SecurityFocus Microsoft Newsletter #315

[mfossi]

SecurityFocus Microsoft Newsletter #315
----------------------------------------
This Issue is Sponsored by: eEye

Too Many Security Agents Cluttering Your System?
Replace your Firewall, IPS, Anti-Spyware and more with Blink® Professional for 
less than what you are currently paying in renewals.
Learn more on how you can experience the simplicity of one.  One agent. One 
console. One Policy. One Solution.
Introducing eEye Digital Security's Blink® Professional, the first all-in-one 
security agent.

http://www.eeye.com/ctrack.asp?ref=SFBlink20061031

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Employee Privacy, Employer Policy
       2. Surprises Inside Microsoft Vista's EULA
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Easy File Sharing Web Server Information Disclosure and Input 
Validation Vulnerabilities
       2. Microsoft Internet Explorer RemoveChild Denial of Service 
Vulnerability
       3. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
       4. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
       5. Wireshark Multiple Protocol Dissectors Denial of Service 
Vulnerabilities
       6. wvWare Multiple Integer Overflow Vulnerabilities
       7. Axalto Protiva Local Information Disclosure Vulnerability
       8. Microsoft .NET Framework Request Filtering Bypass Vulnerability
       9. Nullsoft Winamp Ultravox Multiple Remote Heap Overflow 
Vulnerabilities
       10. Cisco Security Agent Remote Port Scan Denial of Service 
Vulnerability
       11. Microsoft Internet Explorer 7 Popup Window Address Bar Spoofing 
Weakness
       12. Smartgate SSL Server Directory Traversal Information Disclosure 
Vulnerability
       13. DataWizard FTPXQ Server Multiple Remote Vulnerabilities
       14. PostgreSQL Multiple Local Denial of Service Vulnerabilities
       15. Desknet's Unspecified Remote Buffer Overflow Vulnerability
       16. Microsoft Internet Explorer ADODB.Connection Execute Memory 
Corruption Vulnerability
       17. QK SMTP Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. IIS Security
       2. SecurityFocus Microsoft Newsletter #314
       3. FW: grant access to WINS only
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Employee Privacy, Employer Policy
By Kelly Martin
Following the 2006 International Virus Bulletin Conference, Kelly Martin takes 
a look at the profit motives of the cyber criminals behind modern viruses, 
targeted trojans, phishing scams and botnet attacks that are stealing millions 
from organizations and individuals.
http://www.securityfocus.com/columnists/419

2. Surprises Inside Microsoft Vista's EULA
By Scott Granneman
Scott Granneman takes a look at some big surprises in Microsoft's Vista EULA 
that limit what security professionals and others can do with the forthcoming 
operating system.
http://www.securityfocus.com/columnists/420


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Easy File Sharing Web Server Information Disclosure and Input Validation 
Vulnerabilities
BugTraq ID: 20823
Remote: Yes
Date Published: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20823
Summary:
Easy File Sharing Web Server is prone to information-disclosure and 
input-validation vulnerabilities. The application fails to properly sanitize 
user-supplied input before using it in dynamically generated content.

The issues include HTML-injection, cross-site scripting, and arbitrary 
information-disclosure vulnerabilities.

An attacker can exploit these issues to steal cookie-based authentication 
credentials, control how the site is rendered to the user, and gain access to 
otherwise confidential information. Successful exploits may facilitate a 
compromise of the underlying computer.

Version 4.0 of Easy File Sharing Web Server is vulnerable; other versions may 
also be affected.

2. Microsoft Internet Explorer RemoveChild Denial of Service Vulnerability
BugTraq ID: 20812
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20812
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This 
issue occurs when Internet Explorer attempts to execute certain JavaScript 
code.

Successfully exploiting this issue will cause the affected application to 
crash, denying service to legitimate users. Code execution may potentially be 
possible, but this has not been confirmed.

Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also 
be affected.

3. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
BugTraq ID: 20804
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20804
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because 
the Server service fails to properly handle unexpected network traffic.

Exploiting this issue may cause affected computers to crash, denying service to 
legitimate users. Reports indicate that this vulnerability can be used to 
disable the Windows firewall.

To exploit this issue, an attacker must have the ability to send malformed 
network traffic from a network interface located in the LAN-side of an affected 
computer.

