News

Wednesday, September 17, 2008

SecurityFocus Microsoft Newsletter #412

SecurityFocus Microsoft Newsletter #412
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.SATAN'S Helper
2.Get Off My Cloud
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
2. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
3. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
4. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
5. Personal FTP Server 'RETR' Command Remote Denial of Service Vulnerability
6. Baidu Hi 'CSTransfer.dll' Remote Stack Buffer Overflow Vulnerability
7. Avant Browser JavaScript Engine Integer Overflow Vulnerability
8. RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
9. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
10. Maxthon Browser Remote Denial of Service Vulnerability
11. Apple iTunes Misleading Firewall Warning Weakness
12. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
13. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
14. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
15. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
16. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
17. Microsoft Organization Chart Remote Code Execution Vulnerability
18. Microsoft GDI+ BMP Integer Overflow Vulnerability
19. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
20. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
21. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
22. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #411
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.SATAN's Helper
By Federico Biancuzzi
SecurityFocus contributor Federico Biancuzzi chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix.
Venema is currently a researcher at IBM's T.J. Watson Research Center
http://www.securityfocus.com/columnists/479

2.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
BugTraq ID: 31215
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31215
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to view a web page embedded with a malicious PNG file.

Successfully exploiting this issue will cause the application to stop responding, denying service to legitimate users.

Microsoft Internet Explorer 7 and 8 Beta 1 are vulnerable; other versions may also be affected.

2. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
BugTraq ID: 31208
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31208
Summary:
Adobe Illustrator is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects only Adobe Illustrator CS2 for Macintosh.

3. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
BugTraq ID: 31204
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31204
Summary:
Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service.

Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible.

Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable.

4. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
BugTraq ID: 31179
Remote: Yes
Date Published: 2008-09-15
Relevant URL: http://www.securityfocus.com/bid/31179
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets.

Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

5. Personal FTP Server 'RETR' Command Remote Denial of Service Vulnerability
BugTraq ID: 31173
Remote: Yes
Date Published: 2008-09-14
Relevant URL: http://www.securityfocus.com/bid/31173
Summary:
Personal FTP Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

Personal FTP Server 6.0f is vulnerable; other versions may also be affected.

6. Baidu Hi 'CSTransfer.dll' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 31162
Remote: Yes
Date Published: 2008-09-13
Relevant URL: http://www.securityfocus.com/bid/31162
Summary:
Baidu Hi is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

7. Avant Browser JavaScript Engine Integer Overflow Vulnerability
BugTraq ID: 31155
Remote: Yes
Date Published: 2008-09-12
Relevant URL: http://www.securityfocus.com/bid/31155
Summary:
Avant Browser is prone to an integer-overflow vulnerability that occurs in the JavaScript engine.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious site.

Successfully exploiting this issue may allow attackers to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Avant Browser 11.7 Build 9 is vulnerable; other versions may also be affected.

NOTE: This vulnerability may be related to the issue described in BID 14917 (Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability).

8. RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
BugTraq ID: 31129
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31129
Summary:
Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This control is included with Microsoft SQL Server 2000; other versions may also be affected.

NOTE: This BID is being retired because the issue is not exploitable. The ActiveX control is not marked 'Safe for Scripting'.

9. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
BugTraq ID: 31124
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31124
Summary:
ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected.

10. Maxthon Browser Remote Denial of Service Vulnerability
BugTraq ID: 31098
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31098
Summary:
Maxthon Browser is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.

This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected.

11. Apple iTunes Misleading Firewall Warning Weakness
BugTraq ID: 31090
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31090
Summary:
Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users.

This issue may lead to a false sense of security, potentially aiding in network-based attacks.

Versions prior to Apple iTunes 8.0 are vulnerable to this issue.

12. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31089
Remote: No
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31089
Summary:
Apple iTunes is prone to a local privilege-escalation vulnerability due to an integer-overflow issue.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to iTunes 8.0 for Microsoft Windows XP and Microsoft Windows Vista.

13. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
BugTraq ID: 31086
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31086
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

14. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 31069
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31069
Summary:
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.

15. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
BugTraq ID: 31067
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31067
Summary:
Microsoft Office OneNote is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

16. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 31065
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31065
Summary:
The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

17. Microsoft Organization Chart Remote Code Execution Vulnerability
BugTraq ID: 31059
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31059
Summary:
Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation.

Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted Organization Chart document.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Microsoft Organization Chart 2.00,19 is vulnerable; other versions may also be affected.

18. Microsoft GDI+ BMP Integer Overflow Vulnerability
BugTraq ID: 31022
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31022
Summary:
Microsoft GDI+ is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.

Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

19. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

20. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
BugTraq ID: 31020
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31020
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

21. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
BugTraq ID: 31019
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31019
Summary:
Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

22. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 31018
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31018
Summary:
Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user.

23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
BugTraq ID: 30550
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/30550
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #411
http://www.securityfocus.com/archive/88/496270

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

No comments:

Blog Archive