WINDOWS CENTER: SecurityFocus Newsletter #409

SecurityFocus Newsletter #409
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Achtung! New German Laws on Cybercrime
2. Don't Be Evil
II. BUGTRAQ SUMMARY
1. SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified Remote Command Execution Vulnerabilities
2. HP TCP/IP Services for OpenVMS User Enumeration Weakness and Security Bypass Vulnerabilities
3. GameSiteScript Index.PHP SQL Injection Vulnerability
4. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability
5. Nonnoi ASP/Barcode COM Component NONNOI_ASPBarcode.DLL Arbitrary File Overwrite Vulnerability
6. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability
7. Yb Ve Bayi Babvuru Formu Multiple HTML Injection Vulnerabilities
8. Computer Associates ERwin Data Model Validator Multiple Denial Of Service Vulnerabilities
9. Mozilla Firefox Multiple Popup Tabs Denial of Service Vulnerability
10. Linux Kernel SCTP Connection Denial Of Service Vulnerability
11. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
12. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability
13. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
14. VLC Media Player Multiple Format String Vulnerabilities
15. SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability
16. Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability
17. Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
18. Computer Associates BrightStor ARCserve Backup MediaSVR.EXE 191 Buffer Overflow Vulnerability
19. McAfee NeoTrace ActiveX Control Remote Buffer Overflow Vulnerability
20. PHP 5 User-Supplied Session ID Input Validation Vulnerability
21. PHPPost Multiple Cross-Site Scripting Vulnerabilities
22. PHP Multiple Input Validation Vulnerabilities
23. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
24. PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
26. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
27. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
28. Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow Vulnerability
29. Sun Java Runtime Environment WebStart JNLP File Stack Buffer Overflw Vulnerability
30. Entertainment CMS AdminLogged Cookie Parameter Authentication Bypass Vulnerability
31. TippingPoint IPS Fragmented Packets Detection Bypass Vulnerability
32. X.Org X11 XC-MISC Extension Local Integer Overflow Vulnerability
33. Wireshark Multiple Protocol Denial of Service Vulnerabilities
34. X.Org LibXFont Multiple Local Integer Overflow Vulnerabilities
35. Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability
36. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
37. OpenOffice RTF File Parser Buffer Overflow Vulnerability
38. Sun Java System Access Manager Logging Output Password Disclosure Vulnerability
39. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
40. Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability
41. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
42. Adobe Photoshop Multiple File Format Buffer Overflow Vulnerability
43. Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
44. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
45. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
46. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
47. Mike's World Mail Machine Mailmachine.CGI Local File Include Vulnerability
48. EVisit Analyst ID Parameter Multiple SQL Injection Vulnerabilities
49. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
50. TippingPoint IPS Unicode Character Detection Bypass Vulnerability
51. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
52. ImgSvr Template Parameter Local File Include Vulnerability
53. RCP Shell Utility Arbitrary Command Execution Vulnerability
54. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
55. Windows Media Player ASX PlayList File Heap Overflow Vulnerability
56. SquirrelMail G/PGP Encryption Plug-in Unspecified Remote Command Execution Vulnerability
57. Zenturi ProgramChecker ActiveX Control Fill Method Stack Based Buffer Overflow Vulnerability
58. Apple Safari for Windows SVG Parse Engine Multiple Unspecified Vulnerabilities
59. IBM Proventia Sensor Appliance Multiple Input Validation Vulnerabilities
60. McAfee Common Management Agent (CMA) Multiple Memory Corruption Vulnerabilities
61. EnViVo!CMS Default.ASP ID Parameter SQL Injection Vulnerability
62. Symantec Client Security Internet E-mail Auto-Protect Stack Overflow Vulnerability
63. Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
64. AlstraSoft Video Share Enterprise Multiple Remote Vulnerabilities
65. SAP DB Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities
66. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
67. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
68. FlashBB Sendmsg.PHP Remote File Include Vulnerability
69. Microsoft Excel Workspace Designation Remote Code Execution Vulnerability
70. Microsoft Excel Worksheet Remote Code Execution Vulnerability
71. Microsoft .NET Framework Request Filtering Bypass Vulnerability
72. Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability
73. Microsoft Excel Version Information Validation Remote Code Execution Vulnerability
74. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
