SecurityFocus Microsoft Newsletter #286
----------------------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"-
White Paper Blind SQL Injection can deliver total control of your server to a
hacker giving them the ability to read, write and manipulate all data stored in
your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl
------------------------------------------------------------------
I. FRONT AND CENTER
1. This Means Warcraft!
2. Two attacks against VoIP
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
2. Microsoft Windows Shell COM Object Remote Code Execution
Vulnerability
3. Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution
Vulnerability
4. Microsoft Internet Explorer Persistent Window Content Address Bar
Spoofing Vulnerability
5. Microsoft Outlook Express Windows Address Book File Parsing Buffer
Overflow Vulnerability
6. Microsoft Internet Explorer Popup Cross-Domain Information Disclosure
Vulnerability
7. Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass
Vulnerability
8. Microsoft Internet Explorer Double Byte Character Memory Corruption
Vulnerability
9. Microsoft Internet Explorer COM Object Instantiation Code Execution
Vulnerability
10. Microsoft FrontPage Server Extensions Cross-Site Scripting
Vulnerability
11. Microsoft Internet Explorer Invalid HTML Parsing Code Execution
Vulnerability
12. TUGZip Remote Directory Traversal Vulnerability
13. PHPList Index.PHP Local File Include Vulnerability
14. TalentSoft Web+ Shop Deptname Parameter Cross-Site Scripting
Vulnerability
15. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
16. GlobalSCAPE Secure FTP Server Remote Denial of Service Vulnerability
17. Microsoft April Advance Notification Multiple Vulnerabilities
18. PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities
19. Clam AntiVirus ClamAV Multiple Vulnerabilities
20. Eset Software NOD32 Antivirus Local Arbitrary File Creation
Vulnerability
21. HP Color LaserJet 2500/4600 Toolbox Directory Traversal
Vulnerability
22. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Adding Users via Web Interface
2. SecurityFocus Microsoft Newsletter #285
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. This Means Warcraft!
By Mark Rasch
A recent World of Warcraft case involved a WoW book by Brian Knopp that was
being sold on eBay. It resulted in automated takedown notices by "lawyerbots"
and shows how the legal process today can end up silencing legitimate uses of
trademarks and copyrights.
http://www.securityfocus.com/columnists/396
2. Two attacks against VoIP
By Peter Thermos
This purpose of this article is to discuss two of the most well known attacks
that can be carried out in current VoIP deployments. The first attack
demonstrates the ability to hijack a user's VoIP Subscription and subsequent
communications. The second attack looks at the ability to eavesdrop in to VoIP
communications.
http://www.securityfocus.com/infocus/1862
SecurityFocus is looking for the best technical articles from the community. In
addition to becoming instantly famous, publication of your research, technical
work, installation guide or security HOWTO will benefit the community as a
whole. Interested parties should consult the submission guidelines below and
review some recent Infocus articles. Start with an idea and a one-page outline.
Submit your article idea now!
http://www.securityfocus.com/static/submissions.html
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
BugTraq ID: 17468
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17468
Summary:
Microsoft Internet Explorer is prone to a memory corruption vulnerability. This
is related to the handling of certain HTML tags.
This issue could be exploited by a malicious web page to execute arbitrary code
in the context of the currently logged in user. The issue could also be
exploited through HTML email.
2. Microsoft Windows Shell COM Object Remote Code Execution Vulnerability
BugTraq ID: 17464
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17464
Summary:
Microsoft Windows Shell is susceptible to a remote code execution
vulnerability. This issue is due to a flaw in its handling of remote COM
objects.
This issue may be exploited by remote attackers to execute arbitrary machine
code in the context of the targeted user. This may facilitate the remote
compromise of affected computers.
This issue is described as a variant of the one described in BID 10363
(Microsoft Windows XP Self-Executing Folder Vulnerability).
3. Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution
Vulnerability
BugTraq ID: 17462
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17462
Summary:
The Microsoft MDAC RDS.Dataspace ActiveX control is vulnerable to remote code
execution. An attacker could exploit this issue to execute code in the context
of the user visiting a malicious web page.
4. Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing
Vulnerability
BugTraq ID: 17460
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17460
Summary:
Microsoft Internet Explorer is prone to an address bar spoofing vulnerability.
This issue may be exploited by a malicious web page to spoof the contents of a
page that the victim of the attack may trust. This vulnerability may be useful
in phishing or other attacks that rely on content spoofing.
5. Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow
Vulnerability
BugTraq ID: 17459
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17459
Summary:
Microsoft Outlook Express is prone to a remote buffer-overflow vulnerability.
