SecurityFocus Microsoft Newsletter #300

[mfossi]

SecurityFocus Microsoft Newsletter #300
----------------------------------------
This issue is Sponsored by: Qualys

On-Demand Vulnerability Management
Proactively Identify and remediate Network Vulnerabilities, Measure and Manage 
Risk. Free 14 Day Trial with NO Obligation!

http://newsletter.industrybrains.com/c?fe;1;5e792;5cd;233;1e60;da4

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Basic journey of a packet
       2. Application-level virtualization for Windows
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Wireshark Protocol Dissectors Multiple Vulnerabilities
       2. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
       3. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service 
Vulnerability
       4. Microsoft Internet Explorer DXImageTransform Properties Denial Of 
Service Vulnerability
       5. Outpost Firewall PRO Local Privilege Escalation Vulnerability
       6. Lotus Notes Mail Recipient Information Disclosure Vulnerability
       7. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
       8. Zoho Virtual Office Message HTML Injection Vulnerability
       9. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service 
Vulnerabilities
       10. Microsoft Internet Explorer MHTMLFile Denial Of Service 
Vulnerability
       11. Rabox WinLPD Remote Buffer Overflow Vulnerability
       12. IceWarp Web Mail Multiple File Include Vulnerabilities
       13. VisNetic Mail Server Multiple File Include Vulnerabilities
       14. Microsoft ISA Server File Extension Filter Bypass Vulnerability
       15. Microsoft Powerpoint Multiple Unspecified Vulnerabilities
       16. Microsoft Works Spreadsheet Multiple Remote Vulnerabilties
       17. Microsoft Internet Explorer RevealTrans Denial Of Service 
Vulnerability
       18. Microsoft Powerpoint Remote Code Execution Vulnerability
       19. Microsoft Internet Explorer TriEditDocument Denial Of Service 
Vulnerability
       20. Adobe Acrobat / Adobe Reader Local Privilege Escalation 
Vulnerability
       21. Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
       22. Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of 
Service Vulnerability
       23. Microsoft Windows DHCP Client Service Remote Code Execution 
Vulnerability
       24. Microsoft ASP.NET Application Folder Information Disclosure 
Vulnerability
       25. MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability
       26. Microsoft Office Malformed GIF File Remote Code Execution 
Vulnerability
       27. Microsoft Office Malformed PNG File Remote Code Execution 
Vulnerability
       28. Microsoft Office String Parsing Remote Code Execution Vulnerability
       29. Microsoft Office Property Code Execution Vulnerability
       30. Microsoft Excel LABEL Record Remote Code Execution Vulnerability
       31. SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow 
Vulnerability
       32. Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution 
Vulnerability
       33. Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of 
Service Vulnerability
       34. Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of 
Service Vulnerability
       35. Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service 
Vulnerability
       36. Microsoft Windows Server Driver Remote Information Disclosure 
Vulnerability
       37. Microsoft Excel FNGROUPCOUNT Record Remote Code Execution 
Vulnerability
       38. Microsoft Office Malformed String Parsing Code Execution 
Vulnerability
       39. Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
       40. Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
       41. Microsoft Excel Selection Record Variant Remote Code Execution 
Vulnerability
       42. Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow 
Vulnerability
       43. Microsoft IIS ASP Remote Code Execution Vulnerability
       44. Microsoft Excel Selection Record Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. Questions about File deletion avoidance in Windows platform
       2. SecurityFocus Microsoft Newsletter #299
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Basic journey of a packet
By Don Parker
The purpose of this introductory article is to look at basic look at the 
journey of a packet across the Internet, from packet creation to switches, 
routers, NAT, and so on. This topic is recommended for those who are new to the 
networking and security field and may not have a basic understanding of the 
underlying process.
http://www.securityfocus.com/infocus/1870

2. Application-level virtualization for Windows
By Federico Biancuzzi
Federico Biancuzzi interviews Eyal Dotan, who has developed application-level 
virtualization software that protects Windows hosts from malware. They discuss 
the architecture, advantages of this design, performance, and how this method 
could be applied to servers running Windows or be ported to other OSes.
http://www.securityfocus.com/columnists/410


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Wireshark Protocol Dissectors Multiple Vulnerabilities
BugTraq ID: 19051
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:

- A format string vulnerability.
- An off-by-one vulnerability.
- An infinite loop vulnerability.
- A memory allocation vulnerability.

