SecurityFocus Microsoft Newsletter #329 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiNE ------------------------------------------------------------------ I. FRONT AND CENTER 1. Mouse-Trapped 2. Nothing to Fear... ? II. MICROSOFT VULNERABILITY SUMMARY 1. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability 2. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability 3. uTorrent Torrent File Handling Remote Heap Buffer Overflow Vulnerability 4. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability 5. Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service Vulnerability 6. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability 7. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability 8. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability 9. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability 10. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability 11. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability 12. Microsoft Antivirus Engine Integer Overflow Vulnerability 13. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability 14. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability 15. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability 16. Microsoft February Advance Notification Multiple Vulnerabilities 17. Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability 18. FlashFXP PWD Command Remote Buffer Overflow Vulnerability 19. Avast! Antivirus Server Edition Password Setting Security Bypass Vulnerability 20. VMware Clipboard Multiple Information Disclosure Vulnerabilities 21. Microsoft Internet Explorer Malformed HTML For Script Denial of Service Vulnerability 22. SmartFTP Banner Remote Heap Buffer Overflow Vulnerability 23. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities 24. Microsoft Office Malformed String Remote Code Execution Vulnerability 25. Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #328 2. Time Zone change and Kerberos Auth IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Mouse-Trapped By Mark Rasch Substitute teacher Julie Amero faces up to 40 years in prison for exposing kids to porn using a classroom computer, but the facts strongly suggest that she was wrongfully convicted. Many issues remain, from the need for an independent computer forensics investigation and the presence of spyware and adware on the machine, to bad or incomplete legal work on both sides of this criminal case. http://www.securityfocus.com/columnists/434 2. Nothing to Fear... ? By Scott Granneman Scott Granneman looks at the use of fear in computer security, from misleading media reports and gross exaggeration by industry leaders to the use of fear in order to sell new computers and software. http://www.securityfocus.com/columnists/433 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability BugTraq ID: 22547 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22547 Summary: Adobe JRun is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 2. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability BugTraq ID: 22531 Remote: Yes Date Published: 2007-02-12 Relevant URL: http://www.securityfocus.com/bid/22531 Summary: Microsoft Internet Explorer is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users. Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue. This issue is similar to the one described in BID 22524 (Mozilla Firefox JavaScript Key Filtering Variant Vulnerability), and is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability). 3. uTorrent Torrent File Handling Remote Heap Buffer Overflow Vulnerability BugTraq ID: 22530 Remote: Yes Date Published: 2007-02-12 Relevant URL: http://www.securityfocus.com/bid/22530 Summary: uTorrent is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application. This issue affects version 1.6; other versions may also be affected. 4. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability BugTraq ID: 22504 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22504 Summary: Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature. This issue is similar to the ones described in previous COM object instantiation records, but it affects a different set of COM objects. 5. Microsoft Internet Explorer for Windows Mobile Remote WML Content Denial of Service Vulnerability BugTraq ID: 22500 Remote: Yes Date Published: 2007-02-09 Relevant URL: http://www.securityfocus.com/bid/22500 Summary: Microsoft Internet Explorer for Windows Mobile is prone to a remote denial-of-service vulnerability because the software fails to properly handle malformed remote data. Successfully exploiting this issue may allow an attacker to hang or crash the application, denying service to legitimate users. Reportedly, to recover from the denial-of-service condition, users of affected devices must perform a 'hard battery reset'. 6. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability BugTraq ID: 22499 Remote: No Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22499 Summary: Microsoft Windows Image Acquisition (WIA) service is prone to a local privilege-escalation vulnerability. A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers. NOTE: The affected service is available only on Windows XP. 7. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability BugTraq ID: 22489 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22489 Summary: Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. 8. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability BugTraq ID: 22486 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22486 Summary: Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature. This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects. 9. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability BugTraq ID: 22484 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22484 Summary: Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 10. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability BugTraq ID: 22483 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22483 Summary: Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files (RTF). An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 11. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability BugTraq ID: 22482 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22482 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 12. Microsoft Antivirus Engine Integer Overflow Vulnerability BugTraq ID: 22479 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22479 Summary: Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files. This issue is currently being exploited via Portable Document Files (PDF), but other Microsoft applications are also reported vulnerable. An attacker could exploit this issue by enticing a victim into receiving or opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 13. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability BugTraq ID: 22478 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22478 Summary: The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. 14. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability BugTraq ID: 22477 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22477 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 15. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability BugTraq ID: 22476 Remote: Yes Date Published: 2007-02-13 Relevant URL: http://www.securityfocus.com/bid/22476 Summary: The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files (RTF). An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 16. Microsoft February Advance Notification Multiple Vulnerabilities BugTraq ID: 22452 Remote: Yes Date Published: 2007-02-08 Relevant URL: http://www.securityfocus.com/bid/22452 Summary: Microsoft has released advance notification that the vendor will be releasing 12 security bulletins on February 13, 2007. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. 17. Trend Micro Antivirus UPX Compressed PE File Buffer Overflow Vulnerability BugTraq ID: 22449 Remote: Yes Date Published: 2007-02-07 Relevant URL: http://www.securityfocus.com/bid/22449 Summary: Trend Micro Antivirus is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue occurs when the application processes compressed UPX files. Successsful exploits will result in attacker-supplied arbitrary code running with elevated privileges, resulting in the complete compromise of affected computers. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects all Trend Micro products and versions using the Scan Engine and Pattern File technology. 18. FlashFXP PWD Command Remote Buffer Overflow Vulnerability BugTraq ID: 22433 Remote: Yes Date Published: 2007-02-06 Relevant URL: http://www.securityfocus.com/bid/22433 Summary: FlashFXP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause the application to consume excessive CPU resources, denying service to legitimate users. Due to the nature of this issue, the attacker may be able to execute arbitrary code within the context of the affected application. This issue affects version 3.4.0 build 1145; other versions may also be affected. 19. Avast! Antivirus Server Edition Password Setting Security Bypass Vulnerability BugTraq ID: 22425 Remote: No Date Published: 2007-02-06 Relevant URL: http://www.securityfocus.com/bid/22425 Summary: Avast! Antivirus Server Edition is prone to a security-bypass vulnerability because of an access-validation error. An attacker can exploit this issue to change certain settings in the affected application. This may aid in other attacks. This issue affects version prior to 4.7.726. 20. VMware Clipboard Multiple Information Disclosure Vulnerabilities BugTraq ID: 22413 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22413 Summary: VMware is prone to two information-disclosure vulnerabilities because of multiple design errors in the clipboard plugin. An attacker can exploit these issues to obtain sensitive information that may lead to further attacks. Version 5.5.3 build 34685 is vulnerable to these issues; other versions may also be affected. Note that the clipboard plugin is an add-on feature that is not active by default. 21. Microsoft Internet Explorer Malformed HTML For Script Denial of Service Vulnerability BugTraq ID: 22408 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22408 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. This issue affects Internet Explorer version 6; other versions may also be vulnerable. 22. SmartFTP Banner Remote Heap Buffer Overflow Vulnerability BugTraq ID: 22390 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22390 Summary: SmartFTP is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized memory buffer. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers. SmartFTP version 2.0.1002 is reported vulnerable; other versions may also be affected. 23. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities BugTraq ID: 22387 Remote: Yes Date Published: 2007-02-05 Relevant URL: http://www.securityfocus.com/bid/22387 Summary: PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available. An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks. These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4. 24. Microsoft Office Malformed String Remote Code Execution Vulnerability BugTraq ID: 22383 Remote: Yes Date Published: 2007-02-03 Relevant URL: http://www.securityfocus.com/bid/22383 Summary: Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes maliciously crafted files. This issue is currently being exploited via Excel files (.xls), but other Office applications may also be vulnerable. An attacker could exploit this issue by enticing a victim into opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user. 25. Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities BugTraq ID: 22380 Remote: Yes Date Published: 2007-02-03 Relevant URL: http://www.securityfocus.com/bid/22380 Summary: Bugzilla is prone to an information-disclosure and an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users. Attackers may exploit these issues to execute script code in the context of the affected site or to obtain sensitive information. Arbitrary code execution may allow attackers to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Bugzilla 2.20.1 and above are affected by the HTML-injection vulnerability; only the development snapshot version 2.23.3 is vulnerable to the information-disclosure issue. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #328 http://www.securityfocus.com/archive/88/459485 2. Time Zone change and Kerberos Auth http://www.securityfocus.com/archive/88/459446 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CiNE
