SecurityFocus Microsoft Newsletter #273

[Marc Fossi]

SecurityFocus Microsoft Newsletter #273
----------------------------------------
This Issue is Sponsored By: CipherTrust

CipherTrust Products have been nominated! Please Vote in the SC Magazine 
Awards.
IronMail Gateway - Best E-Mail Security
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=7&Sub_ID=2&Prod_ID=122
IronMail Gateway - Best Anti-Spam
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=5&Sub_ID=2&Prod_ID=87

------------------------------------------------------------------
I.   FRONT AND CENTER
      1. Windows rootkits of 2005, part three
      2. Patching a broken Windows
II.  MICROSOFT VULNERABILITY SUMMARY
      1. VBulletin Event Title HTML Injection Vulnerability
      2. Drupal URL-Encoded Input HTML Injection Vulnerability
      3. EFileGo Multiple Input Validation Vulnerabilities
      4. Intel Graphics Accelerator Driver Remote Denial Of Service 
Vulnerability
      5. PHP MySQL_Connect Remote Buffer Overflow Vulnerability
      6. Blue Coat Systems WinProxy Remote Host Header Buffer Overflow 
Vulnerability
      7. Blue Coat Systems WinProxy Remote Denial Of Service Vulnerability
      8. Blue Coat Systems WinProxy Telnet Remote Denial Of Service 
Vulnerability
      9. IBM Lotus Domino and Notes Multiple Unspecified Vulnerabilities
      10. NetSarang XLPD Remote Denial of Service Vulnerability
      11. Microsoft Windows Graphics Rendering Engine Multiple Memory 
Corruption Vulnerabilities
      12. Microsoft Excel Unspecified Code Execution Vulnerability
      13. Clam Anti-Virus ClamAV Unspecified UPX File Buffer Overflow 
Vulnerability
      14. Microsoft Windows Embedded Web Font Buffer Overflow Vulnerability
      15. Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code 
Execution Vulnerability
      16. PostgreSQL Postmaster Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
      1. patching servers...
      2. audit trails for file access
      3. SecurityFocus Microsoft Newsletter #272
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Windows rootkits of 2005, part three
By James Butler, Sherri Sparks
The third and final article in this series explores five different rootkit 
detection techniques used to discover Windows rootkit deployments. 
Additionally, nine different tools designed for administrators are discussed.
http://www.securityfocus.com/infocus/1854

2. Patching a broken Windows
By Robert Lemos
Robert Lemos interviews Datarescue's senior software developer Ilfak Guilfanov, 
the creator of the unofficial patch for the flaw in the Windows Meta File 
format that saw tens of thousands of downloads prior to the official patch 
release by Microsoft. Guilfanov explains why he decided to issue a patch for 
the vulnerability, how he created the patch, and his thoughts on whether 
third-party patches are generally a good thing.
http://www.securityfocus.com/columnists/378


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. VBulletin Event Title HTML Injection Vulnerability
BugTraq ID: 16116
Remote: Yes
Date Published: 2006-01-01
Relevant URL: http://www.securityfocus.com/bid/16116
Summary:
vBulletin is prone to an HTML injection vulnerability.  This issue is due to a 
failure in the application to properly sanitize user-supplied input before 
using it in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the 
affected Web site, potentially allowing for theft of cookie-based 
authentication credentials. An attacker could also exploit this issue to 
control how the site is rendered to the user; other attacks are also possible.

This issue is reported to affect vBulletin 3.5.2.  Earlier versions may also be 
affected.

2. Drupal URL-Encoded Input HTML Injection Vulnerability
BugTraq ID: 16117
Remote: Yes
Date Published: 2006-01-01
Relevant URL: http://www.securityfocus.com/bid/16117
Summary:
Drupal is prone to an HTML injection vulnerability when handling URL-encoded 
HTML and script code in message content.  This issue is due to a failure in the 
application to properly sanitize user-supplied input before using it in 
dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the 
affected Web site, potentially allowing for theft of cookie-based 
authentication credentials. An attacker could also exploit this issue to 
control how the site is rendered to the user; other attacks are also possible.

