SecurityFocus Microsoft Newsletter #313

Wed, 18 Oct 2006 09:47:08 -0700 

SecurityFocus Microsoft Newsletter #313
----------------------------------------

This Issue is Sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. ModSecurity 2.0 with Ivan Ristic
       2. Hacking Web 2.0 Applications with Firefox
II.  MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow Vulnerability 
       2. XFire Packet Handling Denial Of Service Vulnerability
3. Internet Security Systems ZWDeleteFile Function Arbitrary File Deletion Vulnerability 4. Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities 
       5. Utimaco Safeguard Encryption Key Information Disclosure Vulnerability
       6. SafeWord RemoteAccess Local Information Disclosure Vulnerability
       7. BulletProof FTP Client Remote Buffer Overflow Vulnerability
8. Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability 9. Toshiba Bluetooth Stack Unspecified Remote Memory Corruption Vulnerability 10. Novell BorderManager IPSec/IKE Remote Denial Of Service Vulnerability 11. OpenSSH-Portable Existing Password Remote Information Disclosure Weakness 
       12. Microsoft Word Mac Remote Code Execution Vulnerability
13. Microsoft Office Malformed Record Remote Code Execution Vulnerability 14. Microsoft Office Malformed Chart Record Remote Code Execution Vulnerability 15. Microsoft Office Improper Memory Access Remote Code Execution Vulnerability 
       16. Microsoft Windows SMB Rename Remote Denial of Service Vulnerability
       17. Microsoft Word Mail Merge Remote Code Execution Vulnerability
18. Microsoft Excel Lotus 1-2-3 File Handling Remote Code Execution Vulnerability 
       19. Microsoft Word Malformed String Remote Code Execution Vulnerability
       20. Microsoft XML Core Services Information Disclosure Vulnerability
21. Microsoft Windows XML Core Services XSLT Buffer Overrun Vulnerability 22. Microsoft ASP.NET AutoPostBack Variable Cross-Site Scripting Vulnerability 23. Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability 
       24. Microsoft PowerPoint Data Record Remote Code Execution Vulnerability
       25. Microsoft Office Smart Tag Remote Code Execution Vulnerability
26. Microsoft Windows Object Packager Remote Code Execution Vulnerability 27. Microsoft PowerPoint Object Pointer Remote Code Execution Vulnerability 
III. MICROSOFT FOCUS LIST SUMMARY
1. Hacker Defender v0.84-1.0.0 backdoor -wath Vulnerabiliti it uses to get in 
       2. Log Parser queries
       3. Set dialup password from cmdline
       4. SecurityFocus Microsoft Newsletter #312
       5. security implications of disabling WMI service
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. ModSecurity 2.0 with Ivan Ristic
By Federico Biancuzzi
ModSecurity is an open source web application firewall that runs as an Apache module, and version 2.0 offers many new features and improvements. Federico Biancuzzi interviewed Ivan Ristic to discuss the new logging system, events tracking and correlation, filtering AJAX or AFLAX applications, and just-in-time patching for closed source applications. 
http://www.securityfocus.com/columnists/418

2. Hacking Web 2.0 Applications with Firefox
By Shreeraj Shah
This article looks at some of the methods, tools and tricks to dissect web 2.0 applications (including Ajax) and discover security holes using Firefox and its plugins. 
http://www.securityfocus.com/infocus/1879


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow Vulnerability 
BugTraq ID: 20561
Remote: No
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20561
Summary:
Microsoft Class Package Export Tool ('clspack.exe') is prone to a local buffer-overflow vulnerability because the application fails to properly size attacker-supplied data before copying it into an insuficiently sized memory buffer.
Exploiting this issue allows local attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users. 

2. XFire Packet Handling Denial Of Service Vulnerability
BugTraq ID: 20548
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20548
Summary:
Xfire is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected client application, denying service to legitimate users. Remote code execution may also be possible; this has not been confirmed. 

This issue affects version 1.6.4; earlier versions may also be vulnerable.
3. Internet Security Systems ZWDeleteFile Function Arbitrary File Deletion Vulnerability 
BugTraq ID: 20546
Remote: No
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20546
Summary:
Internet Security Systems (ISS) BlackICE PC Protection is prone to a file-deletion vulnerability.
An attacker can exploit this issue to delete arbitrary files within the context of the affected application. This could lead to other attacks.
Versions 3.6.cpu, 3.6.cpj are vulnerable to this issue; other versions may also be affected.
4. Mozilla Bugzilla Multiple Input Validation and Information disclosure Vulnerabilities 
BugTraq ID: 20538
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20538
Summary:
Bugzilla is affected by multiple input-validation and information-disclosure vulnerabilities because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users.
An attacker can leverage these issues to access attachment and deadline information that are marked private or are otherwise protected and to conduct cross-site scripting and HTML-injection attacks. Exploiting these input-validation issues may allow attackers to steal cookie-based authentication credentials and to launch other attacks.
Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these vulnerabilities. 

