News

Wednesday, February 20, 2008

SecurityFocus Microsoft Newsletter #382

SecurityFocus Microsoft Newsletter #382
----------------------------------------

This issue is Sponsored by: HP

HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with requirement 6 of the PCI DSS, "Ensure that all web facing applications are protected against known attacks." Join HP Software and the former SPI Dynamics for this free webinar to learn how you can easily satisfy this requirement and build a powerful web application security program at the same time. During this event, you will receive the tools and knowledge to ensure your web applications comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Tweaking Social Security to Combat Fraud
2. Skills for the Future

II. MICROSOFT VULNERABILITY SUMMARY
1. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
2. SmarterTools SmarterMail Subject Field HTML Injection Vulnerability
3. webcamXP Multiple Information Disclosure and Denial of Service Vulnerabilities
4. Foxit WAC Remote Access Server Heap Buffer Overflow Vulnerability
5. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
6. Kerio MailServer Multiple Unspecified Vulnerabilities
7. DESLock+ IOCTL Request Local Code Execution and Denial of Service Vulnerabilities
8. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
9. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of Service Vulnerabilities
10. Fortinet FortiClient 'fortimon.sys' Local Privilege Escalation Vulnerability
11. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow Vulnerabilities
12. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
13. Microsoft Publisher Memory Index Code Execution Vulnerability
14. Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability
15. Microsoft Office Execution Jump Memory Corruption Vulnerability
16. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability
17. Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
18. Microsoft Internet Information Services ASP Remote Code Execution Vulnerability
19. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
20. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability
21. Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability
22. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability
23. Microsoft Works File Converter Field Length Remote Code Execution Vulnerability
24. Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability
25. Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability
26. Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability
27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
28. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
29. Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007. Reports are so commonplace that we've actually become de-sensitized to them. "200,000 victims reported..." "500,000 victims reported..." Even figures into the millions don't seem to faze us anymore. And that is a Bad Thing.

http://www.securityfocus.com/columnists/465

2.Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.

http://www.securityfocus.com/columnists/464


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 27915
Remote: Yes
Date Published: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27915
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input.

A remote attacker may be able to exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

These issues affect EMC RepliStor 6.2 SP2; other versions may also be affected.

2. SmarterTools SmarterMail Subject Field HTML Injection Vulnerability
BugTraq ID: 27878
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27878
Summary:
SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing theft of cookie-based authentication credentials or control of how the site is rendered to the user; other attacks are also possible.

SmarterMail Enterprise 4.3 is vulnerable; other versions may also be affected.

3. webcamXP Multiple Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 27875
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27875
Summary:
webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data.

Attackers can exploit these issues to access potentially sensitive information or crash the application. Successful exploits could aid in further attacks or deny service to legitimate users.

These issues affect webcamXP versions 3.72.440 and 4.05.280 beta and prior.

4. Foxit WAC Remote Access Server Heap Buffer Overflow Vulnerability
BugTraq ID: 27873
Remote: Yes
Date Published: 2008-02-16
Relevant URL: http://www.securityfocus.com/bid/27873
Summary:
Foxit WAC Remote Access Server is prone to a heap-based buffer-overflow vulnerability.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

This issue affects versions 2.0 Build 3503 and prior.

5. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
BugTraq ID: 27870
Remote: Yes
Date Published: 2008-02-15
Relevant URL: http://www.securityfocus.com/bid/27870
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities, including denial-of-service issues and multiple issues with unspecified impact.

Successfully exploiting these issues may allow attackers to cause denial-of-service conditions and carry out other attacks.

Very few details are currently available regarding these issues. We will update this BID as more information emerges.

These issues affect IBM DB2 Universal Database 9.1 versions prior to Fixpak 4a.

6. Kerio MailServer Multiple Unspecified Vulnerabilities
BugTraq ID: 27868
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27868
Summary:
Kerio MailServer is prone to multiple unspecified vulnerabilities.

Attackers can exploit these issues to cause denial-of-service conditions or potentially execute arbitrary code in the context of the application; other attacks are also possible.

Very few details are currently available regarding these issues. We will update this BID as more information emerges.

Versions prior to Kerio MailServer 6.5.0 are vulnerable.

