SecurityFocus Microsoft Newsletter #296
----------------------------------------
This issue is sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack" - White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise
confidential information, steal cookies and create requests that can be
mistaken for those of a valid user!! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CY4R
------------------------------------------------------------------
I. FRONT AND CENTER
1. Strider URL Tracer with Typo Patrol
2. Phishing with Rachna Dhamija
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer OuterHTML Redirection Handling
Information Disclosure Vulnerability
2. ArGoSoft Mail Server POP3 Server Unspecified Remote Buffer Overflow
Vulnerability
3. Algorithmic Research PrivateWire Online Registration Remote Buffer
Overflow Vulnerability
4. Microsoft Windows Live Messenger Contact List Processing Remote
Denial of Service Vulnerability
5. BitchX BX_Do_Hook Remote Denial of Service Vulnerability
6. XM Easy Personal FTP Server Remote Denial of Service Vulnerability
7. MailEnable SMTP HELO Command Remote Denial of Service Vulnerability
8. BlueDragon Server .CFM Files Denial Of Service Vulnerability
9. BlueDragon Server Error Page Cross-Site Scripting Vulnerability
10. Yahoo! Messenger Message Handling Denial of Service Vulnerability
11. Microsoft Office Embedded Shockwave Flash Object Security Bypass
Weakness
12. JaguarEdit ActiveX Control Information Disclosure Vulnerability
13. Hosting Controller Unspecified Privilege Escalation Vulnerability
14. Toshiba Bluetooth Stack TOSRFBD.SYS Remote Denial of Service
Vulnerability
15. Nullsoft Winamp Malformed MIDI File Remote Buffer Overflow
Vulnerability
16. Microsoft HLINK.DLL Link Memory Corruption Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #296
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Strider URL Tracer with Typo Patrol
By Tony Bradley, CISSP-ISSAP
This article looks at Microsoft's free Strider URL Tracer with Typo-Patrol to
help fight typo-squatters and domain parking abuse. The tool can be used to
protect children from seeing inappropriate or explicit sites that they should
not see, and for companies or trademark owners to scan and investigate sites
that may be typo-squatting their domain(s) so that they can be investigated
and/or prosecuted.
http://www.securityfocus.com/infocus/1869
2. Phishing with Rachna Dhamija
By Federico Biancuzzi
Federico Biancuzzi interviews Rachna Dhamija, co-author of the paper "Why
Phishing Works" and creator of Dynamic Security Skins. They discuss the human
factor, how easy it is to recreate a credible browser window made with images,
some new anti-phishing features included in the upcoming version of some
popular browsers, and the power of letting a user personalize his interface.
http://www.securityfocus.com/columnists/407
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer OuterHTML Redirection Handling Information
Disclosure Vulnerability
BugTraq ID: 18682
Remote: Yes
Date Published: 2006-06-27
Relevant URL: http://www.securityfocus.com/bid/18682
Summary:
Microsoft Internet Explorer is susceptible to an information disclosure
vulnerability. This issue is due to a failure of the application to properly
enforce cross-domain policies.
This issue may allow attackers to access arbitrary websites in the context of
targeted users browser session. This may allow them to perform actions in web
applications with the privileges of exploited users, or to gain access to
potentially sensitive information. This may aid them in further attacks.
Microsoft Internet Explorer version 6.0 on Windows XP SP2 is vulnerable to this
issue; other versions may also be affected.
2. ArGoSoft Mail Server POP3 Server Unspecified Remote Buffer Overflow
Vulnerability
BugTraq ID: 18668
Remote: Yes
Date Published: 2006-06-26
Relevant URL: http://www.securityfocus.com/bid/18668
Summary:
The ArGoSoft Mail Server POP3 service is prone to a remote buffer-overflow
vulnerability.
This issue allows remote attackers to execute arbitrary machine code in the
context of the affected service. This service likely executes with SYSTEM-level
privileges, so exploiting this issue will facilitate the complete compromise of
affected computers.
