SecurityFocus Microsoft Newsletter #305
----------------------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Feed Injection Attack!" - SPI Dynamics White
Paper
Learn the risks associated with Feed Injection of Atom and RSS feeds, including
Cross-Site Scripting, Cross-Site Request Forgery, and Keystroke Logging.
Download *FREE* white paper from SPI Dynamics.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CaO4
------------------------------------------------------------------
I. FRONT AND CENTER
1. Microsoft Office security, part one
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer
Overflow Vulnerability
2. Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer Overflow
Vulnerabilities
3. Microsoft Internet Explorer Multiple COM Object Color Property Denial
of Service Vulnerabilities
4. Microsoft Windows 2000 Multiple COM Object Instantiation Code
Execution Vulnerabilities
5. PHProjekt Content Management Module Multiple Remote File Include
Vulnerabilities
6. Microsoft Internet Explorer TSUserEX.DLL ActiveX Control Memory
Corruption Vulnerability
7. VMware Partition Table Deletion Denial of Service Vulnerability
8. Zen Cart Multiple File Include Vulnerabilities
9. Zen Cart Multiple SQL Injection Vulnerabilities
10. PHProjekt Multiple Remote File Include Vulnerabilities
11. Microsoft Internet Explorer MSOE.DLL Denial Of Service Vulnerability
12. Microsoft Internet Explorer CHTSKDIC.DLL Denial Of Service
Vulnerability
13. Microsoft Internet Explorer IMSKDIC.DLL Denial Of Service
Vulnerability
14. Microsoft Windows PNG File IHDR Block Denial of Service
Vulnerability
15. ImageMagick SGI Image File Remote Heap Buffer Overflow Vulnerability
16. 04WebServer Multiple Vulnerabilities
17. Opera Web Browser IRC Chat Client Remote Denial of Service
Vulnerability
18. RETIRED: Microsoft Windows Help Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #304
2. Licensed Software Audit
3. Workstation Shutdown / Logoff Policy
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Microsoft Office security, part one
By Khushbu Jithra
This article discusses Microsoft Office's OLE Structured Storage and the nature
of recent dropper programs and other exploit agents, in an effort to scrutinize
the workings of some of the recent MS Office exploits. Part two will then
collates some forensic investigation avenues through different MS Office
features. Parts of the article sample different MS Office vulnerabilities to
discuss their nature and the method of exploitation.
http://www.securityfocus.com/infocus/1874
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer
Overflow Vulnerability
BugTraq ID: 19667
Remote: Yes
Date Published: 2006-08-22
Relevant URL: http://www.securityfocus.com/bid/19667
Summary:
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability.
A successful exploit may result in arbitrary code-execution in the context of
the user running the browser.
This issue was introduced with the patches released with Microsoft advisory
MS06-042.
Internet Explorer 6 SP1 running on Microsoft Windows 2000 and Windows XP SP1 is
vulnerable to this issue.
2. Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer Overflow
Vulnerabilities
BugTraq ID: 19651
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19651
Summary:
Alt-N MDaemon POP3 Server is susceptible to multiple remote buffer-overflow
vulnerabilities. The issues are due to the application's failure to properly
bounds-check user-supplied input before copying it to insufficiently sized
memory buffers.
These issues allow remote, unauthenticated attackers to execute arbitrary
machine code in the context of affected servers. This may facilitate the
compromise of affected computers.
MDaemon versions 8 and 9 are reported to be vulnerable; previous versions may
be affected as well.
3. Microsoft Internet Explorer Multiple COM Object Color Property Denial of
Service Vulnerabilities
BugTraq ID: 19640
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19640
Summary:
Microsoft Internet Explorer is prone to multiple denial-of-service
vulnerabilities. The vulnerabilities exists when instantiating COM objects.
The vulnerabilities arise because of the way Internet Explorer tries to
instantiate certain COM objects as ActiveX controls, resulting in
denial-of-service conditions. Remote code execution may be possible, however
this has not been confirmed.
