SecurityFocus Microsoft Newsletter #309
----------------------------------------
This issue is Sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience. Using
interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------
I. FRONT AND CENTER
1. Liar, Liar, and pretexting
2. Beginner's guide to wireless auditing
II. MICROSOFT VULNERABILITY SUMMARY
1. NewsGator FeedDemon Active Script Code-Execution Vulnerability
2. Microsoft Internet Explorer Vector Markup Language Buffer Overflow
Vulnerability
3. MailEnable SMTP SPF Remote Denial of Service Vulnerability
4. Ipswitch WS_FTP Server XCRC XSHA1 and XMD5 Commands Buffer Overflow
Vulnerabilities
5. Microsoft PowerPoint Remote Code Execution Vulnerability
6. Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer
Overflow Vulnerability
7. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer
Overflow Variant Vulnerability
8. Adobe ColdFusion Flash Remoting Gateway Denial of Service
Vulnerability
9. Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
10. CCHost Index.PHP SQL Injection Vulnerability
11. IBM Lotus Domino Web Access Session Hijacking Vulnerability
12. Paul Smith Computer Services VCAP Calendar Server Remote Denial of
Service Vulnerability
13. Paul Smith Computer Services VCAP Calendar Server Directory
Traversal Vulnerability
14. Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
15. CMS.R. Index.PHP SQL Injection Vulnerability
16. RETIRED: Invision Power Board Index.PHP ST Parameter SQL Injection
Vulnerability
17. Microsoft Indexing Service Query Validation Cross-Site Scripting
Vulnerability
18. Microsoft PGM Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Storing Images in SQL Server (2005)
2. SecurityFocus Microsoft Newsletter #308
3. Terminal Servers @ Datacenter
4. Question about Sniffer in Windows
5. windump on browsing of shared folders across vpn in winxp
6. Don't Get Too Comfortable - Sept. '06 Patches
7. IP address assignment problem
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Liar, Liar, and pretexting
By Mark Rasch
Mark Rasch details the legality of pretexting by putting it in context with how
it used, comparing it with legal forms of lying, and by looking at previous
court cases involving pretexting in the United States. Hewlett Packard's use of
pretexting also brings up potential charges of criminal fraud, violations of
consumer protection laws, issues of deception, and the use of spyware. Together
these issues make for a very interesting legal situation at HP.
http://www.securityfocus.com/columnists/417
2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless device
drivers, starting with how to build an auditing environment, how to construct
fuzzing tools and finally, how to interpret the results. This auditing
environment can be used for WiFi as well as Bluetooth and infrared devices.
http://www.securityfocus.com/infocus/1877
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. NewsGator FeedDemon Active Script Code-Execution Vulnerability
BugTraq ID: 20114
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20114
Summary:
NewsGator FeedDemon is prone to an active script code-execution vulnerability
because it fails to sufficiently sanitize Atom feed data prior to rendering the
feed.
Successful exploits may result in active scripting content being executed in
the context of the application. The 'Internet Zone' is utilized by the
application to render the remote HTML content, lessening the impact of this
issue.
2. Microsoft Internet Explorer Vector Markup Language Buffer Overflow
Vulnerability
BugTraq ID: 20096
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20096
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability.
The vulnerability arises because of an error in the processing of Vector Markup
Language documents.
An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. The method by which this vulnerability is
currently being exploited will typically terminate Internet Explorer.
This vulnerability is currently being exploited in the wild as Trojan.Vimalov.
This vulnerability affects Internet Explorer version 6.0 on a fully patched
system. Previous versions may also be affected.
3. MailEnable SMTP SPF Remote Denial of Service Vulnerability
BugTraq ID: 20091
Remote: Yes
Date Published: 2006-09-18
Relevant URL: http://www.securityfocus.com/bid/20091
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.
This issue allows remote attackers to crash the application, denying further
service to legitimate users.
4. Ipswitch WS_FTP Server XCRC XSHA1 and XMD5 Commands Buffer Overflow
Vulnerabilities
BugTraq ID: 20076
Remote: Yes
Date Published: 2006-09-14
Relevant URL: http://www.securityfocus.com/bid/20076
Summary:
Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities.
Updates are available.
A successful exploit may lead to remote arbitrary code execution with
administrative privileges, facilitating the complete compromise of affected
computers.
Ipswitch WS_FTP Server 5.05 is vulnerable to this issue; other versions may
also be affected.
5. Microsoft PowerPoint Remote Code Execution Vulnerability
BugTraq ID: 20059
Remote: Yes
Date Published: 2006-09-16
Relevant URL: http://www.securityfocus.com/bid/20059
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
This issue can allow remote attackers to execute arbitrary code on a vulnerable
computer by supplying a malicious PowerPoint document to a user. This issue is
being actively exploited in the wild as Trojan.PPDropper.E.
This issue is currently known to affect only Office 2000 (Chinese version only)
on Windows XP (Chinese edition).
6. Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow
Vulnerability
BugTraq ID: 20047
Remote: Yes
Date Published: 2006-09-13
Relevant URL: http://www.securityfocus.com/bid/20047
Summary:
Microsoft Internet Explorer is prone to a heap buffer-overflow vulnerability.
The vulnerability arises because of the way Internet Explorer tries to
instantiate certain COM objects as ActiveX controls.
An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. Failed exploit attempts will result in a
denial-of-service condition.
This issue is similar to, but separate from, the one described in BID 19738
(Microsoft Internet Explorer Daxctle.OCX Spline Method Heap Buffer Overflow
Vulnerability).
7. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer
Overflow Variant Vulnerability
BugTraq ID: 19987
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19987
Summary:
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability.