These may permit attackers to execute arbitrary code, which can facilitate a 
compromise of an affected computer or cause a denial-of-service condition to 
legitimate users of the application.

2. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
BugTraq ID: 19043
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19043
Summary:
WinRAR is susceptible to a remote buffer-overflow vulnerability. This issue is 
due to a failure of the application to properly bounds check user-supplied 
input prior to copying it to an insufficiently-sized memory buffer.

This vulnerability allows attackers to execute arbitrary machine code in the 
context of the affected application.

Versions of WinRAR from 3.0 to 3.60 beta 6 are vulnerable to this issue.

3. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service 
Vulnerability
BugTraq ID: 19030
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19030
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

4. Microsoft Internet Explorer DXImageTransform Properties Denial Of Service 
Vulnerability
BugTraq ID: 19029
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19029
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.

An attacker can exploit this vulnerability to crash Internet Explorer and deny 
service to users.

Internet Explorer 6 SP2 is prone to this issue; other versions may also be 
vulnerable.

5. Outpost Firewall PRO Local Privilege Escalation Vulnerability
BugTraq ID: 19024
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19024
Summary:
Outpost Firewall PRO will allow local attackers to gain elevated privileges, 
which may lead to a complete compromise.

Version 3.51.759.6511 (462) is reported vulnerable. Other versions may be 
affected as well.

6. Lotus Notes Mail Recipient Information Disclosure Vulnerability
BugTraq ID: 19022
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19022
Summary:
Lotus Notes is prone to an information-disclosure vulnerability.

The problem occurs because the 'SendTo/AltSendTo', 'CopyTo/AltCopyTo', and
'BlindCopyTo/AltBlindCopyTo' fields are not kept in sync when 'reply to all' is 
used.

This may result in unintended recipients receiving emails. This could result in 
the disclosure of sensitive information if an email containing sensitive or 
privileged information is sent to unintended readers.

7. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
BugTraq ID: 19018
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19018
Summary:
Lavasoft Personal Firewall will allow local attackers to gain elevated 
privileges, which may lead to a complete compromise.

Version 1.0.543.5722 (433) is reported vulnerable. Other versions may be 
affected as well.

8. Zoho Virtual Office Message HTML Injection Vulnerability
BugTraq ID: 19016
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19016
Summary:
Zoho Virtual Office is prone to an HTML-injection vulnerability because the 
application fails to properly sanitize user-supplied input before using it in 
dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the 
affected website, potentially allowing an attacker to steal cookie-based 
authentication credentials or to control how the site is rendered to the user; 
other attacks are also possible.

This issue affects version 3.2 Build 3210; other versions may also be 
vulnerable.

9. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service 
Vulnerabilities
BugTraq ID: 19015
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19015
Summary:
Multiple denial of service vulnerabilities affect Armagetron Advanced.  These 
issues are due to a failure of the application to handle malformed network 
data.

An attacker may leverage these issues to cause a remote denial-of-service 
condition in affected applications.

10. Microsoft Internet Explorer MHTMLFile Denial Of Service Vulnerability
BugTraq ID: 19013
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19013
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.

The problem occurs when the application is used to view a malicious URI or 
webpage consisting of a malformed MHTMLfile element.

An attacker can exploit this issue to crash Internet Explorer and deny service 
to the user.

Internet Explorer 6 SP2 is vulnerable to this issue; other versions may also be 
vulnerable.

11. Rabox WinLPD Remote Buffer Overflow Vulnerability
BugTraq ID: 19011
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19011
Summary:
Winlpd is prone to a remote buffer-overflow vulnerability because it fails to 
properly bounds-check user-supplied input before copying it to an 
insufficiently sized memory buffer.

This issue allows remote attackers to execute arbitrary machine code in the 
context of the vulnerable application. Since this application listens on TCP 
port 515, it requires elevated privileges. Successfully exploiting this issue, 
therefore, likely facilitates the complete compromise of affected computers.

Winlpd version 1.2, build 1076 is vulnerable to this issue; other versions may 
also be affected.

