News

Thursday, October 23, 2008

SecurityFocus Microsoft Newsletter #417

SecurityFocus Microsoft Newsletter #417
----------------------------------------

This issue is sponsored by HP:

Very few applications are bulletproof from hackers. During this 12 minute unscripted video, you.ll sit in a virtual conference room with two of the world's most well-known white hat hackers, Caleb Sima and Billy Hoffman.
During this whiteboard session, they demonstrate just how easy it is to break-into a private corporate network through the web application and own the back-end database. During this video, you will learn just how easy it is to hack into web applications and hear how hackers execute some of their favorite attacks: client side pricing attack, session hijacking, fuzzing and SQL Injection.
https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-4W4AD/index.php?mcc=DZRV&jumpid=edm_r11374_us/en/large/tsg/w1_Hackers_vid_securityfocus/mcc_DZRV/20081020/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. MICROSOFT VULNERABILITY SUMMARY
1. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
2. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
3. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
4. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability
5. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability
6. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
7. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
8. Hummingbird HostExplorer ActiveX Control 'PlainTextPassword()' Buffer Overflow Vulnerability
9. Adobe Flash CS3 Professional SWF File Heap Buffer Overflow Vulnerability
10. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability
11. Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
12. Titan FTP Server 'SITE WHO' Command Remote Denial of Service Vulnerability
13. Etype Eserv FTP 'ABOR' Command Remote Stack Based Buffer Overflow Vulnerability
14. Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities
15. RaidenFTPD 'MLST' Command Remote Stack Based Buffer Overflow Vulnerability
16. XM Easy Personal FTP Server 'NSLT' Command Remote Denial of Service Vulnerability
17. Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability
18. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
19. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
20. Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability
21. Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
22. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
23. Microsoft Windows VAD Local Privilege Escalation Vulnerability
24. Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
25. Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
26. Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation Vulnerability
27. Microsoft Windows Kernel Memory Corruption Local Privilege Escalation Vulnerability
28. Microsoft Windows Kernel Window Creation Local Privilege Escalation Vulnerability
29. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
30. Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability
31. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
32. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
33. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
34. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
35. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
36. Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #416
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483

2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. SilverSHielD 'opendir()' Remote Denial of Service Vulnerability
BugTraq ID: 31884
Remote: Yes
Date Published: 2008-10-23
Relevant URL: http://www.securityfocus.com/bid/31884
Summary:
SilverSHielD is prone to a denial-of-service vulnerability because the application fails to handle excessive user input.

An attacker may exploit this issue to crash the vulnerable application, resulting in a denial-of-service condition.

SilverSHielD 1.0.2.34 is vulnerable; other versions may also be affected.

2. Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability
BugTraq ID: 31874
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31874
Summary:
Microsoft Windows is prone to a remote-code execution vulnerability that affects RPC (Remote Procedure Call) handling in the Server service.

An attacker could exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of vulnerable computers. This issue may be prone to widespread automated exploits. Attackers require authenticated access on Windows Vista and Server 2008 platforms to exploit this issue.

This vulnerability affects Windows 2000, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008.

3. freeSSHd SFTP 'rename' Remote Buffer Overflow Vulnerability
BugTraq ID: 31872
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31872
Summary:
freeSSHd is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects freeSSHd 1.2.1; other versions may also be affected.

4. Multiple EMC NetWorker Products 'nsrexecd.exe' RPC Request Denial of Service Vulnerability
BugTraq ID: 31866
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31866
Summary:
Multiple EMC NetWorker products are prone to a denial-of-service vulnerability.

Attackers can exploit this issue by sending malicious RPC requests, causing affected applications to consume resources until they become unresponsive. Repeated requests can lead to a denial-of-service condition.

5. Cisco PIX and ASA Windows NT Domain VPN Authentication Bypass Vulnerability
BugTraq ID: 31864
Remote: Yes
Date Published: 2008-10-22
Relevant URL: http://www.securityfocus.com/bid/31864
Summary:
Cisco PIX and ASA is prone to an authentication-bypass vulnerability.

Remote attackers can exploit this issue to gain unauthorized access to the affected devices. Successfully exploiting this issue will lead to other attacks.

This issue is being monitored by Cisco Bug ID CSCsj25896.

6. IBM DB2 Universal Database Prior to 9.1 Fixpak 6 Multiple Vulnerabilities
BugTraq ID: 31856
Remote: Yes
Date Published: 2008-10-21
Relevant URL: http://www.securityfocus.com/bid/31856
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities.

Successful exploits may allow attackers to obtain sensitive information or cause a denial-of-service condition.

Versions prior to DB2 9.1 Fixpak 6 are affected.

7. Wireshark 1.0.3 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 31838
Remote: Yes
Date Published: 2008-10-20
Relevant URL: http://www.securityfocus.com/bid/31838
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issue may allow attackers to crash the application or cause the application to crash, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.10.3 up to and including 1.0.3.

8. Hummingbird HostExplorer ActiveX Control 'PlainTextPassword()' Buffer Overflow Vulnerability
BugTraq ID: 31783
Remote: Yes
Date Published: 2008-10-16
Relevant URL: http://www.securityfocus.com/bid/31783
Summary:
Hummingbird HostExplorer ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

9. Adobe Flash CS3 Professional SWF File Heap Buffer Overflow Vulnerability
BugTraq ID: 31769
Remote: Yes
Date Published: 2008-10-15
Relevant URL: http://www.securityfocus.com/bid/31769
Summary:
Adobe Flash CS3 Professional is prone to a heap-buffer overflow vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Flash CS3 Professional for Microsoft Windows is vulnerable.

