News

Thursday, January 24, 2008

SecurityFocus Microsoft Newsletter #378

SecurityFocus Microsoft Newsletter #378
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mother May I?
2. Finding a Cure for Data Loss
II. MICROSOFT VULNERABILITY SUMMARY
1. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability
2. HFS HTTP File Server Multiple Security Vulnerabilities
3. Microsoft Visual Basic Enterprise Edition 6 DSR File Handling Buffer Overflow Vulnerabilities
4. Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities
5. CORE FORCE Firewall and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities
6. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability
7. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
8. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability
9. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability
10. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
11. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability
12. Cisco VPN Client for Windows Local Denial of Service Vulnerability
13. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. FTP on IIS
2. SecurityFocus Microsoft Newsletter #377
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

2.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.

http://www.securityfocus.com/columnists/462


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 27424
Remote: Yes
Date Published: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27424
Summary:
A Comodo AntiVirus ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Comodo AntiVirus 2.0 is vulnerable to this issue; other versions may also be affected.

2. HFS HTTP File Server Multiple Security Vulnerabilities
BugTraq ID: 27423
Remote: Yes
Date Published: 2008-01-23
Relevant URL: http://www.securityfocus.com/bid/27423
Summary:
HFS HTTP File Server is prone to multiple security vulnerabilities.

These vulnerabilities include cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username spoofing issue and a log file forging issue.

A successful exploit could allow an attacker to deny service to legitimate users, create and execute arbitrary files in the context of the webserver process, falsify log information, or execute arbitrary script code in the browser of an unsuspecting user. Other attacks are also possible.

3. Microsoft Visual Basic Enterprise Edition 6 DSR File Handling Buffer Overflow Vulnerabilities
BugTraq ID: 27349
Remote: Yes
Date Published: 2008-01-18
Relevant URL: http://www.securityfocus.com/bid/27349
Summary:
Microsoft Visual Basic Enterprise Edition 6 is prone to two buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into insufficiently sized buffers.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

Microsoft Visual Basic Enterprise Edition 6 SP6 is vulnerable to these issues; other versions may also be affected.

4. Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities
BugTraq ID: 27344
Remote: Yes
Date Published: 2008-01-18
Relevant URL: http://www.securityfocus.com/bid/27344
Summary:
Winamp is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to properly bound-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect Winamp 5.51, 5.5, and 5.21; other versions may also be vulnerable.

5. CORE FORCE Firewall and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities
BugTraq ID: 27341
Remote: No
Date Published: 2008-01-17
Relevant URL: http://www.securityfocus.com/bid/27341
Summary:
CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input.

Local attackers can exploit these issues to cause denial-of-service conditions. Attackers may also be able to escalate privileges and execute arbitrary code, but this has not been confirmed.

These issues affect versions up to and including CORE FORCE 0.95.167.

6. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability
BugTraq ID: 27321
Remote: Yes
Date Published: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27321
Summary:
BitTorrent and uTorrent are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects the following versions:

BitTorrent 6.0
uTorrent 1.7.5
uTorrent 1.8-alpha-7834

Earlier versions may be affected as well.

7. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 27305
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27305
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Reportedly, the issue affects the following versions:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac.

The following versions are not affected:

Microsoft Office Excel 2007
Microsoft Office Excel 2007 Service Pack 1
Microsoft Excel 2008 for Mac
Microsoft Office Excel 2003 Service Pack 3.

Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges.

8. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability
BugTraq ID: 27301
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27301
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

9. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability
BugTraq ID: 27300
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27300
Summary:
Apple QuickTime is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

10. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
BugTraq ID: 27299
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27299
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

11. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability
BugTraq ID: 27298
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27298
Summary:
Apple QuickTime is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.

This issue affects versions prior to QuickTime 7.4 running on the following operating systems:

Mac OS X 10.3.9
Mac OS X 10.4.9 or later
Mac OS X 10.5 or later
Microsoft Windows XP
Microsoft Windows Vista

12. Cisco VPN Client for Windows Local Denial of Service Vulnerability
BugTraq ID: 27289
Remote: No
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27289
Summary:
Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs.

Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users.

This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected.

13. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
BugTraq ID: 27275
Remote: Yes
Date Published: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27275
Summary:
BugTracker.NET is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

These issues affect versions prior to BugTracker.NET 2.7.2.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. FTP on IIS
http://www.securityfocus.com/archive/88/486644

2. SecurityFocus Microsoft Newsletter #377
http://www.securityfocus.com/archive/88/486480

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.

www.blackhat.com

No comments:

Blog Archive