12. IceWarp Web Mail Multiple File Include Vulnerabilities
BugTraq ID: 19007
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19007
Summary:
IceWarp Web Mail is prone to multiple local file-include vulnerabilities and a 
remote file-include vulnerability. These issues are due to a failure in the 
application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files or local 
files containing malicious PHP code and execute it in the context of the 
webserver process. This may allow the attacker to compromise the application 
and access the underlying system.

13. VisNetic Mail Server Multiple File Include Vulnerabilities
BugTraq ID: 19002
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19002
Summary:
VisNetic Mail Server is prone to multiple local file-include vulnerabilities 
and a remote file includes vulnerability. These issues are due to a failure in 
the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files or local 
files containing malicious PHP code and execute it in the context of the web 
server process. This may allow the attacker to compromise the application and 
access the underlying system.

Version 8.3.5 is vulnerable to this issue; prior versions may also be affected.

14. Microsoft ISA Server File Extension Filter Bypass Vulnerability
BugTraq ID: 18994
Remote: Yes
Date Published: 2006-07-15
Relevant URL: http://www.securityfocus.com/bid/18994
Summary:
Microsoft ISA (Internet Security and Acceleration) Server is prone to a 
vulnerability that may let users bypass rules for filtering file extensions. 
Attackers could exploit this vulnerability to bypass administrative policy and 
to access restricted content on the Internet.

This vulnerability is reported to affect Microsoft ISA Server 2004. Other 
versions may also be affected.

15. Microsoft Powerpoint Multiple Unspecified Vulnerabilities
BugTraq ID: 18993
Remote: Yes
Date Published: 2006-07-14
Relevant URL: http://www.securityfocus.com/bid/18993
Summary:
Microsoft PowerPoint is prone to multiple remote vulnerabilities.

Three proof-of-concept exploit files designed to trigger vulnerabilities in 
PowerPoint have been released.

It is currently unknown if these three exploit files pertain to newly 
discovered, unpublished vulnerabilities or if they exploit previously disclosed 
issues. These issues may allow remote attackers to cause crashes or to execute 
arbitrary machine code in the context of the affected application, but this has 
not been confirmed.

This BID will be updated and potentially split into individual records as 
further analysis is completed.

Microsoft PowerPoint 2003 is vulnerable to these issues; other versions may 
also be affected.

16. Microsoft Works Spreadsheet Multiple Remote Vulnerabilties
BugTraq ID: 18989
Remote: Yes
Date Published: 2006-07-14
Relevant URL: http://www.securityfocus.com/bid/18989
Summary:
The spreadsheet component of Microsoft Works is prone to multiple remote 
vulnerabilities, including buffer-overflow and denial-of service issues.

These issues occur because the application fails to handle specifically crafted 
spreadsheet documents when importing them into Microsoft Works.

These vulnerabilities allow remote attackers to execute arbitrary machine code 
in the context of affected application. Attackers may also crash vulnerable 
applications, denying service to legitimate users.

Microsoft Works version 8.0 is vulnerable to these issues; other versions may 
also be affected.

17. Microsoft Internet Explorer RevealTrans Denial Of Service Vulnerability
BugTraq ID: 18960
Remote: Yes
Date Published: 2006-07-12
Relevant URL: http://www.securityfocus.com/bid/18960
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

18. Microsoft Powerpoint Remote Code Execution Vulnerability
BugTraq ID: 18957
Remote: Yes
Date Published: 2006-07-12
Relevant URL: http://www.securityfocus.com/bid/18957
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code 
in the context of targeted users.

A malicious code named 'Trojan.PPDropper.B' is actively exploiting this 
vulnerability.

This issue affects PowerPoint 2003; other versions may also be vulnerable.

19. Microsoft Internet Explorer TriEditDocument Denial Of Service Vulnerability
BugTraq ID: 18946
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18946
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

20. Adobe Acrobat / Adobe Reader Local Privilege Escalation Vulnerability
BugTraq ID: 18945
Remote: No
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18945
Summary:
Adobe Acrobat / Adobe Reader for Mac are prone to a privilege-escalation 
vulnerability.

The vulnerability presents itself because of insecure default permissions 
associated with installed files and folders.

Adobe Acrobat and Adobe Reader versions 6.0.4 and prior are affected. Note that 
this issue arises only on multiuser systems on Mac OS X platforms.

21. Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
BugTraq ID: 18938
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18938
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

22. Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of Service 
Vulnerability
BugTraq ID: 18929
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18929
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

23. Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability
BugTraq ID: 18923
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18923
Summary:
Microsoft Windows DHCP Client service is prone to a remote code-execution 
vulnerability because the service fails to properly bounds-check user-supplied 
input before copying it to an insufficiently sized memory buffer.

This vulnerability allows remote attackers to execute arbitrary machine code 
with SYSTEM-level privileges on affected computers. This facilitates the 
complete compromise of affected computers.

24. Microsoft ASP.NET Application Folder Information Disclosure Vulnerability
BugTraq ID: 18920
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18920
Summary:
ASP.NET is prone to an information-disclosure vulnerability. This issue is due 
to a failure in the applications to properly validate user-supplied input.

An attacker can exploit this issue to retrieve potentially sensitive 
information. Information retrieved may aid in further attacks.

25. MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability
BugTraq ID: 18916
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18916
Summary:
MIMESweeper For Web is prone to a cross-site scripting vulnerability because it 
fails to sanitize input before displaying it to users of the application.

An attacker may leverage this issue to have arbitrary script code execute in 
the browser of an unsuspecting user in the context of the affected site. This 
may help the attacker steal cookie-based authentication credentials and launch 
other attacks.

26. Microsoft Office Malformed GIF File Remote Code Execution Vulnerability
BugTraq ID: 18915
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18915
Summary:
Microsoft Office is prone to a remote code-execution vulnerability when 
handling a malformed GIF file.

The issue occurs when an Office application such as Excel, Word, or PowerPoint 
tries to open a malformed GIF file.

An attacker could exploit this vulnerability to cause memory corruption and 
subsequently the execution of malicious code in the context of the user running 
the affected application.

27. Microsoft Office Malformed PNG File Remote Code Execution Vulnerability
BugTraq ID: 18913
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18913
Summary:
Microsoft Office is prone to a remote code-execution vulnerability when 
handling a malformed PNG graphic file.

The issue occurs when an Office application such as Excel, Word, or PowerPoint 
tries to open a malformed PNG graphic file.

An attacker could exploit this vulnerability to cause memory corruption and 
subsequently to execute malicious code in the context of the user running the 
affected application.

28. Microsoft Office String Parsing Remote Code Execution Vulnerability
BugTraq ID: 18912
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18912
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue 
is due to a failure of the software to properly handle malformed strings in 
Office documents.

Successfully exploiting this issue allows attackers to execute arbitrary code 
in the context of targeted users.

29. Microsoft Office Property Code Execution Vulnerability
BugTraq ID: 18911
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18911
Summary:
Microsoft Office is prone to a code-execution vulnerability. This is due to a 
failure to handle exceptional conditions.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

30. Microsoft Excel LABEL Record Remote Code Execution Vulnerability
BugTraq ID: 18910
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18910
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

31. SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow Vulnerability
BugTraq ID: 18906
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18906
Summary:
The sipXtapi product is reported to be prone to a remote buffer-overflow 
vulnerability. This issue presents itself when the application handles a 
specially crafted 'CSeq' value.

A successful attack may lead to unauthorized remote access in the context of a 
user running an affected application that uses the vulnerable library.

Reports indicate that sipXtapi versions that were released prior to March 24, 
2006 are vulnerable to this issue. Certain PingTel products and versions of AOL 
Triton may be affected because they employ the vulnerable library.

32. Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution 
Vulnerability
BugTraq ID: 18905
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18905
Summary:
Microsoft Office is reported prone to a potential code-execution vulnerability.

This vulnerability occurs when the application handles a specially crafted 
document. A successful attack may result in a remote compromise in the context 
of an affected user. Attack attempts may result in a denial-of-service 
condition as well.

Reports indicate that this issue can be triggered with a malicious Microsoft 
Word document; however, other Microsoft Office applications that employ the 
affected function are vulnerable as well.

33. Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of Service 
Vulnerability
BugTraq ID: 18903
Remote: Yes
Date Published: 2006-07-09
Relevant URL: http://www.securityfocus.com/bid/18903
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

34. Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of Service 
Vulnerability
BugTraq ID: 18902
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18902
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website that uses the 'DirectAnimation.DAUserData' object in a 
malicious manner.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

35. Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service 
Vulnerability
BugTraq ID: 18900
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18900
Summary:
Microsoft Internet Explorer version 6 is reportedly prone to a 
denial-of-service vulnerability because the application fails to perform 
boundary checks before copying user-supplied data into sensitive process 
buffers.

This issue is triggered when an attacker convinces a victim user to activate a 
malicious ActiveX control object.

Remote attackers may exploit this issue to crash Internet Explorer 6, 
effectively denying service to legitimate users.

A stack-based heap overflow may be possible, and as a result, remote code 
execution in the context of the user running the affected application may 
occur. This has not been confirmed.

36. Microsoft Windows Server Driver Remote Information Disclosure Vulnerability
BugTraq ID: 18891
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18891
Summary:
Microsoft Windows Server driver is susceptible to a remote 
information-disclosure vulnerability. This issue is due to a flaw in the 
handling of certain SMB traffic.

Exploiting this issue allows remote attackers to gain access to potentially 
sensitive fragments of kernel memory. This may aid them in further attacks.

37. Microsoft Excel FNGROUPCOUNT Record Remote Code Execution Vulnerability
BugTraq ID: 18890
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18890
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

38. Microsoft Office Malformed String Parsing Code Execution Vulnerability
BugTraq ID: 18889
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18889
Summary:
Microsoft Office is prone to a code-execution vulnerability. This condition can 
occur when a malformed string within an Office file is parsed.

This vulnerability is located in a shared library used by multiple Office 
applications, potentially allowing many different attack vectors.

An attacker could exploit this issue by enticing a victim to load a malicious 
Office file. If the vulnerability is successfully exploited, this could result 
in the execution of arbitrary code in the context of the currently logged-in 
user.

This issue differs from the one described in BID 18912 (Microsoft Office String 
Parsing Remote Code Execution Vulnerability).

39. Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
BugTraq ID: 18888
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18888
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability because it 
fails to handle exceptional conditions.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

40. Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
BugTraq ID: 18886
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18886
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability because it 
fails to handle exceptional conditions.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

41. Microsoft Excel Selection Record Variant Remote Code Execution 
Vulnerability
BugTraq ID: 18885
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18885
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

42. Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow 
Vulnerability
BugTraq ID: 18863
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18863
Summary:
Microsoft Windows Server driver is prone to a remote heap buffer-overflow 
vulnerability. This issue is due to a failure of the software to properly 
bounds check user-supplied input prior to copying it to an insufficiently-sized 
memory buffer.

Exploiting this issue allows anonymous, remote attackers to execute arbitrary 
machine code in the context of the affected driver. This facilitates the 
complete compromise of affected computers.

Microsoft Windows XP SP2 and Microsoft Windows Server 2003 SP1 are not 
vulnerable to this issue in their default configuration.

43. Microsoft IIS ASP Remote Code Execution Vulnerability
BugTraq ID: 18858
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18858
Summary:
Microsoft Internet Information Server (IIS) is prone to a remote code-execution 
vulnerability because it fails to properly bounds-check user-supplied input 
before copying it to an insufficiently sized memory buffer.

To exploit this issue, attackers must be able to place and execute malicious 
ASP pages on computers running the affected ASP server software. This may be an 
issue in shared-hosting environments.

This issue allows remote attackers to execute arbitrary machine code in the 
context of the affected webserver software.

44. Microsoft Excel Selection Record Remote Code Execution Vulnerability
BugTraq ID: 18853
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18853
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to corrupt process memory 
and to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office 
files as objects contained in other Office files. As an example, Microsoft Word 
files may contain embedded malicious Microsoft Excel files, making Word 
documents another possible attack vector.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Questions about File deletion avoidance in Windows platform
http://www.securityfocus.com/archive/88/440280

2. SecurityFocus Microsoft Newsletter #299
http://www.securityfocus.com/archive/88/439857

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Qualys

On-Demand Vulnerability Management
Proactively Identify and remediate Network Vulnerabilities, Measure and Manage 
Risk. Free 14 Day Trial with NO Obligation!

http://newsletter.industrybrains.com/c?fe;1;5e792;5cd;233;1e60;da4



---------------------------------------------------------------------------
---------------------------------------------------------------------------