SecurityFocus Microsoft Newsletter #303

[mfossi]

SecurityFocus Microsoft Newsletter #303
----------------------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also 
create several opportunities for possible attack if the application is not 
designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CZBn

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Dynamic linking in Linux and Windows, part one
       2. E-mail privacy in the workplace
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Microsoft Management Console Zone Bypass Vulnerability
       2. Microsoft Visual Basic for Applications Document Check Buffer 
Overflow Vulnerability
       3. Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
       4. Microsoft Hyperlink Object Library Function Remote Buffer Overflow 
Vulnerability
       5. Microsoft Windows DNS Client Buffer Overrun Vulnerability
       6. CA eTrust Antivirus WebScan Malicious Update Code Execution 
Vulnerability
       7. EasyCafe Security Restriction Bypass Vulnerability
       8. Microsoft Internet Explorer Source Element Cross-Domain Information 
Disclosure Vulnerability
       9. Computer Associates Virus Definition Downgrade Vulnerability
       10. XChat Remote Denial of Service Vulnerability
       11. Microsoft Windows 2000 Kernel Local Privilege Escalation 
Vulnerability
       12. Microsoft Windows Unhandled Exception Remote Code Execution 
Vulnerability
       13. Clam Anti-Virus ClamAV UPX Compressed PE File Heap Buffer Overflow 
Vulnerability
       14. LHAZ LHA Long Multiple Buffer Overflow Vulnerabilities
       15. Microsoft Windows User Profile Privilege Escalation Vulnerability
       16. Microsoft Windows GDI32.DLL WMF Remote Denial of Service 
Vulnerability
       17. Microsoft Internet Explorer IFrame Refresh Denial of Service 
Vulnerability
       18. Yahoo! Messenger File Extension Spoofing Vulnerability
       19. CA eTrust Antivirus WebScan Remote Buffer Overflow Vulnerability
       20. Microsoft Powerpoint Remote Code Execution Vulnerability
       21. Microsoft Internet Explorer COM Object Instantiation Code Execution 
Vulnerability
       22. Microsoft Internet Explorer Window Location Cross-Domain Information 
Disclosure Vulnerability
       23. Microsoft August Advance Notification Multiple Vulnerabilities
       24. Fenestrae Faxination Server Unspecified Command Execution 
Vulnerability
       25. Microsoft Winsock Gethostbyname Buffer Overflow Vulnerability
       26. Microsoft Internet Explorer Chained Cascading Style Sheets Remote 
Code Execution Vulnerability
       27. Microsoft Internet Explorer HTML Layout and Positioning Remote Code 
Execution Vulnerability
       28. Simpliciti Locked Browser JavaScript Kiosk Security Bypass 
Vulnerability
       29. RETIRED: Microsoft Windows GDI Plus Library Remote Denial Of Service 
Vulnerability
       30. Microsoft Windows Routing and Remote Access Denial of Service 
Vulnerability
       31. LibTIFF TiffScanLineSize Remote Buffer Overflow Vulnerability
       32. LibTiff Sanity Checks Multiple Denial of Service Vulnerabilities
       33. LibTiff EstimateStripByteCounts() Denial of Service Vulnerability
       34. LibTIFF TiffFetchShortPair Remote Buffer Overflow Vulnerability
       35. Symantec On-Demand Protection Encrypted Data Information Disclosure 
Vulnerability
       36. Easy File Sharing FTP Server Pass Command Remote Buffer Overflow 
Vulnerability
       37. Microsoft PowerPoint Unspecified Code Execution Vulnerability
       38. Microsoft Internet Explorer Deleted Frame Object Denial Of Service 
Vulnerability
       39. Microsoft Internet Explorer ADODB.Recordset NextRecordset Denial of 
Service Vulnerability
       40. Microsoft Windows Graphical Device Interface Plus Library Denial Of 
Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. Help needed
       2. Account Control: Running Windows Vista with Least Privilege
       3. free backgammon
       4. SecurityFocus Microsoft Newsletter #302
       5. username change best practices...
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Dynamic linking in Linux and Windows, part one
By Reji Thomas, and Bhasker Reddy
This article discusses shared libraries in both Windows and Linux, and offers a 
walk through various data structures to explain how dynamic linking is done in 
these operating systems. The paper will be useful for developers interested in 
the security implications and the relative speed of dynamic linking, and 
assumes some prior knowledge of static and shared libraries.
http://www.securityfocus.com/infocus/1872

