News

Tuesday, March 25, 2008

SecurityFocus Microsoft Newsletter #387

SecurityFocus Microsoft Newsletter #387
----------------------------------------

This issue is sponsored by bmighty:

Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari Window.setTimeout Variant Content Spoofing Vulnerability
2. Apple Safari File Download Remote Denial of Service Vulnerability
3. RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code Execution Vulnerability
4. Microsoft Internet Explorer 7 'setRequestHeader()' Multiple Vulnerabilities
5. Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution Vulnerability
6. Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
7. Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities
8. Apple Safari Web Inspector Remote Code Injection Vulnerability
9. Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability
10. Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
11. Apple Safari WebCore History Object Cross-Site Scripting Vulnerability
12. Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability
13. Apple Safari WebCore Java Frame Navigation Cross-Site Scripting Vulnerability
14. Apple Safari WebCore 'window.open()' Function Cross-Site Scripting Vulnerability
15. Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability
16. Apple Safari Javascript URL Parsing Cross-Site Scripting Vulnerability
17. Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure Vulnerability
18. Apple Safari Error Page Cross-Site Scripting Vulnerability
19. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
20. Microsoft Internet Explorer CreateTextRange.text Denial of Service Vulnerability
21. RETIRED: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
22. Home FTP Server Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #386
2. More along the lines of malware disinfection
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari Window.setTimeout Variant Content Spoofing Vulnerability
BugTraq ID: 28405
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28405
Summary:
Apple Safari is prone to a content-spoofing vulnerability that allows attackers to populate a vulnerable Safari browser window with arbitrary malicious content. During such an attack, the URL and window title will display the intended site, while the body of the webpage is spoofed.

Safari 3.1 running on Microsoft Windows is reported vulnerable.

NOTE: This issue may be related to the vulnerability discussed in BID 24457 (Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability).

2. Apple Safari File Download Remote Denial of Service Vulnerability
BugTraq ID: 28404
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28404
Summary:
Apple Safari is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Arbitrary code execution may be possible, but this has not been confirmed.

This issue affects Safari 3.1 running on Microsoft Windows.

3. RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code Execution Vulnerability
BugTraq ID: 28398
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28398
Summary:
Microsoft Jet Database Engine is prone to a remote code-execution vulnerability.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running affected applications. Successful exploits will compromise the affected applications and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

This issue does not affect Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1as they run a non-vulnerable version of the Jet Database Engine.

This issue does affect Microsoft Word 2000 Service Pack 3, Microsoft Word 2002 Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

NOTE: This issue is a duplicate of the vulnerability discussed in BID 26468 (Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability).

4. Microsoft Internet Explorer 7 'setRequestHeader()' Multiple Vulnerabilities
BugTraq ID: 28379
Remote: Yes
Date Published: 2008-03-21
Relevant URL: http://www.securityfocus.com/bid/28379
Summary:
Microsoft Internet Explorer 7 is prone to multiple vulnerabilities that allow for referer-spoofing, HTTP-request-splitting, and HTTP-request-smuggling attacks.

A remote attacker may leverage these classes of attacks to poison web caches, steal credentials, evade IDS signatures, and launch cross-site scripting, HTML-injection, and session-hijacking attacks. Other attacks are also possible.

This issue reportedly affects Microsoft Internet Explorer 7.

5. Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution Vulnerability
BugTraq ID: 28360
Remote: No
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28360
Summary:
Microsoft Windows Vista is prone to a vulnerability that may allow a file to automatically run because the software fails to handle the 'NoDriveTypeAutoRun' registry value.

An attacker may exploit this issue to execute arbitary code. The attacker must entice a victim into attaching a form of removable media, such as a USB drive or CD-ROM.

6. Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
BugTraq ID: 28356
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28356
Summary:
Apple Safari is prone to a vulnerability that could allow a malicious HTTPS proxy server to spoof a secure website.

