News

Thursday, August 16, 2007

SecurityFocus Microsoft Newsletter #355

SecurityFocus Microsoft Newsletter #355
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: Web Hacking - Attack Scenarios and Examples- White Paper
Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices.
Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000D0r2


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Delete This!
2. Security conferences versus practical knowledge
II. MICROSOFT VULNERABILITY SUMMARY
1. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
2. IBM DB2 Universal Database Multiple Unspecified Vulnerabilities
3. Symantec Enterprise Firewall Username Enumeration Weakness
4. Cisco VPN Client for Windows Multiple Local Privilege Escalation Vulnerabilities
5. RndLabs Babo Violent 2 Multiple Vulnerabilities
6. EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability
7. Live For Speed Multiple Vulnerabilities
8. Zoidcom Malformed Packet Denial of Service Vulnerability
9. Drupal Content Construction Kit Nodereference Module Multiple HTML-injection Vulnerabilities
10. Diskeeper DKService.EXE Remote Information Disclosure Vulnerability
11. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
12. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
13. Windows Vista Weather Gadget Remote Code Execution Vulnerability
14. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
15. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
16. Qbik WinGate SMTP Service Command Format String Vulnerability
17. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
18. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
19. WengoPhone SIP Soft Phone Malformed Packet Denial of Service Vulnerability
20. CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability
21. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
22. MS Visual Basic 6 Package and Deployment Wizard ActiveX Control Remote Code Execution Vulnerability
23. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
24. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
25. Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability
26. Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability
27. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
28. WinGate SMTP Session Invalid State Remote Denial Of Service Vulnerability
29. Microsoft August 2007 Advance Notification Multiple Vulnerabilities
30. Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability
31. Symantec Altiris Deployment Solution Local Privilege Escalation Vulnerability
32. Microsoft Internet Explorer Position:Relative Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Password complexity - improvement
2. SecurityFocus Microsoft Newsletter #354
3. SecurityFocus Microsoft Newsletter #352
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Delete This!
By Mark Rasch
A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery.
http://www.securityfocus.com/columnists/450

2. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather well to suit the needs of their clients, the computer conference - specifically the computer security conference - has declined in relevance to the everyday sys-admin and network security practitioners.
http://www.securityfocus.com/columnists/449


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 25344
Remote: Yes
Date Published: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25344
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to an arbitrary file-overwrite vulnerability.

An attacker can exploit this issue to overwrite files with arbitrary, attacker-controlled content. This will aid in further attacks.

Version 5.1 of the control is vulnerable to this issue; other versions may also be affected.

2. IBM DB2 Universal Database Multiple Unspecified Vulnerabilities
BugTraq ID: 25339
Remote: Yes
Date Published: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25339
Summary:
IBM DB2 is prone to multiple vulnerabilities that may allow an attacker to carry out a variety of attacks. It is possible that some of these issues may permit an attacker to completely compromise a vulnerable computer.

These issues affect DB2 9.1 and 8 running on all supported platforms.

3. Symantec Enterprise Firewall Username Enumeration Weakness
BugTraq ID: 25338
Remote: Yes
Date Published: 2007-08-16
Relevant URL: http://www.securityfocus.com/bid/25338
Summary:
Symantec Enterprise Firewall is prone to a username-enumeration weakness.

An attacker can exploit this issue to enumerate valid user names. This may aid in further attacks.

4. Cisco VPN Client for Windows Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 25332
Remote: No
Date Published: 2007-08-15
Relevant URL: http://www.securityfocus.com/bid/25332
Summary:
Cisco VPN Client for Windows is prone to multiple local privilege-escalation vulnerabilities.

Successfully exploiting these issues allows attackers with local, interactive access to affected computers to gain SYSTEM-level privileges. This facilitates the complete compromise of affected computers.

Versions prior to 4.8.02.0010 and 5.0.01.0600 of Cisco VPN Client for the Microsoft Windows platform are vulnerable to these issues.

These issues are tracked as Cisco Bug IDs CSCse89550 and CSCsj00785.

5. RndLabs Babo Violent 2 Multiple Vulnerabilities
BugTraq ID: 25329
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25329
Summary:
Babo Violent 2 is prone to four vulnerabilities. These vulnerabilities include a format-string and three denial-of-service issues.

Successful attacks could result in execution of arbitrary code or could crash game servers.

6. EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability
BugTraq ID: 25328
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25328
Summary:
Easy Chat Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

Easy Chat Server 2.2 is reported to be vulnerable; other versions may also be affected.

7. Live For Speed Multiple Vulnerabilities
BugTraq ID: 25327
Remote: No
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25327
Summary:
Live For Speed is prone to four vulnerabilities. These vulnerabilities include buffer overflows and denial of service issues.


Successful exploits could result in execution of arbitrary code or could crash game servers.

8. Zoidcom Malformed Packet Denial of Service Vulnerability
BugTraq ID: 25326
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25326
Summary:
The Zoidcom network library is prone to a denial of service vulnerability when handling malformed packets.

An attacker could exploit this to crash a network service that is implemented with the library.

9. Drupal Content Construction Kit Nodereference Module Multiple HTML-injection Vulnerabilities
BugTraq ID: 25321
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25321
Summary:
Drupal Content Construction Kit is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content.

An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

10. Diskeeper DKService.EXE Remote Information Disclosure Vulnerability
BugTraq ID: 25320
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25320
Summary:
Diskeeper is prone to an information-disclosure vulnerability because it fails to restrict access to a certain RPC function.

This issue can be exploited to gain access to potentially sensitive information stored at arbitrary attacker-supplied memory addresses. Information gained could aid in further attacks. Supplying a bad memory address will cause denial-of-service conditions.

Diskeeper 9 Professional and Diskeeper 2007 Pro Premier are vulnerable; other versions may also be affected.

11. Microsoft Internet Explorer Vector Markup Language VGX.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 25310
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25310
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs when rendering VML (Vector Markup Language) grpahics.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user.

Successful attacks may facilitate the remote compromise of affected computers. Failed attacks will likely cause denial-of-service conditions.

12. Microsoft Windows Media Player Remote Skin Decompression Code Execution Vulnerability
BugTraq ID: 25307
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25307
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted compressed skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files).

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

13. Windows Vista Weather Gadget Remote Code Execution Vulnerability
BugTraq ID: 25306
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25306
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately validate certain HTML attributes.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

14. Microsoft Windows Media Player Remote Skin Header Code Execution Vulnerability
BugTraq ID: 25305
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25305
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability when handling specially crafted skin files.

Attackers exploit this issue by coercing unsuspecting users to download and open Windows Media Player skin files (WMZ or WMD files). Note that users must attempt to apply the skin files.

Successful exploits allow attackers to execute arbitrary code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.

15. Windows Vista Contacts Gadget Remote Code Execution Vulnerability
BugTraq ID: 25304
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25304
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to add or import malicious contact files.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

16. Qbik WinGate SMTP Service Command Format String Vulnerability
BugTraq ID: 25303
Remote: Yes
Date Published: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25303
Summary:
Qbik WinGate is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

A remote attacker may execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial of service.

This issue affects Qbik WinGate 6.2.1; other versions may also be affected.

17. Microsoft Windows GDI Metafiles AttemptWrite Remote Code Execution Vulnerability
BugTraq ID: 25302
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25302
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied metafile data.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users viewing malicious files. This facilitates the remote compromise of affected computers.

18. Microsoft XML Core Services SubstringData Integer Overflow Vulnerability
BugTraq ID: 25301
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25301
Summary:
Microsoft XML Core Services is prone to an integer-overflow vulnerability. This issue occursw because the application fails to ensure that integer values are not overrun.

Attackers can exploit this issue by enticing unsuspecting users to view malicious web content. Specially crafted scripts could issue requests to MSXML that trigger memory corruption.

Successfully exploiting this issue allows remote attackers to corrupt heap-memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

19. WengoPhone SIP Soft Phone Malformed Packet Denial of Service Vulnerability
BugTraq ID: 25300
Remote: Yes
Date Published: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25300
Summary:
WengoPhone is prone to a denial-of-service vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the application, resulting in denial-of-service conditions.

This issue affects WengoPhone 2.1; other versions may also be affected.

20. CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability
BugTraq ID: 25299
Remote: Yes
Date Published: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25299
Summary:
CounterPath X-Lite is prone to a denial-of-service vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the application, resulting in denial-of-service conditions.

This issue affects X-Lite 3.0; other versions may also be affected.

21. Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
BugTraq ID: 25298
Remote: No
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25298
Summary:
Microsoft Virtual PC and Virtual Server are prone to a local heap-overflow vulnerability.

To exploit this issue, attackers must have administrative privileges for the guest operating system.

Attackers may exploit this issue to execute arbitrary code in the context of the host operating system or another guest operating system. Successful exploits can result in a compromise of vulnerable computers.

22. MS Visual Basic 6 Package and Deployment Wizard ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 25295
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25295
Summary:
The Microsoft Visual Basic 6 Package and Deployment Wizard ActiveX control is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

23. Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
BugTraq ID: 25288
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25288
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.

This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.

24. Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability
BugTraq ID: 25287
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25287
Summary:
Windows Vista is prone to a remote code-execution vulnerability because it fails to adequately sanitize user-supplied data.

Attackers exploit this issue by coercing unsuspecting users to subscribe to a malicious RSS feed using the affected gadget.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Successful attacks may facilitate the remote compromise of affected computers.

25. Microsoft OLE Automation SubstringData Function Integer Overflow Vulnerability
BugTraq ID: 25282
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25282
Summary:
Microsoft OLE Automation is prone to an integer-overflow vulnerability. this issue occurs because the application fails to ensure that integer values are not overrun.

Successfully exploiting this issue allows remote attackers to corrupt heap memory and execute arbitrary in the context of the affeced application. Failed exploit attempts will result in a denial-of-service condition.

26. Microsoft Excel Worksheet Index Value Remote Code Execution Vulnerability
BugTraq ID: 25280
Remote: Yes
Date Published: 2007-08-14
Relevant URL: http://www.securityfocus.com/bid/25280
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls).

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

27. Microsoft DirectX Media SDK DXTLIPI.DLL ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25279
Remote: Yes
Date Published: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25279
Summary:
Microsoft DirectX Media SDK 'DXTLIPI.DLL' ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Microsoft DirectX Media SDK 6.0 with DXTLIPI.DLL 6.0.2.827 is reported vulnerable.

28. WinGate SMTP Session Invalid State Remote Denial Of Service Vulnerability
BugTraq ID: 25272
Remote: Yes
Date Published: 2007-08-10
Relevant URL: http://www.securityfocus.com/bid/25272
Summary:
WinGate is prone to a denial-of-service vulnerability because the application fails to sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects versions prior to WinGate 6.2.2.

29. Microsoft August 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 25247
Remote: Yes
Date Published: 2007-08-09
Relevant URL: http://www.securityfocus.com/bid/25247
Summary:
Microsoft has released advance notification that the vendor will be releasing nine security bulletins on August 14, 2007. The highest severity rating for these issues is 'Critical'.

Successful exploits can result in privilege escalation and remote code execution.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

30. Microsoft Windows Media Player AU Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 25236
Remote: Yes
Date Published: 2007-08-08
Relevant URL: http://www.securityfocus.com/bid/25236
Summary:
Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed AU file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Microsoft Windows Media Player 11; other versions may also be affected.

31. Symantec Altiris Deployment Solution Local Privilege Escalation Vulnerability
BugTraq ID: 25232
Remote: No
Date Published: 2007-08-13
Relevant URL: http://www.securityfocus.com/bid/25232
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

32. Microsoft Internet Explorer Position:Relative Denial of Service Vulnerability
BugTraq ID: 25222
Remote: Yes
Date Published: 2007-08-07
Relevant URL: http://www.securityfocus.com/bid/25222
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain HTML code.

This issue is triggered when a remote attacker entices a victim user to visit a malicious website.

Attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

This issue affects Internet Explorer 6.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Password complexity - improvement
http://www.securityfocus.com/archive/88/476610

2. SecurityFocus Microsoft Newsletter #354
http://www.securityfocus.com/archive/88/476463

3. SecurityFocus Microsoft Newsletter #352
http://www.securityfocus.com/archive/88/476453

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: Web Hacking - Attack Scenarios and Examples- White Paper
Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices.
Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000D0r2

No comments:

Blog Archive