2. E-mail privacy in the workplace
By Mark Rasch
Even with a well-heeled corporate privacy policy stating that all employee 
communications may be monitored in the workplace, the legality of e-mail 
monitoring is not as clear cut as one might think.
http://www.securityfocus.com/columnists/412


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Management Console Zone Bypass Vulnerability
BugTraq ID: 19417
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19417
Summary:
Microsoft Management Console (MMC) is prone to a cross-zone scripting 
vulnerability. The cause of this vulnerability is that the operating system 
does not properly restrict access to MMC components, allowing the MMC files to 
be referenced from the Internet Zone in some cases.

This vulnerability could let an attacker execute arbitrary code, completely 
compromising the computer.

2. Microsoft Visual Basic for Applications Document Check Buffer Overflow 
Vulnerability
BugTraq ID: 19414
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19414
Summary:
A vulnerability has been discovered in Microsoft Visual Basic for Applications. 
The vulnerability occurs due to insufficient bounds checking when checking the 
properties of malicious documents. As a result, a malformed document may be 
capable of triggering a buffer-overflow within the affected application, 
effectively allowing for the execution of arbitrary code.

Microsoft Office, Access, Visio, Word, and Works are also reportedly attack 
vectors, since they employ VBA when handling certain document types. Email is 
another potential attack vector for this vulnerability, however opening an 
email would not trigger the issue. Replying or forwarding the message could 
potentially trigger it.

Microsoft has reported that this issue is being exploited in the wild.

3. Microsoft Windows Server Service Remote Buffer Overflow Vulnerability
BugTraq ID: 19409
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19409
Summary:
Microsoft Windows Server Service is prone to a remote buffer-overflow 
vulnerability.

This vulnerability arises when the service processes a malicious message in RPC 
communications.

A successful attack may result in arbitrary code execution with SYSTEM 
privileges leading to a full compromise. Attack attempts may result in 
denial-of-service conditions as well.

Microsoft has reported that this issue is being exploited in the wild.

4. Microsoft Hyperlink Object Library Function Remote Buffer Overflow 
Vulnerability
BugTraq ID: 19405
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19405
Summary:
Microsoft's Hyperlink Object Library is prone to a buffer-overflow 
vulnerability. This issue is due to the library's failure to properly 
bounds-check user-supplied input before copying it to an insufficiently sized 
memory buffer.

Successfully exploiting this issue allows attackers to execute arbitrary 
machine code in the context of applications that use the affected library. This 
facilitates the remote compromise of affected computers. Failed exploit 
attempts will likely crash targeted applications.

This issue is different than the one described in BID 18500 (Microsoft 
HLINK.DLL Link Memory Corruption Vulnerability).

5. Microsoft Windows DNS Client Buffer Overrun Vulnerability
BugTraq ID: 19404
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19404
Summary:
Microsoft Windows is prone to a remotely exploitable buffer overrun condition 
in the DNS client.

This issue is exposed when a client handles a malicious response from a DNS 
server. This may be leveraged to execute arbitrary code and facilitate a 
complete compromise of the affected computer.

6. CA eTrust Antivirus WebScan Malicious Update Code Execution Vulnerability
BugTraq ID: 19403
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.securityfocus.com/bid/19403
Summary:
CA eTrust Antivirus WebScan is prone to a remote code-execution vulnerability 
because it fails to properly validate parameters supplied to the WebScan 
ActiveX control.

An attacker could exploit this vulnerability to cause WebScan to install 
malicious application files from an attacker-specified source. This could 
result in the execution of arbitrary code.

This issue affects version 1.1.0.1047 and earlier; other versions may also be 
affected.