7. DESLock+ IOCTL Request Local Code Execution and Denial of Service Vulnerabilities
BugTraq ID: 27862
Remote: No
Date Published: 2008-02-18
Relevant URL: http://www.securityfocus.com/bid/27862
Summary:
DESlock+ is prone to multiple vulnerabilities that allow arbitrary code to run with SYSTEM-level privileges or cause denial-of-service conditions.

Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise the computer or cause a denial-of-service.

DESlock+ version 3.2.6 and prior are vulnerable.

8. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 27817
Remote: Yes
Date Published: 2008-02-15
Relevant URL: http://www.securityfocus.com/bid/27817
Summary:
Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may also be affected.

9. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 27804
Remote: Yes
Date Published: 2008-02-14
Relevant URL: http://www.securityfocus.com/bid/27804
Summary:
Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

Universal FTP Server 1.0.44 is vulnerable; other versions may also be affected.

10. Fortinet FortiClient 'fortimon.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 27776
Remote: No
Date Published: 2008-02-13
Relevant URL: http://www.securityfocus.com/bid/27776
Summary:
Fortinet FortiClient is prone to a local privilege-escalation vulnerability because it fails to perform adequate device filtering.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

Versions prior to FortiClient 3.0 MR5 Patch 4 are vulnerable.

11. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 27769
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27769
Summary:
Apple QuickTime 'QTPlugin.ocx' ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker may exploit these issues to execute arbitrary code within the context of application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

These issues affect QuickTime 7.4.1 and prior versions.

12. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
BugTraq ID: 27751
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27751
Summary:
ClamAV is prone to a heap-corruption vulnerability and an integer-overflow vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Failed exploit attempts likely result in application crashes.

Versions prior to ClamAV 0.92.1 are affected by these issues.

13. Microsoft Publisher Memory Index Code Execution Vulnerability
BugTraq ID: 27740
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27740
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

14. Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability
BugTraq ID: 27739
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27739
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

15. Microsoft Office Execution Jump Memory Corruption Vulnerability
BugTraq ID: 27738
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27738
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Office file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

16. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability
BugTraq ID: 27725
Remote: Yes
Date Published: 2008-02-11
Relevant URL: http://www.securityfocus.com/bid/27725
Summary:
ITN News Gadget is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.

ITN News Gadget 1.06 is vulnerable; other versions may also be affected.

17. Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability
BugTraq ID: 27689
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27689
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

18. Microsoft Internet Information Services ASP Remote Code Execution Vulnerability
BugTraq ID: 27676
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27676
Summary:
Microsoft Internet Information Services (IIS) is prone to a remote code-execution vulnerability that can be exploited through malicious input to vulnerable ASP pages.

A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worker Process Identity, which by default has Network Service privileges.

19. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
BugTraq ID: 27670
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27670
Summary:
Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer.

To be affected, the Web Client service must be enabled on the computer. The Web Client service is disabled by default on Microsoft Windows Server 2003.

20. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability
BugTraq ID: 27668
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27668
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

21. Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability
BugTraq ID: 27666
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27666
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

22. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability
BugTraq ID: 27661
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27661
Summary:
Microsoft Object Linking and Embedding (OLE) Automation is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to open a malicious web document.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

23. Microsoft Works File Converter Field Length Remote Code Execution Vulnerability
BugTraq ID: 27659
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27659
Summary:
Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

24. Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability
BugTraq ID: 27658
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27658
Summary:
Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

25. Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability
BugTraq ID: 27657
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27657
Summary:
Microsoft Works File Converter is prone to a remote heap-overflow vulnerability because it fails to adequately validate user-supplied input.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

26. Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 27656
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27656
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 27638
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27638
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory and ADAM (Active Directory Application Mode) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users.

Note that an attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and Windows XP.

This issue affects Active Directory on Microsoft Windows 2000 and Windows Server 2003. The issue affects ADAM when installed on Windows XP and Windows Server 2003.

28. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
BugTraq ID: 27634
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27634
Summary:
Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users.

29. Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability
BugTraq ID: 27101
Remote: No
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27101
Summary:
Microsoft Internet Information Service (IIS) is prone to a local privilege-escalation vulnerability that occurs when handling file change notifications.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: HP

HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with requirement 6 of the PCI DSS, "Ensure that all web facing applications are protected against known attacks." Join HP Software and the former SPI Dynamics for this free webinar to learn how you can easily satisfy this requirement and build a powerful web application security program at the same time. During this event, you will receive the tools and knowledge to ensure your web applications comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA

No comments:

Blog Archive