News

Wednesday, December 31, 2008

SecurityFocus Microsoft Newsletter #425

SecurityFocus Microsoft Newsletter #425
----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. MICROSOFT VULNERABILITY SUMMARY
1. SaschArt SasCam Webcam Server ActiveX Control 'Get' Method Buffer Overflow Vulnerability
2. Winace Malformed Filename Remote Denial of Service Vulnerability
3. Microsoft Windows Media Player WAV File Parsing Code Execution Vulnerability
4. BulletProof FTP Client '.bps' File Stack Buffer Overflow Vulnerability
5. BreakPoint Software Hex Workshop CMAP File Handling Buffer Overflow Vulnerability
6. RETIRED: Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability
7. SAWStudio '.prf' File Buffer Overflow Vulnerability
8. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability
9. Retired: Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability
10. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #424
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. SaschArt SasCam Webcam Server ActiveX Control 'Get' Method Buffer Overflow Vulnerability
BugTraq ID: 33053
Remote: Yes
Date Published: 2008-12-29
Relevant URL: http://www.securityfocus.com/bid/33053
Summary:
SasCam Webcam Server ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions.

SasCam Webcam Server 2.6.5 is vulnerable; other versions may also be affected.

2. Winace Malformed Filename Remote Denial of Service Vulnerability
BugTraq ID: 33049
Remote: Yes
Date Published: 2008-12-29
Relevant URL: http://www.securityfocus.com/bid/33049
Summary:
Winace is prone to a denial-of-service vulnerability.

Attackers can exploit this issue to crash Windows Explorer, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution is possible; however this has not been confirmed.

Winace 2.2 is vulnerable; other versions may also be affected.

3. Microsoft Windows Media Player WAV File Parsing Code Execution Vulnerability
BugTraq ID: 33042
Remote: Yes
Date Published: 2008-12-29
Relevant URL: http://www.securityfocus.com/bid/33042
Summary:
Microsoft Windows Media Player is prone to a code-execution vulnerability.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will allow arbitrary code to run in the context of the user running the application.

4. BulletProof FTP Client '.bps' File Stack Buffer Overflow Vulnerability
BugTraq ID: 33024
Remote: Yes
Date Published: 2008-12-28
Relevant URL: http://www.securityfocus.com/bid/33024
Summary:
BulletProof FTP Client is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

5. BreakPoint Software Hex Workshop CMAP File Handling Buffer Overflow Vulnerability
BugTraq ID: 33023
Remote: Yes
Date Published: 2008-12-28
Relevant URL: http://www.securityfocus.com/bid/33023
Summary:
Hex Workshop is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Hex Workshop 5.1.4 is vulnerable; other versions may also be affected.

6. RETIRED: Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability
BugTraq ID: 33018
Remote: Yes
Date Published: 2008-12-25
Relevant URL: http://www.securityfocus.com/bid/33018
Summary:
Microsoft Windows Media Player is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will result in a crash of the affected application. Arbitrary code execution is not believed to be possible.

NOTE: This BID is being retired because exploits of this issue would have no security impacts.

7. SAWStudio '.prf' File Buffer Overflow Vulnerability
BugTraq ID: 33011
Remote: Yes
Date Published: 2008-12-24
Relevant URL: http://www.securityfocus.com/bid/33011
Summary:
SAWStudio is prone a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

SAWStudio 3.9i is vulnerable; other versions may also be affected.

8. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability
BugTraq ID: 33007
Remote: Yes
Date Published: 2008-12-24
Relevant URL: http://www.securityfocus.com/bid/33007
Summary:
BulletProof FTP Client is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

BulletProof FTP Client 2.63 is vulnerable; other versions may also be affected.

9. Retired: Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability
BugTraq ID: 32999
Remote: Yes
Date Published: 2008-12-23
Relevant URL: http://www.securityfocus.com/bid/32999
Summary:
Internet Explorer is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input.

Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands with the privileges of a user running the application. Attackers may also be able to leverage this issue to execute arbitrary code with the privileges of the user running the vulnerable application.

Internet Explorer 8 beta 2 is vulnerable; other versions may also be affected.

This issue is being retired as a duplicate of BID 32997 (Google Chrome 'chromeHTML://' Command Line Parameter Injection Vulnerability).

10. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 32972
Remote: Yes
Date Published: 2008-12-22
Relevant URL: http://www.securityfocus.com/bid/32972
Summary:
freeSSHd is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

These issues affect freeSSHd 1.2.1; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #424
http://www.securityfocus.com/archive/88/499615

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec

No comments:

Blog Archive