
BugTraq ID: 24282
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24282
Summary:
Symantec AntiVirus products that include the Symantec Decomposer are prone to multiple remote vulnerabilities related to the handling of CAB and RAR archives. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges or to cause the affected application to enter an infinite loop, resulting in a denial-of-service condition.

31. Symantec Veritas Backup Exec for Windows Server RPC Heap Buffer Overflow Vulnerability
BugTraq ID: 23897
Remote: Yes
Date Published: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23897
Summary:
Symantec Veritas Backup Exec for Windows Server is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Sync Domain Account password and Local Account password
http://www.securityfocus.com/archive/88/473988

2. Restrict access
http://www.securityfocus.com/archive/88/473787

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting.

http://www.blackhat.com

No comments:

Blog Archive