A successful exploit may result in arbitrary code-execution in the context of
the user running the browser.
This issue was introduced with the rereleased patches of Microsoft advisory
MS06-042.
This issue is nearly identical to that discussed in BID 19667 (Microsoft
Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow
Vulnerability), but is a separate vulnerability.
8. Adobe ColdFusion Flash Remoting Gateway Denial of Service Vulnerability
BugTraq ID: 19984
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19984
Summary:
Adobe ColdFusion is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected application, denying
service to legitimate users.
9. Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 19980
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19980
Summary:
Adobe Flash Player is prone to multiple remote code-execution vulnerabilities
because it fails to properly sanitize user-supplied input.
An attacker could exploit this issue by creating a media file containing large,
dynamically generated string data and submitting it to be processed by the
media player.
These issues allow remote attackers to execute arbitrary machine code in the
context of the user running the application. Other attacks are also possible.
Adobe Flash Player 8.0.24.0 and prior, Adobe Flash Professional 8, Flash Basic,
Adobe Flash MX, and 2004Adobe Flex 1.5 are affected.
10. CCHost Index.PHP SQL Injection Vulnerability
BugTraq ID: 19978
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19978
Summary:
ccHost is prone to an SQL-injection vulnerability because it fails to properly
sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
11. IBM Lotus Domino Web Access Session Hijacking Vulnerability
BugTraq ID: 19966
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19966
Summary:
IBM Lotus Domino Web Access is prone to a session-hijacking vulnerability.
An attacker can exploit this issue to authenticate to the application as any
user provided that the user's authentication credentials are still on the
server. This may lead to other attacks.
Version 7.0.1 is vulnerable to this issue; other versions may also be affected.
12. Paul Smith Computer Services VCAP Calendar Server Remote Denial of Service
Vulnerability
BugTraq ID: 19959
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19959
Summary:
vCAP Calendar Server is prone to a remote denial-of-service vulnerability. This
issue is due to a design error.
An attacker can exploit this issue to crash the application, effectively
denying service.
vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this
issue.
13. Paul Smith Computer Services VCAP Calendar Server Directory Traversal
Vulnerability
BugTraq ID: 19958
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19958
Summary:
vCAP Calendar Server is prone to a directory-traversal vulnerability because it
fails to properly sanitize user-supplied input.
An attacker can exploit this vulnerability to retrieve arbitrary files from the
vulnerable system in the context of the affected application. Information
obtained may aid in further attacks.
vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this
issue.
14. Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
BugTraq ID: 19951
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19951
Summary:
Microsoft Publisher is prone to a code-execution vulnerability. This is due to
a flaw when handling malformed PUB files.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
15. CMS.R. Index.PHP SQL Injection Vulnerability
BugTraq ID: 19950
Remote: Yes
Date Published: 2006-09-11
Relevant URL: http://www.securityfocus.com/bid/19950
Summary:
CMS.R. is prone to an SQL-injection vulnerability because it fails to properly
sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
16. RETIRED: Invision Power Board Index.PHP ST Parameter SQL Injection
Vulnerability
BugTraq ID: 19946
Remote: Yes
Date Published: 2006-09-11
Relevant URL: http://www.securityfocus.com/bid/19946
Summary:
Invision Power Board is prone to an SQL-injection vulnerability because the
application fails to properly sanitize user-supplied input before using it in
an SQL query.
A successful exploit could allow an attacker to compromise the application,
access or modify data, or exploit vulnerabilities in the underlying database
implementation.
Update: The vendor states that this is not a vulnerability, because the
affected parameter is passed through PHP's 'intval' prior to its use. This BID
is therefore being retired.
17. Microsoft Indexing Service Query Validation Cross-Site Scripting
Vulnerability
BugTraq ID: 19927
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19927
Summary:
Microsoft Indexing Service is prone to a cross-site scripting vulnerability
because the application fails to properly sanitize user-supplied input before
it is rendered to other users.
An attacker may leverage this issue to have arbitrary script code execute in
the browser of an unsuspecting user, in the context of the victim's session.
This could allow the attacker to perform actions on behalf of the victim, such
as spoofing content or hijacking their session.
Microsoft Indexing Service is not installed or enabled by default. Even if
installed, it is not accessible from Internet Information Services (IIS). This
vulnerability affects only systems that have IIS and Indexing Service installed
and that have the Indexing Service configured to be accessible from IIS through
a web-based interface.
18. Microsoft PGM Remote Buffer Overflow Vulnerability
BugTraq ID: 19922
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19922
Summary:
Microsoft Pragmatic General Multicast (PGM) is prone to a remote
buffer-overflow vulnerability because the application fails to properly
bounds-check externally supplied data.
An attacker can exploit this issue to execute arbitrary code, facilitating a
complete system compromise.
This issue affects systems only when Microsoft Message Queuing (MSMQ) 3.0 is
installed; this is not the default.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Storing Images in SQL Server (2005)
http://www.securityfocus.com/archive/88/446413
2. SecurityFocus Microsoft Newsletter #308
http://www.securityfocus.com/archive/88/446218
3. Terminal Servers @ Datacenter
http://www.securityfocus.com/archive/88/446210
4. Question about Sniffer in Windows
http://www.securityfocus.com/archive/88/446136
5. windump on browsing of shared folders across vpn in winxp
http://www.securityfocus.com/archive/88/446048
6. Don't Get Too Comfortable - Sept. '06 Patches
http://www.securityfocus.com/archive/88/445921
7. IP address assignment problem
http://www.securityfocus.com/archive/88/444349
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience. Using
interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
