News

Thursday, July 17, 2008

SecurityFocus Microsoft Newsletter #403

SecurityFocus Microsoft Newsletter #403
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.An Astonishing Collaboration
2.Bad-Code Blues
II. MICROSOFT VULNERABILITY SUMMARY
1. F-PROT Antivirus Multiple File Processing Remote Denial Of Service Vulnerabilities
2. BitComet URI Handling Remote Denial of Service Vulnerability
3. MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
4. Microsoft Internet Explorer New ActiveX Object String Concatenation Memory Corruption Vulnerability
5. Wireshark 1.0.1 Denial of Service Vulnerability
6. Empire Server Prior to 4.3.15 Multiple Unspecified Vulnerabilities
7. Download Accelerator Plus '.m3u' File Buffer Overflow Vulnerability
8. Microsoft Windows DNS Server Cache Poisoning Vulnerability
9. Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability
10. Microsoft Word Unspecified Remote Code Execution Vulnerability
11. Microsoft SQL Server On-Disk MTF Data Structures Remote Memory Corruption Vulnerability
12. Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability
13. Microsoft Windows Explorer saved-search File Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

2.Bad-Code Blues
By Don Parker
The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
http://www.securityfocus.com/columnists/476


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. F-PROT Antivirus Multiple File Processing Remote Denial Of Service Vulnerabilities
BugTraq ID: 30258
Remote: Yes
Date Published: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30258
Summary:
F-PROT Antivirus is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle malformed files.

An attacker may exploit these issues to crash the affected application or to trigger infinite loops, denying service to legitimate users.

Versions prior to F-PROT Antivirus engine 4.4.4 are vulnerable. This version of the engine is included in F-PROT Antivirus 6.0.9.0.

2. BitComet URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 30255
Remote: Yes
Date Published: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30255
Summary:
BitComet is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the application. Given the nature of this vulnerability, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

BitComet 1.02 is vulnerable; other versions may also be affected.

3. MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
BugTraq ID: 30251
Remote: Yes
Date Published: 2008-07-16
Relevant URL: http://www.securityfocus.com/bid/30251
Summary:
MediaMonkey is prone to two denial-of-service vulnerabilities because it fails to handle user-supplied input.

An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code, but this has not been confirmed.

MediaMonkey 3.0.3 is vulnerable; other versions may also be affected.

4. Microsoft Internet Explorer New ActiveX Object String Concatenation Memory Corruption Vulnerability
BugTraq ID: 30219
Remote: Yes
Date Published: 2008-07-14
Relevant URL: http://www.securityfocus.com/bid/30219
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

5. Wireshark 1.0.1 Denial of Service Vulnerability
BugTraq ID: 30181
Remote: Yes
Date Published: 2008-07-10
Relevant URL: http://www.securityfocus.com/bid/30181
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application.

This issue affects Wireshark 0.8.19 to 1.0.1.

6. Empire Server Prior to 4.3.15 Multiple Unspecified Vulnerabilities
BugTraq ID: 30152
Remote: Yes
Date Published: 2008-07-09
Relevant URL: http://www.securityfocus.com/bid/30152
Summary:
Empire Server is prone to multiple unspecified vulnerabilities:

- Multiple unspecified buffer-overflow vulnerabilities.
- An information-disclosure vulnerability in the Pseudo Random Number Generator (PRNG).

Attackers can exploit these issues to execute arbitrary code within the context of the affected application, crash the application, and obtain sensitive information.

Versions prior to Empire Server 4.3.15 are vulnerable.

7. Download Accelerator Plus '.m3u' File Buffer Overflow Vulnerability
BugTraq ID: 30138
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30138
Summary:
Download Accelerator Plus (DAP) is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

8. Microsoft Windows DNS Server Cache Poisoning Vulnerability
BugTraq ID: 30132
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30132
Summary:
Microsoft Windows DNS servers are prone to a vulnerability that lets attackers poison DNS caches. This occurs because the software fails to properly handle responses containing data outside of their authority.

Successfully exploiting this issue allows remote attackers to poison DNS caches, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

9. Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability
BugTraq ID: 30130
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30130
Summary:
Microsoft Outlook Web Access (OWA) for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks.

10. Microsoft Word Unspecified Remote Code Execution Vulnerability
BugTraq ID: 30124
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30124
Summary:
Microsoft Word is prone to an unspecified remote code-execution vulnerability.

Successful attacks may allow arbitrary malicious code to run in the context of the user running the application. Failed attack attempts may result in a crash.

Reports indicate that this issue affects Microsoft Office XP.

The DeepSight Threat Analysis Team has confirmed that this issue affects Microsoft Office XP with Word 2002 and leads to a crash in Word 2000 and Word 2003.

No further details can be provided at this time. We are currently analyzing this issue and will update this BID when more information becomes available.

11. Microsoft SQL Server On-Disk MTF Data Structures Remote Memory Corruption Vulnerability
BugTraq ID: 30119
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30119
Summary:
Microsoft SQL Server is prone to a remote memory-corruption vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Authenticated attackers can exploit this issue to execute arbitrary code in the context of the server. Failed attacks will likely cause denial-of-service conditions.

12. Snapshot Viewer for Microsoft Access ActiveX Control Arbitrary File Download Vulnerability
BugTraq ID: 30114
Remote: Yes
Date Published: 2008-07-07
Relevant URL: http://www.securityfocus.com/bid/30114
Summary:
Snapshot Viewer for Microsoft Access is prone to a vulnerability that can cause malicious files to be downloaded and saved to arbitrary locations on an affected computer.

Attackers may exploit this issue to put malicious files in arbitrary locations on a victim's computer. This will facilitate a remote compromise.

13. Microsoft Windows Explorer saved-search File Remote Code Execution Vulnerability
BugTraq ID: 30109
Remote: Yes
Date Published: 2008-07-08
Relevant URL: http://www.securityfocus.com/bid/30109
Summary:
Microsoft Windows Explorer is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

No comments:

Blog Archive