News

Wednesday, November 26, 2008

SecurityFocus Microsoft Newsletter #421

SecurityFocus Microsoft Newsletter #421
----------------------------------------

This issue is Sponsored by Absolute Software

Securing Laptops in the Field . Live Webinar
Minimize laptop theft and data loss by managing laptops outside the network. In this Dec. 9 webinar, IT asset management specialist at Farmers Insurance explains how he remotely audits end-user hardware and wipes out data on lost or stolen computers.

http://www.absolute.com/public/landing/CIO1208/default.asp?ref=SF1108-CIOwebinar


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Encase It's Not a Search
2.Microsoft's Stance on Piracy Affects Us All
II. MICROSOFT VULNERABILITY SUMMARY
1. Nero ShowTime '.m3u' File Remote Buffer Overflow Vulnerability
2. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
3. BitDefender 'pdf.xmd' Module PDF Parsing Remote Denial Of Service Vulnerability
4. Microsoft Windows Vista 'iphlpapi.dll' Local Kernel Buffer Overflow Vulnerability
5. Symantec Backup Exec for Windows Server Remote Agent Authentication Bypass Vulnerability
6. Symantec Backup Exec Data Management Protocol Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #420
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Just Encase It's Not a Search
By Mark Rasch
When is a search not really a search? If it.s done by computer, according to U.S. government lawyers.
http://www.securityfocus.com/columnists/485

2.Microsoft's Stance on Piracy Affects Us All
By Oliver Day
For the last few years, Microsoft has wrestled with their stance on piracy. Pirated operating systems are just like legitimate operating systems in terms of their exposure to vulnerabilities: Users must install patches or they will be compromised.
http://www.securityfocus.com/columnists/484


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Nero ShowTime '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 32446
Remote: Yes
Date Published: 2008-11-24
Relevant URL: http://www.securityfocus.com/bid/32446
Summary:
Nero ShowTime is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

NOTE: This issue may be related to BID 27615 (Nero Media Player M3U Buffer Overflow Vulnerability), but this has not been confirmed.

ShowTime 5.0.15.0 is vulnerable; other versions may also be affected.

2. Wireshark 1.0.4 SMTP Denial of Service Vulnerability
BugTraq ID: 32422
Remote: Yes
Date Published: 2008-11-22
Relevant URL: http://www.securityfocus.com/bid/32422
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang, which may aid in other attacks.

This issue affects Wireshark 1.0.4; other versions may also be vulnerable.

3. BitDefender 'pdf.xmd' Module PDF Parsing Remote Denial Of Service Vulnerability
BugTraq ID: 32396
Remote: Yes
Date Published: 2008-11-20
Relevant URL: http://www.securityfocus.com/bid/32396
Summary:
BitDefender is prone to a remote denial-of-service vulnerability that occurs when a malicious PDF file is scanned using BitDefender's command-line scanner 'bdc.exe'.

Attackers can exploit this issue to deny service to legitimate users.

UPDATE (November 25, 2008): Further reports indicate that the vulnerable module 'pdf.xmd' is used in other applications, rendering them vulnerable as well.

4. Microsoft Windows Vista 'iphlpapi.dll' Local Kernel Buffer Overflow Vulnerability
BugTraq ID: 32357
Remote: No
Date Published: 2008-11-19
Relevant URL: http://www.securityfocus.com/bid/32357
Summary:
Microsoft Windows Vista is prone to a buffer-overflow vulnerability because of insufficient boundary checks.

Local attackers could exploit this issue to cause denial-of-service conditions. Given the nature of this issue, attackers may also be able to execute arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

Windows Vista SP1 is vulnerable to this issue.

UPDATE (November 25, 2008): Since this issue may be exploitable only by members of the administrative group, the security implication of this issue may be negated.

5. Symantec Backup Exec for Windows Server Remote Agent Authentication Bypass Vulnerability
BugTraq ID: 32347
Remote: Yes
Date Published: 2008-11-19
Relevant URL: http://www.securityfocus.com/bid/32347
Summary:
Symantec Backup Exec for Windows Server is prone to a vulnerability that allows an attacker to bypass authentication and gain unauthorized access to the affected application.

Attackers with authorized network access can exploit this issue to bypass the logon process using the remote agents. Successfully exploits may allow attackers to retrieve or delete files on the targeted computer.

6. Symantec Backup Exec Data Management Protocol Buffer Overflow Vulnerability
BugTraq ID: 32346
Remote: Yes
Date Published: 2008-11-19
Relevant URL: http://www.securityfocus.com/bid/32346
Summary:
Symantec Backup Exec is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #420
http://www.securityfocus.com/archive/88/498546

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by Absolute Software

Securing Laptops in the Field . Live Webinar
Minimize laptop theft and data loss by managing laptops outside the network. In this Dec. 9 webinar, IT asset management specialist at Farmers Insurance explains how he remotely audits end-user hardware and wipes out data on lost or stolen computers.

http://www.absolute.com/public/landing/CIO1208/default.asp?ref=SF1108-CIOwebinar

No comments:

Blog Archive