SecurityFocus Microsoft Newsletter #284

Thu, 30 Mar 2006 08:47:16 -0800 

SecurityFocus Microsoft Newsletter #284
----------------------------------------

Test your Network Security Free with QualysGuard
Requiring NO software, QualysGuard will safely and accurately test your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation. 

http://www.securityfocus.com/cgi-bin/ib.pl

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Security Czar
       2. Learning an advanced skillset
II.  MICROSOFT VULNERABILITY SUMMARY
       1. MPlayer Multiple Integer Overflow Vulnerabilities
2. SweetSuite.NET Content Management System Search.ASPX Cross-Site Scripting Vulnerability 
       3. Microsoft Office XP Array Index Denial of Service Vulnerability
4. Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities 5. Pablo Software Solutions Baby Web/Quick 'n Easy Web ASP Source Disclosure Vulnerability 
       6. Pubcookies Multiple Cross-Site Scripting Vulnerabilities
7. Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability 8. Retired: Sendmail SM_SysLog Remote Memory Leak Denial Of Service Vulnerability 
       9. VBulleting ImpEx Remote File Include Vulnerability
       10. Baby FTP Server Information Disclosure Weakness
       11. Orion Application Server JSP Source Disclosure Vulnerability
12. Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability 13. Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability 14. Microsoft ASP.NET COM Components W3WP Remote Denial Of Service Vulnerability 15. Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability 
       16. MailEnable Unspecified POP Authentication Bypass Vulnerability
17. MailEnable Enterprise/Professional Editions Webmail Denial of Service Vulnerability 
       18. PHPWebSite Multiple SQL Injection Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Security Czar
By Scott Granneman
In this column Scott Granneman takes the role of dictator of the security world and presents his ideas about mandatory reforms that would improve security for millions of people. 
http://www.securityfocus.com/columnists/394

2. Learning an advanced skillset
By Don Parker
The purpose of this article is to guide network security analysts towards learning the advanced skillset required to help further their careers. We'll look at two key pillars of knowledge, protocols and programming, and why they're both so important in the security field. 
http://www.securityfocus.com/infocus/1861


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. MPlayer Multiple Integer Overflow Vulnerabilities
BugTraq ID: 17295
Remote: Yes
Date Published: 2006-03-29
Relevant URL: http://www.securityfocus.com/bid/17295
Summary:
MPlayer is susceptible to two integer-overflow vulnerabilities. An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges.
MPlayer version 1.0.20060329 is affected by these issues; other versions may also be affected.
2. SweetSuite.NET Content Management System Search.ASPX Cross-Site Scripting Vulnerability 
BugTraq ID: 17254
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17254
Summary:
SweetSuite.NET Content Management System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

3. Microsoft Office XP Array Index Denial of Service Vulnerability
BugTraq ID: 17252
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17252
Summary:
Microsoft Office is prone to a denial-of-service condition when handling malformed array indices. When an Office application such as Excel, Word, or PowerPoint tries to open a file containing a malformed array index, an exception will be thrown, causing the application to fail. 

Office XP is vulnerable to this issue; other versions may also be affected.

4. Microsoft .NET Framework SDK MSIL Tools Buffer Overflow Vulnerabilities
BugTraq ID: 17243
Remote: Yes
Date Published: 2006-03-27
Relevant URL: http://www.securityfocus.com/bid/17243
Summary:
Microsoft .NET Framework SDK contains tools for assembling and disassembling MSIL files. These tools are prone to buffer-overflow vulnerabilities that attackers could exploit to cause a denial of service or potentially execute arbitrary code.
These issues were reported to affect the .NET Framework SDK version 1.1 SP1; earlier versions may also be affected. Version 2.0 may also be affected, but code execution does not seem possible.
5. Pablo Software Solutions Baby Web/Quick 'n Easy Web ASP Source Disclosure Vulnerability 
BugTraq ID: 17222
Remote: Yes
Date Published: 2006-03-24
Relevant URL: http://www.securityfocus.com/bid/17222
Summary:
A problem with Baby Web Server and Quick 'n Easy Web Server results in the disclosure of the source code of Active Server Pages. This allows attackers to gain unauthorized access to sensitive information, potentially aiding them in further attacks.
This issue affects the discontinued Baby Web Server and versions prior to 3.1.1 of its successor Quick 'n Easy Web Server. 

6. Pubcookies Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 17221
Remote: Yes
Date Published: 2006-03-24
Relevant URL: http://www.securityfocus.com/bid/17221
Summary:
Pubcookies is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

These issues were addressed in Pubcookie 3.3.0a and 3.2.1b.
7. Internet Security Systems BlackICE and RealSecure Desktop Local Privilege Escalation Vulnerability 
BugTraq ID: 17218
Remote: No
Date Published: 2006-03-23
Relevant URL: http://www.securityfocus.com/bid/17218
Summary:
Multiple Internet Security Systems (ISS) products are susceptible to a local privilege-escalation vulnerability. This issue is due to the application's failure to properly lower the privileges of the running process when required.
Due to the nature of the affected application, it executes with SYSTEM privileges. When a local user opens the help browser from the affected application, it runs with the same elevated privileges as the calling application.
This vulnerability allows local attackers to access and execute arbitrary files with SYSTEM privileges, facilitating the compromise of the local computer.
8. Retired: Sendmail SM_SysLog Remote Memory Leak Denial Of Service Vulnerability 
BugTraq ID: 17207
Remote: Yes
Date Published: 2006-03-23
Relevant URL: http://www.securityfocus.com/bid/17207
Summary:
Sendmail is prone to a remote denial-of-service vulnerability. The application fails to properly free allocated memory regions when it is finished with them.
Remote attackers may leverage this issue to consume excessive memory, eventually crashing the application. This will deny further email service to legitimate users. 

