SecurityFocus Microsoft Newsletter #302

[mfossi]

SecurityFocus Microsoft Newsletter #302
----------------------------------------
This issue is Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of vendor 
pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. E-mail privacy in the workplace
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Symantec On-Demand Protection Encrypted Data Information Disclosure 
Vulnerability
       2. Easy File Sharing FTP Server Pass Command Remote Buffer Overflow 
Vulnerability
       3. Microsoft PowerPoint Unspecified Code Execution Vulnerability
       4. Microsoft Internet Explorer Deleted Frame Object Denial Of Service 
Vulnerability
       5. Microsoft Internet Explorer ADODB.Recordset NextRecordset Denial of 
Service Vulnerability
       6. Microsoft Windows Graphical Device Interface Plus Library Denial Of 
Service Vulnerability
       7. Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability
       8. Yahoo! Messenger Remote Search String Arbitrary Browser Navigation 
Vulnerability
       9. InterActual Player ITIRecorder.MicRecorder ActiveX Control Remote 
Buffer Overflow Vulnerability
       10. Microsoft Internet Explorer NDFXArtEffects Stack Overflow 
Vulnerability
       11. Internet Security Systems SMB Mailslot Parsing Denial of Service 
Vulnerability
       12. eIQNetworks Enterprise Security Analyzer Multiple Syslog Daemon 
Buffer Overflow Vulnerabilities
       13. eIQNetworks Enterprise Security Analyzer SyslogServer.EXE Buffer 
Overflow Vulnerability
       14. eIQnetworks Enterprise Security Analyzer Topology Server Remote 
Buffer Overflow Vulnerability
       15. eIQnetworks Enterprise Security Analyzer License Manager Remote 
Buffer Overflow Vulnerability
       16. Intervations FileCopa Directory Arguments Mutiple Buffer Overflow 
Vulnerabilities
       17. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
       18. Microsoft Internet Explorer Native Function Iterator Denial Of 
Service Vulnerability
       19. Microsoft Windows Remote Denial of Service Vulnerability
       20. Opsware NAS Root Password Information Disclosure Vulnerability
       21. Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack 
Overflow Vulnerability
       22. Microsoft Internet Explorer Multiple Object ListWidth Property 
Denial Of Service Vulnerability
       23. Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service 
Vulnerability
       24. Password Safe Local Insecure Idle Timeout Lock Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. Domain admin mailbox rights on Exchange 2003
       2. username change best practices...
       3. [Administrivia] Guest moderator
       4. MS Exchange
       5. Impact of removing administrative rights in an enterprise running XP
       6. .Net Satisfies Security Compliance Satistactions or Not ???
       7. API hooking
       8. Co-Hosting SQL with IIS FTP service
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. E-mail privacy in the workplace
By Mark Rasch
Even with a well-heeled corporate privacy policy stating that all employee 
communications may be monitored in the workplace, the legality of e-mail 
monitoring is not as clear cut as one might think.
http://www.securityfocus.com/columnists/412


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Symantec On-Demand Protection Encrypted Data Information Disclosure 
Vulnerability
BugTraq ID: 19248
Remote: No
Date Published: 2006-07-31
Relevant URL: http://www.securityfocus.com/bid/19248
Summary:
Symantec On-Demand Protection (SODP) and On-Demand Agent (SODA) are prone to a 
vulnerability that could disclose potentially sensitive information.

An attacker may be able to decrypt the files saved by the applications. The 
impact of this issue will depend on the information disclosed.

This issue affects SODA versions 2.5 MR2 (build 2156) and earlier, and SODP 
versions 2.6 (build 2232) and earlier. This issue only affects the Microsoft 
Windows versions of the applications.

2. Easy File Sharing FTP Server Pass Command Remote Buffer Overflow 
Vulnerability
BugTraq ID: 19243
Remote: Yes
Date Published: 2006-07-31
Relevant URL: http://www.securityfocus.com/bid/19243
Summary:
Easy File Sharing FTP Server is prone to a buffer-overflow vulnerability 
because the application fails to do proper bounds checking on user-supplied 
data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected server application.

Version 2.0 is vulnerable to this issue; other versions may also be affected.

3. Microsoft PowerPoint Unspecified Code Execution Vulnerability
BugTraq ID: 19229
Remote: Yes
Date Published: 2006-07-30
Relevant URL: http://www.securityfocus.com/bid/19229
Summary:
Microsoft PowerPoint is prone to an unspecified code-execution vulnerability.

A proof-of-concept exploit file designed to trigger this vulnerability has been 
released. This issue arises when a vulnerable user opens a malicious read-only 
PowerPoint file and then closes it.

It is currently unknown if this exploit file pertains to a newly discovered, 
unpublished vulnerability or if this exploits a previously disclosed issue. 
This issue may be related to one of the vulnerabilities described in BID 18993 
(Microsoft Powerpoint Multiple Unspecified Vulnerabilities). If further 
analysis reveals that this issue is related to an existing BID, this record 
will be retired.

Microsoft PowerPoint 2003 SP2 French Edition is reported vulnerable to this 
issue; other versions may also be affected.