More information, including affected versions, is not currently available. This
BID will be updated as more information is disclosed.
3. Algorithmic Research PrivateWire Online Registration Remote Buffer Overflow
Vulnerability
BugTraq ID: 18647
Remote: Yes
Date Published: 2006-06-26
Relevant URL: http://www.securityfocus.com/bid/18647
Summary:
PrivateWire online registration is prone to a remote buffer-overflow
vulnerability.
The application fails to properly check boundary conditions when handling GET
requests.
This issue allows attackers to execute arbitrary machine code in the context of
the affected application software.
Version 3.7 is vulnerable to this issue; previous versions may also be
affected.
4. Microsoft Windows Live Messenger Contact List Processing Remote Denial of
Service Vulnerability
BugTraq ID: 18639
Remote: Yes
Date Published: 2006-06-25
Relevant URL: http://www.securityfocus.com/bid/18639
Summary:
Microsoft Windows Live Messenger is reported prone to a remote
denial-of-service vulnerability when handling malformed contact list (.ctt)
files.
A successful attack can result in a denial of service condition by crashing the
application.
Windows Live Messenger 8.0 is reported to be vulnerable. Other versions may be
affected as well.
5. BitchX BX_Do_Hook Remote Denial of Service Vulnerability
BugTraq ID: 18634
Remote: Yes
Date Published: 2006-06-24
Relevant URL: http://www.securityfocus.com/bid/18634
Summary:
BitchX is prone to a remote denial-of-service vulnerability because it fails to
properly handle excessive data from malicious IRC servers.
This issue allows remote attackers to crash affected IRC clients, denying
service to legitimate users. To exploit this issue, attackers must coerce users
of affected clients to connect to a malicious server.
BitchX version 1.1-final is vulnerable to this issue; previous versions may
also be affected.
6. XM Easy Personal FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 18632
Remote: Yes
Date Published: 2006-06-24
Relevant URL: http://www.securityfocus.com/bid/18632
Summary:
XM Easy Personal FTP Server is prone to a remote denial-of-service
vulnerability because it fails to properly handle excessive data.
This issue allows remote attackers to crash affected FTP servers, denying
service to legitimate users. Attackers may potentially exploit this issue to
execute arbitrary machine code in the context of affected servers, but this has
not been confirmed.
XM Easy Personal FTP Server version 5.0.1 is vulnerable to this issue; other
versions may also be affected.
7. MailEnable SMTP HELO Command Remote Denial of Service Vulnerability
BugTraq ID: 18630
Remote: Yes
Date Published: 2006-06-24
Relevant URL: http://www.securityfocus.com/bid/18630
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.
This issue allows remote attackers to crash the application, denying further
service to legitimate users.
The specific cause of this issue is currently unknown. This BID will be updated
as further information is disclosed.
8. BlueDragon Server .CFM Files Denial Of Service Vulnerability
BugTraq ID: 18624
Remote: Yes
Date Published: 2006-06-23
Relevant URL: http://www.securityfocus.com/bid/18624
Summary:
BlueDragon is prone to a remote denial-of-service vulnerability. This issue is
due to the application's failure to efficiently handle malformed GET requests.
An attacker can exploit this issue to cause the service to stop responding,
effectively denying service to legitimate users.
This issue affects version 6.2.1.286; other versions may also be vulnerable.
9. BlueDragon Server Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 18623
Remote: Yes
Date Published: 2006-06-23
Relevant URL: http://www.securityfocus.com/bid/18623
Summary:
BlueDragon is prone to a cross-site scripting vulnerability. This issue is due
to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in
the browser of an unsuspecting user in the context of the affected site. This
may help the attacker steal cookie-based authentication credentials and launch
other attacks.
This issue affects version 6.2.1.286; other versions may also be vulnerable.
10. Yahoo! Messenger Message Handling Denial of Service Vulnerability
BugTraq ID: 18622
Remote: Yes
Date Published: 2006-06-23
Relevant URL: http://www.securityfocus.com/bid/18622
Summary:
Yahoo! Messenger is prone to a denial-of-service vulnerability. Successful
exploitation will cause the application to crash, effectively denying service.
