SecurityFocus Microsoft Newsletter #314
----------------------------------------
This Issue is Sponsored by: Lancope
"Revolutionize the way you view your network security"
How do you protect what you can't see? Stop protecting while blind. Gain
network visibility now. Learn how Cisco NetFlow gives visibility and enables
cost-effective security across distributed enterprise networks. StealthWatch,
the veteran Network Behavior Analysis (NBA) and Response solution, leverages
Cisco NetFlow to provide scalable, internal network security.
ALERT: Download FREE White Paper "Network Behavior Analysis (NBA) in the
Enterprise."
http://www.lancope.com/resource/
------------------------------------------------------------------
I. FRONT AND CENTER
1. Viruses, Phishing, and Trojans For Profit
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer ADODB.Connection Execute Denial of
Service Vulnerability
2. QK SMTP Remote Buffer Overflow Vulnerability
3. RETIRED: Microsoft Windows CMD.EXE Buffer Overflow Vulnerability
4. Kaspersky Labs Anti-Virus NDIS-TDI Hooking Engine Local Privilege
Escalation Vulnerability
5. Drupal Multiple HTML-Injection Vulnerabilities
6. JustSystem Ichitaro Unspecified Buffer Overflow Vulnerability
7. Airmagnet Enterprise Management Multiple Vulnerabilities
8. PassGo Defender Local Insecure Default Directory Permissions
Vulnerability
9. RETIRED: Adobe Flash Player Plugin Multiple HTTP Response Splitting
Vulnerabilities
10. Microsoft Class Package Export Tool Clspack.exe Local Buffer
Overflow Vulnerability
11. XFire Packet Handling Denial Of Service Vulnerability
12. Internet Security Systems ZWDeleteFile Function Arbitrary File
Deletion Vulnerability
13. Mozilla Bugzilla Multiple Input Validation and Information
disclosure Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #313
2. Hacker Defender v0.84-1.0.0 backdoor -wath Vulnerabiliti it uses to
get in
3. Set dialup password from cmdline
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Viruses, Phishing, and Trojans For Profit
By Kelly Martin
Following the 2006 International Virus Bulletin Conference, Kelly Martin takes
a look at the profit motives of the cyber criminals behind modern viruses,
targeted trojans, phishing scams and botnet attacks that are stealing millions
from organizations and individuals.
http://www.securityfocus.com/columnists/419
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer ADODB.Connection Execute Denial of Service
Vulnerability
BugTraq ID: 20704
Remote: Yes
Date Published: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20704
Summary:
Microsoft Internet Explorer is prone to a denial-of-service condition when
processing a specific method from the 'ADODB.Connection.2.7' instantiated
ActiveX Object.
Successful exploits may allow attackers to crash the application, denying
further service to users.
2. QK SMTP Remote Buffer Overflow Vulnerability
BugTraq ID: 20681
Remote: Yes
Date Published: 2006-10-23
Relevant URL: http://www.securityfocus.com/bid/20681
Summary:
QK SMTP is prone to a remote buffer-overflow vulnerability because the
application fails to bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context of
the affected application. This may facilitate a remote-compromise of affected
computers. Failed exploit attempts will likely crash the server, effectively
denying service to legitimate users.
QK SMTP 3.01 and prior versions are vulnerable to this issue.
3. RETIRED: Microsoft Windows CMD.EXE Buffer Overflow Vulnerability
BugTraq ID: 20652
Remote: No
Date Published: 2006-10-20
Relevant URL: http://www.securityfocus.com/bid/20652
Summary:
Microsoft Windows is prone to a buffer-overflow vulnerability because the
software fails to bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
An attacker can exploit this issue to crash the affected application, denying
service to legitimate users. Arbitrary code execution may be possible, but this
has not been confirmed.
This issue affects Microsoft Windows XP SP2.
Note: Further analysis reveals that this is not a vulnerability; this BID is
now retired.
4. Kaspersky Labs Anti-Virus NDIS-TDI Hooking Engine Local Privilege Escalation
Vulnerability
BugTraq ID: 20635
Remote: No
Date Published: 2006-10-19
Relevant URL: http://www.securityfocus.com/bid/20635
Summary:
Kaspersky Labs Anti-Virus is prone to a local privilege-escalation
vulnerability.
A local attacker can exploit this issue to execute arbitrary code with
SYSTEM-level privileges. This may facilitate a complete compromise of the
affected computer.
5. Drupal Multiple HTML-Injection Vulnerabilities
BugTraq ID: 20628
Remote: Yes
Date Published: 2006-10-19
Relevant URL: http://www.securityfocus.com/bid/20628
Summary:
Drupal is prone to multiple HTML-injection vulnerabilities because it fails to
sufficiently sanitize user-supplied input data before using it in dynamically
generated content.
An attacker may leverage these issues to have arbitrary script code execute in
the browser of an unsuspecting user in the context of the affected site. This
may allow an attacker to steal cookie-based authentication credentials, control
how the site is rendered, and launch other attacks.
6. JustSystem Ichitaro Unspecified Buffer Overflow Vulnerability
BugTraq ID: 20610
Remote: Yes
Date Published: 2006-10-18
Relevant URL: http://www.securityfocus.com/bid/20610
Summary:
Ichitaro is prone to an unspecified buffer-overflow vulnerability.