Sendmail versions prior to 8.13.6 are vulnerable to this issue.
** Update: Due to further analysis and details from the vendor, this BID is retired. Since the memory buffer that was documented as not being freed is a local variable, this is not a vulnerability. 

9. VBulleting ImpEx Remote File Include Vulnerability
BugTraq ID: 17206
Remote: Yes
Date Published: 2006-03-23
Relevant URL: http://www.securityfocus.com/bid/17206
Summary:
vBulletin ImpEx is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and the underlying system; other attacks are also possible. 

10. Baby FTP Server Information Disclosure Weakness
BugTraq ID: 17205
Remote: Yes
Date Published: 2006-03-23
Relevant URL: http://www.securityfocus.com/bid/17205
Summary:
Baby FTP Server is susceptible to a remote information-disclosure weakness. This issue is due to a lack of proper sanitization of user-supplied input.
An attacker may use information obtained to launch further attacks on the affected computer. 

Version 1.24 is vulnerable; other versions may also be affected.

11. Orion Application Server JSP Source Disclosure Vulnerability
BugTraq ID: 17204
Remote: Yes
Date Published: 2006-03-23
Relevant URL: http://www.securityfocus.com/bid/17204
Summary:
A problem with Orion Application Server results in the disclosure of the source code of Java Server Pages. This allows attackers to gain unauthorized access to sensitive information, potentially aiding them in further attacks.
This issue only affects Orion Application Server installations on Microsoft Windows platforms. Versions 5.0.5 and 5.0.6 are vulnerable; earlier versions may also be vulnerable.
12. Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability 
BugTraq ID: 17196
Remote: Yes
Date Published: 2006-03-22
Relevant URL: http://www.securityfocus.com/bid/17196
Summary:
Microsoft Internet Explorer is susceptible to a remote code-execution vulnerability. This issue is due to a flaw that results in an invalid table-pointer dereference.
Remote attackers may exploit this issue to crash affected browsers or to execute arbitrary machine code in the context of affected users.
Microsoft has reported that this issue does not affect the March 20, 2006 release of Internet Explorer 7 Beta 2 Preview. 

13. Sendmail Asynchronous Signal Handling Remote Code Execution Vulnerability
BugTraq ID: 17192
Remote: Yes
Date Published: 2006-03-22
Relevant URL: http://www.securityfocus.com/bid/17192
Summary:
Sendmail is prone to a remote code-execution vulnerability.
Remote attackers may leverage this issue to execute arbitrary code with the privileges of the application, which typically runs as superuser. 

Sendmail versions prior to 8.13.6 are vulnerable to this issue.
14. Microsoft ASP.NET COM Components W3WP Remote Denial Of Service Vulnerability 
BugTraq ID: 17188
Remote: Yes
Date Published: 2006-03-22
Relevant URL: http://www.securityfocus.com/bid/17188
Summary:
Improper access of COM and COM+ components in ASP.NET applications can cause a denial-of-service condition in 'w3wp.exe' processes.
A remote attacker can exploit this issue to cause denial-of-service conditions in applications using improperly coded ASP.NET, effectively denying service to legitimate users. 

15. Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability
BugTraq ID: 17181
Remote: Yes
Date Published: 2006-03-21
Relevant URL: http://www.securityfocus.com/bid/17181
Summary:
Microsoft Internet Explorer is affected by an unspecified remote vulnerability.
This vulnerability affects Internet Explorer 6.0 running on Microsoft Windows 98, Windows XP, and Windows Server 2003. A successful attack may allow remote attackers to execute HTA applications in the context of targeted users. This may allow remote attackers to execute code and potentially to compromise affected computers.
Due to a lack of information, further details cannot be provided. This BID will be updated when more information becomes available. 

16. MailEnable Unspecified POP Authentication Bypass Vulnerability
BugTraq ID: 17162
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17162
Summary:
MailEnable is prone to an unspecified authentication-bypass vulnerability.
This vulnerability affects the POP service of various MailEnable versions. Very little information beyond that is available at this time. This BID will be updated as further information becomes available.
17. MailEnable Enterprise/Professional Editions Webmail Denial of Service Vulnerability 
BugTraq ID: 17161
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17161
Summary:
MailEnable Enterprise/Professional Editions are prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause the application to consume all available resources, effectively denying service to legitimate users.
This issue is reported to be a seperate issue from that discussed in BID 16525 (MailEnable Enterprise Edition Webmail Denial of Service Vulnerability). 

18. PHPWebSite Multiple SQL Injection Vulnerabilities
BugTraq ID: 17150
Remote: Yes
Date Published: 2006-03-20
Relevant URL: http://www.securityfocus.com/bid/17150
Summary:
phpWebSite is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. 

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. 

V.   SPONSOR INFORMATION
------------------------
Test your Network Security Free with QualysGuard
Requiring NO software, QualysGuard will safely and accurately test your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation. 

http://www.securityfocus.com/cgi-bin/ib.pl




---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to