This BID may be related to the issues described in BID 14511 (Microsoft
Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability) and
BID 15061 Microsoft Internet Explorer COM Object Instantiation Variant
Vulnerability). However, these issues affect a different set of COM objects
that were not addressed in the previous BIDs.
4. Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution
Vulnerabilities
BugTraq ID: 19636
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19636
Summary:
Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities
that are related to the instantiation of COM objects. These issues may be
remotely triggered through Internet Explorer.
The vulnerabilities arise because of the way Internet Explorer tries to
instantiate certain COM objects as ActiveX controls, resulting in arbitrary
code execution, but this has not been confirmed. The affected objects are not
likely intended to be instantiated through Internet Explorer.
This BID may be related to the issues discussed in BID 17453 (Microsoft
Internet Explorer COM Object Instantiation Code Execution Vulnerability).
However, these issues affect a different set of COM objects that were not
addressed in previous BIDs.
5. PHProjekt Content Management Module Multiple Remote File Include
Vulnerabilities
BugTraq ID: 19628
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19628
Summary:
Multiple remote file-include vulnerabilities affect the Content Management
module for PHProjekt because the application fails to properly sanitize
user-supplied input before using it in a PHP 'include()' function call.
An attacker may leverage these issues to execute arbitrary server-side script
code on an affected computer with the privileges of the webserver process.
These issues affect version 0.6.1; earlier versions may also be vulnerable.
6. Microsoft Internet Explorer TSUserEX.DLL ActiveX Control Memory Corruption
Vulnerability
BugTraq ID: 19570
Remote: Yes
Date Published: 2006-08-17
Relevant URL: http://www.securityfocus.com/bid/19570
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This
is related to the handling of the tsuserex.dll COM object ActiveX control.
Attackers may exploit this issue via a malicious web page to execute arbitrary
code in the context of the currently logged-in user. Exploitation attempts may
lead to a denial-of-service condition as well. Attackers may also employ HTML
email to carry out an attack.
7. VMware Partition Table Deletion Denial of Service Vulnerability
BugTraq ID: 19551
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19551
Summary:
VMware is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to destroy partition tables on the affected
computer and to deny service to legitimate users.
This issue affects VMware version 5.5.1; other versions may also be vulnerable
for Windows.
8. Zen Cart Multiple File Include Vulnerabilities
BugTraq ID: 19543
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19543
Summary:
Zen Cart is prone to multiple remote and local file-include vulnerabilities
because it fails to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote and local
files containing malicious PHP code and execute it in the context of the
webserver process. This may allow the attacker to compromise the application
and the underlying system; other attacks are also possible.
These issues affect version 1.3.0.2 and prior; other versions may also be
vulnerable.
9. Zen Cart Multiple SQL Injection Vulnerabilities
BugTraq ID: 19542
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19542
Summary:
Zen Cart is prone to multiple SQL-injection vulnerabilities because it fails to
properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
These issues affect version 1.3.0.2; earlier versions may also be vulnerable.
10. PHProjekt Multiple Remote File Include Vulnerabilities
BugTraq ID: 19541
Remote: Yes
Date Published: 2006-08-16
Relevant URL: http://www.securityfocus.com/bid/19541
Summary:
Multiple remote file-include vulnerabilities affect PHProjekt because the
application fails to properly sanitize user-supplied input before using it in a
PHP 'include()' function call.
An attacker may leverage these issues to execute arbitrary server-side script
code on an affected computer with the privileges of the webserver process.
Version 5.1 of PHProjekt is vulnerable to this issue; previous versions may be
affected as well.
11. Microsoft Internet Explorer MSOE.DLL Denial Of Service Vulnerability
BugTraq ID: 19530
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19530
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue occurs because the application fails to load a DLL library when
instantiated as an ActiveX control.
An attacker may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users, and may cause arbitrary code to run within
the context of the application.
