SecurityFocus Microsoft Newsletter #299

[mfossi]

SecurityFocus Microsoft Newsletter #299
----------------------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A LDAP Injection Attack!" - White Paper
It's as simple as placing additional LDAP query commands into a Web form input 
box giving hackers complete access to all your backend systems! Firewalls and 
IDS will not stop such attacks because LDAP Injections are seen as valid data. 
Download this *FREE* white paper from SPI Dynamics for a complete guide to 
protection!

https://download.spidynamics.com/1/ad/LD.asp?Campaign_ID=70160000000CYIn

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Basic journey of a packet
       2. Windows genuine disadvantage
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
       2. Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of 
Service Vulnerability
       3. Samba Internal Data Structures Denial of Service Vulnerability
       4. Microsoft Windows DHCP Client Service Remote Code Execution 
Vulnerability
       5. EBay Enhanced Picture Service ActiveX Remote Buffer Overflow 
Vulnerability
       6. Microsoft ASP.NET Application Folder Information Disclosure 
Vulnerability
       7. MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability
       8. Microsoft Office Malformed GIF File Remote Code Execution 
Vulnerability
       9. Microsoft Office Malformed PNG File Remote Code Execution 
Vulnerability
       10. Microsoft Office String Parsing Remote Code Execution Vulnerability
       11. Microsoft Office Property Code Execution Vulnerability
       12. Microsoft Excel LABEL Record Remote Code Execution Vulnerability
       13. SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow 
Vulnerability
       14. Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution 
Vulnerability
       15. Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of 
Service Vulnerability
       16. Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of 
Service Vulnerability
       17. Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service 
Vulnerability
       18. Microsoft Windows Server Driver Remote Information Disclosure 
Vulnerability
       19. Microsoft Excel FNGROUPCOUNT Record Remote Code Execution 
Vulnerability
       20. Microsoft Office Malformed String Parsing Code Execution 
Vulnerability
       21. Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
       22. Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
       23. Microsoft Excel Selection Record Variant Remote Code Execution 
Vulnerability
       24. Microsoft Internet Explorer Table Frameset Denial Of Service 
Vulnerability
       25. Microsoft Excel Style Handling and Repair Remote Code Execution 
Vulnerability
       26. Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow 
Vulnerability
       27. Sparklet Remote Format String Vulnerability
       28. Microsoft July Advance Notification Multiple Vulnerabilities
       29. WebEx ActiveX Multiple Remote Code Execution Vulnerabilities
       30. Microsoft IIS ASP Remote Code Execution Vulnerability
       31. Microsoft Internet Explorer Structured Graphics Control Denial Of 
Service Vulnerability
       32. Microsoft Excel Selection Record Remote Code Execution Vulnerability
       33. Retired: RARLAB WinRAR Self-Extracting Archive Buffer Overflow 
Vulnerability
       34. Windows Explorer Explorer.exe Denial Of Service Vulnerability
       35. COWON America JetAudio Audio File ID Tag Remote Buffer Overflow 
Vulnerability
       36. Microsoft Internet Explorer Href Title Denial Of Service 
Vulnerability
       37. Zone Labs ZoneAlarm Registry Key Local Denial Of Service 
Vulnerability
       38. Invision Power Board Index.PHP Act Parameter SQL Injection 
Vulnerability
       39. NASCAR Racing UDP Datagram Remote Denial of Service Vulnerability
       40. Microsoft Internet Explorer ADODB.Recordset Filter Property Denial 
of Service Vulnerability
       41. Microsoft Internet Explorer OutlookExpress.AddressBook Denial of 
Service Vulnerability
       42. Communigate Pro Server Pop Denial of Service Vulnerability
       43. Microsoft Internet Explorer HHCtrl ActiveX Control Memory Corruption 
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. DACLS for software distribution points...
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Basic journey of a packet
By Don Parker
The purpose of this introductory article is to look at basic look at the 
journey of a packet across the Internet, from packet creation to switches, 
routers, NAT, and so on. This topic is recommended for those who are new to the 
networking and security field and may not have a basic understanding of the 
underlying process.
http://www.securityfocus.com/infocus/1870

2. Windows genuine disadvantage
By Mark Rasch
A recent lawsuit filed against Microsoft should have all companies reexamining 
their privacy policies to determine what information they are actually 
collecting about customers, and what they can possibly do with it.
http://www.securityfocus.com/columnists/409


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
BugTraq ID: 18938
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18938
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

2. Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of Service 
Vulnerability
BugTraq ID: 18929
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18929
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

3. Samba Internal Data Structures Denial of Service Vulnerability
BugTraq ID: 18927
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18927
Summary:
The smbd daemon is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to consume excessive memory resources 
ultimately crashing the affected application.

