SecurityFocus Microsoft Newsletter #328 ----------------------------------------
This Issue is Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fGl ------------------------------------------------------------------ I. FRONT AND CENTER 1. PHP Security From The Inside 2. Introduction to Windows Integrity Control II. MICROSOFT VULNERABILITY SUMMARY 1. FlashFXP PWD Command Remote Buffer Overflow Vulnerability 2. Avast! Antivirus Server Edition Password Setting Security Bypass Vulnerability 3. VMware Clipboard Multiple Information Disclosure Vulnerabilities 4. Microsoft Internet Explorer Malformed HTML For Script Denial of Service Vulnerability 5. SmartFTP Banner Remote Heap Buffer Overflow Vulnerability 6. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities 7. Microsoft Office Malformed String Remote Code Execution Vulnerability 8. Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities 9. Remotesoft .NET Explorer Remote Stack Buffer Overflow Vulnerability 10. Windows Vista Voice Recognition Command Execution Vulnerability 11. Wireshark Multiple Protocol Denial of Service Vulnerabilities 12. Microsoft Windows Mobile Multiple Remote Denial of Service Vulnerabilities 13. Nexuiz GameDir Arbitrary File Disclosure/Overwrite Vulnerability 14. RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability 15. Bloodshed Dev-C++ CPP Source File Buffer Overflow Vulnerability 16. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability 17. Microsoft Internet Explorer Multiple ActiveX Controls Denial of Service Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. Help with Exploit IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. PHP Security From The Inside By Federico Biancuzzi Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress. http://www.securityfocus.com/columnists/432 2. Introduction to Windows Integrity Control By Tony Bradley, CISSP-ISSAP This article takes a look at the Windows Integrity Control (WIC) capabilities in Windows Vista by examining how it protects objects such as files and folders on Vista computers, the different levels of protection it offers, and how administrators can control WIC using the ICACLS command-line tool. http://www.securityfocus.com/infocus/1887 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. FlashFXP PWD Command Remote Buffer Overflow Vulnerability BugTraq ID: 22433 Remote: Yes Date Published: 2007-02-06 Relevant URL: http://www.securityfocus.com/bid/22433 Summary: FlashFXP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause the application to consume excessive CPU resources, denying service to legitimate users. Due to the nature of this issue, the attacker may be able to execute arbitrary code within the context of the affected application. This issue affects version 3.4.0 build 1145; other versions may also be affected. 2. Avast! Antivirus Server Edition Password Setting Security Bypass Vulnerability BugTraq ID: 22425 Remote: No Date Published: 2007-02-06 Relevant URL: http://www.securityfocus.com/bid/22425 Summary: Avast! Antivirus Server Edition is prone to a security-bypass vulnerability because of an access-validation error. An attacker can exploit this issue to change certain settings in the affected application. This may aid in other attacks. This issue affects version prior to 4.7.726. 3. VMware Clipboard Multiple Information Disclosure Vulnerabilities BugTraq ID: 22413 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22413 Summary: VMware is prone to two information-disclosure vulnerabilities because of multiple design errors in the clipboard plugin. An attacker can exploit these issues to obtain sensitive information that may lead to further attacks. Version 5.5.3 build 34685 is vulnerable to these issues; other versions may also be affected. Note that the clipboard plugin is an add-on feature that is not active by default. 4. Microsoft Internet Explorer Malformed HTML For Script Denial of Service Vulnerability BugTraq ID: 22408 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22408 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. This issue affects Internet Explorer version 6; other versions may also be vulnerable. 5. SmartFTP Banner Remote Heap Buffer Overflow Vulnerability BugTraq ID: 22390 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22390 Summary: SmartFTP is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers. SmartFTP version 2.0.1002 is reported vulnerable; other versions may also be affected. 6. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities BugTraq ID: 22387 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22387 Summary: PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available. An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks. These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4. 7. Microsoft Office Malformed String Remote Code Execution Vulnerability BugTraq ID: 22383 Remote: Yes Date Published: 2007-02-03 Relevant URL: http://www.securityfocus.com/bid/22383 Summary: Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes maliciously crafted files. This issue is currently being exploited via Excel files (.xls), but other Office applications are also reported vulnerable. An attacker could exploit this issue by enticing a victim into opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 8. Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities BugTraq ID: 22380 Remote: Yes Date Published: 2007-02-03 Relevant URL: http://www.securityfocus.com/bid/22380 Summary: Bugzilla is prone to an information-disclosure and an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users. Attackers may exploit these issues to execute script code in the context of the affected site or to obtain sensitive information. Arbitrary code execution may allow attackers to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Bugzilla 2.20.1 and above are affected by the HTML-injection vulnerability; only the development snapshot version 2.23.3 is vulnerable to the information-disclosure issue. 9. Remotesoft .NET Explorer Remote Stack Buffer Overflow Vulnerability BugTraq ID: 22377 Remote: Yes Date Published: 2007-02-02 Relevant URL: http://www.securityfocus.com/bid/22377 Summary: Remotesoft .NET Explorer is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized buffer. An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. 10. Windows Vista Voice Recognition Command Execution Vulnerability BugTraq ID: 22359 Remote: Yes Date Published: 2007-02-01 Relevant URL: http://www.securityfocus.com/bid/22359 Summary: Windows Vista is prone to a command-execution vulnerability because of its built-in voice recognition capability. An attacker can exploit this issue to execute commands on a victim user's computer. Note: Due to the nature of the vulnerability, victim users will notice exactly what is occurring as it happens. 11. Wireshark Multiple Protocol Denial of Service Vulnerabilities BugTraq ID: 22352 Remote: Yes Date Published: 2007-02-01 Relevant URL: http://www.securityfocus.com/bid/22352 Summary: Wireshark is prone to multiple denial-of-service vulnerabilities. Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application. Wireshark versions prior to 0.99.5 are affected. 12. Microsoft Windows Mobile Multiple Remote Denial of Service Vulnerabilities BugTraq ID: 22343 Remote: Yes Date Published: 2007-01-31 Relevant URL: http://www.securityfocus.com/bid/22343 Summary: Microsoft Windows Mobile is prone to two remote denial-of-service vulnerabilities because the software fails to properly handle malformed remote data. Successfully exploiting these issues may allow an attacker to hang or crash the application, denying service to legitimate users. 13. Nexuiz GameDir Arbitrary File Disclosure/Overwrite Vulnerability BugTraq ID: 22332 Remote: Yes Date Published: 2007-01-31 Relevant URL: http://www.securityfocus.com/bid/22332 Summary: Nexuiz is prone to a vulnerability that allows attackers to access and overwrite arbitrary files. An attacker can exploit this issue to overwrite arbitrary files on a user's computer or obtain sensitive information that may aid in further attacks. 14. RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability BugTraq ID: 22328 Remote: Yes Date Published: 2007-01-31 Relevant URL: http://www.securityfocus.com/bid/22328 Summary: Microsoft Word 2003 is prone to an unspecified remote code-execution vulnerability. Microsoft Word 2003 is confirmed vulnerable to an unspecified remote code-execution issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed. Note that this issue is distinct from issues described in BID 22225 (Microsoft Word 2000 Unspecified Code Execution Vulnerability), BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability). UPDATE: Further analysis and reports have revealed that this issue is a variant of the vulnerability described in BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability), which is referenced by CVE-2006-6456. This BID is being retired. 15. Bloodshed Dev-C++ CPP Source File Buffer Overflow Vulnerability BugTraq ID: 22315 Remote: Yes Date Published: 2007-01-30 Relevant URL: http://www.securityfocus.com/bid/22315 Summary: Bloodshed Dev-C++ is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to crash the affected application, denying service to legitimate users, and may be able to execute arbitrary machine code, but this has not been confirmed. Bloodshed Dev-C++ version 4.9.9.2 is affected by this issue; other versions may also be vulnerable. 16. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability BugTraq ID: 22289 Remote: Yes Date Published: 2007-01-29 Relevant URL: http://www.securityfocus.com/bid/22289 Summary: The GD graphics library is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library. Arbitrary code execution may also be possible; this has not been confirmed. 17. Microsoft Internet Explorer Multiple ActiveX Controls Denial of Service Vulnerabilities BugTraq ID: 22288 Remote: Yes Date Published: 2007-01-29 Relevant URL: http://www.securityfocus.com/bid/22288 Summary: Microsoft Internet Explorer is prone to multiple denial-of-service vulnerabilities because the application fails to handle exceptional conditions. These issues are triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit these issues to crash Internet Explorer, effectively denying service to legitimate users. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Help with Exploit http://www.securityfocus.com/archive/88/458938 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: Watchfire The Twelve Most Common Application-level Hack Attacks Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fGl