4. Microsoft Internet Explorer Unspecified Code Execution Vulnerability
BugTraq ID: 20797
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20797
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability that 
results in arbitrary code execution.

Successfully exploiting this issue allows remote attackers to execute arbitrary 
machine code in the context of the vulnerable application. This facilitates the 
remote compromise of affected computers.

Internet Explorer 6 is vulnerable to this issue; other versions may also be 
affected.

An exploit for this issue is reportedly in the wild.

5. Wireshark Multiple Protocol Dissectors Denial of Service Vulnerabilities
BugTraq ID: 20762
Remote: Yes
Date Published: 2006-10-27
Relevant URL: http://www.securityfocus.com/bid/20762
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service 
to legitimate users of the application.

Wireshark versions prior to 0.99.4 are affected.

6. wvWare Multiple Integer Overflow Vulnerabilities
BugTraq ID: 20761
Remote: Yes
Date Published: 2006-10-26
Relevant URL: http://www.securityfocus.com/bid/20761
Summary:
wvWare is prone to multiple integer-overflow vulnerability because the library 
fails to properly bounds-check user-supplied input.

An attacker can exploit these vulnerabilities to execute arbitrary code in the 
context of the application using the vulnerable library. Failed exploit 
attempts will likely result in denial-of-service conditions.

wvWare 1.2.2 and prior versions are vulnerable.

7. Axalto Protiva Local Information Disclosure Vulnerability
BugTraq ID: 20755
Remote: No
Date Published: 2006-10-26
Relevant URL: http://www.securityfocus.com/bid/20755
Summary:
Axalto Protiva is prone to a local information-disclosure vulnerability because 
the application fails to protect sensitive information from unprivileged users.

A user who can gain local, interactive access to affected computers may exploit 
this issue to access credentials stored by the application. Information 
harvested by exploiting this issue will aid the attacker in further attacks. By 
compromising the information store of affected services, the attacker may 
potentially gain unauthorized access to any computer or device that is 
configured to use the affected service as an authentication source.

Axalto Protiva 1.1 is vulnerable to this issue; other versions may also be 
affected.

8. Microsoft .NET Framework Request Filtering Bypass Vulnerability
BugTraq ID: 20753
Remote: Yes
Date Published: 2006-10-26
Relevant URL: http://www.securityfocus.com/bid/20753
Summary:
Microsoft .NET framework is prone to a vulnerability that may permit the 
bypassing of content filtering.

An attacker can exploit this issue to perform multiple input-validation attacks 
such as cross-site scripting, SQL-injection, and HTML-injection; other attacks 
are also possible.

9. Nullsoft Winamp Ultravox Multiple Remote Heap Overflow Vulnerabilities
BugTraq ID: 20744
Remote: Yes
Date Published: 2006-10-25
Relevant URL: http://www.securityfocus.com/bid/20744
Summary:
Winamp is prone to multiple Ultravox-related remote heap-based buffer-overflow 
vulnerabilities because the application fails to properly bounds-check 
user-supplied input before copying it into an insufficiently sized memory 
buffer.

Successfully exploiting these issues allows remote attackers to execute 
arbitrary machine code in the context of the vulnerable application. This will 
facilitate the remote compromise of affected computers.

To exploit these issues, attackers would have to coerce unsuspecting users to 
connect to a malicious server with the vulnerable application. This may be 
accomplished by having users follow a malicious URI or by embedding malicious 
data in a playlist file.

10. Cisco Security Agent Remote Port Scan Denial of Service Vulnerability
BugTraq ID: 20737
Remote: Yes
Date Published: 2006-10-25
Relevant URL: http://www.securityfocus.com/bid/20737
Summary:
Cisco Security Agent (CSA) for Linux is vulnerable to a remote 
denial-of-service vulnerability because the application fails to properly 
handle unexpected network traffic.

Successfully exploiting this issue allows remote attackers to cause the 
affected software to enter into an unresponsive state, denying further service 
to legitimate users.

This issue does not affect CSA for Windows or Solaris.