75. Microsoft Excel Unspecified Security Vulnerability
76. WinPcap NPF.SYS BIOCGSTATS Parameters Local Privilege Escalation Vulnerability
77. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
78. Unobtrusive AJAX Star Rating Bar Multiple Input Validation Vulnerabilities
79. Visual IRC Join Response Buffer Overflow Vulnerability
80. ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities
81. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
82. IBM AIX Libodm ODMPath Stack Overflow Vulnerability
83. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
84. Samba NDR RPC Request RFNPCNEX Heap-Based Buffer Overflow Vulnerability
85. Samba NDR RPC Request DFSEnum Heap-Based Buffer Overflow Vulnerability
86. Samba SID Names Local Privilege Escalation Vulnerability
87. Samba NDR RPC Request LsarAddPrivilegesToAccount Heap-Based Buffer Overflow Vulnerability
88. Samba MS-RPC Remote Shell Command Execution Vulnerability
89. Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability
90. Inferno Technologies VBulletin RPG Inferno Inferno.PHP SQL Injection Vulnerability
91. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities
92. File(1) Command File_PrintF Integer Underflow Vulnerability
93. File Multiple Denial of Service Vulnerabilities
94. IBM Hardware Management Console Unspecified Vulnerability
95. OpenLD Index.PHP SQL Injection Vulnerability
96. GNU Image Manipulation Program Multiple Integer Overflow Vulnerabilities
97. Aigaion Index.PHP SQL Injection Vulnerability
98. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability
99. Media Player Classic .FLV Remote Denial Of Service Vulnerability
100. Mozilla Firefox WYCIWYG:// URI Cache Zone Bypass Vulnerability
III. SECURITYFOCUS NEWS
1. Fast flux foils bot-net takedown
2. Lawmakers worry over gov't network breaches
3. Amero case spawns effort to educate
4. Group: Anti-hacking laws can hobble Net security
IV. SECURITY JOBS LIST SUMMARY
1. [SJ-JOB] Application Security Architect, Noida
2. [SJ-JOB] Security System Administrator, Denver
3. [SJ-JOB] Management, Cupertino
4. [SJ-JOB] Security Engineer, Rockville
5. [SJ-JOB] Quality Assurance, Columbia
6. [SJ-JOB] Sr. Security Engineer, Cupertino
7. [SJ-JOB] Manager, Information Security, Cincinnati
8. [SJ-JOB] Security Engineer, San Francisco
9. [SJ-JOB] Security Engineer, Columbia
10. [SJ-JOB] Sr. Security Engineer, Wilmington
11. [SJ-JOB] Management, Mountain View
12. [SJ-JOB] Security Researcher, Houston
13. [SJ-JOB] Manager, Information Security, Cincinnati
14. [SJ-JOB] Management, Milwaukee
15. [SJ-JOB] Security Architect, Melville LI
16. [SJ-JOB] Auditor, Multiple Locations
17. [SJ-JOB] Sales Engineer, Reston
18. [SJ-JOB] Security Architect, Virtual
19. [SJ-JOB] Security Engineer, New York
20. [SJ-JOB] Manager, Information Security, Skokie
21. [SJ-JOB] Information Assurance Engineer, DC/Metro Area
22. [SJ-JOB] Security Architect, Cincinnati
23. [SJ-JOB] Principal Software Engineer, Noida
24. [SJ-JOB] Security Architect, Wilmington
25. [SJ-JOB] Application Security Engineer, Cincinnati
26. [SJ-JOB] Security Engineer, Schaumburg
27. [SJ-JOB] Forensics Engineer, Cupertino
28. [SJ-JOB] Jr. Security Analyst, Ramstein
29. [SJ-JOB] Security Engineer, Cupertino
30. [SJ-JOB] Manager, Information Security, New York
31. [SJ-JOB] Security Architect, Leatherhead & Europe
32. [SJ-JOB] Security Architect, Cheltenham, Gloucs
33. [SJ-JOB] Sr. Security Engineer, New York City
34. [SJ-JOB] VP of Marketing, Cleveland
35. [SJ-JOB] Manager, Information Security, Skokie
36. [SJ-JOB] Security Architect, Surrey & Berkshire
37. [SJ-JOB] Developer, London
38. [SJ-JOB] Sr. Security Analyst, Reston
39. [SJ-JOB] Security Consultant, Chicago
40. [SJ-JOB] Sr. Security Analyst, Leatherhead (Surrey) & Reading (Berks)
41. [SJ-JOB] Technology Risk Consultant, Bay Area
42. [SJ-JOB] Threat Analyst, Fort Lauderdale
43. [SJ-JOB] Security Consultant, St. Louis
44. [SJ-JOB] Security Architect, Leatherhead (Surrey) & Reading (Berks)
45. [SJ-JOB] Sr. Security Analyst, Olympia
46. [SJ-JOB] Manager, Information Security, Fort Meade
47. [SJ-JOB] Security Director, Cleveland
48. [SJ-JOB] Security Consultant, Leatherhead, Surrey
49. [SJ-JOB] Channel / Business Development, London
50. [SJ-JOB] Threat Analyst, Warren
51. [SJ-JOB] Director, Information Security, San Diego
52. [SJ-JOB] Sales Engineer, New York
53. [SJ-JOB] Auditor, Columbia
54. [SJ-JOB] Sales Representative, London
55. [SJ-JOB] Forensics Engineer, Birmingham
56. [SJ-JOB] Security Engineer, San Diego
57. [SJ-JOB] Technical Support Engineer, Leatherhead, Surrey & Europe
58. [SJ-JOB] Principal Software Engineer, Columbia
59. [SJ-JOB] Sr. Security Engineer, Elgin
60. [SJ-JOB] Auditor, Chicago
61. [SJ-JOB] Auditor, Hartford
62. [SJ-JOB] Forensics Engineer, Manchester
63. [SJ-JOB] Information Assurance Analyst, Baltimore
V. INCIDENTS LIST SUMMARY
VI. VULN-DEV RESEARCH LIST SUMMARY
VII. MICROSOFT FOCUS LIST SUMMARY
1. USB device control software
2. SecurityFocus Microsoft Newsletter #349
VIII. SUN FOCUS LIST SUMMARY
IX. LINUX FOCUS LIST SUMMARY
X. UNSUBSCRIBE INSTRUCTIONS
XI. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap.
http://www.securityfocus.com/columnists/448

2. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators.
http://www.securityfocus.com/columnists/447

II. BUGTRAQ SUMMARY
--------------------
1. SquirrelMail G/PGP Encryption Plug-in Multiple Unspecified Remote Command Execution Vulnerabilities
BugTraq ID: 24828
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24828
Summary:
Vulnerabilities in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. These issues occur because the application fails to sufficiently sanitize user-supplied data.

Commands would run in the context of the webserver hosting the vulnerable software.

Reports indicate that these vulnerabilities reside in SquirrelMail G/PGP 2.0 and 2.1 and that the vendor is aware of the issues. This has not been confirmed.

No further technical details are currently available. We will update this BID as more information emerges.

2. HP TCP/IP Services for OpenVMS User Enumeration Weakness and Security Bypass Vulnerabilities
BugTraq ID: 24751
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24751
Summary:
HP TCP/IP Services for OpenVMS is prone to a user-enumeration weakness and a security-bypass vulnerability.

An attacker can exploit these issues to enumerate valid usernames and to launch brute-force attacks.

These issues affect the POP3 service included in TCP/IP 5.6 for OpenVMS; other versions may also be affected. The POP3 service is not enabled by default.

3. GameSiteScript Index.PHP SQL Injection Vulnerability
BugTraq ID: 24807
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24807
Summary:
GameSiteScript is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

GameSiteScript 3.1 and prior versions are vulnerable to this issue.

4. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability
BugTraq ID: 24604
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24604
Summary:
Lhaca file archiver is prone to an unspecified stack-based buffer-overflow vulnerability. The application fails to properly decompress malicious LZH archive files.

An attacker can exploit this issue to crash the application and execute arbitrary code within the context of the affected application.

Lhaca 1.20 is vulnerable to this issue; other versions may also be affected.

5. Nonnoi ASP/Barcode COM Component NONNOI_ASPBarcode.DLL Arbitrary File Overwrite Vulnerability
BugTraq ID: 24822
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24822
Summary:
Nonnoi ASP/Barcode ActiveX control is prone to a vulnerability that lets attackers overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

This issue affects Nonnoi ASP/Barcode 2.20; other versions may also be affected.

6. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability
BugTraq ID: 24825
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24825
Summary:
Symantec Norton Ghost is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Symantec Ghost 12.0; other versions may also be affected.

7. Yb Ve Bayi Babvuru Formu Multiple HTML Injection Vulnerabilities
BugTraq ID: 24812
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24812
Summary:
Ãb Ve Bayi Babvuru Formu is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

8. Computer Associates ERwin Data Model Validator Multiple Denial Of Service Vulnerabilities
BugTraq ID: 24814
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24814
Summary:
Computer Associates ERwin Data Model Validator is prone to multiple denial-of-service vulnerabilities because the software fails to handle specially crafted '.EXP' database files. These issues include a NULL-pointer dereference vulnerability and a denial-of-service vulnerability.