This vulnerability presets itself when the application processes a specially
crafted Windows Address Book (.wab) file.
An attacker may exploit this issue to execute arbitrary code in the context of
a user running the vulnerable application. This may result in a remote
compromise.
6. Microsoft Internet Explorer Popup Cross-Domain Information Disclosure
Vulnerability
BugTraq ID: 17457
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17457
Summary:
Microsoft Internet Explorer is prone to a cross-domain information disclosure
vulnerability.
This vulnerability may let a malicious web site access properties of a site in
an arbitrary external domain. This could be exploited to gain access to
sensitive information that is associated with the external domain, such as
cookies associated with a userĂ¢??s session on the external web site.
7. Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass
Vulnerability
BugTraq ID: 17455
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17455
Summary:
Microsoft Internet Explorer is prone to a zone bypass vulnerability. This
issue is due to the browser returning erroneous IOleClientSite when dynamically
creating an embedded object. This could cause malicious script code to be
executed in a security zone with fewer restrictions than the zone that the
content originates from.
This issue may be exploited to execute arbitrary code in the context of the
currently logged in user on the affected computer. It may also be possible to
execute malicious script code in the context of a site that exists in another
domain. The issue could be exploited through a malicious web page.
8. Microsoft Internet Explorer Double Byte Character Memory Corruption
Vulnerability
BugTraq ID: 17454
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17454
Summary:
Microsoft Internet Explorer is prone to a memory corruption vulnerability.
This is related to an error in how double byte character set (DBCS) characters
are handled in IP addresses from rendered HTML content.
This issue could be exploited by a malicious web page to execute arbitrary code
in the context of the currently logged in user. The issue could also be
exploited through HTML email.
Microsoft has stated that this issue is not applicable to Internet Explorer 6.0
on Windows Server 2003 SP1.
9. Microsoft Internet Explorer COM Object Instantiation Code Execution
Vulnerability
BugTraq ID: 17453
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17453
Summary:
Microsoft Internet Explorer is prone to a memory corruption vulnerability that
is related to the instantiation of COM objects. This issue results from a
design error.
The vulnerability arises because of the way Internet Explorer attempts to
instantiate certain COM objects as ActiveX controls, resulting in arbitrary
code execution. The affected objects are not intended to be instantiated
through Internet Explorer.
This BID is related to the issues described in BID 14511 (Microsoft Internet
Explorer COM Object Instantiation Buffer Overflow Vulnerability) and BID 15061
Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability),
however, a different set of COM objects are affected that were not addressed in
the previous BIDs.
10. Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
BugTraq ID: 17452
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17452
Summary:
Microsoft FrontPage Server Extensions are prone to a cross-site scripting
vulnerability. This issue is due to a failure in the application to properly
sanitize user-supplied input before it is rendered to other users.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user, with the privileges of the victim userĂ¢??s
account. This may help the attacker steal cookie-based authentication
credentials and launch other attacks.
11. Microsoft Internet Explorer Invalid HTML Parsing Code Execution
Vulnerability
BugTraq ID: 17450
Remote: Yes
Date Published: 2006-04-11
Relevant URL: http://www.securityfocus.com/bid/17450
Summary:
Microsoft Internet Explorer is prone to a vulnerability that may permit remote
attackers to execute arbitrary code. This vulnerability occurs when the
browser parses invalid HTML.
This vulnerability could be exploited through a malicious web page or HTML
email.
12. TUGZip Remote Directory Traversal Vulnerability
BugTraq ID: 17432
Remote: Yes
Date Published: 2006-04-10
Relevant URL: http://www.securityfocus.com/bid/17432
Summary:
Reportedly, an attacker can carry out attacks similar to directory traversals.
These issues present themselves when the application processes malicious
archives.
A successful attack can allow the attacker to place potentially malicious files
and overwrite files on a computer in the context of the user running the
affected application. Successful exploitation may aid in further attacks.
13. PHPList Index.PHP Local File Include Vulnerability
BugTraq ID: 17429
Remote: Yes
Date Published: 2006-04-10
Relevant URL: http://www.securityfocus.com/bid/17429
Summary:
PHPList is prone to a local file-include vulnerability. This may facilitate the
unauthorized viewing of files and unauthorized execution of local scripts.
Attackers may exploit this issue to execute arbitrary code by manipulating log
files.
14. TalentSoft Web+ Shop Deptname Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 17418
Remote: Yes
Date Published: 2006-04-07
Relevant URL: http://www.securityfocus.com/bid/17418
Summary:
Web+ Shop is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may help the attacker steal cookie-based authentication credentials and launch
other attacks.
