SecurityFocus Microsoft Newsletter #316

Tue, 07 Nov 2006 17:48:46 -0800 

SecurityFocus Microsoft Newsletter #316
----------------------------------------

This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSk

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Using Nepenthes Honeypots to Detect Common Malware
       2. Employee Privacy, Employer Policy
II.  MICROSOFT VULNERABILITY SUMMARY
       1. WarFTPD Multiple Format String Vulnerabilities
       2. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
3. America Online ICQ ActiveX Control Remote Code Execution Vulnerability 4. Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability 5. Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability 6. Microsoft Internet Explorer 6 Unspecified Code Execution Vulnerability 
       7. ELOG Multiple Cross-Site Scripting Vulnerabilities
       8. ELOG Nonexistent File Download Cross-Site Scripting Vulnerability
9. SAP Web Application Server Remote Information Disclosure Vulnerability 
       10. ELOG EL_Submit Function Remote Format String Vulnerability
       11. Microsoft Internet Explorer MHTML Denial of Service Vulnerability
       12. Outpost Firewall PRO Local Denial of Service Vulnerability
13. Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability 
       14. BlooMooWeb ActiveX Control Multiple Vulnerabilities
15. Easy File Sharing Web Server Information Disclosure and Input Validation Vulnerabilities 16. Microsoft Internet Explorer RemoveChild Denial of Service Vulnerability 
       17. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
18. Retired: Microsoft Internet Explorer Unspecified Code Execution Vulnerability 
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #315
       2. IIS Security
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Using Nepenthes Honeypots to Detect Common Malware
By Jamie Riden
This article describes the use of Nepenthes, a low-interaction honeypot, as an additional layer of network defense. Nepenthes can be used to capture malware, alert an administrator about a network compromise, and assist in containing and removing the infection. 
http://www.securityfocus.com/infocus/1880

2. Employee Privacy, Employer Policy
By Kelly Martin
Following the 2006 International Virus Bulletin Conference, Kelly Martin takes a look at the profit motives of the cyber criminals behind modern viruses, targeted trojans, phishing scams and botnet attacks that are stealing millions from organizations and individuals. 
http://www.securityfocus.com/columnists/419


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. WarFTPD Multiple Format String Vulnerabilities
BugTraq ID: 20944
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20944
Summary:
WarFTPd is prone to multiple remote format-string vulnerabilities because the application fails to sanitize user-supplied input before passing it to a formatted-output function.
An attacker can exploit these issues to crash the server. It may be possible to execute arbitrary code within the context of the server; however this has not been confirmed.
WarFTPd 1.82.00-RC11 is reportedly vulnerable. Prior versions may be vulnerable as well. 

2. Microsoft Windows GDI Kernel Local Privilege Escalation Vulnerability
BugTraq ID: 20940
Remote: No
Date Published: 2006-11-06
Relevant URL: http://www.securityfocus.com/bid/20940
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because data structures mapped by the GDI Kernel can be re-mapped as read-write by other processes.
An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions. 

3. America Online ICQ ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 20930
Remote: Yes
Date Published: 2006-11-06
Relevant URL: http://www.securityfocus.com/bid/20930
Summary:
The America Online ICQ ActiveX Control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue simply by sending a message to a victim ICQ user. 

Exploiting this issue could allow an attacker to execute arbitrary code.
The ICQPhone.SipxPhoneManager ActiveX control with a CLSID of 54BDE6EC-F42F-4500-AC46-905177444300 is affected.
4. Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability 
BugTraq ID: 20915
Remote: Yes
Date Published: 2006-11-03
Relevant URL: http://www.securityfocus.com/bid/20915
Summary:
Microsoft XML Core Service is prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the affected application, facilitating the remote compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.
5. Essentia Web Server GET And HEAD Requests Remote Buffer Overflow Vulnerability 
BugTraq ID: 20910
Remote: Yes
Date Published: 2006-11-07
Relevant URL: http://www.securityfocus.com/bid/20910
Summary:
Essentia Web Server is prone to a stack-based buffer overflow vulnerability. This issue is occurs because the applications fails to bound-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the webserver. Failed exploit attempts will result in a denial-of-service. 

 This issue affects version 2.15; other versions may also be affected.
This issue may be related to the issue described in BID 4159 (Essentia Web Server Long URL Buffer Overflow Vulnerability). 

6. Microsoft Internet Explorer 6 Unspecified Code Execution Vulnerability
BugTraq ID: 20886
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20886
Summary:
Microsoft Internet Explorer is reportedly prone to an unspecified vulnerability that results in arbitrary code execution.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers. 

All versions of Internet Explorer 6 are reported vulnerable to this issue.
The researchers who discovered this vulnerability say that details are forthcoming. Symantec will update this BID with any new information as soon as it becomes available. 

7. ELOG Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 20882
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20882
Summary:
ELOG is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

ELOG version 2.6.2 is vulnerable; other versions may also be affected.

8. ELOG Nonexistent File Download Cross-Site Scripting Vulnerability
BugTraq ID: 20881
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20881
Summary:
ELOG is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 

ELOG version 2.6.2 is vulnerable; other versions may also be affected.

9. SAP Web Application Server Remote Information Disclosure Vulnerability
BugTraq ID: 20877
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20877
Summary:
SAP Web Application Server is prone to a remote information-disclosure vulnerability.
An attacker can leverage this issue to gain access to sensitive data. Information obtained could aid in further attacks. 

These versions are affected:

- 6.40 patch 135 and prior
- 7.00 patch 55 and prior.

10. ELOG EL_Submit Function Remote Format String Vulnerability
BugTraq ID: 20876
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20876
Summary:
ELOG is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers. 

ELOG version 2.0.2 is vulnerable to this issue.

11. Microsoft Internet Explorer MHTML Denial of Service Vulnerability
BugTraq ID: 20875
Remote: Yes
Date Published: 2006-11-02
Relevant URL: http://www.securityfocus.com/bid/20875
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to parse certain malformed HTML content.
Successfully exploiting this issue will cause the affected application to crash, denying service to legitimate users.
Internet Explorer 7 is vulnerable to this issue; other versions may also be affected. 

12. Outpost Firewall PRO Local Denial of Service Vulnerability
BugTraq ID: 20860
Remote: No
Date Published: 2006-11-01
Relevant URL: http://www.securityfocus.com/bid/20860
Summary:
Outpost Firewall PRO is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected input.
Exploiting this issue allows local attackers to crash affected computers, denying service to legitimate users.
Outpost Firewall PRO 4.0 (964.582.059) is vulnerable to this issue; other versions may also be affected.
13. Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability 
BugTraq ID: 20843
Remote: Yes
Date Published: 2006-11-01
Relevant URL: http://www.securityfocus.com/bid/20843
Summary:
Microsoft Visual Studio 2005 is prone to a vulnerability that could allow remote arbitrary code execution. This is due to an unspecified error in the WMI Object Broker ActiveX Control.
The vulnerability is triggered when a user visits a malicious website using Internet Explorer. Since arbitrary code execution is possible, a successful exploit could facilitate a complete compromise of the affected system.
Microsoft Visual Studio 2005 is reported to be affected. Implementations of Visual Studio 2005 on Windows Server 2003 and Windows Server 2003 Service Pack 1 with Enhanced Security activated are not vulnerable. Nor are Visual Studio 2005 users who are running Internet Explorer 7 with default security settings. 

14. BlooMooWeb ActiveX Control Multiple Vulnerabilities
BugTraq ID: 20827
Remote: Yes
Date Published: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20827
Summary:
BlooMooWeb ActiveX control is prone to multiple vulnerabilities, including:

- an arbitrary file-download issue
- an arbitrary code-execution issue
- an arbitrary file-deletion issue.
An attacker can exploit these issues to download arbitrary files, execute arbitrary code within the context of the affected application, and delete arbitrary files.
15. Easy File Sharing Web Server Information Disclosure and Input Validation Vulnerabilities 
BugTraq ID: 20823
Remote: Yes
Date Published: 2006-10-31
Relevant URL: http://www.securityfocus.com/bid/20823
Summary:
Easy File Sharing Web Server is prone to information-disclosure and input-validation vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.
The issues include HTML-injection, cross-site scripting, and arbitrary information-disclosure vulnerabilities.
An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, and gain access to otherwise confidential information. Successful exploits may facilitate a compromise of the underlying computer.
Version 4.0 of Easy File Sharing Web Server is vulnerable; other versions may also be affected. 

16. Microsoft Internet Explorer RemoveChild Denial of Service Vulnerability
BugTraq ID: 20812
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20812
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to execute certain JavaScript code.
Successfully exploiting this issue will cause the affected application to crash, denying service to legitimate users. Code execution may potentially be possible, but this has not been confirmed.
Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also be affected. 

17. Microsoft Windows NAT Helper Remote Denial of Service Vulnerability
BugTraq ID: 20804
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20804
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because the Server service fails to properly handle unexpected network traffic.
Exploiting this issue may cause affected computers to crash, denying service to legitimate users. Reports indicate that this vulnerability can be used to disable the Windows firewall.
To exploit this issue, an attacker must be able to send malformed network traffic from a network interface located in the LAN side of an affected computer.
18. Retired: Microsoft Internet Explorer Unspecified Code Execution Vulnerability 
BugTraq ID: 20797
Remote: Yes
Date Published: 2006-10-30
Relevant URL: http://www.securityfocus.com/bid/20797
Summary:
Microsoft Internet Explorer is prone to an unspecified vulnerability that results in arbitrary code execution.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. This facilitates the remote compromise of affected computers.
Internet Explorer 6 is vulnerable to this issue; other versions may also be affected. 

An exploit for this issue is reportedly in the wild.
Further investigation reveals this issue was previously discussed in BID 17462 (Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability) and is therefore being retired. 

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #315
http://www.securityfocus.com/archive/88/450198

2. IIS Security
http://www.securityfocus.com/archive/88/449921

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. 

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
As web applications become increasingly complex, tremendous amounts of sensitive data - including personal, medical and financial information - are exchanged, and stored. This paper examines a few vulnerability detection methods - specifically comparing and contrasting manual penetration testing with automated scanning tools. Download Watchfire's "Web Application Security: Automated Scanning or Manual Penetration Testing?" whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YSk



---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to