An attacker can exploit these issues to cause a denial-of-service condition. Arbitrary code execution may be possible for the NULL-pointer dereference issue, but this has not been confirmed.

9. Mozilla Firefox Multiple Popup Tabs Denial of Service Vulnerability
BugTraq ID: 24820
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24820
Summary:
Firefox is prone to a remote denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions.

Firefox 2.0.0.4 is vulnerable to this issue; other versions may also be affected.

10. Linux Kernel SCTP Connection Denial Of Service Vulnerability
BugTraq ID: 24376
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Linux kernel versions prior to 2.6.21.4 are vulnerable to this issue.

This BID initially discussed three weaknesses/vulnerabilities in the Linux kernel. These issues have been separated into the following individual records:

24389 Linux Kernel CPUSet Tasks Memory Leak Information Disclosure Vulnerability
24390 Linux Kernel PRNG Entropy Weakness
24376 Linux Kernel SCTP Connection Denial Of Service Vulnerability

11. Linux Kernel Decode_Choices Function Remote Denial Of Service Vulnerability
BugTraq ID: 24818
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24818
Summary:
The Linux kernel is prone to a remote denial-of-service vulnerability because it fails to handle certain H.323 data.

Attackers can exploit this issue to crash the affected operating system, denying access to legitimate users.

Versions prior to 2.6.21.6, 2.6.20.15, and 2.6.22 are vulnerable.

12. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 24816
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24816
Summary:
Microsoft Windows Vista is prone to an unspecified remote denial-of-service vulnerability.

Attackers may exploit this issue to crash the affected operating system, denying further service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.

13. Linux Kernel IPV6_SockGlue.c NULL Pointer Dereference Vulnerability
BugTraq ID: 23142
Remote: No
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/23142
Summary:
The Linux kernel is prone to a NULL-pointer dereference vulnerability.

A local attacker can exploit this issue to crash the affected application, denying service to legitimate users. The attacker may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

14. VLC Media Player Multiple Format String Vulnerabilities
BugTraq ID: 24555
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24555
Summary:
VLC media player is affected by multiple format-string vulnerabilities.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application.

Versions prior to VLC media player 0.8.6c are affected.

15. SAP Message Server Group Parameter Remote Buffer Overflow Vulnerability
BugTraq ID: 24765
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24765
Summary:
SAP Message Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

Remote attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will result in a complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions that disable all functionality of the application.

16. Apple Safari Cross-Domain Race Condition Information Disclosure Vulnerability
BugTraq ID: 24599
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/24599
Summary:
Apple Safari is prone to an information-disclosure vulnerability because it fails to properly enforce cross-domain JavaScript restrictions.

Exploiting this issue may allow attackers to access locations that a user visits, even if those locations are in a different domain than the attacker's site. The most common manifestation of this condition would typically be in blogs or forums. Attackers may be able to access potentially sensitive information that would aid in phishing attacks.

This issue affects versions prior to Safari 3 Beta Update 3.0.2

17. Apache Tomcat Mod_JK.SO Arbitrary Code Execution Vulnerability
BugTraq ID: 22791
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/22791
Summary:
Apache Tomcat is prone to a vulnerability that will allow remote attackers to execute arbitrary code on an affected computer. A successful attack may result in a complete compromise.

18. Computer Associates BrightStor ARCserve Backup MediaSVR.EXE 191 Buffer Overflow Vulnerability
BugTraq ID: 23209
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/23209
Summary:
Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application.

A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions.

19. McAfee NeoTrace ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 21697
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/21697
Summary:
The NeoTraceExplorer.NeoTraceLoader ActiveX control shipped with NeoTrace is prone to a buffer-overflow vulnerability. The software fails to perform sufficient bounds-checking of user-supplied input before copying it to an insufficiently sized memory buffer.

NeoTrace Express 3.25 and NeoTrace Professional 3.25 are vulnerable to this issue.

20. PHP 5 User-Supplied Session ID Input Validation Vulnerability
BugTraq ID: 16220
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/16220
Summary:
PHP 5 is prone to an input-validation vulnerability. This is due to a lack of proper sanitization of user-supplied input of PHP session IDs, transmitted by way of HTTP headers.

An attacker may use this vulnerability to perform HTTP response splitting, often resulting in content spoofing and cross-site scripting attacks.

PHP 5.1.1 and prior versions are affected.

21. PHPPost Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15524
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/15524
Summary:
PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The attacker may also be able to steal cookie-based authentication credentials and launch other attacks.