15. Microsoft Internet Explorer Address Bar Spoofing Vulnerability
BugTraq ID: 17404
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17404
Summary:
Internet Explorer is prone to address-bar spoofing.
An attacker can exploit this issue to display the URI of a trusted and known
site in the address bar, while running an attacker-supplied Macromedia Flash
application. This may aid in phishing-style attacks and possibly allow access
to properties of the trusted domain.
16. GlobalSCAPE Secure FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 17398
Remote: Yes
Date Published: 2006-04-06
Relevant URL: http://www.securityfocus.com/bid/17398
Summary:
GlobalSCAPE Secure FTP Server is susceptible to a remote denial-of-service
vulnerability. This issue is due to the application's failure to properly
handle unexpected input.
This vulnerability allows remote attackers to crash affected servers, denying
service to legitimate users.
Versions of Secure FTP Server prior to 3.1.4 Build 01.10.2006 are affected by
this issue.
17. Microsoft April Advance Notification Multiple Vulnerabilities
BugTraq ID: 17397
Remote: Yes
Date Published: 2006-04-06
Relevant URL: http://www.securityfocus.com/bid/17397
Summary:
Microsoft has released advance notification that they will be releasing five
security bulletins for Windows on April 11, 2006. The highest severity rating
for these issues is Critical.
Further details about these issues are not currently available. Individual BIDs
will be created and this record will be removed when the security bulletins are
released.
18. PHPMyAdmin Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 17390
Remote: Yes
Date Published: 2006-04-06
Relevant URL: http://www.securityfocus.com/bid/17390
Summary:
phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These
issues are due to a failure in the application to properly sanitize
user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may help the attacker steal cookie-based authentication credentials and launch
other attacks.
These issues may be related to BID 17142 (PHPMyAdmin Set_Theme Cross-Site
Scripting Vulnerability).
19. Clam AntiVirus ClamAV Multiple Vulnerabilities
BugTraq ID: 17388
Remote: Yes
Date Published: 2006-04-05
Relevant URL: http://www.securityfocus.com/bid/17388
Summary:
ClamAV is prone to multiple vulnerabilities:
- An integer-overflow vulnerability.
- A format-string vulnerability.
- A denial-of-service vulnerability.
The first two issues may permit attackers to execute arbitrary code, which can
facilitate a compromise of an affected computer.
If an attacker can successfully exploit the denial-of-service issue, this may
crash the affected application, which may aid an attacker in further attacks if
the antivirus software no longer works.
20. Eset Software NOD32 Antivirus Local Arbitrary File Creation Vulnerability
BugTraq ID: 17374
Remote: No
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17374
Summary:
NOD32 Antivirus is affected by a local arbitrary file-creation vulnerability.
This issue is due to the application's failure to properly drop SYSTEM
privileges when performing operations on behalf of a local user. Attackers
cannot overwrite already-existing files by exploiting this issue.
This issue allows local attackers to create files in arbitrary locations with
SYSTEM-level privileges. This may allow then them to execute arbitrary code
with elevated privileges, facilitating the compromise of affected computers.
Versions prior to 2.51.26 are affected by this issue.
21. HP Color LaserJet 2500/4600 Toolbox Directory Traversal Vulnerability
BugTraq ID: 17367
Remote: Yes
Date Published: 2006-04-04
Relevant URL: http://www.securityfocus.com/bid/17367
Summary:
The HP Color LaserJet 2500/4600 Toolbox is prone to a directory-traversal
vulnerability. This issue is due to a failure in the application to properly
sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the
vulnerable system in the context of the affected application. Information
obtained may aid attackers in further attacks.
22. PHP PHPInfo Large Input Cross-Site Scripting Vulnerability
BugTraq ID: 17362
Remote: Yes
Date Published: 2006-04-03
Relevant URL: http://www.securityfocus.com/bid/17362
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in
the browser of an unsuspecting user in the context of the affected site. This
may help the attacker steal cookie-based authentication credentials and launch
other attacks.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Adding Users via Web Interface
http://www.securityfocus.com/archive/88/430662
2. SecurityFocus Microsoft Newsletter #285
http://www.securityfocus.com/archive/88/430424
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SPI Dynamics
ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"-
White Paper Blind SQL Injection can deliver total control of your server to a
hacker giving them the ability to read, write and manipulate all data stored in
your backend systems! Download this *FREE* white paper from SPI Dynamics for a
complete guide to protection!
https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70130000000CGKl
---------------------------------------------------------------------------
---------------------------------------------------------------------------