7. EasyCafe Security Restriction Bypass Vulnerability
BugTraq ID: 19401
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.securityfocus.com/bid/19401
Summary:
EasyCafe is prone to a security restriction bypass vulnerability

This issue occurs becaue the application fails to prevent an attacker from 
gaining unauthorized access to a clients computer.

 An attacker can exploit this issue to gain unauthorized access to the clients 
computer. Other attacks are also possible.

Version 2.1.7 to 2.2.14 are vulnerable to this issue; other versions may also 
be affected.

8. Microsoft Internet Explorer Source Element Cross-Domain Information 
Disclosure Vulnerability
BugTraq ID: 19400
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19400
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability 
because it fails to properly enforce cross-domain policies.

This issue may allow attackers to access arbitrary websites in the context of a 
targeted user's browser session. This may allow attackers to perform actions in 
web applications with the privileges of exploited users or to gain access to 
potentially sensitive information. This may aid attackers in further attacks.

9. Computer Associates Virus Definition Downgrade Vulnerability
BugTraq ID: 19399
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.securityfocus.com/bid/19399
Summary:
A flaw in the Computer Associates WebScan product reportedly could cause the 
application's virus definitions to be downgraded to a previous version.

This presents a security risk because the virus definitions in question may be 
out of date and may not effectively detect newer variants of malicious code.

10. XChat Remote Denial of Service Vulnerability
BugTraq ID: 19398
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.securityfocus.com/bid/19398
Summary:
XChat is prone to a remote denial-of-service vulnerability because it fails to 
properly handle unexpected data from malicious IRC users.

This issue allows remote attackers to crash affected IRC clients, denying 
service to legitimate users. To exploit this issue, attackers send malformed 
data to unsuspecting users.

XChat version 2.6.7 for Windows is vulnerable to this issue; other versions and 
platforms may also be affected.

11. Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
BugTraq ID: 19388
Remote: No
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19388
Summary:
A local privilege-escalation vulnerability exists in Microsoft Windows 2000.

This vulnerability affects the Windows kernel and may be exploited by local 
attackers to completely compromise an affected computer.

12. Microsoft Windows Unhandled Exception Remote Code Execution Vulnerability
BugTraq ID: 19384
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19384
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.  This 
vulnerability is caused by an error in how chained exceptions are unloaded by 
the operating system.

This vulnerability could be exploited by a malicious web page.  A successful 
exploit would completely compromise the affected computer.

Specific details about this vulnerability are not available at this time.  This 
BID will be updated if more information becomes available.

13. Clam Anti-Virus ClamAV UPX Compressed PE File Heap Buffer Overflow 
Vulnerability
BugTraq ID: 19381
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.securityfocus.com/bid/19381
Summary:
ClamAV is prone to a heap buffer-overflow vulnerability. This issue is due to 
the application's failure to properly bounds-check user-supplied data before 
copying it to an insufficiently sized memory buffer.

This issue occurs when the application attempts to handle compressed UPX files.

Exploiting this issue could allow attacker-supplied machine code to be executed 
in the context of the affected application. The issue would occur when the 
malformed file is scanned manually or automatically in deployments such as 
email gateways.

ClamAV versions 0.88.2 and 0.88.3 are vulnerable to this issue; prior versions 
may also be affected.

14. LHAZ LHA Long Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19377
Remote: Yes
Date Published: 2006-07-31
Relevant URL: http://www.securityfocus.com/bid/19377
Summary:
Lhaz is prone to multiple buffer-overflow vulnerabilities because the 
application fails to check overly long filenames before copying them to a 
finite-sized buffer.

An attacker can exploit these issues to execute arbitrary code within the 
context of the affected application.

Version 1.31 is vulnerable to these issues; other versions may also be 
affected.

15. Microsoft Windows User Profile Privilege Escalation Vulnerability
BugTraq ID: 19375
Remote: No
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19375
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.  The 
vulnerability is caused by an insecure search path for the WinLogon facility. 
If exploited, this could let an attacker run an arbitrary DLL with elevated 
privileges.