22. PHP Multiple Input Validation Vulnerabilities
BugTraq ID: 19582
Remote: No
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/19582
Summary:
PHP is prone to multiple input-validation vulnerabilities. Successful exploits could allow an attacker to write files in unauthorized locations, cause a denial-of-service condition, and potentially execute code.

These issues are reported to affect PHP versions 4.4.3 and 5.1.4; other versions may also be vulnerable.

23. PHP Prior to 5.2.2/4.4.7 Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 23813
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/23813
Summary:
PHP is prone to three remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers.

An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users.

All three issues affect PHP 5.2.1 and prior versions; PHP 4.4.6 and prior versions are affected only by one of the issues.

Few details are available at the moment. These issues may have been previously described in other BIDs. This record may be updated or retired if further analysis shows that these issues have been reported in the past.

24. PHP Zip URL Wrapper Stack Buffer Overflow Vulnerability
BugTraq ID: 22883
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/22883
Summary:
PHP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects PHP 5.2.0 and PHP with PECL ZIP <= 1.8.3.

25. Linux Kernel IPv6 TCP Sockets Local Denial of Service Vulnerability
BugTraq ID: 23104
Remote: No
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/23104
Summary:
The Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to cause the kernel to crash, effectively denying service to legitimate users. Attackers may also be able to execute arbitrary code with elevated privileges, but this has not been confirmed.

This issue affects the Linux kernel 2.6 series.

26. Linux Kernel AppleTalk ATalk_Sum_SKB Function Denial Of Service Vulnerability
BugTraq ID: 23376
Remote: Yes
Last Updated: 2007-07-09
Relevant URL: http://www.securityfocus.com/bid/23376
Summary:
The Linux kernel is prone to a denial-of-service vulnerability. This issue presents itself when malformed AppleTalk frames are processed.

An attacker can exploit this issue to crash host computers, effectively denying service to legitimate users.

Versions prior to 2.6.20.5 are vulnerable.

27. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
BugTraq ID: 24800
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24800
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because Microsoft Active Directory fails to handle specially crafted user-supplied Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

28. Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow Vulnerability
BugTraq ID: 23897
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23897
Summary:
Symantec Veritas Backup Exec for Windows Server is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

29. Sun Java Runtime Environment WebStart JNLP File Stack Buffer Overflw Vulnerability
BugTraq ID: 24832
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24832
Summary:
Sun Java Runtime Environment is prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects these versions:

Java Runtime Environment 6 update 1
Java Runtime Environment 5 update 11

Prior versions are also affected.

30. Entertainment CMS AdminLogged Cookie Parameter Authentication Bypass Vulnerability
BugTraq ID: 24847
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24847
Summary:
Entertainment CMS is prone to an authentication-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to gain administrative access to the affected application.

31. TippingPoint IPS Fragmented Packets Detection Bypass Vulnerability
BugTraq ID: 24861
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24861
Summary:
TippingPoint IPS is prone to a detection-bypass vulnerability because the appliance fails to properly handle fragmented packets.

A successful exploit of this issue may allow an attacker to bypass the filter and detection system of vulnerable appliances, allowing malicious traffic through. This will likely aid the attacker in further attacks.

32. X.Org X11 XC-MISC Extension Local Integer Overflow Vulnerability
BugTraq ID: 23284
Remote: No
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23284
Summary:
X11 is prone to a local integer-overflow vulnerability because it fails to adequately bounds-check user-supplied input.

An attacker can exploit this vulnerability to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

33. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 24662
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24662
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.

Versions prior to Wireshark 0.99.6 are affected.

34. X.Org LibXFont Multiple Local Integer Overflow Vulnerabilities
BugTraq ID: 23283
Remote: No
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23283
Summary:
The 'libXfont' library is prone to multiple local integer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied data.

An attacker can exploit these vulnerabilities to execute arbitrary code with superuser privileges. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect libXfont 1.2.2; other versions may also be vulnerable.

35. Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability
BugTraq ID: 24837
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24837
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers inject commands through the 'FirefoxURL' protocol handler.

Exploiting the issue allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' process by employing the 'FirefoxURL' handler.

An attacker can also employ this issue to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox's resources.

Exploiting the issue would permit remote attackers to influence command options that can be called through the 'FirefoxURL' handler and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

36. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
BugTraq ID: 24779
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24779
Summary:
Windows Firewall for Windows Vista is prone to a vulnerability that may permit a bypass of existing firewall rules.

An attacker may trigger this vulnerability by sending malicious network data through the Teredo network transport system to obtain sensitive information; other attacks are also possible.

Note that Windows Vista systems configured with a 'Public' network profile are not vulnerable to this issue.

37. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

38. Sun Java System Access Manager Logging Output Password Disclosure Vulnerability
BugTraq ID: 24859
Remote: No
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24859
Summary:
Sun Java System Access Manager may allow local attackers to access user passwords.

By exploiting this issue, attackers may subsequently gain unauthorized access to user identities that are managed by Java System Access Manager.

39. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability
BugTraq ID: 24850
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24850
Summary:
Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets.

Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks.

Sun Java System Web Server 7.0 for the following operating systems is affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows
- HP-UX

Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected:
- Sun Solaris SPARC and x86 platforms
- Linux
- Microsoft Windows

40. Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability
BugTraq ID: 22702
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/22702
Summary:
Microsoft Office Publisher is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a maliciously crafted Publisher file.

Successful exploits may allow attackers to execute arbitrary code with privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

41. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24854
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24854
Summary:
Centericq is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

42. Adobe Photoshop Multiple File Format Buffer Overflow Vulnerability
BugTraq ID: 23621
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23621
Summary:
Adobe Photoshop is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious file. If successful, the attacker can execute arbitrary code in the context of the affected application.

This issue affects Photoshop CS2 and CS3.

43. Multiple Image Editing Applications .PNG Format Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 23698
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23698
Summary:
Multiple image editors are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts likely result in denial-of-service conditions.

The following are vulnerable:

Adobe Photoshop CS2, CS3, and Elements 5.0
Corel Paint Shop Pro 11.20

Other versions may also be affected.

44. Opera Web Browser Running Adobe Flash Player Information Disclosure Vulnerability
BugTraq ID: 23437
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/23437
Summary:
Opera Web Browser is prone to an information-disclosure vulnerability when running Adobe Flash Player.

An attacker can exploit this issue to access potentially sensitive information.

These versions are vulnerable:

Opera Web Browser prior to 9.20 for Linux, Solaris, and FreeBSD
Adobe Flash Player prior to 9.0.28.0

This issue also affects the Konqueror browser.

45. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability
BugTraq ID: 24856
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24856
Summary:
Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application.

Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected.

46. Linux Kernel IPV6_Getsockopt_Sticky Memory Leak Information Disclosure Vulnerability
BugTraq ID: 22904
Remote: No
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/22904
Summary:
Linux Kernel is prone to an information-disclosure vulnerability because it fails to handle unexpected user-supplied input.

Successful exploits will allow attackers to obtain portions of kernel memory. Information harvested may be used in further attacks.

Kernel versions 2.6.0 up to 2.6.20.1 are vulnerable to this issue.

47. Mike's World Mail Machine Mailmachine.CGI Local File Include Vulnerability
BugTraq ID: 24852
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24852
Summary:
Mike's World Mail Machine is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this issue may allow an unauthorized user to view files and execute local scripts.

48. EVisit Analyst ID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 24849
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24849
Summary:
eVisit Analyst is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

49. Sun JSSE SSL/TLS Handshake Processing Denial Of Service Vulnerability
BugTraq ID: 24846
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24846
Summary:
The Sun JSSE (Java Secure Socket Extension) is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the computer, denying access to legitimate users.

50. TippingPoint IPS Unicode Character Detection Bypass Vulnerability
BugTraq ID: 24855
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24855
Summary:
TippingPoint IPS is prone to a detection-bypass vulnerability because the appliance fails to properly handle Unicode characters.

A successful exploit of this issue may allow an attacker to bypass the filter and detection system of vulnerable appliances, allowing malicious URI traffic through. This will likely aid the attacker in further attacks.

51. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities
BugTraq ID: 24791
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24791
Summary:
Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data.

An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible.

52. ImgSvr Template Parameter Local File Include Vulnerability
BugTraq ID: 24853
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24853
Summary:
ImgSvr is prone to a local file-include vulnerability because it fails to sanitize user-supplied input.

Attackers may exploit this issue to access files that may contain sensitive information.

53. RCP Shell Utility Arbitrary Command Execution Vulnerability
BugTraq ID: 16369
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/16369
Summary:
The RCP shell utility is prone to an arbitrary command-execution vulnerability because the application fails to properly sanitize user-supplied input before using it in a 'system()' function call.

This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of RCP.

NOTE: OpenSSH SCP is a fork of RCP and is known to also be affected by this issue.

54. Windows Media Player Remote ASF File Buffer Overflow Vulnerability
BugTraq ID: 21505
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/21505
Summary:
Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.