10. Symantec Altiris Deployment Solution Client User Interface Local Privilege Escalation Vulnerability
BugTraq ID: 31766
Remote: No
Date Published: 2008-10-20
Relevant URL: http://www.securityfocus.com/bid/31766
Summary:
Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to bypass security settings and gain privileged access. Successfully exploiting this issue will result in the complete compromise of affected computers.

11. Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
BugTraq ID: 31765
Remote: Yes
Date Published: 2008-10-15
Relevant URL: http://www.securityfocus.com/bid/31765
Summary:
Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks.

OWA 6.5 SP 2 is vulnerable; other versions may also be affected.

12. Titan FTP Server 'SITE WHO' Command Remote Denial of Service Vulnerability
BugTraq ID: 31757
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31757
Summary:
Titan FTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash affected FTP servers, denying service to legitimate users.

Titan FTP Server 6.26 build 630 is vulnerable; other versions may also be affected.

13. Etype Eserv FTP 'ABOR' Command Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31753
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31753
Summary:
Etype Eserv is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Eserv 3.26 is vulnerable; other versions may also be affected.

14. Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 31752
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31752
Summary:
Husdawg System Requirements Lab ActiveX controls and Java applets are prone to multiple remote code-execution vulnerabilities.

Successful exploit will allow attackers to download and execute arbitrary files on the affected computer in the context of the application that uses the plugins.

15. RaidenFTPD 'MLST' Command Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31741
Remote: Yes
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31741
Summary:
RaidenFTPD is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

RaidenFTPD 2.4 build 3620 is vulnerable; other versions may also be affected.

16. XM Easy Personal FTP Server 'NSLT' Command Remote Denial of Service Vulnerability
BugTraq ID: 31739
Remote: Yes
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31739
Summary:
XM Easy Personal FTP Server is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash affected FTP servers, denying service to legitimate users.

XM Easy Personal FTP Server 5.6.0 is vulnerable; other versions may also be affected.

17. Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability
BugTraq ID: 31737
Remote: No
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31737
Summary:
Lenovo Rescue and Recovery is prone to a heap-based overflow vulnerability.

A successful exploit of this vulnerability can allow a local attacker to completely compromise the affected computer.

Lenovo Rescue and Recover 4.20 is vulnerable.

18. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 31706
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31706
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

19. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
BugTraq ID: 31705
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31705
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

20. Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability
BugTraq ID: 31702
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31702
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

21. Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
BugTraq ID: 31693
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31693
Summary:
Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner.

Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Office XP Service Pack 3 is vulnerable.

22. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
BugTraq ID: 31682
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31682
Summary:
Microsoft Internet Printing Service is prone to an integer-overflow vulnerability.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges.

23. Microsoft Windows VAD Local Privilege Escalation Vulnerability
BugTraq ID: 31675
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31675
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because of an error in how the system memory manager handles memory allocation in relation to Virtual Address Descriptors (VAD).

A successful exploit will let a local attacker completely compromise an affected computer.

24. Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31673
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31673
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability in the Ancillary Function Driver ('afd.sys').

A successful exploit of this vulnerability will let a local attacker completely compromise an affected computer.

25. Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
BugTraq ID: 31654
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31654
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

26. Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation Vulnerability
BugTraq ID: 31653
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31653
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

27. Microsoft Windows Kernel Memory Corruption Local Privilege Escalation Vulnerability
BugTraq ID: 31652
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31652
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

28. Microsoft Windows Kernel Window Creation Local Privilege Escalation Vulnerability
BugTraq ID: 31651
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31651
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

29. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
BugTraq ID: 31647
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31647
Summary:
Microsoft Windows is prone to a remote code execution vulnerability caused by a buffer-underflow condition in the SMB (Server Message Block) protocol implementation.

To exploit the issue, an attacker must first successfully authenticate as a legitimate user or a Guest user on the affected computer. A successful exploit will completely compromise the affected computer.

30. Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability
BugTraq ID: 31637
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31637
Summary:
The Microsoft Message Queuing service (MSMQ) is prone to a remote heap-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result in a denial-of-service condition.

This issue is exploitable remotely on Windows 2000 systems only. The MSMQ service is not installed or enabled by default. For a computer to be exploited, an administrator must have explicitly installed and enabled the service.

31. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
BugTraq ID: 31620
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31620
Summary:
Microsoft Windows is prone to a remote command-execution vulnerability in the SNA service through a remote procedure call (RPC).

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected service.

32. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
BugTraq ID: 31618
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31618
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

33. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
BugTraq ID: 31617
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31617
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

34. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
BugTraq ID: 31616
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31616
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

35. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
BugTraq ID: 31615
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31615
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

36. Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability
BugTraq ID: 31609
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31609
Summary:
Microsoft Windows Active Directory is prone to a remote code-execution vulnerability that arises because the application fails to handle specially crafted LDAP or LDAP over SSL (LDAPS) requests in a proper manner.

Successfully exploiting this issue would allow an attacker to execute arbitrary code and gain complete access to a vulnerable computer. The attacker may also be able to cause the affected system to stop responding to further requests and restart.

This issue affects only Windows 2000 servers configured as Active Directory domain controllers.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #416
http://www.securityfocus.com/archive/88/497456

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Very few applications are bulletproof from hackers. During this 12 minute unscripted video, you.ll sit in a virtual conference room with two of the world's most well-known white hat hackers, Caleb Sima and Billy Hoffman.
During this whiteboard session, they demonstrate just how easy it is to break-into a private corporate network through the web application and own the back-end database. During this video, you will learn just how easy it is to hack into web applications and hear how hackers execute some of their favorite attacks: client side pricing attack, session hijacking, fuzzing and SQL Injection.
https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-4W4AD/index.php?mcc=DZRV&jumpid=edm_r11374_us/en/large/tsg/w1_Hackers_vid_securityfocus/mcc_DZRV/20081020/

No comments:

Blog Archive