This issue is reported to affect Windows 2000 in the default configuration. 
Other Windows operating systems are not affected unless the configuration 
settings related to this vulnerability are changed from the default.

16. Microsoft Windows GDI32.DLL WMF Remote Denial of Service Vulnerability
BugTraq ID: 19365
Remote: Yes
Date Published: 2006-08-06
Relevant URL: http://www.securityfocus.com/bid/19365
Summary:
Microsoft Windows is reportedly prone to a remote denial-of-service 
vulnerability. This issue occurs because the application fails to handle 
Malicious WMF file.

This issue may cause Windows Explorer to crash, denying service to legitimate 
users.

17. Microsoft Internet Explorer IFrame Refresh Denial of Service Vulnerability
BugTraq ID: 19364
Remote: Yes
Date Published: 2006-08-06
Relevant URL: http://www.securityfocus.com/bid/19364
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability when 
handling malicious HTML files.

Successfully exploiting this issue allows attackers to consume excessive CPU 
resources in the affected browser and eventually cause Internet Explorer to 
crash, causing a denial-of-service.

18. Yahoo! Messenger File Extension Spoofing Vulnerability
BugTraq ID: 19353
Remote: Yes
Date Published: 2006-08-04
Relevant URL: http://www.securityfocus.com/bid/19353
Summary:
A vulnerability in Yahoo! Messenger allows remote attackers to spoof file 
extensions. This issue is due to a design error.

An attacker may leverage this issue to spoof downloaded filenames to 
unsuspecting users. This issue may lead to a compromise of the target computer 
as well as other consequences.

Yahoo! Messenger version 8.0.0.863 is reportedly affected; earlier versions may 
be affected as well.

19. CA eTrust Antivirus WebScan Remote Buffer Overflow Vulnerability
BugTraq ID: 19351
Remote: Yes
Date Published: 2006-08-04
Relevant URL: http://www.securityfocus.com/bid/19351
Summary:
CA eTrust Antivirus WebScan is prone to a remote buffer-overflow vulnerability 
because it fails to properly bounds-check user-supplied input before copying it 
to an insufficiently sized memory buffer.

Due to improper validation of user-supplied input, a remote attacker may cause 
a buffer-overflow condition and may also execute arbitrary code in the context 
of the user running the affected application.

This issue affects version 1.1.0.1047 and earlier; other versions may also be 
affected.

20. Microsoft Powerpoint Remote Code Execution Vulnerability
BugTraq ID: 19341
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19341
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

This issue results when the application handles malformed record data within a 
presentation file.

A successful exploit of this issue will let attackers execute arbitrary code in 
the context of targeted user

21. Microsoft Internet Explorer COM Object Instantiation Code Execution 
Vulnerability
BugTraq ID: 19340
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19340
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability that 
is related to the instantiation of COM objects. This issue results from a 
design error.

The vulnerability arises because of the way Internet Explorer tries to 
instantiate certain COM objects as ActiveX controls, resulting in arbitrary 
code execution. The affected objects are not intended to be instantiated 
through Internet Explorer.

22. Microsoft Internet Explorer Window Location Cross-Domain Information 
Disclosure Vulnerability
BugTraq ID: 19339
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19339
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure 
vulnerability.

This vulnerability may let a malicious website access properties of a site in 
an arbitrary external domain. Attackers could exploit this issue to gain access 
to sensitive information that is associated with the external domain.

23. Microsoft August Advance Notification Multiple Vulnerabilities
BugTraq ID: 19331
Remote: Yes
Date Published: 2006-08-03
Relevant URL: http://www.securityfocus.com/bid/19331
Summary:
Microsoft has released advance notification that the vendor will be releasing 
twelve security bulletins for Windows and Office on August 8, 2006. The highest 
severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs 
will be created and this record will be removed when the security bulletins are 
released.

24. Fenestrae Faxination Server Unspecified Command Execution Vulnerability
BugTraq ID: 19328
Remote: Yes
Date Published: 2006-08-03
Relevant URL: http://www.securityfocus.com/bid/19328
Summary:
Fenestrae Faxination Server is prone to a remote unspecified command-execution 
vulnerability.

