WINDOWS CENTER: SecurityFocus Microsoft Newsletter #429

SecurityFocus Microsoft Newsletter #429
----------------------------------------

Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. MICROSOFT VULNERABILITY SUMMARY
1. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
2. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
3. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
4. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
5. Zinf Multiple PlayList Files Buffer Overflow Vulnerability
6. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability
7. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
8. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability
9. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability
10. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
11. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability
12. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
13. FTPShell server '.key' File Buffer Overflow Vulnerability
14. Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability
15. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability
16. Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow Vulnerability
17. Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow Vulnerability
18. Apple QuickTime AVI Movie Remote Buffer Overflow Vulnerability
19. Apple QuickTime H.263 Encoded Movie Remote Memory Corruption Vulnerability
20. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability
21. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
22. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. customer user accounts and internal user accounts on same domain
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
BugTraq ID: 33515
Remote: Yes
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33515
Summary:
Web on Windows (WOW) ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to overwrite arbitrary files and execute arbitrary code on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Web on Windows 2 is vulnerable; other versions may also be affected.

2. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33513
Remote: Yes
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33513
Summary:
Thomson Demo mp3PRO Player/Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Thomson Demo mp3PRO Player/Encoder 1.1.0 is vulnerable; other versions may also be affected.

3. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
BugTraq ID: 33494
Remote: Yes
Date Published: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33494
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition.

Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected.

NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code.

4. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 33492
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33492
Summary:
Horde IMP Webmail Client is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to IMP 4.2.2 and 4.3.3 are affected.

5. Zinf Multiple PlayList Files Buffer Overflow Vulnerability
BugTraq ID: 33482
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33482
Summary:
Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

Zinf 2.2.1 is vulnerable; other versions may also be affected.

6. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33454
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33454
Summary:
Win FTP Server is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Win FTP Server 2.3.0 is vulnerable; other versions may also be affected.

7. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
BugTraq ID: 33450
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33450
Summary:
Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

8. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability
BugTraq ID: 33440
Remote: No
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33440
Summary:
The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.

A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.

9. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 33432
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33432
Summary:
Nokia Multimedia Player is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected application, denying service to legitimate users.

Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected.

10. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 33426
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33426
Summary:
WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users.

WFTPD Pro 3.30.0.1 is vulnerable; other versions may also be affected.

Update (29th January, 2009): This issue is reported to only affect servers which have the 'Enable Security' configuration option disabled.

11. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33420
Remote: Yes
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33420
Summary:
MediaMonkey is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

MediaMonkey 3.0.6 is vulnerable; other versions may also be affected.

12. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33419
Remote: Yes
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33419
Summary:
Merak Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Merak Media Player 3.2 is vulnerable; other versions may also be affected.

13. FTPShell server '.key' File Buffer Overflow Vulnerability
BugTraq ID: 33403
Remote: Yes
Date Published: 2009-01-22
Relevant URL: http://www.securityfocus.com/bid/33403
Summary:
FTPShell Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

FTPShell Server 4.3 is vulnerable; other versions may also be affected.

14. Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability
BugTraq ID: 33393
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33393
Summary:
The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data.