SecurityFocus Microsoft Newsletter #326 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities. https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Cgth ------------------------------------------------------------------ I. FRONT AND CENTER 1. iPhone Trademarks: the Real Issues 2. Testing Fault Injection in Local Applications II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Word 2000 Unspecified Code Execution Vulnerability 2. Computer Associates BrightStor ARCServe BackUp Multiple Remote Buffer Overflow Vulnerabilities 3. Mini Web Server Unspecified Multiple Buffer Overflow Vulnerabilities 4. Microsoft Visual C++ Resource File Buffer Overflow Vulnerability 5. FishCart Olst Parameter SQL Injection Vulnerability 6. KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerability 7. Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities 8. SMF Index.PHP HTML Injection Vulnerability 9. Microsoft Help Workshop .HPJ File Buffer Overflow Vulnerability 10. PentaWare PentaZip Multiple Vulnerabilities 11. Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability 12. AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability 13. Twilight Webserver Remote Denial Of Service Vulnerability 14. Outpost Firewall PRO Local Privilege Escalation Vulnerability 15. Remedy Action Request System Username Enumeration Vulnerability 16. Ipswitch WS_FTP 2007 Professional WSFTPURL.EXE Local Memory Corruption Vulnerability 17. Kaspersky Labs Anti-Virus Local Privilege Escalation Vulnerability 18. KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. IE security zone assignment on 2003 terminal server 2. IPSec and GRE (47) 3. SecurityFocus Microsoft Newsletter #325 4. SoX & Share Permissions? 5. Secure Remote access - windows 2003 6. Windows AutoAdminLogon Security IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. iPhone Trademarks: the Real Issues By Mark Rasch Apple's iPhone announcement and Cisco's iPhone trademark lawsuit has brought the iPhone moniker into the spotlight. But other companies also own and use iPhone trademarks, and market and sell their iPhone products. Mark Rasch explains how U.S. trademark law works and the real issues at play in this highly publicized trademark dispute. http://www.securityfocus.com/columnists/430 2. Testing Fault Injection in Local Applications By Chris Wysopal This article is a book excerpt that looks at the approach and techniques used to test the security of local applications. It describes local resources and interprocess communication, how to enumerate the local resources an application depends on, and then discusses methods of testing several of those types of resources. It also describes how to test ActiveX objects, command-line programs, and applications' use of local files and shared memory. http://www.securityfocus.com/infocus/1886 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Word 2000 Unspecified Code Execution Vulnerability BugTraq ID: 22225 Remote: Yes Date Published: 2007-01-25 Relevant URL: http://www.securityfocus.com/bid/22225 Summary: Microsoft Word 2000 is prone to an unspecified remote code-execution vulnerability. Microsoft Word 2000 is confirmed vulnerable to an unspecified remote code execution. Exploit attempts against Word 2003/XP result in a denial of service due to complete CPU utilization, denying service to legitimate users. Note that this issue is distinct from issues described in BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability) and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability). 2. Computer Associates BrightStor ARCServe BackUp Multiple Remote Buffer Overflow Vulnerabilities BugTraq ID: 22199 Remote: Yes Date Published: 2007-01-23 Relevant URL: http://www.securityfocus.com/bid/22199 Summary: Computer Associates BrightStor ARCServe BackUp is prone to multiple unspecified buffer-overflow vulnerabilities. The vendor has reported that these vulnerabilities allow remote attackers to execute arbitrary code with SYSTEM privileges facilitating a full compromise. Unsuccessful attacks may cause denial-of-service conditions as well. These issues affect BrightStor ARCserve Backup for laptops and desktops running Microsoft Windows. 3. Mini Web Server Unspecified Multiple Buffer Overflow Vulnerabilities BugTraq ID: 22182 Remote: Yes Date Published: 2007-01-23 Relevant URL: http://www.securityfocus.com/bid/22182 Summary: Mini Web Server is prone to multiple buffer-overflow vulnerabilities. A successful exploit may lead to remote arbitrary code execution with the privileges of the server application, facilitating a remote compromise of affected computers. Mini Web Server 0.04 and prior versions are vulnerable to these issues. 4. Microsoft Visual C++ Resource File Buffer Overflow Vulnerability BugTraq ID: 22170 Remote: Yes Date Published: 2007-01-22 Relevant URL: http://www.securityfocus.com/bid/22170 Summary: Microsoft Visual C++ is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. 5. FishCart Olst Parameter SQL Injection Vulnerability BugTraq ID: 22166 Remote: Yes Date Published: 2007-01-22 Relevant URL: http://www.securityfocus.com/bid/22166 Summary: FishCart is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. 6. KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerability BugTraq ID: 22159 Remote: Yes Date Published: 2007-01-22 Relevant URL: http://www.securityfocus.com/bid/22159 Summary: Sami HTTP Server is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users. 7. Wzdftpd Multiple Unspecified Remote Denial of Service Vulnerabilities BugTraq ID: 22152 Remote: Yes Date Published: 2007-01-19 Relevant URL: http://www.securityfocus.com/bid/22152 Summary: The 'wzdftpd' program is prone to multiple remote denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users. These issues reportedly affect versions prior to 0.8.1. 8. SMF Index.PHP HTML Injection Vulnerability BugTraq ID: 22143 Remote: Yes Date Published: 2007-01-20 Relevant URL: http://www.securityfocus.com/bid/22143 Summary: SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. NOTE: To trigger this vulnerability, the attacker must log in with a valid account. SMF version 1.1 RC3 is vulnerable to this issue. 