SecurityFocus Microsoft Newsletter #322 ----------------------------------------
This Issue is Sponsored by: SecureWave Free Pod Slurping Whitepaper - Stop Data Theft Now The 4 most important steps your organization should take to prevent data loss via ipods, mp3 players or any other removable usb devices. http://newsletter.industrybrains.com/c?fe;1;633a9;16eaa;2ce;0;da4 ------------------------------------------------------------------ I. FRONT AND CENTER 1. All I Want For Christmas 2. Password Management Concerns with IE and Firefox, part two II. MICROSOFT VULNERABILITY SUMMARY 1. NOD32 Anti-Virus Multiple File Parsing Vulnerabilities 2. Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability 3. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities 4. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability 5. Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability 6. MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability 7. Star FTP Server RETR Command Remote Denial of Service Vulnerability 8. Sambar FTP Server Remote Denial of Service Vulnerability 9. Microsoft Windows Explorer and Media Player Denial of Service Vulnerability 10. Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability 11. Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability 12. Moodle Multiple Input Validation Vulnerabilities 13. Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities 14. Computer Associates Anti-Virus Drivers Multiple Local Denial Of Service Vulnerabilities 15. Microsoft Word Code Execution Vulnerability 16. Nexuiz Remote Command Execution and Denial of Service Vulnerabilities 17. SiteKiosk About Prefix Zone-Bypass Vulnerability 18. Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities 19. Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability 20. Microsoft Windows Manifest File Privilege Escalation Vulnerability 21. FileZilla Server Null Pointer Dereference Multiple Denial of Service Vulnerabilities 22. Microsoft Internet Explorer DHTML Script Function Remote Code Execution Vulnerability 23. FileZilla Server Null Pointer Dereference Denial of Service Vulnerability 24. Microsoft Windows SNMP Service Remote Code Execution Vulnerability 25. Golden FTP Server Remote Denial of Service Vulnerability 26. Microsoft Word Unspecified Code Execution Vulnerability 27. Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability 28. Windows Media Player Remote ASF File Buffer Overflow Vulnerability 29. Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability 30. Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability 31. Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Expiring inactive accounts 2. Strange modifications to HD 3. Is explorer.exe (XP) a high risk process 4. strange new virus IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. All I Want For Christmas By Mark Rasch Mark Rasch takes a step back and offers his holiday and New Year's wish list of all things security - items that should exist, be made available and be easy to use for everyone over the coming year. http://www.securityfocus.com/columnists/426 2. Password Management Concerns with IE and Firefox, part two By Mikhael Felker This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0. http://www.securityfocus.com/infocus/1883 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. NOD32 Anti-Virus Multiple File Parsing Vulnerabilities BugTraq ID: 21682 Remote: Yes Date Published: 2006-12-20 Relevant URL: http://www.securityfocus.com/bid/21682 Summary: NOD32 antivirus is prone to multiple remote vulnerabilities because the application fails to properly parse specially crafted files. An attacker can exploit one of issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. The other vulnerability will trigger denial-of-service conditions. Versions prior to 1.1743 are vulnerable to these issues. 2. Ozeki HTTP-SMS Gateway Password Information Disclosure Vulnerability BugTraq ID: 21679 Remote: No Date Published: 2006-12-20 Relevant URL: http://www.securityfocus.com/bid/21679 Summary: Ozeki HTTP-SMS Gateway is prone to a local information-disclosure vulnerability because the application fails to protect sensitive information to unprivileged users. A local attacker can exploit this issue to gain access to sensitive information. This may lead to other attacks. This issue affects version 1.0; other versions may also be affected. 3. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities BugTraq ID: 21668 Remote: Yes Date Published: 2006-12-19 Relevant URL: http://www.securityfocus.com/bid/21668 Summary: The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - execute arbitrary code - perform cross-site scripting attacks - inject arbitrary content - gain escalated privileges - crash affected applications and potentially execute arbitrary code. Other attacks may also be possible. 4. AstonSoft DeepBurner DBR Compilation Buffer Overflow Vulnerability BugTraq ID: 21657 Remote: Yes Date Published: 2006-12-19 Relevant URL: http://www.securityfocus.com/bid/21657 Summary: AstonSoft DeepBurner is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation. Exploiting this issue allows remote attackers to overwrite a sensitive memory buffer with arbitrary data, potentially allowing them to execute malicious machine code in the context of the affected application. This vulnerability may facilitate the compromise of affected computers. AstonSoft DeepBurner version 1.8.0 is affected; previous versions may be vulnerable as well. 5. Microsoft Outlook ActiveX Control Remote Internet Explorer Denial of Service Vulnerability BugTraq ID: 21649 Remote: Yes Date Published: 2006-12-18 Relevant URL: http://www.securityfocus.com/bid/21649 Summary: The Microsoft Office Outlook Recipient Control is prone to a denial-of-service vulnerability. An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the ActiveX control. Specific information regarding affected packages is currently unavailable. This BID will be updated as more information becomes available. 