WINDOWS CENTER: SecurityFocus Microsoft Newsletter #387

SecurityFocus Microsoft Newsletter #387
----------------------------------------

This issue is sponsored by bmighty:

Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari Window.setTimeout Variant Content Spoofing Vulnerability
2. Apple Safari File Download Remote Denial of Service Vulnerability
3. RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code Execution Vulnerability
4. Microsoft Internet Explorer 7 'setRequestHeader()' Multiple Vulnerabilities
5. Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution Vulnerability
6. Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
7. Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities
8. Apple Safari Web Inspector Remote Code Injection Vulnerability
9. Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability
10. Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
11. Apple Safari WebCore History Object Cross-Site Scripting Vulnerability
12. Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability
13. Apple Safari WebCore Java Frame Navigation Cross-Site Scripting Vulnerability
14. Apple Safari WebCore 'window.open()' Function Cross-Site Scripting Vulnerability
15. Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability
16. Apple Safari Javascript URL Parsing Cross-Site Scripting Vulnerability
17. Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure Vulnerability
18. Apple Safari Error Page Cross-Site Scripting Vulnerability
19. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
20. Microsoft Internet Explorer CreateTextRange.text Denial of Service Vulnerability
21. RETIRED: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
22. Home FTP Server Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #386
2. More along the lines of malware disinfection
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari Window.setTimeout Variant Content Spoofing Vulnerability
BugTraq ID: 28405
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28405
Summary:
Apple Safari is prone to a content-spoofing vulnerability that allows attackers to populate a vulnerable Safari browser window with arbitrary malicious content. During such an attack, the URL and window title will display the intended site, while the body of the webpage is spoofed.

Safari 3.1 running on Microsoft Windows is reported vulnerable.

NOTE: This issue may be related to the vulnerability discussed in BID 24457 (Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability).

2. Apple Safari File Download Remote Denial of Service Vulnerability
BugTraq ID: 28404
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28404
Summary:
Apple Safari is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Arbitrary code execution may be possible, but this has not been confirmed.

This issue affects Safari 3.1 running on Microsoft Windows.

3. RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code Execution Vulnerability
BugTraq ID: 28398
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28398
Summary:
Microsoft Jet Database Engine is prone to a remote code-execution vulnerability.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running affected applications. Successful exploits will compromise the affected applications and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue does not affect Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1as they run a non-vulnerable version of the Jet Database Engine.

This issue does affect Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

NOTE: This issue is a duplicate of the vulnerability discussed in BID 26468 (Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability).

4. Microsoft Internet Explorer 7 'setRequestHeader()' Multiple Vulnerabilities
BugTraq ID: 28379
Remote: Yes
Date Published: 2008-03-21
Relevant URL: http://www.securityfocus.com/bid/28379
Summary:
Microsoft Internet Explorer 7 is prone to multiple vulnerabilities that allow for referer-spoofing, HTTP-request-splitting, and HTTP-request-smuggling attacks.

A remote attacker may leverage these classes of attacks to poison web caches, steal credentials, evade IDS signatures, and launch cross-site scripting, HTML-injection, and session-hijacking attacks. Other attacks are also possible.

This issue reportedly affects Microsoft Internet Explorer 7.

5. Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution Vulnerability
BugTraq ID: 28360
Remote: No
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28360
Summary:
Microsoft Windows Vista is prone to a vulnerability that may allow a file to automatically run because the software fails to handle the 'NoDriveTypeAutoRun' registry value.

An attacker may exploit this issue to execute arbitary code. The attacker must entice a victim into attaching a form of removable media, such as a USB drive or CD-ROM.

6. Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
BugTraq ID: 28356
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28356
Summary:
Apple Safari is prone to a vulnerability that could allow a malicious HTTPS proxy server to spoof a secure website.

An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible.