News

Wednesday, February 13, 2008

SecurityFocus Microsoft Newsletter #381

SecurityFocus Microsoft Newsletter #381
----------------------------------------

This issue is Sponsored by: HP

ALERT: Top 4 Ajax Security Dangers - Free Whitepaper!
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this free whitepaper from HP Software, "AJAX Security Dangers.'
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14158

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Skills for the Future
2. Mother, May I?

II. MICROSOFT VULNERABILITY SUMMARY
1. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow Vulnerabilities
2. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
3. Microsoft Publisher Memory Index Code Execution Vulnerability
4. Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability
5. Microsoft Office Execution Jump Memory Corruption Vulnerability
6. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability
7. COWON America jetAudio ASX File Processing Remote Buffer Overflow Vulnerability
8. Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
9. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
10. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability
11. Microsoft Internet Information Services ASP Remote Code Execution Vulnerability
12. Check Point VPN SecureClient/SecuRemote Local Login Credentials Information Disclosure Vulnerability
13. Microsoft February 2008 Advance Notification Multiple Vulnerabilities
14. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
15. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability
16. Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability
17. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
18. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability
19. TinTin++ and WinTin++ '#chat' Command Multiple Security Vulnerabilities
20. Microsoft Works File Converter Field Length Remote Code Execution Vulnerability
21. Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability
22. Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability
23. Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability
24. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
25. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
26. WinComLPD Total Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability
27. Ipswitch FTP Log Server Denial of Service Vulnerability
28. Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability
29. Print Manager Plus PQCore Remote Denial of Service Vulnerability
30. Xlight FTP Server LDAP Blank Password Authentication Bypass Vulnerability
31. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
32. Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. ExtraOutook 1.2 Released
2. SecurityFocus Microsoft Newsletter #380
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.
http://www.securityfocus.com/columnists/464

2. Mother May I?
By Mark Rasch
"Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail.
http://www.securityfocus.com/columnists/463

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 27769
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27769
Summary:
Apple QuickTime 'QTPlugin.ocx' ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code within the context of application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

These issues affect QuickTime 7.4.1 and prior versions.

2. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
BugTraq ID: 27751
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27751
Summary:
ClamAV is prone to a heap-corruption vulnerability and an integer-overflow vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Failed exploit attempts likely result in application crashes.

ClamAV versions prior to 0.92.1 are affected by these issues.

3. Microsoft Publisher Memory Index Code Execution Vulnerability
BugTraq ID: 27740
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27740
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

4. Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability
BugTraq ID: 27739
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27739
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

5. Microsoft Office Execution Jump Memory Corruption Vulnerability
BugTraq ID: 27738
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27738
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Office file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

6. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability
BugTraq ID: 27725
Remote: Yes
Date Published: 2008-02-11
Relevant URL: http://www.securityfocus.com/bid/27725
Summary:
ITN News Gadget is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

ITN News Gadget 1.06 is vulnerable; other versions may also be affected.

7. COWON America jetAudio ASX File Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 27698
Remote: Yes
Date Published: 2008-02-08
Relevant URL: http://www.securityfocus.com/bid/27698
Summary:
jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing ASX files.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.

jetAudio 7.0.5 is reported vulnerable; prior versions may also be affected.

8. Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
BugTraq ID: 27689
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27689
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

9. IBM DB2 Universal Database DAS Buffer Overflow Vulnerability
BugTraq ID: 27681
Remote: Yes
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27681
Summary:
IBM DB2 is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected service. Successfully exploiting this issue may facilitate in the remote compromise of affected computers. Failed exploit attempts will likely crash the affected application.

NOTE: This vulnerability was previously disclosed in BID 27596 (IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities). Due to more information, it has been assigned its own record.

10. IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability
BugTraq ID: 27680
Remote: No
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27680
Summary:
IBM DB2 Universal Database Server is prone to a local privilege-escalation vulnerability because of how the application contructs library paths.

Exploiting this issue allows local attackers to gain root privileges. Note that an attacker must be able to execute the set-uid root 'db2pd' binary to exploit this issue.

DB2 Universal Database Server 9.1 FixPack 2 on Linux systems is vulnerable. Other versions, including those for other UNIX platforms, are suspected to be vulnerable.

NOTE: This vulnerability was previously disclosed in BID 27596 'IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities'. Due to more information, it has been assigned its own record.

11. Microsoft Internet Information Services ASP Remote Code Execution Vulnerability
BugTraq ID: 27676
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27676
Summary:
Microsoft Internet Information Services (IIS) is prone to a remote code-execution vulnerability that can be exploited through malicious input to vulnerable ASP pages.

A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worker Process Identity, which by default has Network Service privileges.

12. Check Point VPN SecureClient/SecuRemote Local Login Credentials Information Disclosure Vulnerability
BugTraq ID: 27675
Remote: No
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27675
Summary:
Check Point VPN-1 SecureClient/SecuRemote client for Microsoft Windows is prone to an information-disclosure vulnerability because it fails to protect users' login credentials.

Attackers can exploit this issue to harvest VPN login credentials and gain unauthorized access to networks and resources protected by the VPN. This may lead to further attacks.

13. Microsoft February 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 27674
Remote: Yes
Date Published: 2008-02-07
Relevant URL: http://www.securityfocus.com/bid/27674
Summary:
Microsoft has released advance notification that the vendor will be releasing twelve security bulletins on February 12, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created for each issue when the bulletins are released.

14. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
BugTraq ID: 27670
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27670
Summary:
Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer.

To be affected, the Web Client service must be enabled on the computer. The Web Client service is disabled by default on Microsoft Windows Server 2003.

15. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability
BugTraq ID: 27668
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27668
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

16. Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability
BugTraq ID: 27666
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27666
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

17. IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Vulnerability
BugTraq ID: 27665
Remote: Yes
Date Published: 2008-02-05
Relevant URL: http://www.securityfocus.com/bid/27665
Summary:
IBM WebSphere Edge Server Caching Proxy is prone to a cross-site scripting vulnerability that affects the caching proxy server because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The vulnerability affects Caching Proxy 5.1, 5.1.1, 6.0, 6.0.1, 6.0.2, and 6.1. Other versions may also be affected.

18. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability
BugTraq ID: 27661
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27661
Summary:
Microsoft Object Linking and Embedding (OLE) Automation is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to open a malicious web document.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

19. TinTin++ and WinTin++ '#chat' Command Multiple Security Vulnerabilities
BugTraq ID: 27660
Remote: Yes
Date Published: 2008-02-06
Relevant URL: http://www.securityfocus.com/bid/27660
Summary:
TinTin++ and WinTin++ are prone to multiple security vulnerabilities affecting the application's '#chat' functionality. These issues include a buffer-overflow vulnerability, a denial-of-service vulnerability, and a file-overwrite vulnerability.

Attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions, or overwrite files with arbitrary content.

These issues affect TinTin++ and WinTin++ 1.97.9; other versions may also be affected.

20. Microsoft Works File Converter Field Length Remote Code Execution Vulnerability
BugTraq ID: 27659
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27659
Summary:
Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

21. Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability
BugTraq ID: 27658
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27658
Summary:
Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

22. Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability
BugTraq ID: 27657
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27657
Summary:
Microsoft Works File Converter is prone to a remote heap-overflow vulnerability because it fails to adequately validate user-supplied input.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

23. Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 27656
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27656
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

24. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 27638
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27638
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory and ADAM (Active Directory Application Mode) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users.

Note that an attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and Windows XP.

This issue affects Active Directory on Microsoft Windows 2000 and Windows Server 2003. The issue affects ADAM when installed on Windows XP and Windows Server 2003.

25. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
BugTraq ID: 27634
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27634
Summary:
Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users.

26. WinComLPD Total Multiple Buffer Overflow Vulnerabilities and Authentication Bypass Vulnerability
BugTraq ID: 27614
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27614
Summary:
WinComLPD Total is prone to multiple vulnerabilities, including buffer-overflow vulnerabilities and an authentication-bypass vulnerability.

Successfully exploiting these issues will allow an attacker to perform unauthorized actions or execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely crash the application.

These issues affect WinComLPD Total 3.0.2.623; other versions may also be vulnerable.

27. Ipswitch FTP Log Server Denial of Service Vulnerability
BugTraq ID: 27612
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27612
Summary:
WS_FTP Log Server shipped with WS_FTP is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

This issue affects WS_FTP running FTP Log Server 7.9.14.0; other versions may also be affected.

28. Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability
BugTraq ID: 27611
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27611
Summary:
Titan FTP Server is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service.

This issue affects Titan FTP Server 6.05 build 550; other versions may also be vulnerable.

29. Print Manager Plus PQCore Remote Denial of Service Vulnerability
BugTraq ID: 27604
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27604
Summary:
Print Manager Plus is prone to a remote denial-of-service vulnerability.

Successfully exploiting this issue allows remote attackers to crash affected servers, potentially causing the application to stop accepting further network messages. This may deny service to legitimate users.

The issue affects versions prior to Print Manager Plus 7.0.127.16. Other versions may also be affected.

30. Xlight FTP Server LDAP Blank Password Authentication Bypass Vulnerability
BugTraq ID: 27602
Remote: Yes
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27602
Summary:
Xlight FTP Server is prone to an authentication-bypass vulnerability.

An attacker can exploit this issue to gain unauthorized access to the affected application.

This issue affects versions prior to Xlight FTP Server 2.83.

31. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 16 Multiple Local Vulnerabilities
BugTraq ID: 27596
Remote: No
Date Published: 2008-02-04
Relevant URL: http://www.securityfocus.com/bid/27596
Summary:
IBM DB2 Universal Database Server is prone to multiple local vulnerabilities, including:

- An unspecified local vulnerability
- A local security-bypass vulnerability

Attackers can exploit these issues to compromise the affected application, execute arbitrary code within the context of the affected application, and bypass certain security restrictions. Other attacks are also possible.

These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 16.

NOTE: Two issues that were previously documented in this BID were given their own records to better document the details: BID 27681 ('IBM DB2 Universal Database DAS Buffer Overflow Vulnerability') and BID 27680 ('IBM DB2 Universal Database Server 'db2db' Local Privilege Escalation Vulnerability').

32. Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability
BugTraq ID: 27101
Remote: No
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27101
Summary:
Microsoft Internet Information Service (IIS) is prone to a local privilege-escalation vulnerability that occurs when handling file change notifications.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. ExtraOutook 1.2 Released
http://www.securityfocus.com/archive/88/487947

2. SecurityFocus Microsoft Newsletter #380
http://www.securityfocus.com/archive/88/487816

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: HP

ALERT: Top 4 Ajax Security Dangers - Free Whitepaper!
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this free whitepaper from HP Software, "AJAX Security Dangers.'
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14158

No comments:

Blog Archive