SecurityFocus Microsoft Newsletter #407

>
> SecurityFocus Microsoft Newsletter #407
> ----------------------------------------
>
> This issue is sponsored by Offensive Security
>
> From one of the creators of BackTrack comes a series of intense, 5 day, live training sessions that will change the
> way you view security. No more theory, no more talking-these hands-on
> classes will not just discuss why but will show you HOW. Join the
> Offensive Security training team for some security training in the
> market today.http://www.offensive-security.com/seccourse.php
>
>
>
>
> SECURITY BLOGS
> SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
> http://www.securityfocus.com/blogs
>
> ------------------------------------------------------------------
> I. FRONT AND CENTER
> 1.An Astonishing Collaboration
> 2.Bad-Code Blues
> II. MICROSOFT VULNERABILITY SUMMARY
> 1. WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
> 2. JBoss Enterprise Application Platform Information Disclosure Vulnerability
> 3. Winamp 'NowPlaying' Unspecified Security Vulnerability
> 4. Ingres Database Multiple Local Vulnerabilities
> 5. MailEnable 3.52 IMAP Remote Denial of Service Vulnerability
> 6. Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities
> 7. Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability
> 8. F-PROT Antivirus Archive Parsing Denial of Service Vulnerability
> 9. Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
> 10. BlazeVideo HDTV Player PLF File Stack Buffer Overflow Vulnerability
> 11. AVG Anti-Virus UPX File Parsing Denial of Service Vulnerability
> III. MICROSOFT FOCUS LIST SUMMARY
> 1. SecurityFocus Microsoft Newsletter #405
> IV. UNSUBSCRIBE INSTRUCTIONS
> V. SPONSOR INFORMATION
>
> I. FRONT AND CENTER
> ---------------------
> 1.An Astonishing Collaboration
> By Dan Kaminsky
> Wow. It's out. It's finally, finally out. Sweet!
> http://www.securityfocus.com/columnists/477
>
> 2.Bad-Code Blues
> By Don Parker
> The current state of secure software development by corporations both large and small is a mess. We are still cursed with half-baked software, and as a result, a never ending stream of vulnerabilities. Secure coding practices and active quality assurance (QA) efforts are now more mainstream, but that still hasn.t made much of a dent.
> http://www.securityfocus.com/columnists/476
>
>
> II. MICROSOFT VULNERABILITY SUMMARY
> ------------------------------------
> 1. WebEx Meeting Manager 'atucfobj.dll' ActiveX Control Remote Buffer Overflow Vulnerability
> BugTraq ID: 30578
> Remote: Yes
> Date Published: 2008-08-06
> Relevant URL: http://www.securityfocus.com/bid/30578
> Summary:
> WebEx Meeting Manager is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. This issue affects the 'atucfobj.dll' ActiveX control library.
>
> An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
>
> 'atucfobj.dll' 20.2008.2601.4928 is vulnerable; other versions may also be affected.
>
> 2. JBoss Enterprise Application Platform Information Disclosure Vulnerability
> BugTraq ID: 30540
> Remote: Yes
> Date Published: 2008-08-05
> Relevant URL: http://www.securityfocus.com/bid/30540
> Summary:
> JBoss Enterprise Application Platform is prone to a remote information-disclosure vulnerability.
>
> Remote attackers can exploit this issue to obtain potentially sensitive details about deployed web contexts. Information obtained may lead to further attacks.
>
> The issue affects versions prior to JBoss Enterprise Application Platform 4.3.0.CP01 and 4.2.0.CP03.
>
> 3. Winamp 'NowPlaying' Unspecified Security Vulnerability
> BugTraq ID: 30539
> Remote: Yes
> Date Published: 2008-08-04
> Relevant URL: http://www.securityfocus.com/bid/30539
> Summary:
> Winamp is prone an unspecified vulnerability.
>
> Very few details are available regarding this issue. We will update this BID as more information emerges.
>
> This issue affects versions prior to Winamp 5.541.
>
> 4. Ingres Database Multiple Local Vulnerabilities
> BugTraq ID: 30512
> Remote: No
> Date Published: 2008-08-01
> Relevant URL: http://www.securityfocus.com/bid/30512
> Summary:
> Ingres Database is prone to multiple local vulnerabilities:
>
> - Multiple local privilege-escalation vulnerabilities
> - A vulnerability that may allow attackers to overwrite arbitrary files.
>
> Local attackers can exploit these issues to gain elevated privileges on the affected computer, execute arbitrary code with superuser privileges, and overwrite arbitrary files owned by 'Ingres' user.
>
> 5. MailEnable 3.52 IMAP Remote Denial of Service Vulnerability
> BugTraq ID: 30498
> Remote: Yes
> Date Published: 2008-08-01
> Relevant URL: http://www.securityfocus.com/bid/30498
> Summary:
> MailEnable is prone to a remote denial-of-service vulnerability.