5. Utimaco Safeguard Encryption Key Information Disclosure Vulnerability
BugTraq ID: 20529
Remote: No
Date Published: 2006-10-13
Relevant URL: http://www.securityfocus.com/bid/20529
Summary:
Utimaco Safeguard Easy is prone to a local information-disclosure vulnerability because it fails to protect sensitive information from unprivileged users.
A local attacker may exploit this issue to obtain encryption keys used by the application. The attacker may then user this information to retrieve further information or to launch other attacks. 

6. SafeWord RemoteAccess Local Information Disclosure Vulnerability
BugTraq ID: 20509
Remote: No
Date Published: 2006-10-13
Relevant URL: http://www.securityfocus.com/bid/20509
Summary:
SafeWord RemoteAccess is prone to an information-disclosure vulnerability because it stores sensitive data with insecure permissions.
A malicious local user could leverage this issue to obtain sensitive information that could aid in attacks against the system. 

Version 2.1 is vulnerable; other versions may also be affected.

7. BulletProof FTP Client Remote Buffer Overflow Vulnerability
BugTraq ID: 20497
Remote: Yes
Date Published: 2006-10-12
Relevant URL: http://www.securityfocus.com/bid/20497
Summary:
BulletProof FTP client is prone to a remote buffer-overflow vulnerability.
The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may gain unauthorized access in the context of the user running the application.
BulletProof FTP 2.45 is reported vulnerable; other versions may be affected as well.
8. Microsoft PowerPoint Unspecified Remote Unspecified Code Execution Vulnerability 
BugTraq ID: 20495
Remote: Yes
Date Published: 2006-10-12
Relevant URL: http://www.securityfocus.com/bid/20495
Summary:
Microsoft PowerPoint is prone to an unspecified remote code-execution vulnerability.
Successfully exploiting this issue allows a remote attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely crash the application.
Due to a lack of information, further details cannot be provided. This BID will be updated when more information becomes available. 

9. Toshiba Bluetooth Stack Unspecified Remote Memory Corruption Vulnerability
BugTraq ID: 20489
Remote: Yes
Date Published: 2006-10-12
Relevant URL: http://www.securityfocus.com/bid/20489
Summary:
Toshiba Bluetooth Stack is prone to an unspecified remote memory-corruption vulnerability.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the kernel running the affected software, facilitating the complete compromise of affected computers. Failed exploit attempts likely result in denial-of-service conditions.
Versions 3 through 4.00.35 of the Toshiba Bluetooth stack are vulnerable to this issue. OEM vendors such as Dell, Sony, ASUS, and potentially others include vulnerable versions of the affected software.
This issue may potentially be related to the one described in BID 18527 (Toshiba Bluetooth Stack TOSRFBD.SYS Remote Denial of Service Vulnerability), but this has not been confirmed. 

10. Novell BorderManager IPSec/IKE Remote Denial Of Service Vulnerability
BugTraq ID: 20428
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20428
Summary:
Novell BorderManager is affected by a remote denial-of-service vulnerability because the application fails to properly handle user-supplied input.
Exploiting this issue will allow an attacker to cause the affected client computer to hang, denying service to legitimate users. 

Novell BorderManager version 3.8 is vulnerable.

11. OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
BugTraq ID: 20418
Remote: Yes
Date Published: 2006-10-09
Relevant URL: http://www.securityfocus.com/bid/20418
Summary:
OpenSSH reportedly contains an information-disclosure weakness. This issue resides in the portable version of OpenSSH, which is distributed for operating systems other than its native OpenBSD platform.
This issue has been confirmed as not deriving from either the Pluggable Authentication Module (PAM) issue disclosed in BID 11781 in 2004, nor the more recent Generic Security Services Application Programming Interface (GSSAPI)-based information leak outlined in BID 20245. Reportedly, it is possible to verify access credentials for users with an existing system password by measuring SSH authentication timing differences.
This weakness allows remote users to test for the existence of valid usernames with a password set. Knowledge of system users with established passwords may aid in further attacks. 

