SecurityFocus Microsoft Newsletter #307
----------------------------------------
This Issue is Sponsored By: Qualys
Free One-Time PCI Scan
Qualys PCI compliance solution - starting at $495 per year. Qualys' solution
enables online merchants and service providers to self certify for the Payment
Card Industy (PCI) Data Security Standard. Get a Free PCI Report on one
External Facing IP.
http://newsletter.industrybrains.com/c?fe;1;5e792;ddf3;264;1e60;da4
------------------------------------------------------------------
I. FRONT AND CENTER
1. Disclosure survey
2. Microsoft Office security, part two
II. MICROSOFT VULNERABILITY SUMMARY
1. J River Media Center Mediacenter.EXE Buffer Overflow Vulnerability
2. Easy Address Book Web Server Remote Format String Vulnerability
3. Alt-N MDaemon WebAdmin Component Unauthorized Access Vulnerability
4. Microsoft Word 2000 Unspecified Remote Code Execution Vulnerability
5. Internet Security Systems BlackICE Local Denial of Service
Vulnerability
6. LibTIFF TIFFFindFieldInfo Remote Buffer Overflow Vulnerability
7. Lyris ListManager Unauthorized Administrative User Addition
Vulnerability
8. Microsoft Internet Explorer COM Object Instantiation Daxctle.OCX Heap
Buffer Overflow vulnerability.
9. Cybozu Garoon Multiple SQL Injection Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Disabling syskey on XP pro
2. FW: MST transforms templates from sec persepctive?
3. Fwd: Whole disk encryption
4. SecurityFocus Microsoft Newsletter #306
5. Workstation Shutdown / Logoff Policy
6. Account Control: Running Windows Vista with Least Privilege
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Disclosure survey
By Federico Biancuzzi
Federico Biancuzzi surveys statements from some of the world's largest software
companies about vulnerability disclosure, interviews two security companies who
pay for vulnerabilities, and then talks with three prominent, independent
researchers about their thoughts on choosing a responsible disclosure process.
In three parts.
http://www.securityfocus.com/columnists/415
2. Microsoft Office security, part two
By Khushbu Jithra
This article discusses Microsoft Office's OLE Structured Storage and the nature
of recent dropper programs and other exploit agents, in an effort to scrutinize
the workings of some of the recent MS Office exploits. Part two will then
collates some forensic investigation avenues through different MS Office
features. Parts of the article sample different MS Office vulnerabilities to
discuss their nature and the method of exploitation.
http://www.securityfocus.com/infocus/1874
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. J River Media Center Mediacenter.EXE Buffer Overflow Vulnerability
BugTraq ID: 19853
Remote: Yes
Date Published: 2006-09-05
Relevant URL: http://www.securityfocus.com/bid/19853
Summary:
Media Center and various Media Center plugins are prone to a buffer-overflow
vulnerability.
This issue occurs because the application does not bounds check data before
copying it into a finite-sized buffer.
This issue allows remote attackers to cause the application to crash, denying
service to the legitimate user. Arbitrary code execution may be possible; this
has not been confirmed.
Version 11.0.309 is vulnerable to this issue; other versions may also be
affected.
2. Easy Address Book Web Server Remote Format String Vulnerability
BugTraq ID: 19842
Remote: Yes
Date Published: 2006-09-04
Relevant URL: http://www.securityfocus.com/bid/19842
Summary:
Easy Address Book Web Server is susceptible to a remote format-string
vulnerability. This issue is due to a failure of the application to properly
sanitize user-supplied data prior to including it in the format-specifier
argument to a formatted-printing function.
This issue allows remote attackers to execute arbitrary machine code in the
context of the affected server process, facilitating the complete compromise of
affected computers. Failed exploit attempts likely result in crashing the
service.
Easy Address Book Web Server version 1.2 is vulnerable to this issue; other
versions may also be affected.
3. Alt-N MDaemon WebAdmin Component Unauthorized Access Vulnerability
BugTraq ID: 19841
Remote: Yes
Date Published: 2006-09-04
Relevant URL: http://www.securityfocus.com/bid/19841
Summary:
MDaemon WebAdmin component is prone to an unauthorized access vulnerability.
A successful exploit would allow an attacker to gain access to the MDaemon
account and potentially gain sensitive information; other attacks are also
possible.
Versions prior to 3.2.6 are vulnerable to this issue.
4. Microsoft Word 2000 Unspecified Remote Code Execution Vulnerability
BugTraq ID: 19835
Remote: Yes
Date Published: 2006-09-02
Relevant URL: http://www.securityfocus.com/bid/19835
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
Reports indicate that this issue can allow remote attackers to execute
arbitrary code on a vulnerable computer by supplying a malicious Word document
to a user. This issue is being actively exploited in the wild as
Trojan.MDropper.Q.