6. MailEnable POP Service PASS Command Remote Buffer Overflow Vulnerability BugTraq ID: 21645 Remote: Yes Date Published: 2006-12-18 Relevant URL: http://www.securityfocus.com/bid/21645 Summary: MailEnable is prone to a stack-based buffer-overflow vulnerability in the POP service because the application fails to properly bounds-check user-supplied data. A successful exploit may allow remote attackers to execute arbitrary code in the context of the vulnerable server. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects version 2.35 of the Professional and Enterprise Editions; other versions may be vulnerable. 7. Star FTP Server RETR Command Remote Denial of Service Vulnerability BugTraq ID: 21630 Remote: Yes Date Published: 2006-12-18 Relevant URL: http://www.securityfocus.com/bid/21630 Summary: Star FTP Server is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Version 1.10 is vulnerable; other versions may also be affected. 8. Sambar FTP Server Remote Denial of Service Vulnerability BugTraq ID: 21617 Remote: Yes Date Published: 2006-12-15 Relevant URL: http://www.securityfocus.com/bid/21617 Summary: Sambar FTP Server is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Version 6.4 is vulnerable; other versions may also be affected. 9. Microsoft Windows Explorer and Media Player Denial of Service Vulnerability BugTraq ID: 21612 Remote: Yes Date Published: 2006-12-15 Relevant URL: http://www.securityfocus.com/bid/21612 Summary: Microsoft Windows Explorer and Windows Media Player are prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious 'WMV' or 'MID' file to a victim user. When either application processes this image, the application crashes, effectively denying service. It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available. 10. Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability BugTraq ID: 21611 Remote: Yes Date Published: 2006-12-15 Relevant URL: http://www.securityfocus.com/bid/21611 Summary: Microsoft Project Server 2003 is prone to an information-disclosure vulnerability because the application fails to protect private information. Authenticated attackers may exploit this issue to retrieve sensitive information that may aid in further attacks. 11. Multiple BitDefender Products Parsing Engine Integer Overflow Vulnerability BugTraq ID: 21610 Remote: Yes Date Published: 2006-12-15 Relevant URL: http://www.securityfocus.com/bid/21610 Summary: Multiple BitDefender products are prone to an integer-overflow vulnerability because the application fails to ensure that integer values are not overrun. An attacker can exploit this issue to execute arbitrary code with administrative privileges, facilitating the complete compromise of the affected application. Failed exploit attempts will result in a denial of service. 12. Moodle Multiple Input Validation Vulnerabilities BugTraq ID: 21596 Remote: Yes Date Published: 2006-12-14 Relevant URL: http://www.securityfocus.com/bid/21596 Summary: Moodle is reported prone to multiple input-validation vulnerabilities, including a cross-site scripting issue and an HTML injection issue, because the application fails to properly sanitize user-supplied input data. The cross-site scripting vulnerability is reported to affect version 1.6.1; the HTML-injection vulnerability affects version 1.5. 13. Hilgraeve HyperAccess Multiple Remote Command Execution Vulnerabilities BugTraq ID: 21594 Remote: Yes Date Published: 2006-12-14 Relevant URL: http://www.securityfocus.com/bid/21594 Summary: Hilgraeve HyperACCESS is prone to multiple remote command-execution vulnerabilities. Attackers can exploit these issues to execute arbitrary application commands with the privileges of the affected application. A successful exploit could result in the compromise of affected computers. Version 8.4 is vulnerable to these issues; prior versions may also be vulnerable. 14. Computer Associates Anti-Virus Drivers Multiple Local Denial Of Service Vulnerabilities BugTraq ID: 21593 Remote: No Date Published: 2006-12-14 Relevant URL: http://www.securityfocus.com/bid/21593 Summary: Computer Associates Anti-Virus is prone to multiple local denial-of-service vulnerabilities because the application fails to properly handle NULL buffers. An attacker may exploit these issues to crash the affected computer, denying further service to legitimate users. 15. Microsoft Word Code Execution Vulnerability BugTraq ID: 21589 Remote: Yes Date Published: 2006-12-14 Relevant URL: http://www.securityfocus.com/bid/21589 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user. Note that this issue is distinct from issues described in BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability). 16. Nexuiz Remote Command Execution and Denial of Service Vulnerabilities BugTraq ID: 21574 Remote: Yes Date Published: 2006-12-13 Relevant URL: http://www.securityfocus.com/bid/21574 Summary: Nexuiz is prone is prone to multiple remote vulnerabilities, including a remote command-execution issue and a denial-of-service issue. A remote attacker can exploit these issues to execute arbitrary commands within the context of the affected application or to cause the affected application to crash, denying service to legitimate users. Versions prior to 2.2.1 are vulnerable to these issues. 17. SiteKiosk About Prefix Zone-Bypass Vulnerability BugTraq ID: 21567 Remote: No Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21567 Summary: SiteKiosk is prone to a zone-bypass vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary scripts and gain access to the victim's filesystem. This may lead to other attacks. Versions prior to 6.5.150 are vulnerable to this issue. 18. Sophos Anti-Virus Scanning Engine Veex.DLL Multiple Buffer Overflow Vulnerabilities BugTraq ID: 21563 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21563 Summary: Sophos antivirus scanning engine is prone to multiple remote stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions. Versions prior to 2.4.0 are vulnerable to this issue. 19. Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability BugTraq ID: 21552 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21552 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors. An attacker may exploit this vulnerability to execute arbitrary code in the context of the user running the affected browser. 20. Microsoft Windows Manifest File Privilege Escalation Vulnerability BugTraq ID: 21550 Remote: No Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21550 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability because the software fails to properly process and manage file manifests. An attacker may exploit this issue to manipulate file manifests to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers. 21. FileZilla Server Null Pointer Dereference Multiple Denial of Service Vulnerabilities BugTraq ID: 21549 Remote: Yes Date Published: 2006-12-11 Relevant URL: http://www.securityfocus.com/bid/21549 Summary: FileZilla server is prone to multiple denial-of-service vulnerabilities because it fails to handle exceptional conditions. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Versions prior to 0.9.22 are vulnerable to these issues. 22. Microsoft Internet Explorer DHTML Script Function Remote Code Execution Vulnerability BugTraq ID: 21546 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21546 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser renders DHTML script functions or nonexistent DHTML elements. An attacker could exploit this issue to execute arbitrary code in the context of the affected browser. 23. FileZilla Server Null Pointer Dereference Denial of Service Vulnerability BugTraq ID: 21542 Remote: Yes Date Published: 2006-12-11 Relevant URL: http://www.securityfocus.com/bid/21542 Summary: FileZilla server is prone to a denial-of-service vulnerability because it fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. Versions prior to 0.9.22 are vulnerable to this issue. 24. Microsoft Windows SNMP Service Remote Code Execution Vulnerability BugTraq ID: 21537 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21537 Summary: Microsoft Windows SNMP service is prone to a memory-corruption vulnerability because the software fails to properly bounds-check user-supplied network data before copying it to an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with SYSTEM-level privileges. This facilitates the complete compromise of affected computers. 25. Golden FTP Server Remote Denial of Service Vulnerability BugTraq ID: 21530 Remote: Yes Date Published: 2006-12-11 Relevant URL: http://www.securityfocus.com/bid/21530 Summary: Golden FTP Server is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the application, denying further service to legitimate users. Version 1.92 is vulnerable; other versions may also be affected. 26. Microsoft Word Unspecified Code Execution Vulnerability BugTraq ID: 21518 Remote: Yes Date Published: 2006-12-10 Relevant URL: http://www.securityfocus.com/bid/21518 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user. This issue is being actively exploited in the wild in limited targeted attacks. Note that this issue is distinct from BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability). 27. Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability BugTraq ID: 21507 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21507 Summary: Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may aid in further attacks. 28. Windows Media Player Remote ASF File Buffer Overflow Vulnerability BugTraq ID: 21505 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21505 Summary: Windows Media Player is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. Attackers may attempt to exploit this issue by coercing users to visit a malicious website or to access malicious ASF files. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers. 29. Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability BugTraq ID: 21501 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21501 Summary: Microsoft Outlook Express is prone to a remote code-execution vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. A remote attacker can exploit this issue to execute arbitrary code with the privileges of the unsuspecting victim. A successful exploit may aid in the remote compromise of the underlying computer. 30. Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability BugTraq ID: 21495 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21495 Summary: Microsoft Windows is prone to a remote code-execution vulnerability. A remote attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in a complete compromise of vulnerable computers. Note that this issue affects only Microsoft Windows 2000. Note also that the Remote Installation Services (RIS) is not installed by default on Microsoft Windows 2000. 31. Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability BugTraq ID: 21494 Remote: Yes Date Published: 2006-12-12 Relevant URL: http://www.securityfocus.com/bid/21494 Summary: Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to access sensitive information that may aid in further attacks. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Expiring inactive accounts http://www.securityfocus.com/archive/88/454928 2. Strange modifications to HD http://www.securityfocus.com/archive/88/454540 3. Is explorer.exe (XP) a high risk process http://www.securityfocus.com/archive/88/454402 4. strange new virus http://www.securityfocus.com/archive/88/454248 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SecureWave Free Pod Slurping Whitepaper - Stop Data Theft Now The 4 most important steps your organization should take to prevent data loss via ipods, mp3 players or any other removable usb devices. http://newsletter.industrybrains.com/c?fe;1;633a9;16eaa;2ce;0;da4