>
> An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
>
> MailEnable 3.62 Professional Edition and Enterprise Edition are vulnerable; other versions may also be affected.
>
> 6. Apple Mac OS X QuickLook Multiple Memory Corruption Vulnerabilities
> BugTraq ID: 30493
> Remote: Yes
> Date Published: 2008-07-31
> Relevant URL: http://www.securityfocus.com/bid/30493
> Summary:
> Apple Mac OS X is prone to multiple memory-corruption vulnerabilities that affect the QuickLook component.
>
> Attackers can exploit these issues to execute arbitrary code in the context of the affected application or cause denial-of-service conditions.
>
> The following versions are affected:
>
> Mac OS X v10.5.4 and prior
> Mac OS X Server v10.5.4 and prior
>
> This issue does not affect systems prior to Mac OS X v10.5.
>
> NOTE: These issues were previously covered in BID 30483 (Apple Mac OS X 2008-005 Multiple Security Vulnerabilities) but have been given their own record to better document these vulnerabilities.
>
> 7. Sun xVM VirtualBox 'VBoxDrv.sys' Local Privilege Escalation Vulnerability
> BugTraq ID: 30481
> Remote: No
> Date Published: 2008-08-04
> Relevant URL: http://www.securityfocus.com/bid/30481
> Summary:
> Sun xVM VirtualBox is prone to a local privilege-escalation vulnerability that occurs in the 'VBoxDrv.sys' driver.
>
> An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
>
> Sun xVM VirtualBox 1.6.0 and 1.6.2 running on Windows are vulnerable; other versions may also be affected.
>
> 8. F-PROT Antivirus Archive Parsing Denial of Service Vulnerability
> BugTraq ID: 30461
> Remote: Yes
> Date Published: 2008-07-31
> Relevant URL: http://www.securityfocus.com/bid/30461
> Summary:
> F-PROT Antivirus is prone to a denial-of-service vulnerability.
>
> F-PROT Antivirus 6.2.1.4252 is vulnerable; other versions may also be affected.
>
> 9. Citrix Presentation Server 'icabar.exe' Local Privilege Escalation Vulnerability
> BugTraq ID: 30446
> Remote: No
> Date Published: 2008-07-30
> Relevant URL: http://www.securityfocus.com/bid/30446
> Summary:
> Citrix Presentation Server (formerly Citrix MetaFrame Server) is prone to a privilege-escalation vulnerability caused by a flaw in how 'icabar.exe' is invoked via a 'Run' registry key.
>
> Attackers can leverage this issue to execute arbitrary code with administrator privileges. Successful exploits will completely compromise affected computers.
>
> The following products are vulnerable when running on Windows NT, Windows 2000, and Windows 2003:
>
> Citrix MetaFrame Presentation Server 3.0 and prior
> Citrix MetaFrame XP 1.0 and prior
>
> 10. BlazeVideo HDTV Player PLF File Stack Buffer Overflow Vulnerability
> BugTraq ID: 30442
> Remote: Yes
> Date Published: 2008-07-30
> Relevant URL: http://www.securityfocus.com/bid/30442
> Summary:
> BlazeVideo HDTV Player is prone to a stack-based buffer-overflow vulnerability because the application fails to handle malformed playlist files.
>
> An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.
>
> BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected.
>
> 11. AVG Anti-Virus UPX File Parsing Denial of Service Vulnerability
> BugTraq ID: 30417
> Remote: Yes
> Date Published: 2008-07-28
> Relevant URL: http://www.securityfocus.com/bid/30417
> Summary:
> AVG Anti-Virus is prone to a denial-of-service vulnerability.
>
> Exploiting this issue may allow attackers to crash AVG Anti-Virus and deny service to legitimate users of the application.
>
> Versions prior to AVG Anti-Virus 8.0.156 are vulnerable.
>
> III. MICROSOFT FOCUS LIST SUMMARY
> ---------------------------------
> 1. SecurityFocus Microsoft Newsletter #405
> http://www.securityfocus.com/archive/88/495002
>
> IV. UNSUBSCRIBE INSTRUCTIONS
> -----------------------------
> To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
>
> If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
>
> V. SPONSOR INFORMATION
> ------------------------
>
> This issue is sponsored by Offensive Security
>
> From one of the creators of BackTrack comes a series of intense, 5 day, live training sessions that will change the
> way you view security. No more theory, no more talking-these hands-on
> classes will not just discuss why but will show you HOW. Join the
> Offensive Security training team for some security training in the
> market today.http://www.offensive-security.com/seccourse.php
>
>
>
>
>