4. Microsoft Internet Explorer Deleted Frame Object Denial Of Service 
Vulnerability
BugTraq ID: 19228
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.securityfocus.com/bid/19228
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This 
issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

5. Microsoft Internet Explorer ADODB.Recordset NextRecordset Denial of Service 
Vulnerability
BugTraq ID: 19227
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.securityfocus.com/bid/19227
Summary:
Microsoft Internet Explorer is prone to a denial-of-service condition when 
processing the 'NextRecordset' method of the 'ADODB.Recordset' object.

A successful attack may cause the browser to fail.

6. Microsoft Windows Graphical Device Interface Plus Library Denial Of Service 
Vulnerability
BugTraq ID: 19221
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.securityfocus.com/bid/19221
Summary:
Reportedly, the Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a 
denial-of-service vulnerability because the software fails to handle malformed 
image files properly.

An attacker may leverage this issue to trigger a denial-of-service condition in 
software implementing the vulnerable library. Other attacks may also be 
possible.

7. Microsoft Windows SMB PIPE Remote Denial of Service Vulnerability
BugTraq ID: 19215
Remote: Yes
Date Published: 2006-07-28
Relevant URL: http://www.securityfocus.com/bid/19215
Summary:
Microsoft Windows is reportedly prone to a remote denial-of-service 
vulnerability because the operating system fails to properly handle network 
traffic.

This issue may cause affected computers to crash, denying service to legitimate 
users.

Reports indicate this issue may be currently exploited in the wild; this has 
not been confirmed.

8. Yahoo! Messenger Remote Search String Arbitrary Browser Navigation 
Vulnerability
BugTraq ID: 19211
Remote: Yes
Date Published: 2006-07-28
Relevant URL: http://www.securityfocus.com/bid/19211
Summary:
Yahoo! Messenger is prone to a browser-navigation vulnerability that may permit 
a remote attacker to open a browser window on the victim user's computer to an 
arbitrary page.

This issue occurs because the application fails to sanitize malicious messages.

An attacker may be able to exploit this issue to execute a web browser and load 
an arbitrary web page. This may lead to other attacks.

This issue affects version 7.5.0.814; other versions may also be vulnerable.

9. InterActual Player ITIRecorder.MicRecorder ActiveX Control Remote Buffer 
Overflow Vulnerability
BugTraq ID: 19205
Remote: Yes
Date Published: 2006-07-28
Relevant URL: http://www.securityfocus.com/bid/19205
Summary:
InterActual Player ITIRecorder.MicRecorder ActiveX control is prone to a 
buffer-overflow vulnerability because it fails to properly bounds-check 
user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker could exploit this issue by creating a malicious web page that 
would initialize the ActiveX controller and execute arbitrary code within the 
context of the user.

This issue could allow an attacker to execute arbitrary code.

This issue affects versions 2.60.12.0201 with IARECORD.DLL (1.07.11.0620). 
Other versions may be vulnerable as well.

10. Microsoft Internet Explorer NDFXArtEffects Stack Overflow Vulnerability
BugTraq ID: 19184
Remote: Yes
Date Published: 2006-07-27
Relevant URL: http://www.securityfocus.com/bid/19184
Summary:
Microsoft Internet Explorer is prone to a stack-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

11. Internet Security Systems SMB Mailslot Parsing Denial of Service 
Vulnerability
BugTraq ID: 19178
Remote: Yes
Date Published: 2006-07-26
Relevant URL: http://www.securityfocus.com/bid/19178
Summary:
The Internet Security Systems implementation of SMB/TCP Mailslot is prone to a 
denial-of-service vulnerability. This issue is due to a design error when 
dealing with certain legitimate SMB Mailslot traffic.

An attacker can exploit this issue to crash the affected service, effectively 
denying service to legitimate users.

12. eIQNetworks Enterprise Security Analyzer Multiple Syslog Daemon Buffer 
Overflow Vulnerabilities
BugTraq ID: 19167
Remote: Yes
Date Published: 2006-07-26
Relevant URL: http://www.securityfocus.com/bid/19167
Summary:
eIQnetworks Enterprise Security Analyzer Syslog daemon is prone to multiple 
remote buffer-overflow vulnerabilities.

These issues can facilitate a remote compromise due to arbitrary code 
execution.

Enterprise Security Analyzer versions prior to 2.5.0 are vulnerable.

13. eIQNetworks Enterprise Security Analyzer SyslogServer.EXE Buffer Overflow 
Vulnerability
BugTraq ID: 19165
Remote: Yes
Date Published: 2006-07-26
Relevant URL: http://www.securityfocus.com/bid/19165
Summary:
eIQnetworks Enterprise Security Analyzer Syslog daemon is prone to a remote 
buffer-overflow vulnerability.

This issue can facilitate a remote compromise due to arbitrary code execution.

Enterprise Security Analyzer versions prior to 2.5.0 are vulnerable.

