News

Friday, October 12, 2007

SecurityFocus Microsoft Newsletter #363

SecurityFocus Microsoft Newsletter #363
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Of Hackers and Ego
2.Passive Network Analysis
II. MICROSOFT VULNERABILITY SUMMARY
1. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
2. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability
3. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
4. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
5. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
6. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability
7. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability
8. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
9. Microsoft Windows URI Handler Command Execution Vulnerability
10. ConeXware PowerArchiver BlackHole Archive Handling Buffer Overflow Vulnerability
11. Vba32 Personal Antivirus Insecure File Permissions Local Privilege Escalation Vulnerability
12. RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
13. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
14. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
15. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
16. Apple QuickTime for Windows Remote Code Execution Vulnerability
17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
20. Altnet Download Manager ADM4 ActiveX Buffer Overflow Vulnerability
21. CenterTools DriveLock Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Of Hackers and Egos
By Don Parker
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill.
http://www.securityfocus.com/columnists/454

2.Passive Network Analysis
By Stephen Barish
In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks.

http://www.securityfocus.com/infocus/1894


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 26015
Remote: Yes
Date Published: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26015
Summary:
Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues.

Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers.

The following applications are affected:

BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

2. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability
BugTraq ID: 26014
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26014
Summary:
EMC RepliStor is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker may be able to exploit this issue to execute arbitrary code with SYSTEM-level privileges.

This issue affects RepliStor 6.1.3; earlier versions may also be vulnerable.

3. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities
BugTraq ID: 26010
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26010
Summary:
IBM DB2 Universal Database is prone to a buffer-overflow vulnerability and two denial-of-service vulnerabilities.

Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the database server, compromising the computer. Exploits may also result in server crashes, denying service to legitimate users.

IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues.

4. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
BugTraq ID: 26008
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26008
Summary:
G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks.

Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks.

G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected.

5. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
BugTraq ID: 25991
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25991
Summary:
Microsoft Office 2000 and Office XP are prone to an unspecified denial-of-service vulnerability.

Microsoft Word is confirmed vulnerable to an unspecified denial-of-service issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed.

The following versions of Microsoft Office are confirmed vulnerable to this issue:

Microsoft Office 2000 English
Microsoft Office 2000 Japanese
Microsoft Office 2000 Chinese
Microsoft Office XP English
Microsoft Office XP Japanese
Microsoft Office XP Chinese

6. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability
BugTraq ID: 25985
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25985
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects World in Conflict 1.000; other versions may also be affected.

7. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 25977
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25977
Summary:
Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

8. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
BugTraq ID: 25974
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25974
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

9. Microsoft Windows URI Handler Command Execution Vulnerability
BugTraq ID: 25945
Remote: Yes
Date Published: 2007-10-05
Relevant URL: http://www.securityfocus.com/bid/25945
Summary:
Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs.

Known attack vectors include following URIs in these applications:

- Mozilla Firefox in versions prior to 2.0.0.6
- Skype in versions prior to 3.5.0.239
- Adobe Acrobat Reader 8.1
- Miranda 0.7
- Netscape 7.1
- mIRC.

NOTE: BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) is an attack vector for this issue.

10. ConeXware PowerArchiver BlackHole Archive Handling Buffer Overflow Vulnerability
BugTraq ID: 25938
Remote: Yes
Date Published: 2007-10-05
Relevant URL: http://www.securityfocus.com/bid/25938
Summary:
PowerArchiver is prone to a buffer-overflow vulnerability when handling malicious BlackHole archives.

A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition when the application handles excessive data in the archive.

This vulnerability reportedly affects versions prior to PowerArchiver 10.20.21.

11. Vba32 Personal Antivirus Insecure File Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 25930
Remote: No
Date Published: 2007-10-04
Relevant URL: http://www.securityfocus.com/bid/25930
Summary:
Vba32 Personal is prone to a local privilege-escalation vulnerability that stems from a design error. This vulnerability occurs because the application assigns insecure file permissions to certain directories upon installation.

An attacker may exploit this vulnerability to overwrite files with arbitrary code in the affected directories. The arbitrary code will then run with SYSTEM-level privileges. This may facilitate a complete compromise of affected computers.

Vba32 Personal 3.12.2 is vulnerable to this issue; other versions may also be affected.

12. RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 25922
Remote: Yes
Date Published: 2007-10-04
Relevant URL: http://www.securityfocus.com/bid/25922
Summary:
Microsoft has released advance notification that the vendor will be releasing six security bulletins on October 9, 2007. The highest severity rating for these issues is 'Critical'.

The following individual records have been created to document these vulnerabilities:

25909 Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
25908 Microsoft Outlook Express And Windows Mail NNTP Remote Code Execution
25915 Microsoft Internet Explorer Address Bar Spoofing Vulnerability
25916 Microsoft Internet Explorer Script Error Handling Memory Corruption
22680 Microsoft Internet Explorer OnUnload Javascript Browser Entrapment
24911 Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment
25974 Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
23832 Microsoft SharePoint Server Cross-Site Scripting Vulnerability
25906 Microsoft Word Workspace Memory Corruption Remote Code Execution

13. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities
BugTraq ID: 25920
Remote: Yes
Date Published: 2007-10-04
Relevant URL: http://www.securityfocus.com/bid/25920
Summary:
Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability.

An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application.

14. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
BugTraq ID: 25916
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25916
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content.

Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affected application. This facilitates the remote compromise of affected computers.

15. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
BugTraq ID: 25915
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25915
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

16. Apple QuickTime for Windows Remote Code Execution Vulnerability
BugTraq ID: 25913
Remote: Yes
Date Published: 2007-10-03
Relevant URL: http://www.securityfocus.com/bid/25913
Summary:
QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely .

Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the remote compromise of affected computers.

QuickTime 7.2 running on Microsoft Windows Vista or XP SP2 is vulnerable.

17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
BugTraq ID: 25909
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25909
Summary:
Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000.

18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
BugTraq ID: 25908
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25908
Summary:
Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user.

19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 25906
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25906
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE: Successful exploits of this issue may be hampered because Microsoft Office 2007 and Office 2003 SP3 will not open some older Office file formats, including Office for Macintosh documents. Exploits of this issue involve the Macintosh file format.

20. Altnet Download Manager ADM4 ActiveX Buffer Overflow Vulnerability
BugTraq ID: 25903
Remote: Yes
Date Published: 2007-10-03
Relevant URL: http://www.securityfocus.com/bid/25903
Summary:
Altnet Download Manager ADM4 ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can exploit this issue to cause a denial-of-service condition or to execute arbitrary code.

This issue affects Altnet Download Manager 4.0; other versions may also be affected. KaZaA and Grokster are considered vulnerable as well.

21. CenterTools DriveLock Remote Buffer Overflow Vulnerability
BugTraq ID: 25902
Remote: Yes
Date Published: 2007-10-03
Relevant URL: http://www.securityfocus.com/bid/25902
Summary:
CenterTools DriveLock is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue is reported to affect DriveLock and DriveLock Security Reporting Center 5.0 and prior versions; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also
create several opportunities for possible attack if the application is not
designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl

No comments:

Blog Archive