12. Microsoft Word Mac Remote Code Execution Vulnerability
BugTraq ID: 20387
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20387
Summary:
Microsoft Word for Mac is prone to a remote code-execution vulnerability when parsing Word files. Exploiting this vulnerability may allow an attacker to execute arbitrary machine code in the context of the user who opened the file.
An attacker could leverage this issue to gain the permissions of an unsuspecting user. A successful exploit could result in the remote compromise of the affected system. 

13. Microsoft Office Malformed Record Remote Code Execution Vulnerability
BugTraq ID: 20384
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20384
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files.
An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 

14. Microsoft Office Malformed Chart Record Remote Code Execution Vulnerability
BugTraq ID: 20383
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20383
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files.
An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 

15. Microsoft Office Improper Memory Access Remote Code Execution Vulnerability
BugTraq ID: 20382
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20382
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files.
An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 

16. Microsoft Windows SMB Rename Remote Denial of Service Vulnerability
BugTraq ID: 20373
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20373
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because the Server service fails to properly handle network messages.
Exploiting this issue may cause affected computers to crash, denying service to legitimate users. 

To exploit this issue, an attacker must have valid logon credentials.

17. Microsoft Word Mail Merge Remote Code Execution Vulnerability
BugTraq ID: 20358
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20358
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to load a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
18. Microsoft Excel Lotus 1-2-3 File Handling Remote Code Execution Vulnerability 
BugTraq ID: 20345
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20345
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
A remote attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application.
This issue was originally described in BID 18989 and has now been assigned its own BID. 

19. Microsoft Word Malformed String Remote Code Execution Vulnerability
BugTraq ID: 20341
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20341
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to load a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 

20. Microsoft XML Core Services Information Disclosure Vulnerability
BugTraq ID: 20339
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20339
Summary:
Microsoft XML Core Services is prone to an information-disclosure vulnerability. This vulnerability is caused by an error in how the affected component handles server redirects.
An attacker can exploit this vulnerability by enticing a victim user into visiting a malicious web page. 

21. Microsoft Windows XML Core Services XSLT Buffer Overrun Vulnerability
BugTraq ID: 20338
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20338
Summary:
Microsoft Windows is prone to a remotely exploitable buffer-overrun condition in the XSLT implementation of XML core services.
An attacker can exploit this issue to execute arbitrary code on an unsuspecting victim's computer. This may facilitate a remote compromise. 

22. Microsoft ASP.NET AutoPostBack Variable Cross-Site Scripting Vulnerability
BugTraq ID: 20337
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20337
Summary:
Microsoft ASP.NET is prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input before it is rendered in the browser of an unsuspecting user in the context of the affected site.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, with the privileges of the victim userĂ¢??s account. This may help the attacker steal cookie-based authentication credentials, retrieve sensitive information, and launch other attacks.
23. Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability 
BugTraq ID: 20325
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20325
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint (.ppt) document to a user. 

24. Microsoft PowerPoint Data Record Remote Code Execution Vulnerability
BugTraq ID: 20322
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20322
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint (.ppt) document to a user. 

25. Microsoft Office Smart Tag Remote Code Execution Vulnerability
BugTraq ID: 20320
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20320
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when Office attempts to process malformed files.
An attacker could exploit this issue by enticing a victim to load a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 

26. Microsoft Windows Object Packager Remote Code Execution Vulnerability
BugTraq ID: 20318
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20318
Summary:
The Microsoft Windows Object Packager is prone to a remote code-execution vulnerability. This issue is due to how the affected component handles file extensions.
This vulnerability could let an attacker spoof dialogues, enticing a victim into installing a file that has been misrepresented. A successful attack that exploits this vulnerability could result in execution of arbitrary code. An exploit could completely compromise the affected computer. 

27. Microsoft PowerPoint Object Pointer Remote Code Execution Vulnerability
BugTraq ID: 20304
Remote: Yes
Date Published: 2006-10-10
Relevant URL: http://www.securityfocus.com/bid/20304
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
Exploiting this issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint (.ppt) document to a user. 

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Hacker Defender v0.84-1.0.0 backdoor -wath Vulnerabiliti it uses to get in
http://www.securityfocus.com/archive/88/448826

2. Log Parser queries
http://www.securityfocus.com/archive/88/448519

3. Set dialup password from cmdline
http://www.securityfocus.com/archive/88/448518

4. SecurityFocus Microsoft Newsletter #312
http://www.securityfocus.com/archive/88/448358

5. security implications of disabling WMI service
http://www.securityfocus.com/archive/88/448141

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. 

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. 

http://www.msia.norwich.edu/secfocus



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to