SecurityFocus Microsoft Newsletter #321 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000CehF ------------------------------------------------------------------ I. FRONT AND CENTER 1. Password Management Concerns with IE and Firefox, part one 2. Password Management Concerns with IE and Firefox, part two 3. Christmas Shopping: Vista Over XP? II. MICROSOFT VULNERABILITY SUMMARY 1. Golden FTP Server Remote Denial of Service Vulnerability 2. CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability 3. MailEnable IMAP Service Remote Denial of Service Vulnerability 4. MailEnable IMAP Service Unspecified Remote Buffer Overflow Vulnerability 5. Microsoft December Advance Notification Multiple Vulnerabilities 6. Nostra DivX Player M3U String Buffer Overflow Vulnerability 7. Novell Client NDPPNT.DLL Unspecified Buffer Overflow Vulnerability 8. Microsoft Internet Explorer CSS Width Element Denial of Service Vulnerability 9. Microsoft Word Unspecified Remote Code Execution Vulnerability 10. Microsoft Internet Explorer Frame Src Denial Of Service Vulnerability 11. JustSystems Multiple Products Unspecified Buffer Overflow Vulnerability 12. SMF Image File HTML Injection Vulnerability 13. Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability 14. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. IIS http error log entries... 2. Windows folder Sharing watch 3. SecurityFocus Microsoft Newsletter #320 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Password Management Concerns with IE and Firefox, part one By Mikhael Felker This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0. http://www.securityfocus.com/infocus/1882 2. Password Management Concerns with IE and Firefox, part two By Mikhael Felker This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0. http://www.securityfocus.com/infocus/1883 3. Christmas Shopping: Vista Over XP? By Federico Biancuzzi Microsoft has announced Vista's release dates. From a security standpoint what choice should consumers take during this Christmas shopping season? Most will be faced with Windows XP only or Windows XP with Microsoft's Express Upgrade option to Vista. Federico Biancuzzi interviewed a wide range of security researchers and anti-virus folks to get some consensus on the security of Vista over Windows XP for consumers, with some advice for corporate users as well. http://www.securityfocus.com/columnists/425 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Golden FTP Server Remote Denial of Service Vulnerability BugTraq ID: 21530 Remote: Yes Date Published: 2006-12-11 Relevant URL: http://www.securityfocus.com/bid/21530 Summary: Golden FTP Server is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Version 1.92 is vulnerable; other versions may also be affected. 2. CA Multiple BrightStor ARCserve Backup Discovery Service Remote Buffer Overflow Vulnerability BugTraq ID: 21502 Remote: Yes Date Published: 2006-12-08 Relevant URL: http://www.securityfocus.com/bid/21502 Summary: Computer Associates BrightStor ARCserve Backup is affected by a remote buffer-overflow vulnerability because the application fails to perform proper bounds-checking on data supplied to the application. A remote attacker may exploit this issue to execute arbitrary code on a vulnerable computer with SYSTEM privileges. Failed exploit attempts may cause denial-of-service conditions. Successful exploits can lead to a complete compromise of affected computers. This issue affects multiple BrightStor ARCserve Backup application agents and the base product. 3. MailEnable IMAP Service Remote Denial of Service Vulnerability BugTraq ID: 21493 Remote: Yes Date Published: 2006-12-08 Relevant URL: http://www.securityfocus.com/bid/21493 Summary: MailEnable is prone to a remote denial-of-service vulnerability. This issue affects the IMAP service and allows remote attackers to crash the application, denying further service to legitimate users. The following versions are vulnerable: 1.6-1.83 Professional Edition 1.1-1.40 Enterprise Edition 2.0-2.34 Professional Edition 2.0-2.34 Enterprise Edition 4. MailEnable IMAP Service Unspecified Remote Buffer Overflow Vulnerability BugTraq ID: 21492 Remote: Yes Date Published: 2006-12-08 Relevant URL: http://www.securityfocus.com/bid/21492 Summary: MailEnable is prone to a buffer-overflow vulnerability in the IMAP service because the application fails to properly bounds-check unspecified user-supplied data. This issue is reported to affect the following MailEnable versions, but other versions may also be vulnerable: 1.6-1.84 Professional Edition 1.1-1.41 Enterprise Edition 2.0-2.35 Professional Edition 2.0-2.35 Enterprise Edition 5. Microsoft December Advance Notification Multiple Vulnerabilities BugTraq ID: 21482 Remote: Yes Date Published: 2006-12-07 Relevant URL: http://www.securityfocus.com/bid/21482 Summary: Microsoft has released advance notification that the vendor will be releasing six security bulletins in all (five for Windows and one for Microsoft Visual Studio) on December 12, 2006. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. 6. Nostra DivX Player M3U String Buffer Overflow Vulnerability BugTraq ID: 21480 Remote: Yes Date Published: 2006-12-07 Relevant URL: http://www.securityfocus.com/bid/21480 Summary: Nostra DivX Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users. This issue affects versions 2.1 and 2.2.00.0; other versions may also be vulnerable. 7. Novell Client NDPPNT.DLL Unspecified Buffer Overflow Vulnerability BugTraq ID: 21479 Remote: Yes Date Published: 2006-12-07 Relevant URL: http://www.securityfocus.com/bid/21479 Summary: Novell Client is prone to an unspecified buffer-overflow vulnerability because it fails to perform adequate bounds-checking on user-supplied data before copying it to an insufficiently sized buffer. An attacker could exploit this issue to have arbitrary code execute in the context of the affected application. Failed attempts will likely cause denial-of-service conditions. 8. Microsoft Internet Explorer CSS Width Element Denial of Service Vulnerability BugTraq ID: 21466 Remote: Yes Date Published: 2006-12-06 Relevant URL: http://www.securityfocus.com/bid/21466 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. Internet Explorer 6 and 7 are vulnerable to this issue; other versions may also be affected. 9. Microsoft Word Unspecified Remote Code Execution Vulnerability BugTraq ID: 21451 Remote: Yes Date Published: 2006-12-05 Relevant URL: http://www.securityfocus.com/bid/21451 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. This issue is being actively exploited in the wild by two trojans. 10. Microsoft Internet Explorer Frame Src Denial Of Service Vulnerability BugTraq ID: 21447 Remote: Yes Date Published: 2006-12-05 Relevant URL: http://www.securityfocus.com/bid/21447 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. 11. JustSystems Multiple Products Unspecified Buffer Overflow Vulnerability BugTraq ID: 21445 Remote: Yes Date Published: 2006-12-05 Relevant URL: http://www.securityfocus.com/bid/21445 Summary: Multiple JustSystems products are prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. A successful attack may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attack attempts may cause denial-of-service conditions. http://secunia.com/product/12805/ 12. SMF Image File HTML Injection Vulnerability BugTraq ID: 21431 Remote: Yes Date Published: 2006-12-04 Relevant URL: http://www.securityfocus.com/bid/21431 Summary: SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. Note that this vulnerability may be triggered only in the Internet Explorer browser. SMF version 1.1 is vulnerable to this issue. 13. Microsoft Windows Print Spooler GetPrinterData Denial of Service Vulnerability BugTraq ID: 21401 Remote: Yes Date Published: 2006-12-02 Relevant URL: http://www.securityfocus.com/bid/21401 Summary: Microsoft Windows Print Spooler service is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the affected service, denying service to legitimate users. Reports indicate that this issue affects Print Spooler on Microsoft Windows 2000 SP4; other versions may also be vulnerable. 14. 2X ThinClientServer Unauthorized Administrative Account Creation Vulnerability BugTraq ID: 21300 Remote: Yes Date Published: 2006-12-04 Relevant URL: http://www.securityfocus.com/bid/21300 Summary: ThinClientServer is prone to a vulnerability that may allow an unauthorized remote attacker to create an administrative account and to gain administrative access to an affected application. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. IIS http error log entries... http://www.securityfocus.com/archive/88/454160 2. Windows folder Sharing watch http://www.securityfocus.com/archive/88/454132 3. SecurityFocus Microsoft Newsletter #320 http://www.securityfocus.com/archive/88/453645 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000CehF --------------------------------------------------------------------------- ---------------------------------------------------------------------------