14. eIQnetworks Enterprise Security Analyzer Topology Server Remote Buffer 
Overflow Vulnerability
BugTraq ID: 19164
Remote: Yes
Date Published: 2006-07-26
Relevant URL: http://www.securityfocus.com/bid/19164
Summary:
eIQnetworks Enterprise Security Analyzer Topology Server is prone to a remote 
buffer-overflow vulnerability.

This issue can facilitate a remote compromise due to arbitrary code execution.

Enterprise Security Analyzer versions prior to 2.5.0 are vulnerable. OEM 
vendors' versions prior to 4.6 are also vulnerable.

15. eIQnetworks Enterprise Security Analyzer License Manager Remote Buffer 
Overflow Vulnerability
BugTraq ID: 19163
Remote: Yes
Date Published: 2006-07-26
Relevant URL: http://www.securityfocus.com/bid/19163
Summary:
eIQnetworks Enterprise Security Analyzer License Manager is prone to a remote 
buffer-overflow vulnerability.

This issue can facilitate a remote compromise due to arbitrary code execution.

Enterprise Security Analyzer versions prior to 2.5.0 are vulnerable.

16. Intervations FileCopa Directory Arguments Mutiple Buffer Overflow 
Vulnerabilities
BugTraq ID: 19153
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19153
Summary:
FileCopa is prone to multiple buffer-overflow vulnerabilities because the 
application fails to properly bounds-check user-supplied input before copying 
it to insufficiently sized memory buffers.

Successful exploits may allow remote attackers to execute arbitrary machine 
code in the context of the affected application, which may facilitate the 
remote compromise of affected computers.


FileCOPA 1.01 version 2006-07-18 is vulnerable; other versions may also be 
affected.

17. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
BugTraq ID: 19148
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19148
Summary:
AGEphone is prone to a remote buffer-overflow vulnerability.

Specifically, this issue presents itself when the application handles a 
malicious SIP (Session Initiation Protocol) packet.

AGEphone versions 1.24 and 1.38.1 are reported vulnerable; other versions may 
be affected as well.

18. Microsoft Internet Explorer Native Function Iterator Denial Of Service 
Vulnerability
BugTraq ID: 19140
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19140
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This 
issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

19. Microsoft Windows Remote Denial of Service Vulnerability
BugTraq ID: 19135
Remote: Yes
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19135
Summary:
Microsoft Windows is reportedly prone to a remote denial-of-service 
vulnerability. This issue may be due to the operating system's failure to 
properly handle unexpected network traffic.

This issue may cause affected computers to crash, denying service to legitimate 
users.

Note that Microsoft has not been able to reproduce this issue. This BID will be 
updated as further analysis is performed.

20. Opsware NAS Root Password Information Disclosure Vulnerability
BugTraq ID: 19126
Remote: No
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19126
Summary:
Opsware NAS is prone to a local information-disclosure vulnerability. This 
issue occurs because the application fails to protect sensitive information to 
unprivileged users.

An attacker can exploit this issue by gaining access to the root MySQL account 
and reveal authentication credentials for network devices. This issue could 
also lead to other attacks.

Opsware NAS 6.0 is vulnerable to this issue; other versions may also be 
affected.

21. Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow 
Vulnerability
BugTraq ID: 19114
Remote: Yes
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19114
Summary:
Microsoft Internet Explorer is prone to a stack-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

22. Microsoft Internet Explorer Multiple Object ListWidth Property Denial Of 
Service Vulnerability
BugTraq ID: 19113
Remote: Yes
Date Published: 2006-07-23
Relevant URL: http://www.securityfocus.com/bid/19113
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

23. Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service 
Vulnerability
BugTraq ID: 19109
Remote: Yes
Date Published: 2006-07-22
Relevant URL: http://www.securityfocus.com/bid/19109
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

24. Password Safe Local Insecure Idle Timeout Lock Vulnerability
BugTraq ID: 19078
Remote: No
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19078
Summary:
Password Safe is prone to a vulnerability that may result in information 
disclosure. This issue is due to a flaw in the implementation of the inactivity 
timer, which is designed to lock the database when it is not in use.

This issue may allow local attackers to gain access to the contents of the 
Password Safe database, since the database-locking feature may not function 
correctly under certain circumstances.

Versions 2.11, 2.16, and 3.0 beta 1 are vulnerable to this issue. Other 
versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Domain admin mailbox rights on Exchange 2003
http://www.securityfocus.com/archive/88/441811

2. username change best practices...
http://www.securityfocus.com/archive/88/441749

3. [Administrivia] Guest moderator
http://www.securityfocus.com/archive/88/441537

4. MS Exchange
http://www.securityfocus.com/archive/88/441417

5. Impact of removing administrative rights in an enterprise running XP
http://www.securityfocus.com/archive/88/441275

6. .Net Satisfies Security Compliance Satistactions or Not ???
http://www.securityfocus.com/archive/88/441276

7. API hooking
http://www.securityfocus.com/archive/88/441274

8. Co-Hosting SQL with IIS FTP service
http://www.securityfocus.com/archive/88/441077

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of vendor 
pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com



---------------------------------------------------------------------------
---------------------------------------------------------------------------