News

Wednesday, September 12, 2007

SecurityFocus Microsoft Newsletter #359

SecurityFocus Microsoft Newsletter #359
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
2. Mod Your iPhone - For Fun or Profit?
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities
2. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability
3. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability
4. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities
5. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability
6. Microsoft SQL Server sqldmo.dll ActiveX Buffer Overflow Vulnerability
7. EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
8. Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities
9. Total Commander Client Side Directory Traversal Vulnerability
10. Microsoft September 2007 Advance Notification Multiple Vulnerabilities
11. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability
12. Apple iTunes Malformed Music File Heap Buffer Overflow Vulnerability
13. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
14. AtomixMP3 Malformed PLS Playlist File Buffer Overflow Vulnerability
15. Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
16. MailMarshal Tar Archive Remote Directory Traversal Vulnerability
17. Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
18. Virtual DJ M3U File Buffer Overflow Vulnerability
19. Virtual DJ M3U Local Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. AAA that Acquire from Lotus Domino 7.02
2. SecurityFocus Microsoft Newsletter #358
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892

2. Mod Your iPhone - For Fun or Profit?
By Mark Rasch
I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn't wait in line for hours; I just walked into the local Apple store, plunked down my life's savings, and voila, another AT&T customer!
http://www.securityfocus.com/columnists/453


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities
BugTraq ID: 25638
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25638
Summary:
Microsoft Visual Studio is prone to multiple remote vulnerabilities, including two remote command-execution issues and four unspecified vulnerabilities.

An attacker can exploit the remote command-execution vulnerabilities to execute arbitrary commands with the privileges of the currently logged-in user.

Very little information is known about the four unspecified issues. We will update this BID as more information emerges.

These issues affect Microsoft Visual Studio 6.0.0; other versions may also be affected.

2. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability
BugTraq ID: 25635
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25635
Summary:
Microsoft Visual Studio VB To VSI Support Library ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files.

An attacker can exploit this issue to overwrite arbitrary files with local data. This will likely result in denial-of-service conditions; other attacks may also be possible.

3. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability
BugTraq ID: 25629
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25629
Summary:
Microsoft Visual Basic 6.0 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

4. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25625
Remote: Yes
Date Published: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25625
Summary:
CellFactor: Revolution is prone to multiple remote code-execution vulnerabilities, including a buffer-overflow issue and a format-string issue.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application or to crash the application.

CellFactor: Revolution 1.03 is vulnerable; other versions may also be affected.

5. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability
BugTraq ID: 25620
Remote: No
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25620
Summary:
Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability.

Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers.

Microsoft Windows Services for UNIX 3.0 and 3.5 and Microsoft Subsystem for UNIX-based Applications are vulnerable to this issue.

6. Microsoft SQL Server sqldmo.dll ActiveX Buffer Overflow Vulnerability
BugTraq ID: 25594
Remote: Yes
Date Published: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25594
Summary:
Microsoft SQL Server 'sqldmo.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

7. EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability
BugTraq ID: 25593
Remote: Yes
Date Published: 2007-09-07
Relevant URL: http://www.securityfocus.com/bid/25593
Summary:
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition and possibly to execute arbitrary code, but has not been confirmed.

This issue affects EDraw Office Viewer Component 5.2; other versions may also be affected.

8. Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities
BugTraq ID: 25583
Remote: Yes
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25583
Summary:
Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue.

An attacker can exploit these issues to compromise the affected computer, write files to arbitrary locations, and crash the affected application.

Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected.

9. Total Commander Client Side Directory Traversal Vulnerability
BugTraq ID: 25581
Remote: Yes
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25581
Summary:
Total Commander is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

An attacker can exploit this issue to upload a malicious file to an arbitrary location on the victim's computer.

This issue affects Total Commander 7.01; other versions may also be vulnerable.

10. Microsoft September 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 25573
Remote: Yes
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25573
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 11, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

11. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 25571
Remote: Yes
Date Published: 2007-09-06
Relevant URL: http://www.securityfocus.com/bid/25571
Summary:
Microsoft Visual FoxPro ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

12. Apple iTunes Malformed Music File Heap Buffer Overflow Vulnerability
BugTraq ID: 25567
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.securityfocus.com/bid/25567
Summary:
Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to iTunes 7.4.

13. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
BugTraq ID: 25566
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25566
Summary:
Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

14. AtomixMP3 Malformed PLS Playlist File Buffer Overflow Vulnerability
BugTraq ID: 25546
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.securityfocus.com/bid/25546
Summary:
AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious MP3 file. If successful, the attacker can execute arbitrary code in the context of the affected application.

15. Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
BugTraq ID: 25544
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.securityfocus.com/bid/25544
Summary:
Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple vulnerabilities, including multiple stack-based buffer-overflow issues and an access-validation issue.

Attackers can exploit these issues to execute arbitrary code in the context of an application using the controls (typically Internet Explorer) or to upload and download files in arbitrary locations on the affected computer.

Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

Versions prior to QuickBooks Online Edition 10 are vulnerable.

16. MailMarshal Tar Archive Remote Directory Traversal Vulnerability
BugTraq ID: 25523
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25523
Summary:
MailMarshal is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.

Remote attackers an overwrite files in arbitrary locations on a vulnerable computer in the context of the user running the affected application.

17. Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
BugTraq ID: 25514
Remote: No
Date Published: 2007-09-03
Relevant URL: http://www.securityfocus.com/bid/25514
Summary:
Ots Labs OtsTurntables is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OtsTurntables 1.00 is vulnerable; other versions may also be affected.

18. Virtual DJ M3U File Buffer Overflow Vulnerability
BugTraq ID: 25513
Remote: Yes
Date Published: 2007-09-02
Relevant URL: http://www.securityfocus.com/bid/25513
Summary:
Virtual DJ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

Attackers may attempt to exploit this issue by coercing users to access malicious M3U playlist files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.

Virtual DJ 5.0 is vulnerable; other versions may also be affected.

19. Virtual DJ M3U Local Buffer Overflow Vulnerability
BugTraq ID: 25512
Remote: No
Date Published: 2007-09-03
Relevant URL: http://www.securityfocus.com/bid/25512
Summary:
Virtual DJ is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Virtual DJ 5.0 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. AAA that Acquire from Lotus Domino 7.02
http://www.securityfocus.com/archive/88/478975

2. SecurityFocus Microsoft Newsletter #358
http://www.securityfocus.com/archive/88/478651

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper
Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp

No comments:

Blog Archive