An attacker can exploit this issue to execute arbitrary machine commands with 
SYSTEM-level privileges on affected computers.

Further details are currently unavailable; this BID will be updated as more 
information is disclosed.

25. Microsoft Winsock Gethostbyname Buffer Overflow Vulnerability
BugTraq ID: 19319
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19319
Summary:
The Microsoft Winsock API is prone to a buffer-overflow vulnerability.

This issue can occur when the API is invoked via a malicious file or web page 
that is sufficient to trigger the vulnerability.  If the exploit is successful, 
attacker-supplied code will execute, completely comprising the affected 
computer.

26. Microsoft Internet Explorer Chained Cascading Style Sheets Remote Code 
Execution Vulnerability
BugTraq ID: 19316
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19316
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

This issue is related to how the browser handles chained CSS (Cascading Style 
Sheets).  An attacker could exploit this issue to execute arbitrary code in the 
context of the user visiting a malicious web page.

This issue affects Internet Explorer on Windows 2000, Windows XP excluding XP 
SP2, and Windows Server 2003.

27. Microsoft Internet Explorer HTML Layout and Positioning Remote Code 
Execution Vulnerability
BugTraq ID: 19312
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.securityfocus.com/bid/19312
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

This vulnerability is related to how the browser renders HTML with certain 
layout and positioning combinations.  An attacker could exploit this issue to 
execute arbitrary code in the context of the user visiting a malicious web 
page.

This issue affects Internet Explorer on Windows 2000, Windows XP, and Windows 
Server 2003.

28. Simpliciti Locked Browser JavaScript Kiosk Security Bypass Vulnerability
BugTraq ID: 19304
Remote: No
Date Published: 2006-08-02
Relevant URL: http://www.securityfocus.com/bid/19304
Summary:
Simpliciti Locked Browser allows an attacker to use JavaScript to bypass 
security.

This vulnerability may facilitate privilege escalation. An attacker could use 
this vulnerability to their advantage and bypass existing security limitations 
and access controls of the kiosk system.

29. RETIRED: Microsoft Windows GDI Plus Library Remote Denial Of Service 
Vulnerability
BugTraq ID: 19301
Remote: Yes
Date Published: 2006-08-02
Relevant URL: http://www.securityfocus.com/bid/19301
Summary:
Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a denial-of-service 
vulnerability because the software fails to handle malformed image files 
properly.

An attacker may leverage this issue to trigger a denial-of-service condition in 
software implementing the vulnerable library. Other attacks may also be 
possible.

This BID has been retired.

30. Microsoft Windows Routing and Remote Access Denial of Service Vulnerability
BugTraq ID: 19300
Remote: Yes
Date Published: 2006-08-02
Relevant URL: http://www.securityfocus.com/bid/19300
Summary:
Microsoft Windows Routing and Remote Access is prone to a denial-of-service 
vulnerability. This issue is reportedly due to a NULL-pointer dereference error 
in the affected component.

This issue allows remote attackers to cause a denial of service on affected 
computers.

31. LibTIFF TiffScanLineSize Remote Buffer Overflow Vulnerability
BugTraq ID: 19288
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.securityfocus.com/bid/19288
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails 
to do proper boundary checks before copying user-supplied data into a 
finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the 
context of applications using the affected library. Failed exploit attempts 
will likely crash the application, denying service to legitimate users.

32. LibTiff Sanity Checks Multiple Denial of Service Vulnerabilities
BugTraq ID: 19286
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.securityfocus.com/bid/19286
Summary:
LibTIFF is affected by multiple denial-of-service vulnerabilities.

An attacker can exploit these vulnerabilities to cause a denial of service in 
applications using the affected library.

33. LibTiff EstimateStripByteCounts() Denial of Service Vulnerability
BugTraq ID: 19284
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.securityfocus.com/bid/19284
Summary:
LibTIFF is affected by a denial-of-service vulnerability.

An attacker can exploit this vulnerability to cause a denial of service in 
applications using the affected library.

