News

Tuesday, September 18, 2007

SecurityFocus Microsoft Newsletter #360

SecurityFocus Microsoft Newsletter #360
----------------------------------------

This Issue is Sponsored by:Techmentor
_______________________

TechMentor - Las Vegas - October 15 - 19
Join your fellow systems administrators and IT managers at the Rio Hotel & Casino in Vegas for a week of in-depth technical training. TechMentor will give you the tools and techniques to help you get the most out of your network. Register now!
http://techmentorevents.com/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Windows Anti-Debug Reference
2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
II. MICROSOFT VULNERABILITY SUMMARY
1. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
2. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
3. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
4. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
5. Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability
6. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
7. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability
8. COWON America jetCast Server Remote Denial Of Service Vulnerability
9. WinSCP URL Protocol Handler Arbitrary File Access Vulnerability
10. Media Player Classic Malformed AVI Header Multiple Remote Vulnerabilities
11. SWsoft Plesk PLESKSESSID Parameter Multiple SQL Injection Vulnerabilities
12. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities
13. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability
14. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities
15. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability
16. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #359
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Windows Anti-Debug Reference
By Nicolas Falliere
This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems.

http://www.securityfocus.com/infocus/1893

2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25712
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25712
Summary:
Privatefirewall is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Privatefirewall 5.0.14.2 is vulnerable; other versions may also be affected.

2. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25711
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25711
Summary:
Online Armor Personal Firewall is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Online Armor Personal Firewall 2.0.1.125 is vulnerable; other versions may also be affected.

3. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25709
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25709
Summary:
Ghost Security Suite is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Ghost Security Suite beta 1.110 and alpha 1.200 are vulnerable; other versions may also be affected.

4. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25705
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25705
Summary:
G DATA Internet Security is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

G DATA Internet Security 2007 is vulnerable; other versions may also be affected.

5. Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability
BugTraq ID: 25697
Remote: Yes
Date Published: 2007-09-14
Relevant URL: http://www.securityfocus.com/bid/25697
Summary:
The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of user-supplied input.

Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the vulnerable method.

The MFC library included with Microsoft Windows XP SP2 is affected; other versions may also be affected.

6. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
BugTraq ID: 25687
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25687
Summary:
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.

Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.

WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected.

7. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability
BugTraq ID: 25686
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25686
Summary:
Media Player Classic is prone to a remote denial-of-service vulnerability because the application fails to handle malformed video files.

Remote attackers can exploit this issue to crash the application. Reports indicate that attackers may also be able to execute code, but this has not been confirmed.

Media Player Classic 6.4.9.1 and prior versions are vulnerable.

8. COWON America jetCast Server Remote Denial Of Service Vulnerability
BugTraq ID: 25660
Remote: Yes
Date Published: 2007-09-13
Relevant URL: http://www.securityfocus.com/bid/25660
Summary:
jetCast Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

jetCast Server 2 is reported vulnerable; other versions may also be affected.

9. WinSCP URL Protocol Handler Arbitrary File Access Vulnerability
BugTraq ID: 25655
Remote: Yes
Date Published: 2007-09-13
Relevant URL: http://www.securityfocus.com/bid/25655
Summary:
WinSCP is prone to a vulnerability that lets an attacker upload arbitrary files to a victim's computer or to download arbitrary files from the victim's computer in the context of the vulnerable application.

This issue affects versions prior to WinSCP 4.0.4.

10. Media Player Classic Malformed AVI Header Multiple Remote Vulnerabilities
BugTraq ID: 25650
Remote: Yes
Date Published: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/25650
Summary:
Media Player Classic (MPC) is prone to multiple remote vulnerabilities, including a heap-based buffer-overflow issue and an integer-overflow issue, when handling malformed AVI files.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected.

11. SWsoft Plesk PLESKSESSID Parameter Multiple SQL Injection Vulnerabilities
BugTraq ID: 25646
Remote: Yes
Date Published: 2007-09-12
Relevant URL: http://www.securityfocus.com/bid/25646
Summary:
Plesk is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Microsoft Windows are vulnerable; other versions running on different platforms may also be affected.

12. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities
BugTraq ID: 25638
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25638
Summary:
Microsoft Visual Studio is prone to multiple remote vulnerabilities, including two remote command-execution issues and four unspecified vulnerabilities.

An attacker can exploit the remote command-execution vulnerabilities to execute arbitrary commands with the privileges of the currently logged-in user.

Very little information is known about the four unspecified issues. We will update this BID as more information emerges.

These issues affect Microsoft Visual Studio 6.0.0; other versions may also be affected.

13. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability
BugTraq ID: 25635
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25635
Summary:
Microsoft Visual Studio VB To VSI Support Library ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files.

An attacker can exploit this issue to overwrite arbitrary files with local data. This will likely result in denial-of-service conditions; other attacks may also be possible.

14. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 25625
Remote: Yes
Date Published: 2007-09-10
Relevant URL: http://www.securityfocus.com/bid/25625
Summary:
CellFactor: Revolution is prone to multiple remote code-execution vulnerabilities, including a buffer-overflow issue and a format-string issue.

Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application or to crash the application.

CellFactor: Revolution 1.03 is vulnerable; other versions may also be affected.

15. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability
BugTraq ID: 25620
Remote: No
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25620
Summary:
Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability.

Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers.

Microsoft Windows Services for UNIX 3.0 and 3.5 and Microsoft Subsystem for UNIX-based Applications are vulnerable to this issue.

16. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability
BugTraq ID: 25566
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.securityfocus.com/bid/25566
Summary:
Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #359
http://www.securityfocus.com/archive/88/479220

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by:Techmentor
_______________________

TechMentor - Las Vegas - October 15 - 19
Join your fellow systems administrators and IT managers at the Rio Hotel & Casino in Vegas for a week of in-depth technical training. TechMentor will give you the tools and techniques to help you get the most out of your network. Register now!
http://techmentorevents.com/

No comments:

Blog Archive