55. Windows Media Player ASX PlayList File Heap Overflow Vulnerability
BugTraq ID: 21247
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/21247
Summary:
Windows Media Player is prone to a heap-overflow issue.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

56. SquirrelMail G/PGP Encryption Plug-in Unspecified Remote Command Execution Vulnerability
BugTraq ID: 24782
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24782
Summary:
A vulnerability in the SquirrelMail G/PGP encryption plugin may allow malicious webmail users to execute system commands remotely. The issue occurs because the application fails to sufficiently sanitize user data.

Commands would run in the context of the webserver hosting the vulnerable software. This issue may be exploited by sending email to a user utilizing the affected plugin. When the plugin attempts to process the email, the malicious code will be executed, making successful exploits easier for attackers to attempt.

Reports indicate that this issue has been tested with SquirrelMail 1.4.10a and G/PGP Plugin 2.0. Other versions may be affected as well.

57. Zenturi ProgramChecker ActiveX Control Fill Method Stack Based Buffer Overflow Vulnerability
BugTraq ID: 24848
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24848
Summary:
Zenturi ProgramChecker ActiveX control is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

ProgramChecker 1.5.0.531 is vulnerable; other versions may also be affected.

58. Apple Safari for Windows SVG Parse Engine Multiple Unspecified Vulnerabilities
BugTraq ID: 24446
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24446
Summary:
Apple Safari for Microsoft Windows is prone to multiple unspecified vulnerabilities.

Few technical details are currently available. We will update this BID as more information emerges.

Safari 3 public beta for Windows is reported vulnerable.

59. IBM Proventia Sensor Appliance Multiple Input Validation Vulnerabilities
BugTraq ID: 24864
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24864
Summary:
The IBM Proventia Sensor Appliance is prone to multiple input-validation vulnerabilities, including multiple remote file-include issues and a cross-site scripting issue.

An attacker can exploit these issues to steal cookie-based authentication credentials, view files, and to execute arbitrary server-side script code on an affected device in the context of the webserver process. Other attacks are also possible.

IBM Proventia Sensor Appliance CX5108 and GX5008 are vulnerable.

60. McAfee Common Management Agent (CMA) Multiple Memory Corruption Vulnerabilities
BugTraq ID: 24863
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24863
Summary:
McAfee Common Management Agent is prone to mutiple memory-corruption vulnerabilities. The application fails to properly bounds-check user-supplied data in several instances before copying it into insufficiently sized memory buffers.

A remote attacker may exploit these issues to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may result in denial-of-service conditions.

Various versions of CMA are affected by these issues. CMA is also included with ePolicy Orchestrator and ProtectionPilot.

61. EnViVo!CMS Default.ASP ID Parameter SQL Injection Vulnerability
BugTraq ID: 24860
Remote: Yes
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24860
Summary:
enVivo!CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

All versions are considered to be vulnerable to this issue.

62. Symantec Client Security Internet E-mail Auto-Protect Stack Overflow Vulnerability
BugTraq ID: 24802
Remote: No
Last Updated: 2007-07-11
Relevant URL: http://www.securityfocus.com/bid/24802
Summary:
Symantec Client Security is prone to a stack buffer-overflow vulnerability. This issue occurs because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to cause denial-of-service conditions.

63. Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 24771
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24771
Summary:
Microsoft has released advance notification that the vendor will be releasing six security bulletins on July 10, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

These vulnerabilities have been assigned to the following BIDs:
24800 Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability
24796 Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
24778 Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
24791 Microsoft .Net Framework Null Byte Injection Vulnerability
24811 Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
20753 Microsoft .NET Framework Request Filtering Bypass Vulnerability
24779 Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
24801 Microsoft Excel Version Information Validation Remote Code Execution Vulnerability
22555 Microsoft Excel Worksheet Remote Code Execution Vulnerability
24803 Microsoft Excel Workspace Designation Remote Code Execution Vulnerability
24843 Microsoft Excel Unspecified Security Vulnerability
22702 Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability
15921 Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability

64. AlstraSoft Video Share Enterprise Multiple Remote Vulnerabilities
BugTraq ID: 23409
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/23409
Summary:
AlstraSoft Video Share Enterprise is prone to multiple remote vulnerabilities, including an unauthorized-access issue and an SQL-injection issue.

Exploiting these issues could allow an attacker to compromise the application, access or modify data or user profiles, or exploit latent vulnerabilities in the underlying database implementation.

This issue affects Video Share Enterprise 4.3 and prior versions.

65. SAP DB Web Server WAHTTP.EXE Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24773
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24773
Summary:
SAP DB Web Server is prone to multiple buffer-overflow vulnerabilities because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Successfully exploiting these issues will allow an attacker to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.

66. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability
BugTraq ID: 24778
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24778
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions.

67. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability
BugTraq ID: 24811
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24811
Summary:
Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

68. FlashBB Sendmsg.PHP Remote File Include Vulnerability
BugTraq ID: 24842
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24842
Summary:
FlashBB is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application.

An attacker may leverage this issue to execute an arbitrary remote file containing malicious script code in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system. Other attacks are also possible.

FlashBB 1.1.7 is vulnerable; other versions may also be affected.

69. Microsoft Excel Workspace Designation Remote Code Execution Vulnerability
BugTraq ID: 24803
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24803
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls).

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

70. Microsoft Excel Worksheet Remote Code Execution Vulnerability
BugTraq ID: 22555
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/22555
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls).

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

This issue was previously reported as a denial-of-service vulnerability, but has been updated to reflect new information.

71. Microsoft .NET Framework Request Filtering Bypass Vulnerability
BugTraq ID: 20753
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/20753
Summary:
Microsoft .NET framework is prone to a vulnerability that may permit an attacker to bypass content filtering.

The attacker can exploit this issue to perform multiple input-validation attacks such as cross-site scripting, SQL-injection, and HTML-injection; other attacks are also possible.

72. Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability
BugTraq ID: 15921
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/15921
Summary:
Microsoft IIS is prone to a remote code-execution vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to the complete compromise of affected computers.

This issue affects Microsoft IIS 5.1 running on Windows XP SP2.

Note: this issue was previously reported as a denial-of-service vulnerability. New information from the vendor states that code execution is possible.

73. Microsoft Excel Version Information Validation Remote Code Execution Vulnerability
BugTraq ID: 24801
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24801
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

74. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 24796
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24796
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory fails to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users.

75. Microsoft Excel Unspecified Security Vulnerability
BugTraq ID: 24843
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24843
Summary:
Microsoft Excel is prone to an unspecified security vulnerability.

Very little information is currently available regarding this issue. We will update this BID as more information emerges.

76. WinPcap NPF.SYS BIOCGSTATS Parameters Local Privilege Escalation Vulnerability
BugTraq ID: 24829
Remote: No
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24829
Summary:
WinPcap is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

WinPcap 4.0 is vulnerable to this issue.

77. Linux PowerPC Kernel Restore_Sigcontext Local Denial of Service Vulnerability
BugTraq ID: 24845
Remote: No
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24845
Summary:
The PowerPC Linux kernel is prone to a denial-of-service vulnerability.

Exploiting this issue allows local attackers to corrupt memory resources and eventually cause the kernel to crash, effectively denying service to legitimate users.

Note that this issue affects only the Linux kernel on PowerPC architectures.

78. Unobtrusive AJAX Star Rating Bar Multiple Input Validation Vulnerabilities
BugTraq ID: 24840
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24840
Summary:
Unobtrusive AJAX Star Rating Bar is prone to input-validation vulnerabilities, including an SQL-injection issue, a security-bypass issue, and a cross-site scripting issue, because the application fails to sanitize user-supplied input.

A successful exploit may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit latent vulnerabilities in the underlying database, and bypass certain security restriction to inject arbitrary HTTP header and body data.

Versions prior to Unobtrusive AJAX Star Rating Bar 1.2.0 are affected.

79. Visual IRC Join Response Buffer Overflow Vulnerability
BugTraq ID: 24798
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24798
Summary:
Visual IRC (ViRC) is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code in the context of a user running the affected application. Successful attacks will compromise the application. Failed exploits will likely cause denial-of-service conditions.

ViRC 2.0 is vulnerable; other versions may also be affected.

80. ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23347
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/23347
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

ImageMagick 6.2.9 through 6.3.3-4 are vulnerable.

81. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities
BugTraq ID: 23300
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/23300
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

82. IBM AIX Libodm ODMPath Stack Overflow Vulnerability
BugTraq ID: 24841
Remote: No
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24841
Summary:
IBM AIX 'libodm' is prone to a local stack-based buffer-overflow vulnerability.

A successful attack may allow arbitrary machine code to run with superuser privileges.

IBM AIX 5.2 and 5.3 are reported affected; other versions may be vulnerable as well.

83. Samba NDR RPC Request NetSetFileSecurity Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 24196
Remote: Yes
Last Updated: 2007-07-10
Relevant URL: http://www.securityfocus.com/bid/24196
Summary:
Samba is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with superuser privileges, facilitating the complete remote compromise of affected computers. Failed exploit attempts will result in a denial of service.