34. LibTIFF TiffFetchShortPair Remote Buffer Overflow Vulnerability
BugTraq ID: 19283
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.securityfocus.com/bid/19283
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails 
to do proper boundary checks before copying user-supplied data into a 
finite-sized buffer.

This issue allows remote attackers to execute arbitrary machine code in the 
context of appications using the affected library. Failed exploit attempts will 
likely crash the application, denying service to legitimate users.

35. Symantec On-Demand Protection Encrypted Data Information Disclosure 
Vulnerability
BugTraq ID: 19248
Remote: No
Date Published: 2006-07-31
Relevant URL: http://www.securityfocus.com/bid/19248
Summary:
Symantec On-Demand Protection (SODP) and On-Demand Agent (SODA) are prone to a 
vulnerability that could disclose potentially sensitive information.

An attacker may be able to decrypt the files saved by the applications. The 
impact of this issue will depend on the information disclosed.

This issue affects:

- SODA versions 2.5 MR2 (build 2156) and earlier
- SODP versions 2.6 (build 2232) and earlier.

Note that this issue affects only the Microsoft Windows versions of the 
applications.

36. Easy File Sharing FTP Server Pass Command Remote Buffer Overflow 
Vulnerability
BugTraq ID: 19243
Remote: Yes
Date Published: 2006-07-31
Relevant URL: http://www.securityfocus.com/bid/19243
Summary:
Easy File Sharing FTP Server is prone to a buffer-overflow vulnerability 
because the application fails to do proper bounds checking on user-supplied 
data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected server application.

Version 2.0 is vulnerable to this issue; other versions may also be affected.

37. Microsoft PowerPoint Unspecified Code Execution Vulnerability
BugTraq ID: 19229
Remote: Yes
Date Published: 2006-07-30
Relevant URL: http://www.securityfocus.com/bid/19229
Summary:
Microsoft PowerPoint is prone to an unspecified code-execution vulnerability.

A proof-of-concept exploit file designed to trigger this vulnerability has been 
released. This issue arises when a vulnerable user opens a malicious read-only 
PowerPoint file and then closes it.

This issue is the third vulnerability discussed in BID 18993 (Microsoft 
Powerpoint Multiple Unspecified Vulnerabilities). This separate document 
details further information regarding that issue.

Microsoft PowerPoint 2003 SP2 French Edition is reported vulnerable to this 
issue; other versions may also be affected.

38. Microsoft Internet Explorer Deleted Frame Object Denial Of Service 
Vulnerability
BugTraq ID: 19228
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.securityfocus.com/bid/19228
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This 
issue is triggered when an attacker convinces a victim user to visit a 
malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively 
denying service to legitimate users.

39. Microsoft Internet Explorer ADODB.Recordset NextRecordset Denial of Service 
Vulnerability
BugTraq ID: 19227
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.securityfocus.com/bid/19227
Summary:
Microsoft Internet Explorer is prone to a denial-of-service condition when 
processing the 'NextRecordset' method of the 'ADODB.Recordset' object.

A successful attack may cause the browser to fail.

40. Microsoft Windows Graphical Device Interface Plus Library Denial Of Service 
Vulnerability
BugTraq ID: 19221
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.securityfocus.com/bid/19221
Summary:
Reportedly, the Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a 
denial-of-service vulnerability because the software fails to handle malformed 
image files properly.

An attacker may leverage this issue to trigger a denial-of-service condition in 
software implementing the vulnerable library. Other attacks may also be 
possible.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Help needed
http://www.securityfocus.com/archive/88/442340

2. Account Control: Running Windows Vista with Least Privilege
http://www.securityfocus.com/archive/88/442279

3. free backgammon
http://www.securityfocus.com/archive/88/442167

4. SecurityFocus Microsoft Newsletter #302
http://www.securityfocus.com/archive/88/442049

5. username change best practices...
http://www.securityfocus.com/archive/88/441749

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also 
create several opportunities for possible attack if the application is not 
designed with security in mind. Download this SPI Dynamics white paper.

https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CZBn



---------------------------------------------------------------------------
---------------------------------------------------------------------------