9. Microsoft Help Workshop .HPJ File Buffer Overflow Vulnerability BugTraq ID: 22135 Remote: Yes Date Published: 2007-01-19 Relevant URL: http://www.securityfocus.com/bid/22135 Summary: Microsoft Help Workshop fails to properly bounds-check user-supplied input in '.hpj' help project files. An attacker may use a malformed '.hpj' file containing an unusually long string to cause a stack-based buffer overflow, allowing the execution of arbitrary code. A successful exploit would result in the execution of arbitrary code within the security context of the user running the affected application. 10. PentaWare PentaZip Multiple Vulnerabilities BugTraq ID: 22104 Remote: Yes Date Published: 2007-01-18 Relevant URL: http://www.securityfocus.com/bid/22104 Summary: PentaZip is prone to multiple vulnerabilities. Successful exploitation of these issues may allow remote attackers to execute arbitrary code to gain unauthorized access to a vulnerable computer or deny service to legitimate users by triggering crashes. PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 are reported affected; other versions may be affected as well. 11. Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability BugTraq ID: 22100 Remote: Yes Date Published: 2007-01-17 Relevant URL: http://www.securityfocus.com/bid/22100 Summary: Microsoft Help Workshop fails to properly bounds-check user-supplied input in '.cnt' files. A malformed '.cnt' file containing an unusually long string may be used to cause a stack-based buffer-overflow, allowing the execution of arbitrary code. A successful exploit would result in the execution of arbitrary code within the security context of the user running the eaffected application. 12. AVM Fritz!DSL IGD Control Service Directory Traversal Information Disclosure Vulnerability BugTraq ID: 22093 Remote: Yes Date Published: 2007-01-17 Relevant URL: http://www.securityfocus.com/bid/22093 Summary: The AVM Fritz!DSL IGD Control Service is prone to a remote information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows remote, unauthenticated attackers to retrieve the contents of arbitrary files from vulnerable computers with SYSTEM-level privileges. Information harvested may aid in further attacks. 13. Twilight Webserver Remote Denial Of Service Vulnerability BugTraq ID: 22090 Remote: Yes Date Published: 2007-01-17 Relevant URL: http://www.securityfocus.com/bid/22090 Summary: Twilight Webserver is prone to a denial-of-service vulnerability. A remote attacker can exploit this issue to crash the application, effectively denying service to legitimate users. Version 1.3.3.0 is vulnerable; other versions may also be affected. 14. Outpost Firewall PRO Local Privilege Escalation Vulnerability BugTraq ID: 22069 Remote: No Date Published: 2007-01-15 Relevant URL: http://www.securityfocus.com/bid/22069 Summary: Outpost Firewall PRO is prone to a local privilege-escalation vulnerability because it fails to perform adequate SSDT (System Service Descriptor Table) hooking on files in its installation directory. A local attacker can exploit this issue to elevate their privileges, which can lead to the complete compromise of an affected computer. Outpost Firewall PRO 4.0 is vulnerable; other versions may also be affected. 15. Remedy Action Request System Username Enumeration Vulnerability BugTraq ID: 22066 Remote: Yes Date Published: 2007-01-15 Relevant URL: http://www.securityfocus.com/bid/22066 Summary: Remedy Action Request System is prone to a username-enumeration vulnerability because of a design error in the application when verifying user-supplied input. Attackers may exploit this vulnerability to discern valid usernames. This may aid them in brute-force password cracking or other attacks. Version 5.01.02 is vulnerable; other versions may also be affected. 16. Ipswitch WS_FTP 2007 Professional WSFTPURL.EXE Local Memory Corruption Vulnerability BugTraq ID: 22062 Remote: No Date Published: 2007-01-15 Relevant URL: http://www.securityfocus.com/bid/22062 Summary: Ipswitch WS_FTP 2007 Professional is prone to a local memory-corruption vulnerability. This issue occurs when the 'wsbho2k0.dll' library fails to handle specially crafted arguments. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users. Ipswitch WS_FTP 2007 Professional is vulnerable to this issue; other versions may also be affected. 17. Kaspersky Labs Anti-Virus Local Privilege Escalation Vulnerability BugTraq ID: 22061 Remote: No Date Published: 2007-01-15 Relevant URL: http://www.securityfocus.com/bid/22061 Summary: Kaspersky Labs Anti-Virus is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. This may facilitate a complete compromise of the affected computer. 18. KarjaSoft Sami FTP Server Multiple Buffer Overflow Vulnerabilities BugTraq ID: 22045 Remote: Yes Date Published: 2007-01-15 Relevant URL: http://www.securityfocus.com/bid/22045 Summary: Sami FTP Server is prone to multiple stack-overflow vulnerabilities. A successful exploit may lead to remote arbitrary code execution with the privileges of the server, facilitating remote compromise of affected computers. Sami FTP Server version 2.0.2 is vulnerable to these issues; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. IE security zone assignment on 2003 terminal server http://www.securityfocus.com/archive/88/457897 2. IPSec and GRE (47) http://www.securityfocus.com/archive/88/457813 3. SecurityFocus Microsoft Newsletter #325 http://www.securityfocus.com/archive/88/457793 4. SoX & Share Permissions? http://www.securityfocus.com/archive/88/456972 5. Secure Remote access - windows 2003 http://www.securityfocus.com/archive/88/455670 6. Windows AutoAdminLogon Security http://www.securityfocus.com/archive/88/445581 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities. https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000Cgth