This issue is currently only known to affected Microsoft Office 2000 running on
Microsoft Windows 2000 computers.
This BID will be updated as further analysis is completed.
5. Internet Security Systems BlackICE Local Denial of Service Vulnerability
BugTraq ID: 19800
Remote: No
Date Published: 2006-09-01
Relevant URL: http://www.securityfocus.com/bid/19800
Summary:
Internet Security Systems (ISS) BlackICE PC Protection is prone to a local
denial-of-service vulnerability because the application fails to properly
sanitize user-supplied input.
This vulnerability allows local attackers to crash affected systems,
facilitating a denial-of-service condition on the local computer. Remote code
execution may also be possible if the vulnerability is exploited in privileged
kernel mode.
Versions 3.6.cpn, 3.6.cpj, and 3.6.cpiE are vulnerable to this issue; other
versions may also be affected.
6. LibTIFF TIFFFindFieldInfo Remote Buffer Overflow Vulnerability
BugTraq ID: 19793
Remote: Yes
Date Published: 2006-08-31
Relevant URL: http://www.securityfocus.com/bid/19793
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because the library fails
to do proper boundary checks before copying user-supplied data into a
finite-sized buffer.
This issue allows remote attackers to execute arbitrary machine code in the
context of appications using the affected library. Failed exploit attempts will
likely crash the application, denying service to legitimate users.
This issue is known to affect versions of LibTIFF included with Sony PSP
devices running firmware versions 2.0 through 2.8.
Specific information regarding affected versions of LibTIFF is currently
unavailable. This BID will be updated as more information is disclosed.
7. Lyris ListManager Unauthorized Administrative User Addition Vulnerability
BugTraq ID: 19784
Remote: Yes
Date Published: 2006-08-30
Relevant URL: http://www.securityfocus.com/bid/19784
Summary:
Lyris ListManager is prone to a design flaw that facilitates the addition of an
unauthorized administrative user. The issue derives from the use of hidden form
fields in the 'add administrator' form.
Attackers with administrative privileges to a Lyris list may exploit this
vulnerability to add administrative users to arbitrary lists hosted on the same
server. For example, an administrator for List-A can maliciously modify hidden
form fields when conventionally adding an administrative user, causing that
user to be added as an administrator to List-B.
Version 8.95 is vulnerable; other versions may also be affected.
8. Microsoft Internet Explorer COM Object Instantiation Daxctle.OCX Heap Buffer
Overflow vulnerability.
BugTraq ID: 19738
Remote: Yes
Date Published: 2006-08-28
Relevant URL: http://www.securityfocus.com/bid/19738
Summary:
Microsoft Internet Explorer is prone to a heap buffer-overflow vulnerability..
The vulnerability arises because of the way Internet Explorer tries to
instantiate certain COM objects as ActiveX controls.
An attacker can exploit this issue to execute arbitrary code within context of
the affected application. Failed exploit attempts will result in a
denial-of-service condition.
9. Cybozu Garoon Multiple SQL Injection Vulnerabilities
BugTraq ID: 19731
Remote: Yes
Date Published: 2006-08-28
Relevant URL: http://www.securityfocus.com/bid/19731
Summary:
Cybozu Garoon is prone to multiple SQL-injection vulnerabilities because it
fails to properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the application,
access or modify data, exploit vulnerabilities in the underlying database
implementation, or gain administrative access to the application.
These issues affect versions prior to 2.1.1.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Disabling syskey on XP pro
http://www.securityfocus.com/archive/88/445136
2. FW: MST transforms templates from sec persepctive?
http://www.securityfocus.com/archive/88/445134
3. Fwd: Whole disk encryption
http://www.securityfocus.com/archive/88/444818
4. SecurityFocus Microsoft Newsletter #306
http://www.securityfocus.com/archive/88/444702
5. Workstation Shutdown / Logoff Policy
http://www.securityfocus.com/archive/88/443340
6. Account Control: Running Windows Vista with Least Privilege
http://www.securityfocus.com/archive/88/442279
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Qualys
Free One-Time PCI Scan
Qualys PCI compliance solution - starting at $495 per year. Qualys' solution
enables online merchants and service providers to self certify for the Payment
Card Industy (PCI) Data Security Standard. Get a Free PCI Report on one
External Facing IP.
http://newsletter.industrybrains.com/c?fe;1;5e792;ddf3;264;1e60;da4
---------------------------------------------------------------------------
---------------------------------------------------------------------------
