SecurityFocus Microsoft Newsletter #334 ----------------------------------------
This Issue is Sponsored by: Black Hat Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf. For general information or to register visit: http://www.blackhat.com ------------------------------------------------------------------ I. FRONT AND CENTER 1. Blanket Discovery for Stolen Laptops 2. Notes On Vista Forensics, Part One II. MICROSOFT VULNERABILITY SUMMARY 1. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability 2. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability 3. FTPDMIN List Command Remote Denial of Service Vulnerability 4. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability 5. F-Secure Anti-Virus Client Security Local Format String Vulnerability 6. Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities 7. PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities 8. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability 9. Adobe JRun Unspecified Denial Of Service Vulnerability 10. PHProjekt Arbitrary File Upload Vulnerability 11. PHProjekt Multiple SQL Injection Vulnerabilities 12. WarFTP Username Stack-Based Buffer-Overflow Vulnerability 13. NewsBin Pro Long File Name Buffer Overflow Vulnerability 14. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability 15. News Reactor Long File Name Buffer Overflow Vulnerability 16. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #333 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Blanket Discovery for Stolen Laptops By Mark Rasch Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world. http://www.securityfocus.com/columnists/438 2. Notes On Vista Forensics, Part One By Jamie Morris This article, the first in a two-part series, takes a high level look at what we know now about those changes in Windows Vista which seem likely to have the most impact on computer forensic investigations, starting with the built-in encryption, backup, and system protection features. http://www.securityfocus.com/infocus/1889 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability BugTraq ID: 23056 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23056 Summary: FileCopa is prone to a buffer-overflow vulnerability because it fails to adequately bounds check user supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Fails attempts may cause denial-of-service conditions. 2. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability BugTraq ID: 23050 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23050 Summary: Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Currently there are few technical details regarding this issue. This BID will be updated as further information becomes available. This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability). An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. 3. FTPDMIN List Command Remote Denial of Service Vulnerability BugTraq ID: 23049 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23049 Summary: FTPDMIN is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users. This issue affects version 0.96; other versions may also be affected. 4. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability BugTraq ID: 23025 Remote: No Date Published: 2007-03-19 Relevant URL: http://www.securityfocus.com/bid/23025 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to execute arbitrary machine code with Dispatch-level privileges or potentially crash the affected computer. 5. F-Secure Anti-Virus Client Security Local Format String Vulnerability BugTraq ID: 23023 Remote: No Date Published: 2007-03-19 Relevant URL: http://www.securityfocus.com/bid/23023 Summary: F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed. 6. Computer Associates BrightStor ARCServe BackUp Tape Engine Multiple Vulnerabilities BugTraq ID: 22994 Remote: Yes Date Published: 2007-03-15 Relevant URL: http://www.securityfocus.com/bid/22994 Summary: Computer Associates BrightStor ARCServe BackUp Tape Engine service is prone to multiple vulnerabilities. Exploiting these issues can result in denial-of-service conditions or remote code execution. 7. PHP Interbase Extension Multiple Remote Buffer Overflow Vulnerabilities BugTraq ID: 22976 Remote: Yes Date Published: 2007-03-15 Relevant URL: http://www.securityfocus.com/bid/22976 Summary: The PHP Interbase extension is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform boundary checks before copying user-supplied data to insufficiently sized memory buffers. An attacker can exploit these issues to execute arbitrary machine code in the context of the affected webserver. Failed exploit attempts will likely crash the webserver, denying service to legitimate users. PHP 4.4.6 and prior versions on Microsoft Windows are vulnerable; other versions may also be affected. 8. Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability BugTraq ID: 22966 Remote: Yes Date Published: 2007-03-14 Relevant URL: http://www.securityfocus.com/bid/22966 Summary: Microsoft Internet Explorer is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to steal cookie-based authentication credentials and obtain sensitive information. 9. Adobe JRun Unspecified Denial Of Service Vulnerability BugTraq ID: 22958 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22958 Summary: Adobe JRun is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Microsoft IIS 6 installations running JRun 4 Updater 6. 10. PHProjekt Arbitrary File Upload Vulnerability BugTraq ID: 22956 Remote: Yes Date Published: 2007-03-14 Relevant URL: http://www.securityfocus.com/bid/22956 Summary: PHProjekt is prone to an arbitrary file-upload vulnerability. Exploiting this issue could allow an attacker to upload and execute arbitrary script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible. Versions prior to 5.2.1 are vulnerable to this issue. 11. PHProjekt Multiple SQL Injection Vulnerabilities BugTraq ID: 22955 Remote: Yes Date Published: 2007-03-14 Relevant URL: http://www.securityfocus.com/bid/22955 Summary: PHProjekt is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. PHProjekt 5.2.0 and prior versions are vulnerable to these issues. 12. WarFTP Username Stack-Based Buffer-Overflow Vulnerability BugTraq ID: 22944 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22944 Summary: WarFTP is prone to a stack-based buffer-overflow vulnerability because it fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue could lead to denial-of-service conditions and to the execution of arbitrary machine code in the context of the application. Version 1.65 is vulnerable; other versions may also be affected. 13. NewsBin Pro Long File Name Buffer Overflow Vulnerability BugTraq ID: 22940 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22940 Summary: NewsBin Pro is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue affects version 4.32; other versions may also be affected. 14. Microsoft Windows WinMM.DLL WAV Files Remote Denial of Service Vulnerability BugTraq ID: 22938 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22938 Summary: Microsoft Windows is prone to a denial-of-service vulnerability. A remote attacker may exploit this vulnerability by presenting a malicious WAV file to a victim user. Successful exploits will result in excessive CPU consumption, effectively denying service. Specific information regarding affected versions of Microsoft Windows is currently unavailable. This BID will be updated as more information is disclosed. 15. News Reactor Long File Name Buffer Overflow Vulnerability BugTraq ID: 22936 Remote: Yes Date Published: 2007-03-13 Relevant URL: http://www.securityfocus.com/bid/22936 Summary: News Reactor is prone to a remote buffer-overflow because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue affects version 20070220; other versions may also be affected. 16. D-Link TFTP Transporting Mode Remote Buffer Overflow Vulnerability BugTraq ID: 22923 Remote: Yes Date Published: 2007-03-12 Relevant URL: http://www.securityfocus.com/bid/22923 Summary: D-Link TFTP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer. An attacker can exploit this issue to cause the application to crash, denying further service to legitimate users. Due to the nature of this issue, the attacker may presumably be able to exploit it for remote code execution. Version 1.0 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #333 http://www.securityfocus.com/archive/88/462847 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: Black Hat Attend Black Hat Europe, March 27-30 in Amsterdam, Europe's premier technical event for ICT security experts. Featuring 10 hands-on training courses and 20 Briefings presentations with lots of new content - the best of Black Hat! See security solutions from 8 top sponsors including Microsoft and Google, and network with 400 colleagues from 30 nations. To download the preview program visit www.blackhat.com/html/bh-europe-07/marketing/bh-eu-07-preview-LR.pdf. For general information or to register visit: http://www.blackhat.com