This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.

4. Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability
BugTraq ID: 18923
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18923
Summary:
Microsoft Windows DHCP Client service is susceptible to a remote code-execution 
vulnerability. This issue is due to a failure of the service to properly bounds 
check user-supplied input prior to copying it to an insufficiently-sized memory 
buffer.

This vulnerability allows remote attackers to execute arbitrary machine code 
with SYSTEM-level privileges on affected computers. This facilitates the 
complete compromise of affected computers.

5. EBay Enhanced Picture Service ActiveX Remote Buffer Overflow Vulnerability
BugTraq ID: 18921
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18921
Summary:
eBay Enhanced Picture Service ActiveX control is prone to a buffer overflow 
vulnerability because it fails to properly bounds-check user-supplied input 
before copying it to an insufficiently sized memory buffer.

An attacker could exploit this issue by creating a malicious web page that 
would initialize the ActiveX controller and execute arbitrary code within the 
context of the user.

This issue could allow an attacker to execute arbitrary code.

This issue affects versions 1.0.3.36 and prior.

6. Microsoft ASP.NET Application Folder Information Disclosure Vulnerability
BugTraq ID: 18920
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18920
Summary:
ASP.NET is prone to an information-disclosure vulnerability. This issue is due 
to a failure in the applications to properly validate user-supplied input.

An attacker can exploit this issue to retrieve potentially sensitive 
information. Information retrieved may aid in further attacks.

7. MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability
BugTraq ID: 18916
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18916
Summary:
MIMESweeper For Web is prone to a cross-site scripting vulnerability because it 
fails to sanitize input before displaying it to users of the application.

An attacker may leverage this issue to have arbitrary script code execute in 
the browser of an unsuspecting user in the context of the affected site. This 
may help the attacker steal cookie-based authentication credentials and launch 
other attacks.

8. Microsoft Office Malformed GIF File Remote Code Execution Vulnerability
BugTraq ID: 18915
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18915
Summary:
Microsoft Office is prone to a remote code-execution vulnerability when 
handling a malformed GIF file.

The issue occurs when an Office application such as Excel, Word, or PowerPoint 
tries to open a malformed GIF file.

An attacker could exploit this vulnerability to cause memory corruption and 
subsequently the execution of malicious code in the context of the user running 
the affected application.

9. Microsoft Office Malformed PNG File Remote Code Execution Vulnerability
BugTraq ID: 18913
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18913
Summary:
Microsoft Office is prone to a remote code-execution vulnerability when 
handling a malformed PNG graphic file.

The issue occurs when an Office application such as Excel, Word, or PowerPoint 
tries to open a malformed PNG graphic file.

An attacker could exploit this vulnerability to cause memory corruption and 
subsequently the execution of malicious code in the context of the user running 
the affected application.

10. Microsoft Office String Parsing Remote Code Execution Vulnerability
BugTraq ID: 18912
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18912
Summary:
Microsoft Office is susceptible to a remote code-execution vulnerability. This 
issue is due to a failure of the application to properly handle malformed 
strings in Office documents.

Successfully exploiting this issue allows attackers to execute arbitrary code 
in the context of targeted users.

11. Microsoft Office Property Code Execution Vulnerability
BugTraq ID: 18911
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18911
Summary:
Microsoft Office is prone to a code-execution vulnerability. This is due to a 
failure to handle exceptional conditions.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

12. Microsoft Excel LABEL Record Remote Code Execution Vulnerability
BugTraq ID: 18910
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18910
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

13. SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow Vulnerability
BugTraq ID: 18906
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18906
Summary:
The sipXtapi product is reported to be prone to a remote buffer-overflow 
vulnerability. This issue presents itself when the application handles a 
specially crafted 'CSeq' value.

A successful attack may lead to unauthorized remote access in the context of a 
user running an affected application that uses the vulnerable library.

Reports indicate that sipXtapi versions that were released prior to March 24, 
2006 are vulnerable to this issue. Certain PingTel products and versions of AOL 
Triton may be affected because they employ the vulnerable library.

14. Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution 
Vulnerability
BugTraq ID: 18905
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18905
Summary:
Microsoft Office is reported to be prone to a potential code execution 
vulnerability.

This vulnerability occurs when the application handles a specially crafted 
document. A successful attack may result in a remote compromise in the context 
of an affected user.  Attack attempts may result in a denial of service 
condition as well.

Reports indicate that this issue can be triggered with a malicious Microsoft 
Word document; however, other Microsoft Office applications that employ the 
vulnerable function are vulnerable as well.

15. Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of Service 
Vulnerability
BugTraq ID: 18903
Remote: Yes
Date Published: 2006-07-09
Relevant URL: http://www.securityfocus.com/bid/18903
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

16. Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of Service 
Vulnerability
BugTraq ID: 18902
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18902
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website that uses the 'DirectAnimation.DAUserData' object in a 
malicious manner.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

17. Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service 
Vulnerability
BugTraq ID: 18900
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18900
Summary:
Microsoft Internet Explorer version 6 is reportedly prone to a 
denial-of-service vulnerability because the application fails to perform 
boundary checks before copying user-supplied data into sensitive process 
buffers.

This issue is triggered when an attacker convinces a victim user to activate a 
malicious ActiveX control object.

Remote attackers may exploit this issue to crash Internet Explorer 6, 
effectively denying service to legitimate users.

A stack-based heap overflow may be possible, and as a result, remote code 
execution in the context of the user running the affected application may 
occur. This has not been confirmed.

18. Microsoft Windows Server Driver Remote Information Disclosure Vulnerability
BugTraq ID: 18891
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18891
Summary:
Microsoft Windows Server driver is susceptible to a remote 
information-disclosure vulnerability. This issue is due to a flaw in the 
handling of certain SMB traffic.

Exploiting this issue allows remote attackers to gain access to potentially 
sensitive fragments of kernel memory. This may aid them in further attacks.

19. Microsoft Excel FNGROUPCOUNT Record Remote Code Execution Vulnerability
BugTraq ID: 18890
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18890
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

20. Microsoft Office Malformed String Parsing Code Execution Vulnerability
BugTraq ID: 18889
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18889
Summary:
Microsoft Office is prone to a code-execution vulnerability.  This condition 
can occur when a malformed string within an Office file is parsed.

This vulnerability is located in a shared library used by multiple Office 
applications, potentially allowing many different attack vectors.

An attacker could exploit this issue by enticing a victim to load a malicious 
Office file. If the vulnerability is successfully exploited, this could result 
in execution of arbitrary code in the context of the currently logged in user.

This issue is different than the one described in BID 18912 (Microsoft Office 
String Parsing Remote Code Execution Vulnerability)

21. Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
BugTraq ID: 18888
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18888
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability. This is due 
to a failure to handle exceptional conditions.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

22. Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
BugTraq ID: 18886
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18886
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability. This is due 
to a failure to handle exceptional conditions.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

23. Microsoft Excel Selection Record Variant Remote Code Execution 
Vulnerability
BugTraq ID: 18885
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18885
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

24. Microsoft Internet Explorer Table Frameset Denial Of Service Vulnerability
BugTraq ID: 18873
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18873
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

25. Microsoft Excel Style Handling and Repair Remote Code Execution 
Vulnerability
BugTraq ID: 18872
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18872
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code 
in the context of targeted users.

A proof-of-concept malicious code named 'Trojan.Hongmosa' is actively 
exploiting this vulnerability, which results in crashing Excel running on 
Simplified Chinese, Traditional Chinese, Japanese, or Korean Windows.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

This issue is distinct from the issue described in BID 18422 (Microsoft Excel 
Unspecified Remote Code Execution Vulnerability). Proof-of-concept 'Nanika.xls' 
was originally thought to be related to BID 18422; however, reports indicate 
that 'Nanika.xls' triggers this vulnerability.

26. Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow 
Vulnerability
BugTraq ID: 18863
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18863
Summary:
Microsoft Windows Server driver is susceptible to a remote heap buffer-overflow 
vulnerability. This issue is due to a failure of the software to properly 
bounds check user-supplied input prior to copying it to an insufficiently-sized 
memory buffer.

Exploiting this issue allows anonymous, remote attackers to execute arbitrary 
machine code in the context of the affected driver. This facilitates the 
complete compromise of affected computers.