This issue affects version 7.5.0.814; other versions may also be vulnerable.
11. Microsoft Office Embedded Shockwave Flash Object Security Bypass Weakness
BugTraq ID: 18583
Remote: Yes
Date Published: 2006-06-22
Relevant URL: http://www.securityfocus.com/bid/18583
Summary:
Microsoft Office is prone to a weakness that may allow remote attackers to
execute arbitrary script code contained in Shockwave Flash Objects without
first requiring confirmation from users.
A successful attack may allow attackers to access sensitive information and
potentially execute malicious commands on a vulnerable computer.
The researcher responsible for discovering this issue has indicated that it
presents itself on Windows 2003 SP1, Windows XP Professional Edition SP1 and
SP2 running Microsoft Office 2003, and Windows 2000 Professional running
Microsoft Office 2003. Other versions may be vulnerable as well.
12. JaguarEdit ActiveX Control Information Disclosure Vulnerability
BugTraq ID: 18576
Remote: Yes
Date Published: 2006-06-21
Relevant URL: http://www.securityfocus.com/bid/18576
Summary:
The JaguarEdit ActiveX control is prone to an information-disclosure
vulnerability.
An attacker can exploit this vulnerability to retrieve privileged and
potentially sensitive information that may aid in further attacks.
13. Hosting Controller Unspecified Privilege Escalation Vulnerability
BugTraq ID: 18565
Remote: Yes
Date Published: 2006-06-21
Relevant URL: http://www.securityfocus.com/bid/18565
Summary:
Hosting Controller contains an unspecified error that allows an authenticated
user to escalate privileges.
Attackers can exploit this issue to gain web aministrative privileges in the
instance of the application.
14. Toshiba Bluetooth Stack TOSRFBD.SYS Remote Denial of Service Vulnerability
BugTraq ID: 18527
Remote: Yes
Date Published: 2006-06-20
Relevant URL: http://www.securityfocus.com/bid/18527
Summary:
Toshiba Bluetooth Stack is prone to a remote denial-of-service vulnerability.
Reports indicate that a successful attack can corrupt memory and restart a
vulnerable computer.
Toshiba Bluetooth Stack for Windows versions 4.0.23 and prior are reported to
be affected.
15. Nullsoft Winamp Malformed MIDI File Remote Buffer Overflow Vulnerability
BugTraq ID: 18507
Remote: Yes
Date Published: 2006-06-19
Relevant URL: http://www.securityfocus.com/bid/18507
Summary:
Winamp is prone to a buffer-overflow vulnerability when handling specially
crafted files.
An attacker may exploit this issue to gain unauthorized access to a computer
with the privileges of the user that activated the vulnerable application.
Winamp versions prior to 5.22 are reported prone to this issue.
16. Microsoft HLINK.DLL Link Memory Corruption Vulnerability
BugTraq ID: 18500
Remote: Yes
Date Published: 2006-06-19
Relevant URL: http://www.securityfocus.com/bid/18500
Summary:
Microsoft HLINK.DLL is prone to a memory-corruption vulnerability. This issue
is due to the library's failure to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
Successfully exploiting this issue allows attackers to execute arbitrary
machine code in the context of applications that use the affected library. This
facilitates the remote compromise of affected computers. Failed exploit
attempts will likely crash targeted applications.
This issue has been shown to be exploitable through Microsoft Excel files.
Other applications using the affected library may also be affected.
Information regarding which specific versions of HLINK.DLL are affected (and
which Microsoft Windows operating systems that include the affected library) is
currently unavailable. This BID will be updated as further information is
disclosed.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #296
http://www.securityfocus.com/archive/88/437908
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting Attack" - White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise
confidential information, steal cookies and create requests that can be
mistaken for those of a valid user!! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CY4R
---------------------------------------------------------------------------
---------------------------------------------------------------------------