3. EFileGo Multiple Input Validation Vulnerabilities
BugTraq ID: 16124
Remote: Yes
Date Published: 2006-01-03
Relevant URL: http://www.securityfocus.com/bid/16124
Summary:
eFileGo is prone to multiple input validation vulnerabilities. These issues are 
due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to retrieve arbitrary files, upload files 
to arbitrary locations, cause denial of service conditions and execute 
arbitrary commands.

Successful exploitation may facilitate a remote compromise of the computer 
running the affected software.

4. Intel Graphics Accelerator Driver Remote Denial Of Service Vulnerability
BugTraq ID: 16127
Remote: Yes
Date Published: 2006-01-03
Relevant URL: http://www.securityfocus.com/bid/16127
Summary:
The Intel Graphics Accelerator driver is susceptible to a remote denial of 
service vulnerability. This issue is demonstrated to occur when the affected 
driver attempts to display an overly long text in a text area.

This issue allows attackers to crash the display manager on Microsoft Windows 
XP, or cause a complete system crash on computers running Microsoft Windows 
2000. Other operating systems where the affected display driver is available 
are also likely affected.

Version 6.14.10.4308 of the Intel Graphics Accelerator driver is considered 
vulnerable to this issue. Other versions may also be affected.

This issue will be updated as further information becomes available. This issue 
may be related to the one described in BID 10913 (Microsoft Windows Large Image 
Processing Remote Denial Of Service Vulnerability), but this has not been 
confirmed.

5. PHP MySQL_Connect Remote Buffer Overflow Vulnerability
BugTraq ID: 16145
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16145
Summary:
PHP is prone to a remote buffer overflow vulnerability.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected Web server. Failed exploit attempts will likely result 
in crashing the Web server, denying service to legitimate users. 
It should be noted that arguments to the 'mysql_connect' function are not 
usually accessible for modification by remote attackers. This may limit the 
possible exploitation to legitimate users and administrators in a shared 
hosting environment. 
PHP for Microsoft Windows versions 4.3.10, 4.4.0, and 4.4.1 are vulnerable; 
other versions may also be affected.


6. Blue Coat Systems WinProxy Remote Host Header Buffer Overflow Vulnerability
BugTraq ID: 16147
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16147
Summary:
A remote buffer overflow vulnerability affects Blue Coat Systems WinProxy. This 
issue is due to a failure of the application to properly validate the length of 
user-supplied strings prior to copying them into static process buffers.

An attacker may exploit this issue to execute arbitrary code with the 
privileges of the vulnerable application. This may facilitate unauthorized 
access or privilege escalation.

Blue Coat Systems WinProxy version 6.0 is vulnerable to this issue; other 
versions may also be affected.

7. Blue Coat Systems WinProxy Remote Denial Of Service Vulnerability
BugTraq ID: 16148
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16148
Summary:
WinProxy is prone to a remote denial of service vulnerability. This issue is 
due to a failure in the application to properly handle user-supplied data.

A remote attacker can exploit this issue to crash the server denying service to 
legitimate users.

This issue is reported to affect WinProxy version 6.0; other versions may also 
be vulnerable.

8. Blue Coat Systems WinProxy Telnet Remote Denial Of Service Vulnerability
BugTraq ID: 16149
Remote: Yes
Date Published: 2006-01-05
Relevant URL: http://www.securityfocus.com/bid/16149
Summary:
WinProxy is prone to a remote denial of service vulnerability. This issue is 
due to a failure in the application to properly handle user-supplied data.

A remote attacker can exploit this issue to crash the server denying service to 
legitimate users. Remote code execution may be possible but is unlikely.

This issue affects WinProxy version 6.0; earlier versions are also likely 
vulnerable.

9. IBM Lotus Domino and Notes Multiple Unspecified Vulnerabilities
BugTraq ID: 16158
Remote: Yes
Date Published: 2006-01-06
Relevant URL: http://www.securityfocus.com/bid/16158
Summary:
IBM Lotus Domino and Notes are prone to multiple unspecified vulnerabilities. 
Exploitation of these issues results in a failure of the server, thus denying 
service to legitimate users.

Lotus Domino and Notes versions prior to 6.5.5 are considered vulnerable.


10. NetSarang XLPD Remote Denial of Service Vulnerability
BugTraq ID: 16164
Remote: Yes
Date Published: 2006-01-07
Relevant URL: http://www.securityfocus.com/bid/16164
Summary:
Xlpd is prone to a remote denial of service vulnerability. This issue is due to 
a failure in the application to handle exceptional conditions.