12. Microsoft Internet Explorer CHTSKDIC.DLL Denial Of Service Vulnerability
BugTraq ID: 19529
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19529
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability
because the application fails to load a DLL library when instantiated as an
ActiveX control.
An attacker may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users and may cause arbitrary code to run within
the context of the user running the application.
13. Microsoft Internet Explorer IMSKDIC.DLL Denial Of Service Vulnerability
BugTraq ID: 19521
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19521
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue occurs because the application fails to load a DLL library when
instantiated as an ActiveX control.
An attacker may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users and may cause arbitrary code to run within
the context of the application.
14. Microsoft Windows PNG File IHDR Block Denial of Service Vulnerability
BugTraq ID: 19520
Remote: Yes
Date Published: 2006-08-15
Relevant URL: http://www.securityfocus.com/bid/19520
Summary:
Microsoft Windows is reportedly prone to a remote denial-of-service
vulnerability because the PNG-rendering portion of the operating system fails
to handle malicious PNG (Portable Network Graphics) files.
This issue may cause Windows Explorer to consume excessive resources and crash,
denying service to legitimate users.
15. ImageMagick SGI Image File Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 19507
Remote: Yes
Date Published: 2006-08-14
Relevant URL: http://www.securityfocus.com/bid/19507
Summary:
ImageMagick is prone to a remote heap buffer-overflow vulnerability because the
application fails to properly bounds-check user-supplied input before copying
it to an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of
applications that use the ImageMagick library.
ImageMagick versions in the 6.x series, up to version 6.2.8, are vulnerable to
this issue.
16. 04WebServer Multiple Vulnerabilities
BugTraq ID: 19496
Remote: Yes
Date Published: 2006-08-14
Relevant URL: http://www.securityfocus.com/bid/19496
Summary:
Multiple remote vulnerabilities affect 04WebServer. Some issues are due to the
application's failure to properly sanitize user-supplied input.
An attacker may leverage these issues to carry out cross-site scripting attacks
and bypass certain security checks.
04WebServer 1.83 and prior versions are vulnerable.
17. Opera Web Browser IRC Chat Client Remote Denial of Service Vulnerability
BugTraq ID: 19491
Remote: Yes
Date Published: 2006-08-14
Relevant URL: http://www.securityfocus.com/bid/19491
Summary:
Opera Web Browser IRC chat client is prone to a remote denial-of-service
vulnerability.
A successful attack can allow the attacker to trigger a crash in the client and
deny service to legitimate users.
This issue affects Opera Web Browser 9. Other versions may be vulnerable as
well.
18. RETIRED: Microsoft Windows Help Multiple Remote Vulnerabilities
BugTraq ID: 19490
Remote: Yes
Date Published: 2006-08-12
Relevant URL: http://www.securityfocus.com/bid/19490
Summary:
The Microsoft Windows Help File viewer (winhlp32.exe) is prone to multiple
remote vulnerabilities.
These vulnerabilities present themselves when the application handles specially
crafted Windows Help (.hlp) files.
A successful attack may let the attacker crash the application or execute
arbitrary code in the context of a vulnerable user who opens a malicious file.
Specific information regarding affected versions of Microsoft Windows is
currently unavailable.
Update: Since help files can inherently execute arbitrary malicious code, this
BID is being retired.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #304
http://www.securityfocus.com/archive/88/443459
2. Licensed Software Audit
http://www.securityfocus.com/archive/88/443369
3. Workstation Shutdown / Logoff Policy
http://www.securityfocus.com/archive/88/443340
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Feed Injection Attack!" - SPI Dynamics White
Paper
Learn the risks associated with Feed Injection of Atom and RSS feeds, including
Cross-Site Scripting, Cross-Site Request Forgery, and Keystroke Logging.
Download *FREE* white paper from SPI Dynamics.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000CaO4
---------------------------------------------------------------------------
---------------------------------------------------------------------------