Microsoft Windows XP SP2 and Microsoft Windows Server 2003 SP1 are not 
vulnerable to this issue in their default configuration.

27. Sparklet Remote Format String Vulnerability
BugTraq ID: 18862
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18862
Summary:
Sparklet is prone to a remote format-string vulnerability.

This is issue arises when the application displays a text string on the client 
screen during a match.

A successful exploit could result in executing arbitrary code or crashing the 
application.

Versions 0.9.4try3 and previous versions are vulnerable to this issue.

28. Microsoft July Advance Notification Multiple Vulnerabilities
BugTraq ID: 18861
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18861
Summary:
Microsoft has released advance notification that the vendor will be releasing 
twelve security bulletins for Windows on July 11, 2006. The highest severity 
rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs 
will be created and this record will be removed when the security bulletins are 
released.

29. WebEx ActiveX Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 18860
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18860
Summary:
WebEx ActiveX control is prone to multiple remote code-execution 
vulnerabilities.

An attacker could exploit these issues by creating a malicious web page that 
would initialize the WebEx ActiveX control, and then download and initialize 
malicious DLL files.

This issue could allow an attacker to execute arbitrary code.

Versions 2.0.0.7 and prior are affected.

30. Microsoft IIS ASP Remote Code Execution Vulnerability
BugTraq ID: 18858
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18858
Summary:
Microsoft Internet Information Server (IIS) is susceptible to a remote 
code-execution vulnerability. This issue is due to a failure of the application 
to properly bounds check user-supplied input prior to copying it to an 
insufficiently-sized memory buffer.

Attackers must have the ability to place and execute malicious ASP pages on 
computers running the affected ASP server software to exploit this issue. This 
may be an issue in shared-hosting environments.

This issue allows remote attackers to execute arbitrary machine code in the 
context of the affected web server software.

31. Microsoft Internet Explorer Structured Graphics Control Denial Of Service 
Vulnerability
BugTraq ID: 18855
Remote: Yes
Date Published: 2006-07-06
Relevant URL: http://www.securityfocus.com/bid/18855
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability 
because it fails to handle ActiveX controls properly.

This issue is triggered when an attacker convinces a victim user to activate a 
malicious ActiveX control.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

32. Microsoft Excel Selection Record Remote Code Execution Vulnerability
BugTraq ID: 18853
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18853
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory, 
and execute arbitrary code in the context of targeted users.

Note that MS Office applications include functionality to embed Office files as 
objects contained in other Microsoft Office files. As an example, Microsoft 
Word files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

33. Retired: RARLAB WinRAR Self-Extracting Archive Buffer Overflow 
Vulnerability
BugTraq ID: 18851
Remote: Yes
Date Published: 2006-07-05
Relevant URL: http://www.securityfocus.com/bid/18851
Summary:
A client-side buffer overflow vulnerability exists in WinRAR.

A remote attacker may supply malicious self-extracting archives to a user to be 
processed by WinRAR to exploit this issue.

A successful attack may result in a remote compromise in the context of the 
vulnerable user.

WinRAR 3.60 and prior versions are affected.

Further reports indicate that the vulnerability lies in the code embedded in 
self-extracting archives, therefore this issue requires that users directly 
execute malicious EXE files. As users are already executing attacker-provided 
executable files, nothing extra is gained by this vulnerability. This BID is 
therefore retired.

34. Windows Explorer Explorer.exe Denial Of Service Vulnerability
BugTraq ID: 18838
Remote: Yes
Date Published: 2006-07-05
Relevant URL: http://www.securityfocus.com/bid/18838
Summary:
Microsoft Windows Explorer is prone to a denial of service vulnerability. The 
application fails to handle malicious '.url' files properly while parsing the 
URI file.

Remote attackers may exploit this issue to crash Internet Explorer, Windows 
Explorer, and possibly others.

35. COWON America JetAudio Audio File ID Tag Remote Buffer Overflow 
Vulnerability
BugTraq ID: 18825
Remote: Yes
Date Published: 2006-07-05
Relevant URL: http://www.securityfocus.com/bid/18825
Summary:
jetAudio is prone to a remote buffer-overflow vulnerability.

The vulnerability presents itself when the application handles a malicious 
audio file.

A successful exploit may allow an attacker to gain unauthorized remote access 
in the context of an affected user.

jetAudio version 6.2.6.8330 Basic is reported vulnerable. Other versions may be 
affected as well.

