News

Tuesday, October 16, 2007

SecurityFocus Microsoft Newsletter #364

SecurityFocus Microsoft Newsletter #364
----------------------------------------

This issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Starting up with Aspect-Oriented Programming
2.Of Hackers and Ego
II. MICROSOFT VULNERABILITY SUMMARY
1. WWWISIS IsisScript Local File Disclosure Vulnerability
2. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
3. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
4. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability
5. Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Download Vulnerability
6. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
7. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability
8. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
9. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
10. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
11. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability
12. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability
13. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability
14. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
15. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
16. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #363
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Starting up with Aspect-Oriented Programming
By Rohit Sethi
Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development.
http://www.securityfocus.com/infocus/1895

2.Of Hackers and Egos
By Don Parker
The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill.

http://www.securityfocus.com/columnists/454


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. WWWISIS IsisScript Local File Disclosure Vulnerability
BugTraq ID: 26079
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26079
Summary:
WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process.

An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks.

This issue affects WWWISIS 7.1; other versions may also be vulnerable.

2. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability
BugTraq ID: 26076
Remote: Yes
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/26076
Summary:
Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library.

Attackers can exploit this issue to cause denial-of-service conditions.

Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable.

3. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 26069
Remote: Yes
Date Published: 2007-10-14
Relevant URL: http://www.securityfocus.com/bid/26069
Summary:
jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing M3U files.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.

jetAudio 7.0.3 is reported vulnerable; prior versions may also be affected.

4. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 26067
Remote: Yes
Date Published: 2007-10-13
Relevant URL: http://www.securityfocus.com/bid/26067
Summary:
WWWISIS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

5. Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Download Vulnerability
BugTraq ID: 26062
Remote: Yes
Date Published: 2007-10-13
Relevant URL: http://www.securityfocus.com/bid/26062
Summary:
Internet Explorer is prone to an arbitrary-file-download vulnerability because it fails to adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to download arbitrary 'exe' files to an unsuspecting victim's computer. This may facilitate a remote compromise of an affected computer.

NOTE: Further investigation suggests that this issue cannot be exploited to cause the malicious file to run. Since the file has an alternate extension, it will be processed only by the application specified for that extension. When the file is processed, an error will likely occur because of an invalid format.

6. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 26015
Remote: Yes
Date Published: 2007-10-11
Relevant URL: http://www.securityfocus.com/bid/26015
Summary:
Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues.

Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers.

The following applications are affected:

BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows
BrightStor Enterprise Backup r10.5
CA Server Protection Suite r2,
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

7. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability
BugTraq ID: 26014
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26014
Summary:
EMC RepliStor is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker may be able to exploit this issue to execute arbitrary code with SYSTEM-level privileges.

This issue affects RepliStor 6.1.3; earlier versions may also be vulnerable.

8. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities
BugTraq ID: 26010
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26010
Summary:
IBM DB2 Universal Database is prone to two denial-of-service vulnerabilities.

Successfully exploiting these issues allows attackers to cause server crashes, denying service to legitimate users.

IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues.

NOTE: Information regarding the buffer-overflow vulnerability previously documented in this BID has been removed. That vulnerability is documented in a separate record: BID 23890 (IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability).

9. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness
BugTraq ID: 26008
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/26008
Summary:
G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks.

Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks.

G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected.

10. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
BugTraq ID: 25991
Remote: Yes
Date Published: 2007-10-10
Relevant URL: http://www.securityfocus.com/bid/25991
Summary:
Microsoft Office 2000 and Office XP are prone to an unspecified denial-of-service vulnerability.

Microsoft Word is confirmed vulnerable to an unspecified denial-of-service issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed.

The following versions of Microsoft Office are confirmed vulnerable to this issue:

Microsoft Office 2000 English
Microsoft Office 2000 Japanese
Microsoft Office 2000 Chinese
Microsoft Office XP English
Microsoft Office XP Japanese
Microsoft Office XP Chinese

11. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability
BugTraq ID: 25985
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25985
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects World in Conflict 1.000; other versions may also be affected.

12. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 25977
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25977
Summary:
Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

13. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability
BugTraq ID: 25976
Remote: No
Date Published: 2007-10-15
Relevant URL: http://www.securityfocus.com/bid/25976
Summary:
Microsoft ActiveSync is prone to an information-disclosure vulnerability because it fails to adequately obfuscate sensitive information.

Attackers can exploit this issue to gain PIN or password data for devices docked via USB.

Software that uses ActiveSync 4.1 is vulnerable; other versions may also be affected.

14. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
BugTraq ID: 25974
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25974
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

15. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability
BugTraq ID: 25916
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25916
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content.

Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affected application. This facilitates the remote compromise of affected computers.

16. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
BugTraq ID: 25915
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25915
Summary:
Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site.

Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing.

17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
BugTraq ID: 25909
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25909
Summary:
Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000.

18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability
BugTraq ID: 25908
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25908
Summary:
Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user.

19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 25906
Remote: Yes
Date Published: 2007-10-09
Relevant URL: http://www.securityfocus.com/bid/25906
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

NOTE: Successful exploits of this issue may be hampered because Microsoft Office 2007 and Office 2003 SP3 will not open some older Office file formats, including Office for Macintosh documents. Exploits of this issue involve the Macintosh file format.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #363
http://www.securityfocus.com/archive/88/482193

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security.
It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques.
Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com

No comments:

Blog Archive