News

Thursday, October 02, 2008

SecurityFocus Microsoft Newsletter #414

SecurityFocus Microsoft Newsletter #414
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Blaming the Good Samaritan
2.The Boston Trio and the MBTA
II. MICROSOFT VULNERABILITY SUMMARY
1. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability
2. WinZip 'gdiplus.dll' Microsoft Module Unspecified Security Vulnerability
3. Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML Injection Vulnerabilities
4. Wireshark Packet Capture File Denial of Service Vulnerability
5. Microsoft GDI+ 'GDIPLUS.dll' ICO File Divide-By-Zero Denial of Service Vulnerability
6. ZoneAlarm HTTP Proxy Remote Denial of Service Vulnerability
7. Microsoft Windows Mobile Overly Long Bluetooth Device Name Denial of Service Vulnerability
8. DATAC RealWin SCADA Server Remote Stack Buffer Overflow Vulnerability
9. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
10. phpMyAdmin Cross Site Scripting Vulnerability
11. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
12. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #413
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481

2.The Boston Trio and the MBTA
By Mark Rasch
The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a Court in Boston.
http://www.securityfocus.com/columnists/480


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 31521
Remote: No
Date Published: 2008-10-01
Relevant URL: http://www.securityfocus.com/bid/31521
Summary:
ESET SysInspector is prone to a local privilege-escalation vulnerability that occurs in the 'esiadrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

ESET SysInspector 1.1.1.0 is vulnerable; other versions may also be affected.

2. WinZip 'gdiplus.dll' Microsoft Module Unspecified Security Vulnerability
BugTraq ID: 31485
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31485
Summary:
WinZip is prone to an unspecified vulnerability that stems from an error in the Microsoft 'gdiplus.dll' component included with the application.

NOTE: The issues described in this BID may be related to one or more of the issues described in the Microsoft MS08-052 security bulletin.

Reports indicate that this issue may allow attackers to execute arbitrary code in the context of the affected application, but Symantec has not confirmed this information.

This issue affects WinZip 11.x (prior to 11.2 SR-1) on Windows 2000 systems.

3. Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML Injection Vulnerabilities
BugTraq ID: 31483
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31483
Summary:
Marshal MailMarshal SMTP Spam Quarantine Management component is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Reportedly, the attacker may be able to further exploit these issues to install arbitrary files on a victim's computer.

These issues affect MailMarshal SMTP 6.0 up to and including 6.3.

4. Wireshark Packet Capture File Denial of Service Vulnerability
BugTraq ID: 31468
Remote: Yes
Date Published: 2008-09-29
Relevant URL: http://www.securityfocus.com/bid/31468
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application.

Wireshark 1.0.3 is vulnerable; other versions may also be affected.

5. Microsoft GDI+ 'GDIPLUS.dll' ICO File Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 31432
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31432
Summary:
Microsoft GDI+ is prone to a denial-of-service vulnerability when processing a malformed ICO file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

6. ZoneAlarm HTTP Proxy Remote Denial of Service Vulnerability
BugTraq ID: 31431
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31431
Summary:
ZoneAlarm Internet Security Suite is prone to a remote denial-of-service vulnerability that occurs in the TrueVector component when connecting to a malicious HTTP proxy.

ZoneAlarm Internet Security Suite 8.0.020 is vulnerable; other versions may also be affected.

7. Microsoft Windows Mobile Overly Long Bluetooth Device Name Denial of Service Vulnerability
BugTraq ID: 31420
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31420
Summary:
Microsoft Windows Mobile is prone to a denial-of-service vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to crash a device running Windows Mobile, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Windows Mobile 6.0 is vulnerable; other versions may also be affected.

8. DATAC RealWin SCADA Server Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 31418
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31418
Summary:
DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition.

RealWin SCADA server 2.0 is affected; other versions may also be vulnerable.

9. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
BugTraq ID: 31399
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31399
Summary:
WordPad is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.doc' file.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

10. phpMyAdmin Cross Site Scripting Vulnerability
BugTraq ID: 31327
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31327
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.9.2 are vulnerable.

11. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31317
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31317
Summary:
DataSpade is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

DataSpade 1.0 is vulnerable; other versions may also be affected.

12. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
BugTraq ID: 31294
Remote: Yes
Date Published: 2008-09-22
Relevant URL: http://www.securityfocus.com/bid/31294
Summary:
Foxmail Email Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Foxmail Email Client 6.5 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #413
http://www.securityfocus.com/archive/88/496752

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF

No comments:

Blog Archive