News

Wednesday, January 02, 2008

SecurityFocus Microsoft Newsletter #375

SecurityFocus Microsoft Newsletter #375
----------------------------------------

This issue is Sponsored by: Black Hat DC

Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Real Flaws in Virtual Worlds
2.Copyrights and Wrongs
II. MICROSOFT VULNERABILITY SUMMARY
1. ClamAV Multiple Insecure File Handling and Scanner Bypass Vulnerabilities
2. Total Player M3U File Denial of Service Vulnerability
3. Winace UUE File Handling Buffer Overflow Vulnerability
4. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #374
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.

http://www.securityfocus.com/columnists/461

2.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.

http://www.securityfocus.com/columnists/460


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ClamAV Multiple Insecure File Handling and Scanner Bypass Vulnerabilities
BugTraq ID: 27064
Remote: Yes
Date Published: 2007-12-29
Relevant URL: http://www.securityfocus.com/bid/27064
Summary:
ClamAV is prone to multiple vulnerabilities due to the insecure handling of files, and due to a failure to scan certain files.

A successful attack may allow malicious users to perform symbolic-link attacks, or to bypass scanning. Exploits may aid in further attacks.

ClamAV version 0.92 is vulnerable to these issues; other versions may also be affected.

2. Total Player M3U File Denial of Service Vulnerability
BugTraq ID: 27021
Remote: Yes
Date Published: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27021
Summary:
Total Player is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the application. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.

This issue is reported to affect Total Player 3.0; other versions may also be vulnerable.

3. Winace UUE File Handling Buffer Overflow Vulnerability
BugTraq ID: 27017
Remote: Yes
Date Published: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27017
Summary:
Winace is prone to a buffer-overflow vulnerability when handling malicious UUE files.

A successful attack can allow a remote attacker to corrupt process memory by triggering a heap-overflow condition when the application handles excessive data in the archive.

This vulnerability affects Winace versions prior to 2.69.

4. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
BugTraq ID: 27007
Remote: Yes
Date Published: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27007
Summary:
Zoom Player is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application or to crash the application, denying further service to legitimate users.

This issue affects Zoom Player version 6.00 beta 2 and all releases contained in the Zoom Player version 5 branch.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #374
http://www.securityfocus.com/archive/88/485652

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat DC

Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.

www.blackhat.com

No comments:

Blog Archive