A remote attacker can exploit this issue to crash the affected application 
effectively denying service to legitimate users.

This issue is reported to affect Xlpd version 2.1; other versions may also be 
vulnerable.

11. Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption 
Vulnerabilities
BugTraq ID: 16167
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16167
Summary:
Microsoft Windows WMF graphics rendering engine is affected by multiple memory 
corruption vulnerabilities.  These issues affect the 'ExtCreateRegion' and 
'ExtEscape' functions.

These problems present themselves when a user views a malicious WMF formatted 
file containing specially crafted data.

Reports indicate that these issues lead to a denial of service condition. 
Earlier conjectures that the issues may result in the execution of arbitrary 
code appear at this point to be incorrect. Attackers could force a crash or 
restart of the viewing application.

12. Microsoft Excel Unspecified Code Execution Vulnerability
BugTraq ID: 16181
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16181
Summary:
Microsoft Excel is susceptible to an unspecified code execution vulnerability. 
The issue presents itself when Microsoft Excel attempts to process malformed or 
corrupted XLS files.

Attackers may exploit this issue to execute arbitrary machine code in the 
context of the affected application.

This BID will be updated as further information is disclosed. This issue is not 
believed to be related to the ones described in BID 15926 (Microsoft Excel 
Unspecified Memory Corruption Vulnerabilities).

13. Clam Anti-Virus ClamAV Unspecified UPX File Buffer Overflow Vulnerability
BugTraq ID: 16191
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16191
Summary:
ClamAV is prone to an unspecified heap buffer overflow vulnerability. This 
issue is due to a failure of the application to properly bounds check 
user-supplied data prior to copying it to an insufficiently sized memory 
buffer.

This issue occurs when the application attempts to handle compressed UPX files.

Exploitation of this issue could allow attacker-supplied machine code to be 
executed in the context of the affected application. The issue would occur when 
the malformed file is scanned manually or automatically in deployments such as 
email gateways.

Further information is unavailable at this time. This BID will be updated as 
further information is disclosed.

14. Microsoft Windows Embedded Web Font Buffer Overflow Vulnerability
BugTraq ID: 16194
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16194
Summary:
Microsoft Windows is susceptible to a remotely exploitable buffer overflow 
vulnerability. This issue is due to a failure of the software to properly 
bounds check user-supplied input prior to copying it to an insufficiently sized 
memory buffer.

This issue allows remote attackers to execute arbitrary machine code in the 
context of the vulnerable software on the targeted user's computer.

15. Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code Execution 
Vulnerability
BugTraq ID: 16197
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16197
Summary:
Microsoft Exchange Server and Outlook email clients are prone to a remote code 
execution vulnerability. 
This vulnerability presents itself when the applications decode a message 
containing a specially crafted TNEF MIME attachment.  Successful exploitation 
may result in arbitrary code execution facilitating a remote compromise.

An attack against Microsoft Exchange Server could lead to a SYSTEM level remote 
compromise, while attacks against Outlook would result in arbitrary code 
execution in the context of the current user.


16. PostgreSQL Postmaster Denial Of Service Vulnerability
BugTraq ID: 16201
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16201
Summary:
PostgreSQL is prone to a denial of service vulnerability. This issue is due to 
a failure in the application to properly handle exceptional conditions.

A remote attacker can exploit this issue to crash the postmaster service, thus 
denying future connections until the service is manually restarted.

This issue only affects PostgreSQL for Microsoft Windows.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. patching servers...
http://www.securityfocus.com/archive/88/421403

2. audit trails for file access
http://www.securityfocus.com/archive/88/421005

3. SecurityFocus Microsoft Newsletter #272
http://www.securityfocus.com/archive/88/420784

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: CipherTrust

CipherTrust Products have been nominated! Please Vote in the SC Magazine 
Awards.
IronMail Gateway - Best E-Mail Security
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=7&Sub_ID=2&Prod_ID=122
IronMail Gateway - Best Anti-Spam
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=5&Sub_ID=2&Prod_ID=87





---------------------------------------------------------------------------
---------------------------------------------------------------------------