An attacker could exploit this issue to harvest potentially sensitive information; other attacks are also possible.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

7. Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities
BugTraq ID: 28349
Remote: Yes
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28349
Summary:
Adobe Flash is prone to multiple remote code-execution vulnerabilities.

An attacker may exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

These issues affect Flash CS3 Professional, Flash Professional 8, and Flash Basic 8.

8. Apple Safari Web Inspector Remote Code Injection Vulnerability
BugTraq ID: 28347
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28347
Summary:
Apple Safari is prone to a remote code-injection vulnerability.

Attackers may exploit this issue to run script code in other domains and access the vulnerable computer's filesystem.

These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

9. Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability
BugTraq ID: 28342
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28342
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to access frame methods in another domain. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

10. Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
BugTraq ID: 28338
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28338
Summary:
Apple Safari is prone to a buffer-overflow vulnerability.

Attackers may exploit this issue to execute arbitrary code or to crash the affected application. Other attacks are also possible.

This issue affects versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

11. Apple Safari WebCore History Object Cross-Site Scripting Vulnerability
BugTraq ID: 28337
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28337
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in other frames loaded from the same web page. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

12. Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability
BugTraq ID: 28336
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28336
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal potentially sensitive information and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

13. Apple Safari WebCore Java Frame Navigation Cross-Site Scripting Vulnerability
BugTraq ID: 28335
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28335
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

14. Apple Safari WebCore 'window.open()' Function Cross-Site Scripting Vulnerability
BugTraq ID: 28332
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28332
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

15. Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability
BugTraq ID: 28330
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28330
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

16. Apple Safari Javascript URL Parsing Cross-Site Scripting Vulnerability
BugTraq ID: 28328
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28328
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X 10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

17. Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure Vulnerability
BugTraq ID: 28326
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28326
Summary:
Apple Safari is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain potentially sensitive information that may aid in further attacks.

This issue affects versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

18. Apple Safari Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 28321
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28321
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of another site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own record to better document the issue.

19. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
BugTraq ID: 28299
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28299
Summary:
Check Point VPN-1 is prone to a denial-of-service vulnerability that can allow attackers to obtain sensitive information. The issue occurs because the application fails to adequately handle IP address collisions.

Attackers can exploit this issue to break site-to-site VPN connectivity between a VPN-1 gateway and a third party, denying access to legitimate users. If SecuRemote back-connections are enabled, the attacker can leverage this issue to re-route site-to-site VPN traffic from the VPN gateway to their SecuRemote client. Under certain conditions, this will cause data that was destined for the third party to be sent to the attacker's client instead. This could contain sensitive information that would aid in further attacks.

20. Microsoft Internet Explorer CreateTextRange.text Denial of Service Vulnerability
BugTraq ID: 28295
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28295
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain JavaScript code.

This issue is triggered when a remote attacker entices a victim to visit a malicious site.

Attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

21. RETIRED: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
BugTraq ID: 28290
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28290
Summary:
Apple Safari is prone to 12 security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible.

These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This BID is being retired. The following individual records have been created to fully document all the vulnerabilities that were described in this BID:

28356 Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
28321 Apple Safari Error Page Cross-Site Scripting Vulnerability
28328 Apple Safari Javascript URL Parsing Cross-Site Scripting Vulnerability
28330 Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability
28347 Apple Safari Web Inspector Remote Code Injection Vulnerability
28326 Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure Vulnerability
28332 Apple Safari WebCore 'window.open()' Function Cross-Site Scripting Vulnerability
28335 Apple Safari WebCore Java Frame Navigation Cross-Site Scripting Vulnerability
28336 Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting Vulnerability
28337 Apple Safari WebCore History Object Cross-Site Scripting Vulnerability
28338 Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow Vulnerability
28342 Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability

22. Home FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 28283
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28283
Summary:
Home FTP Server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #386
http://www.securityfocus.com/archive/88/489849

2. More along the lines of malware disinfection
http://www.securityfocus.com/archive/88/489751

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by bmighty:

Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV

No comments:

Blog Archive