11. Microsoft Internet Explorer 7 Popup Window Address Bar Spoofing Weakness
BugTraq ID: 20728
Remote: Yes
Date Published: 2006-10-25
Relevant URL: http://www.securityfocus.com/bid/20728
Summary:
Microsoft Internet Explorer is prone to a weakness that allows attackers to 
spoof a popup window and address bar.

Attackers may exploit this via a malicious web page to spoof the contents and 
origin of a page that the victim may trust. This vulnerability may be useful in 
phishing or other attacks that rely on content spoofing.

12. Smartgate SSL Server Directory Traversal Information Disclosure 
Vulnerability
BugTraq ID: 20722
Remote: Yes
Date Published: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20722
Summary:
The Smartgate SSL Server is prone to a remote information-disclosure 
vulnerability because the application fails to properly sanitize user-supplied 
input.

Exploiting this issue allows remote, unauthenticated attackers to retrieve the 
contents of arbitrary files from vulnerable computers with the privileges of 
the webserver process. Information harvested may aid in further attacks.

13. DataWizard FTPXQ Server Multiple Remote Vulnerabilities
BugTraq ID: 20721
Remote: Yes
Date Published: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20721
Summary:
DataWizard FtpXQ Server is prone to multiple remote vulnerabilities:

- A remote denial-of-service issue occurs because the application fails to 
perform adequate bounds checks on user-supplied data before copying it to an 
insufficiently sized buffer. An attacker could exploit this issue to crash the 
application, denying access to legitimate users.

- The application creates two testing accounts by default. An attacker can 
access these accounts to gain read/write privileges on the server, which could 
result in the compromise of the affected computer.

Version 3.01 is vulnerable; other version may also be affected.

14. PostgreSQL Multiple Local Denial of Service Vulnerabilities
BugTraq ID: 20717
Remote: No
Date Published: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20717
Summary:
PostgreSQL is prone to multiple local denial-of-service vulnerabilities because 
of various errors in the application when handling user-supplied data.

A local authenticated attacker can exploit these issues to crash the server, 
effectively denying service to legitimate users.

15. Desknet's Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 20716
Remote: Yes
Date Published: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20716
Summary:
Desknet's is prone to an unspecified remote buffer-overflow vulnerability 
because it fails to properly bound-check user-supplied input before copying it 
into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of 
the user running the affected application. A complete compromise of the 
computer running the application may be possible.

Versions V4.5J R2.4 and prior are vulnerable.

16. Microsoft Internet Explorer ADODB.Connection Execute Memory Corruption 
Vulnerability
BugTraq ID: 20704
Remote: Yes
Date Published: 2006-10-24
Relevant URL: http://www.securityfocus.com/bid/20704
Summary:
Microsoft Internet Explorer is prone to a memory-corruption condition when 
processing a specific method from the 'ADODB.Connection.2.7' instantiated 
ActiveX Object.

Successful exploits may allow attackers to crash the application, denying 
further service to users. This issue may also be exploited to execute arbitrary 
machine-code, but this has not been confirmed.

17. QK SMTP Remote Buffer Overflow Vulnerability
BugTraq ID: 20681
Remote: Yes
Date Published: 2006-10-23
Relevant URL: http://www.securityfocus.com/bid/20681
Summary:
QK SMTP is prone to a remote buffer-overflow vulnerability because the 
application fails to bounds-check user-supplied data before copying it into an 
insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code in the context of 
the affected application. This may facilitate a remote-compromise of affected 
computers. Failed exploit attempts will likely crash the server, effectively 
denying service to legitimate users.

QK SMTP 3.01 and prior versions are vulnerable to this issue.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IIS Security
http://www.securityfocus.com/archive/88/449921

2. SecurityFocus Microsoft Newsletter #314
http://www.securityfocus.com/archive/88/449648

3. FW: grant access to WINS only
http://www.securityfocus.com/archive/88/449647

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: eEye

Too Many Security Agents Cluttering Your System?
Replace your Firewall, IPS, Anti-Spyware and more with Blink® Professional for 
less than what you are currently paying in renewals.
Learn more on how you can experience the simplicity of one.  One agent. One 
console. One Policy. One Solution.
Introducing eEye Digital Security's Blink® Professional, the first all-in-one 
security agent.

http://www.eeye.com/ctrack.asp?ref=SFBlink20061031


---------------------------------------------------------------------------
---------------------------------------------------------------------------