Remote attackers may exploit this issue to execute arbitrary code within the
context of the affected system or to cause a denial of service.
Very little information is available on this issue. This BID will be updated
when more information becomes available.
This vulnerability may be related to BID 19550 (Ichitaro Unicode Stack Stack
Buffer Overflow Vulnerability).
7. Airmagnet Enterprise Management Multiple Vulnerabilities
BugTraq ID: 20602
Remote: Yes
Date Published: 2006-10-18
Relevant URL: http://www.securityfocus.com/bid/20602
Summary:
Airmagnet enterprise management is prone to multiple vulnerabilities, including
multiple HTML-injection issues, a cross-site scripting vulnerability, and a
man-in-the-middle attack.
An attacker can exploit these issues to retrieve sensitive information and to
execute HTML and script code in the context of the affected site. The attacker
may also be able to steal cookie-based authentication credentials or to control
how the site is rendered to the user; other attacks are also possible.
8. PassGo Defender Local Insecure Default Directory Permissions Vulnerability
BugTraq ID: 20600
Remote: No
Date Published: 2006-10-18
Relevant URL: http://www.securityfocus.com/bid/20600
Summary:
PassGo Defender's default settings allow local users to access the application
directory and to read or modify the contents.
An attacker could exploit this issue to access and modify files stored in the
application directory. This may aid in further attacks.
Version 5.2 is vulnerable; other versions may also be affected.
9. RETIRED: Adobe Flash Player Plugin Multiple HTTP Response Splitting
Vulnerabilities
BugTraq ID: 20593
Remote: Yes
Date Published: 2006-10-17
Relevant URL: http://www.securityfocus.com/bid/20593
Summary:
The Adobe Flash Player Plugin is prone to multiple HTTP response-splitting
vulnerabilities because the application fails to properly sanitize
user-supplied input.
A remote attacker may exploit these vulnerabilities to influence or
misrepresent how web content is served, cached, or interpreted. This could aid
in various attacks that attempt to entice client users into a false sense of
trust.
Adobe Flash Player Plugin version 9.0.16 for Windows and version 7.0.63 for
Linux are vulnerable; other versions may also be affected.
This BID has been retired.
10. Microsoft Class Package Export Tool Clspack.exe Local Buffer Overflow
Vulnerability
BugTraq ID: 20561
Remote: No
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20561
Summary:
Microsoft Class Package Export Tool ('clspack.exe') is prone to a local
buffer-overflow vulnerability because the application fails to properly size
attacker-supplied data before copying it into an insuficiently sized memory
buffer.
Exploiting this issue allows local attackers to execute arbitrary machine code
in the context of the user running the application. Failed exploit attempts
will likely crash the application, denying service to legitimate users.
11. XFire Packet Handling Denial Of Service Vulnerability
BugTraq ID: 20548
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20548
Summary:
Xfire is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to crash the affected client application,
denying service to legitimate users. Remote code execution may also be
possible; this has not been confirmed.
This issue affects version 1.6.4; earlier versions may also be vulnerable.
12. Internet Security Systems ZWDeleteFile Function Arbitrary File Deletion
Vulnerability
BugTraq ID: 20546
Remote: No
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20546
Summary:
Internet Security Systems (ISS) BlackICE PC Protection is prone to a
file-deletion vulnerability.
An attacker can exploit this issue to delete arbitrary files within the context
of the affected application. This could lead to other attacks.
Versions 3.6.cpu, 3.6.cpj are vulnerable to this issue; other versions may also
be affected.
13. Mozilla Bugzilla Multiple Input Validation and Information disclosure
Vulnerabilities
BugTraq ID: 20538
Remote: Yes
Date Published: 2006-10-16
Relevant URL: http://www.securityfocus.com/bid/20538
Summary:
Bugzilla is affected by multiple input-validation and information-disclosure
vulnerabilities because the application fails to properly sanitize
user-supplied input and to protect sensitive information from unauthorized
users.
An attacker can leverage these issues to access attachment and deadline
information that are marked private or are otherwise protected and to conduct
cross-site scripting and HTML-injection attacks. Exploiting these
input-validation issues may allow attackers to steal cookie-based
authentication credentials and to launch other attacks.
Versions 2.18.5, 2.20.2, 2.22, and 2.23.2 are affected by these
vulnerabilities.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #313
http://www.securityfocus.com/archive/88/449080
2. Hacker Defender v0.84-1.0.0 backdoor -wath Vulnerabiliti it uses to get in
http://www.securityfocus.com/archive/88/448826
3. Set dialup password from cmdline
http://www.securityfocus.com/archive/88/448518
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[EMAIL PROTECTED] from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email [EMAIL PROTECTED] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Lancope
"Revolutionize the way you view your network security"
How do you protect what you can't see? Stop protecting while blind. Gain
network visibility now. Learn how Cisco NetFlow gives visibility and enables
cost-effective security across distributed enterprise networks. StealthWatch,
the veteran Network Behavior Analysis (NBA) and Response solution, leverages
Cisco NetFlow to provide scalable, internal network security.
ALERT: Download FREE White Paper "Network Behavior Analysis (NBA) in the
Enterprise."
http://www.lancope.com/resource/
---------------------------------------------------------------------------
---------------------------------------------------------------------------
