News

Thursday, January 29, 2009

SecurityFocus Microsoft Newsletter #429

SecurityFocus Microsoft Newsletter #429
----------------------------------------

Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. MICROSOFT VULNERABILITY SUMMARY
1. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
2. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
3. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
4. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
5. Zinf Multiple PlayList Files Buffer Overflow Vulnerability
6. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability
7. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
8. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability
9. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability
10. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
11. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability
12. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
13. FTPShell server '.key' File Buffer Overflow Vulnerability
14. Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability
15. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability
16. Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow Vulnerability
17. Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow Vulnerability
18. Apple QuickTime AVI Movie Remote Buffer Overflow Vulnerability
19. Apple QuickTime H.263 Encoded Movie Remote Memory Corruption Vulnerability
20. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability
21. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
22. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. customer user accounts and internal user accounts on same domain
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
BugTraq ID: 33515
Remote: Yes
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33515
Summary:
Web on Windows (WOW) ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to overwrite arbitrary files and execute arbitrary code on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Web on Windows 2 is vulnerable; other versions may also be affected.

2. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33513
Remote: Yes
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33513
Summary:
Thomson Demo mp3PRO Player/Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Thomson Demo mp3PRO Player/Encoder 1.1.0 is vulnerable; other versions may also be affected.

3. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
BugTraq ID: 33494
Remote: Yes
Date Published: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33494
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition.

Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected.

NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code.

4. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 33492
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33492
Summary:
Horde IMP Webmail Client is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to IMP 4.2.2 and 4.3.3 are affected.

5. Zinf Multiple PlayList Files Buffer Overflow Vulnerability
BugTraq ID: 33482
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33482
Summary:
Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes.

Zinf 2.2.1 is vulnerable; other versions may also be affected.

6. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33454
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33454
Summary:
Win FTP Server is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Win FTP Server 2.3.0 is vulnerable; other versions may also be affected.

7. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
BugTraq ID: 33450
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33450
Summary:
Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

8. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability
BugTraq ID: 33440
Remote: No
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33440
Summary:
The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.

A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.

9. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 33432
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33432
Summary:
Nokia Multimedia Player is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected application, denying service to legitimate users.

Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected.

10. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 33426
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33426
Summary:
WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users.

WFTPD Pro 3.30.0.1 is vulnerable; other versions may also be affected.

Update (29th January, 2009): This issue is reported to only affect servers which have the 'Enable Security' configuration option disabled.

11. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33420
Remote: Yes
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33420
Summary:
MediaMonkey is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

MediaMonkey 3.0.6 is vulnerable; other versions may also be affected.

12. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33419
Remote: Yes
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33419
Summary:
Merak Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Merak Media Player 3.2 is vulnerable; other versions may also be affected.

13. FTPShell server '.key' File Buffer Overflow Vulnerability
BugTraq ID: 33403
Remote: Yes
Date Published: 2009-01-22
Relevant URL: http://www.securityfocus.com/bid/33403
Summary:
FTPShell Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

FTPShell Server 4.3 is vulnerable; other versions may also be affected.

14. Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability
BugTraq ID: 33393
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33393
Summary:
The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Windows XP SP2 and SP3.

15. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability
BugTraq ID: 33390
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33390
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

16. Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow Vulnerability
BugTraq ID: 33389
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33389
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

17. Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow Vulnerability
BugTraq ID: 33388
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33388
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

18. Apple QuickTime AVI Movie Remote Buffer Overflow Vulnerability
BugTraq ID: 33387
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33387
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2, and Mac OS X.

19. Apple QuickTime H.263 Encoded Movie Remote Memory Corruption Vulnerability
BugTraq ID: 33386
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33386
Summary:
Apple QuickTime is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

20. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability
BugTraq ID: 33384
Remote: Yes
Date Published: 2009-01-21
Relevant URL: http://www.securityfocus.com/bid/33384
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X.

21. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33363
Remote: Yes
Date Published: 2009-01-20
Relevant URL: http://www.securityfocus.com/bid/33363
Summary:
easyHDR Pro is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

easyHDR Pro 1.60.2 is vulnerable; prior versions may also be affected.

22. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability
BugTraq ID: 33359
Remote: Yes
Date Published: 2009-01-20
Relevant URL: http://www.securityfocus.com/bid/33359
Summary:
Microsoft Windows Mobile is prone to a directory-traversal vulnerability in the OBEX FTP service.

Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory, download arbitrary files, and obtain sensitive information. Other attacks may also be possible.

Windows Mobile 5.0 and 6.0 are vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. customer user accounts and internal user accounts on same domain
http://www.securityfocus.com/archive/88/500442

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program
As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to...

http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e

No comments:

Blog Archive