SecurityFocus Microsoft Newsletter #324 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics Hack Yourself- Finding Web Application Security Holes- White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices. Download *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000CgNW ------------------------------------------------------------------ I. FRONT AND CENTER 1. Wireless Forensics: Tapping the Air - Part Two 2. PHP apps: Security's Low-Hanging Fruit II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Windows Explorer WMF File Denial of Service Vulnerability 2. Snort Backtracking Denial of Service Vulnerability 3. EF Commander ISO File Remote Buffer Overflow Vulnerability 4. Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability 5. Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability 6. Camouflage Security Password Bypass Vulnerability 7. SecureKit Steganography Carrier File Password Security Bypass Vulnerability 8. Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability 9. Microsoft Outlook Advanced Find Remote Code Execution Vulnerability 10. CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability 11. Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability 12. Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability 13. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability 14. Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability 15. Eudora WorldMail Mail Manager Server MAILMA.exe Remote Heap-Based Buffer Overflow Vulnerability 16. Microsoft Excel Malformed String Remote Code Execution Vulnerability 17. Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability 18. The Address Book Multiple Remote Vulnerabilities 19. Microsoft January Advance Notification Multiple Vulnerabilities 20. PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability 21. Apache And Microsoft IIS Range Denial of Service Vulnerability 22. Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability 23. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability 24. MoviePlay LST File Handling Buffer Overflow Vulnerability 25. Kerio Personal Firewall IPHLPAPI.DLL Local Privilege Escalation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Deploying Microsoft SMS in a DMZ 2. How to deploy Microsoft OWA without using ISA? 3. SecurityFocus Microsoft Newsletter #323 4. Secure Remote access - windows 2003 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Wireless Forensics: Tapping the Air - Part Two By Raul Siles, GSE This two-part series looks at the issues associated with collecting and analyzing network traffic from wireless networks in an accurate and comprehensive way; a discipline known as wireless forensics. Part two focuses on the technical challenges for wireless traffic analysis, advanced anti-forensic techniques that could thwart a forensic investigation, and some legal considerations for both the U.S. and Europe. http://www.securityfocus.com/infocus/1885 2. PHP apps: Security's Low-Hanging Fruit By Kelly Martin PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web. http://www.securityfocus.com/columnists/427 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Windows Explorer WMF File Denial of Service Vulnerability BugTraq ID: 21992 Remote: Yes Date Published: 2007-01-10 Relevant URL: http://www.securityfocus.com/bid/21992 Summary: Microsoft Windows Explorer is prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application. Users that simply browse folders containing the malicious file will also trigger this issue. It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available. 2. Snort Backtracking Denial of Service Vulnerability BugTraq ID: 21991 Remote: Yes Date Published: 2007-01-10 Relevant URL: http://www.securityfocus.com/bid/21991 Summary: Snort is prone to a denial-of-service vulnerability because the network intrusion detection (NID) system fails to handle specially crafted network packets. An attacker can exploit this issue to cause the affected NID system to consume 100% CPU resources, allowing malicious network traffic to avoid detection. This issue affects versions prior to 2.6.1. 3. EF Commander ISO File Remote Buffer Overflow Vulnerability BugTraq ID: 21969 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21969 Summary: EF Commander is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data prior to using it in a finite-sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. This issue affects version 5.75; other versions may also be vulnerable. 4. Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability BugTraq ID: 21952 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21952 Summary: Microsoft Excel is reportedly prone to an unspecified remote code-execution vulnerability. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users. Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word and other Office documents another possible attack vector. Insufficient details are currently available to elaborate further. 5. Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability BugTraq ID: 21942 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21942 Summary: Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes certain Office files. Note that this issue may not be exploited automatically through email. For an attack to succeed, a victim must manually open an attachment sent by email or obtained through other means. An attacker may exploit this issue to execute arbitrary code in the context of the currently logged-in user. This issue affects the Microsoft Office 2003 Brazilian Grammar Checker application used in various Microsoft applications that have Brazilian Portuguese language support. 6. Camouflage Security Password Bypass Vulnerability BugTraq ID: 21939 Remote: Yes Date Published: 2007-01-08 Relevant URL: http://www.securityfocus.com/bid/21939 Summary: Camouflage is prone to a security-bypass vulnerability due to a design error. An attacker can exploit this issue to gain access to data 'hidden' by the application. Information gained could aid in further attacks. Version 1.2.1 is vulnerable; other versions may also be affected. 7. SecureKit Steganography Carrier File Password Security Bypass Vulnerability BugTraq ID: 21938 Remote: No Date Published: 2007-01-08 Relevant URL: http://www.securityfocus.com/bid/21938 Summary: SecureKit Stenanography is prone to a security-bypass vulnerability because of a design flaw when encrypting sensitive information. Successful exploits allow local attackers to bypass the security restriction to obtain sensitive information that may lead to other attacks. This issue affects versions 1.8 and 1.71; other versions may also be affected. 8. Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability BugTraq ID: 21937 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21937 Summary: Microsoft Outlook is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed email messages. A remote attacker can exploit this issue to crash affected email clients. This issue will persist as long as the email message resides on the mail server, creating a prolonged denial-of-service condition. 9. Microsoft Outlook Advanced Find Remote Code Execution Vulnerability BugTraq ID: 21936 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21936 Summary: Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to properly handle malformed saved search files. A remote attacker can exploit this issue to execute arbitrary code with the privileges of unsuspecting users. A successful exploit may aid in the remote compromise of the underlying computer. 10. CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability BugTraq ID: 21932 Remote: Yes Date Published: 2007-01-08 Relevant URL: http://www.securityfocus.com/bid/21932 Summary: CenterICQ is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue affects versions 4.9.11 up to 4.21.0. 11. Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability BugTraq ID: 21931 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21931 Summary: Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to properly handle malformed iCal requests. A remote attacker can exploit this issue to execute arbitrary code with the privileges of unsuspecting users. A successful exploit may aid in the remote compromise of the underlying computer. 12. Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability BugTraq ID: 21930 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21930 Summary: Microsoft Windows is prone to a buffer-overrun vulnerability that arises because of an error in the processing of Vector Markup Language documents. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. 13. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability BugTraq ID: 21925 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21925 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the application. The attacker could leverage the issue to compromise affected computers. 14. Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability BugTraq ID: 21922 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21922 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which can result in the compromise of affected computers. 15. Eudora WorldMail Mail Manager Server MAILMA.exe Remote Heap-Based Buffer Overflow Vulnerability BugTraq ID: 21897 Remote: Yes Date Published: 2007-01-05 Relevant URL: http://www.securityfocus.com/bid/21897 Summary: Eudora WorldMail Mail Manager Server is prone to a remote heap-based buffer-overflow vulnerability. An attacker could exploit this issue to execute arbitrary code on vulnerable installations of Eudora WorldMail. This may facilitate the compromise of the application and underlying system. 16. Microsoft Excel Malformed String Remote Code Execution Vulnerability BugTraq ID: 21877 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21877 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which could result in the compromise of affected computers. 17. Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability BugTraq ID: 21872 Remote: Yes Date Published: 2007-01-04 Relevant URL: http://www.securityfocus.com/bid/21872 Summary: Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because of a race condition that may cause a NULL-pointer dereference, read or write operations to invalid addresses, or other memory-corruption issues. Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application. 18. The Address Book Multiple Remote Vulnerabilities BugTraq ID: 21870 Remote: Yes Date Published: 2007-01-04 Relevant URL: http://www.securityfocus.com/bid/21870 Summary: The Address Book is prone to multiple remote vulnerabilities. These issues include multiple SQL-injection vulnerabilities, multiple HTML-injections, an information-disclosure vulnerability, a local file-include vulnerability, multiple cross-site scripting vulnerabilities, an authentication-bypass vulnerability, and arbitrary file-upload vulnerability. A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, and execute arbitrary code within the context of the browser. Other attacks are also possible. Version 0.1 is vulnerable to this issue; other versions may also be affected. 19. Microsoft January Advance Notification Multiple Vulnerabilities BugTraq ID: 21869 Remote: Yes Date Published: 2007-01-04 Relevant URL: http://www.securityfocus.com/bid/21869 Summary: Microsoft has released advance notification that the vendor will be releasing four security bulletins in all (One for Windows and three for Microsoft Office) on January 9, 2007. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. *Update January 8, 2006: Microsoft has updated the advance notification information for the January 2007 security bulletin release. Four bulletins have been dropped, leaving a remainder of four bulletins that will be published on January 9th from the original eight bulletins proposed. 20. PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability BugTraq ID: 21867 Remote: Yes Date Published: 2007-01-04 Relevant URL: http://www.securityfocus.com/bid/21867 Summary: PowerArchiver is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting this vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. Versions of PowerArchiver 2006 prior to 9.64.03 are vulnerable to this issue. 21. Apache And Microsoft IIS Range Denial of Service Vulnerability BugTraq ID: 21865 Remote: Yes Date Published: 2007-01-03 Relevant URL: http://www.securityfocus.com/bid/21865 Summary: Apache and Microsoft IIS are prone to a denial-of-service vulnerability. A remote attacker may exploit this issue to cause denial-of-service conditions. 22. Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability BugTraq ID: 21858 Remote: Yes Date Published: 2007-01-03 Relevant URL: http://www.securityfocus.com/bid/21858 Summary: Adobe Reader Plugin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the visited site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects Adobe Reader versions 6 and 7 for Mozilla Firefox, Opera, and Microsoft Internet Explorer. Other versions for other browsers may also be affected. 23. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability BugTraq ID: 21856 Remote: Yes Date Published: 2007-01-09 Relevant URL: http://www.securityfocus.com/bid/21856 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application, which can result in the compromise of affected computers. 24. MoviePlay LST File Handling Buffer Overflow Vulnerability BugTraq ID: 21840 Remote: Yes Date Published: 2007-01-02 Relevant URL: http://www.securityfocus.com/bid/21840 Summary: MoviePlay is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting this vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. MoviePlay 4.76 is reported vulnerable; other versions may be affected as well. 25. Kerio Personal Firewall IPHLPAPI.DLL Local Privilege Escalation Vulnerability BugTraq ID: 21828 Remote: No Date Published: 2007-01-01 Relevant URL: http://www.securityfocus.com/bid/21828 Summary: Kerio Personal Firewall is prone to a local privilege-escalation vulnerability. A local attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Versions 4.3.246 and 4.3.268 are vulnerable to this issue; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Deploying Microsoft SMS in a DMZ http://www.securityfocus.com/archive/88/456479 2. How to deploy Microsoft OWA without using ISA? http://www.securityfocus.com/archive/88/456037 3. SecurityFocus Microsoft Newsletter #323 http://www.securityfocus.com/archive/88/455838 4. Secure Remote access - windows 2003 http://www.securityfocus.com/archive/88/455670 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics Hack Yourself- Finding Web Application Security Holes- White Paper Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices. Download *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000CgNW
