News

Wednesday, May 21, 2008

SecurityFocus Microsoft Newsletter #395

SecurityFocus Microsoft Newsletter #395
----------------------------------------

This issue is sponsored by Sphinx-Soft

VistaFirewallControl - controls Vista 32/64-bit applications outbound/inbound activity by a single click.
Based on Vista security core; provides unbeatable stability and filtering quality of Microsoft; Synchronizes external uPnP hardware with applications network permissions;
Download here http://sphinx-soft.com/Vista/order.html?SF


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Thinking Beyond the Ivory Towers
2.Click Crime
II. MICROSOFT VULNERABILITY SUMMARY
1. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability
2. Computer Associates ARCserve Backup 'caloggerd' and 'xdr' Functions Multiple Remote Vulnerabilities
3. Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation Vulnerability
4. Microsoft Internet Explorer 'Print Table of Links' Cross Zone Script Injection Vulnerability
5. IDAutomation Barcode ActiveX Controls Multiple Arbitrary File Overwrite Vulnerabilities
6. Symantec Altiris Deployment Solution Domain Credential Unauthorized Access Vulnerability
7. Symantec Altiris Deployment Solution 'axengine.exe' SQL Injection Vulnerability
8. Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation Vulnerability
9. Symantec Altiris Deployment Solution Registry Keys Local Unauthorized Access Vulnerability
10. Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation Vulnerability
11. Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities
12. Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities
13. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities
14. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
15. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
16. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
17. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
18. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Binding Windows Services to Specific Addresses Only
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Thinking Beyond the Ivory Towers
By Dave Aitel
In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think.

http://www.securityfocus.com/columnists/472

2. Click Crime
By Mark Rasch
It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one.

http://www.securityfocus.com/columnists/471


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability
BugTraq ID: 29288
Remote: Yes
Date Published: 2008-05-20
Relevant URL: http://www.securityfocus.com/bid/29288
Summary:
Foxit Reader is prone to a remote buffer-overflow vulnerability when handling PDF files with specially crafted JavaScript code.

Exploiting this issue may allow attackers to corrupt memory and execute arbitrary machine code in the context of users running the affected application. Failed exploit will likely cause denial-of-service conditions.

This issue affects Foxit Reader 2.3 build 2825; other versions may also be affected.

2. Computer Associates ARCserve Backup 'caloggerd' and 'xdr' Functions Multiple Remote Vulnerabilities
BugTraq ID: 29283
Remote: Yes
Date Published: 2008-05-19
Relevant URL: http://www.securityfocus.com/bid/29283
Summary:
Computer Associates ARCserve Backup is prone to multiple remote vulnerabilities:

- An arbitrary-file-overwrite vulnerability
- A stack-based buffer-overflow vulnerability.

An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

3. Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation Vulnerability
BugTraq ID: 29218
Remote: No
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29218
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain access to a privileged command prompt. Successfully exploiting this issue will result in the complete compromise of affected computers.

4. Microsoft Internet Explorer 'Print Table of Links' Cross Zone Script Injection Vulnerability
BugTraq ID: 29217
Remote: Yes
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29217
Summary:
Microsoft Internet Explorer is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when printing a table of links.

Attackers can exploit this issue by enticing an unsuspecting user to initiate the printing procedure while viewing a specially crafted page. Successful exploits will cause malicious script code to run in the 'Local Machine Zone' of a victim's computer.

Internet Explorer 7.0 and 8.0b are vulnerable; other versions may also be affected.

Reports indicate that successful exploits on Windows Vista platforms running UAC can cause only information disclosure.

5. IDAutomation Barcode ActiveX Controls Multiple Arbitrary File Overwrite Vulnerabilities
BugTraq ID: 29204
Remote: Yes
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29204
Summary:
IDAutomation Barcode ActiveX controls are prone to multiple vulnerabilities that allow attackers to overwrite arbitrary files.

An attacker can exploit these issues by enticing an unsuspecting victim to view a malicious HTML page.

Successfully exploiting these issues will allow the attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

The following applications are vulnerable:

Linear Barcode ActiveX Control 1.6.0.6
Data Matrix Barcode Font & Encoder 1.6.0.6
PDF417 Barcode Font and Encoder 1.6.0.6
Aztec Barcode Font & Encoder 1.7.1.0

Other versions may also be affected.

6. Symantec Altiris Deployment Solution Domain Credential Unauthorized Access Vulnerability
BugTraq ID: 29199
Remote: Yes
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29199
Summary:
Symantec Altiris Deployment Solution is prone to a vulnerability that allows an attacker to gain unauthorized access to the affected application.

The attacker can exploit this issue to gain administrative access to the application. Successfully exploiting this issue will compromise the affected application.

7. Symantec Altiris Deployment Solution 'axengine.exe' SQL Injection Vulnerability
BugTraq ID: 29198
Remote: Yes
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29198
Summary:
Symantec Altiris Deployment Solution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.

Versions prior to Symantec Altiris Deployment Solution 6.9.176 are vulnerable.

8. Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation Vulnerability
BugTraq ID: 29197
Remote: No
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29197
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

9. Symantec Altiris Deployment Solution Registry Keys Local Unauthorized Access Vulnerability
BugTraq ID: 29196
Remote: No
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29196
Summary:
Symantec Altiris Deployment Solution is prone to a local unauthorized-access vulnerability.

An attacker with local access to the computer may be able to access certain registry keys. A successful attack may allow the attacker to obtain information or to disrupt service.

10. Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation Vulnerability
BugTraq ID: 29194
Remote: No
Date Published: 2008-05-14
Relevant URL: http://www.securityfocus.com/bid/29194
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to gain access to a privileged command prompt. Successfully exploiting this issue will result in the complete compromise of affected computers.

11. Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities
BugTraq ID: 29190
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29190
Summary:
Multiple operating systems are prone to remote denial-of-service vulnerabilities that occur when affected operating systems are acting as IPv6 routers.

Successful exploits allow remote attackers to cause computers to consume excessive CPU resources or to stop responding to advertised routes in a network. This will potentially deny further network services to legitimate users.

Microsoft Windows XP, Microsoft Windows Server 2003, and Linux are prone to these issues. Other operating systems may also be affected.

12. Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 29178
Remote: Yes
Date Published: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29178
Summary:
RakNet Autopatcher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries.

Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Versions prior to RakNet 3.23 are vulnerable.

13. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities
BugTraq ID: 29171
Remote: No
Date Published: 2008-05-12
Relevant URL: http://www.securityfocus.com/bid/29171
Summary:
Microsoft Windows is prone to multiple local privilege-escalation vulnerabilities.

An attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will completely compromise affected computers.

These issues affect Windows XP prior to SP3.

14. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability
BugTraq ID: 29158
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29158
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

15. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 29105
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29105
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Word file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

16. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 29104
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29104
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

17. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability
BugTraq ID: 29073
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29073
Summary:
Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate certain data structures when parsing specially crafted files.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

18. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability
BugTraq ID: 29060
Remote: Yes
Date Published: 2008-05-13
Relevant URL: http://www.securityfocus.com/bid/29060
Summary:
Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input when parsing specially crafted files.

Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Binding Windows Services to Specific Addresses Only
http://www.securityfocus.com/archive/88/491595

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sphinx-Soft

VistaFirewallControl - controls Vista 32/64-bit applications outbound/inbound activity by a single click.
Based on Vista security core; provides unbeatable stability and filtering quality of Microsoft; Synchronizes external uPnP hardware with applications network permissions;
Download here http://sphinx-soft.com/Vista/order.html?SF

No comments:

Blog Archive