36. Microsoft Internet Explorer Href Title Denial Of Service Vulnerability
BugTraq ID: 18820
Remote: Yes
Date Published: 2006-07-04
Relevant URL: http://www.securityfocus.com/bid/18820
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability 
because of an error in processing an HTML 'href' tag with a very large title.

An attacker can exploit this vulnerability to cause the application to stop 
responding, denying service to legitimate users.

37. Zone Labs ZoneAlarm Registry Key Local Denial Of Service Vulnerability
BugTraq ID: 18789
Remote: No
Date Published: 2006-07-03
Relevant URL: http://www.securityfocus.com/bid/18789
Summary:
ZoneAlarm is prone to a denial-of-service vulnerability because it fails to 
properly handle exceptional conditions.

A local attacker can exploit this issue to cause an error in the application 
and to crash the system, effectively denying service.

38. Invision Power Board Index.PHP Act Parameter SQL Injection Vulnerability
BugTraq ID: 18782
Remote: Yes
Date Published: 2006-07-03
Relevant URL: http://www.securityfocus.com/bid/18782
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This issue is 
due to a failure in the application to properly sanitize user-supplied input 
before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database 
implementation.

Version 1.3 Final is affected; other versions may also be vulnerable to this 
issue.

39. NASCAR Racing UDP Datagram Remote Denial of Service Vulnerability
BugTraq ID: 18778
Remote: Yes
Date Published: 2006-07-03
Relevant URL: http://www.securityfocus.com/bid/18778
Summary:
NASCAR Racing is prone to a denial-of-service vulnerability. This issue is due 
to the application's failure to properly handle empty UDP datagrams.

The vulnerability allows remote attackers from external networks to block 
communication between the client and the server.

This issue affects NASCAR Racing 4.1.3.1.6, NASCAR Racing 2002 Season 1.1.0.2, 
and NASCAR Racing 2003 Sesason 1.2.0.1; other versions may also be vulnerable.

40. Microsoft Internet Explorer ADODB.Recordset Filter Property Denial of 
Service Vulnerability
BugTraq ID: 18773
Remote: Yes
Date Published: 2006-07-03
Relevant URL: http://www.securityfocus.com/bid/18773
Summary:
Microsoft Internet Explorer is prone to a denial-of-service condition when 
processing the 'ADODB.Recordset Filter Property' COM object.

A successful attack may cause the browser to fail due to a null-pointer 
dereference.

41. Microsoft Internet Explorer OutlookExpress.AddressBook Denial of Service 
Vulnerability
BugTraq ID: 18771
Remote: Yes
Date Published: 2006-07-02
Relevant URL: http://www.securityfocus.com/bid/18771
Summary:
Microsoft Internet Explorer is prone to a denial-of-service condition when 
processing the 'OutlookExpress.AddressBook' COM object.

A successful attack may cause the browser to fail due to a null-pointer 
dereference.

42. Communigate Pro Server Pop Denial of Service Vulnerability
BugTraq ID: 18770
Remote: Yes
Date Published: 2006-07-03
Relevant URL: http://www.securityfocus.com/bid/18770
Summary:
CommuniGate Pro Server is prone to a remote denial-of-service vulnerability. 
This issue reportedly resides in the application's Pop component.

43. Microsoft Internet Explorer HHCtrl ActiveX Control Memory Corruption 
Vulnerability
BugTraq ID: 18769
Remote: Yes
Date Published: 2006-07-02
Relevant URL: http://www.securityfocus.com/bid/18769
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This 
is related to the handling of the HHCtrl ActiveX control.

Attackers may exploit this issue via a malicious web page to execute arbitrary 
code in the context of the currently logged-in user. Exploitation attempts may 
lead to a denial-of-service condition as well. Attackers may also employ HTML 
email to carry out an attack.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. DACLS for software distribution points...
http://www.securityfocus.com/archive/88/439301

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A LDAP Injection Attack!" - White Paper
It's as simple as placing additional LDAP query commands into a Web form input 
box giving hackers complete access to all your backend systems! Firewalls and 
IDS will not stop such attacks because LDAP Injections are seen as valid data. 
Download this *FREE* white paper from SPI Dynamics for a complete guide to 
protection!

https://download.spidynamics.com/1/ad/LD.asp?Campaign_ID=70160000000CYIn



---------------------------------------------------------------------------
---------------------------------------------------------------------------