SecurityFocus Microsoft Newsletter #335 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN ------------------------------------------------------------------ I. FRONT AND CENTER 1. Metasploit 3.0 day 2. Blanket Discovery for Stolen Laptops II. MICROSOFT VULNERABILITY SUMMARY 1. FastStone Image Viewer Unspecified Buffer Overflow Vulnerability 2. Microsoft Windows Cursor And Icon ANI Format Handling Remote Code Execution Vulnerability 3. NaviCopa Web Server GET Request Buffer Overflow Vulnerability 4. Microsoft Internet Explorer HTML Denial of Service Vulnerability 5. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability 6. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability 7. SignKorea SKCommAX ActiveX Control Remote Buffer Overflow Vulnerability 8. Microsoft Windows Vista Windows Mail Local File Execution Vulnerability 9. 0IRC IRC Client Null Pointer Dereference Remote Denial of Service Vulnerability 10. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities 11. NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities 12. Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability 13. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability 14. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability 15. FTPDMIN List Command Remote Denial of Service Vulnerability 16. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability 17. F-Secure Anti-Virus Client Security Local Format String Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Multiple Profile ~ XP 2. Administrivia: New List Moderators 3. Administrivia: Farewell 4. Shared drives through a firewall IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Metasploit 3.0 day By Federico Biancuzzi The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law. http://www.securityfocus.com/columnists/439 2. Blanket Discovery for Stolen Laptops By Mark Rasch Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world. http://www.securityfocus.com/columnists/438 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. FastStone Image Viewer Unspecified Buffer Overflow Vulnerability BugTraq ID: 23196 Remote: Yes Date Published: 2007-03-29 Relevant URL: http://www.securityfocus.com/bid/23196 Summary: FastStone Image Viewer is prone to an unspecified buffer-overflow vulnerability. This issue occurs because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application. Failed exploit attempts will result in a denial-of-service. Currently, limited information is currently available regarding this issue. This BID will be updated as more information becomes available. This issue affects version 2.8; other versions may also be affected. 2. Microsoft Windows Cursor And Icon ANI Format Handling Remote Code Execution Vulnerability BugTraq ID: 23194 Remote: Yes Date Published: 2007-03-29 Relevant URL: http://www.securityfocus.com/bid/23194 Summary: Microsoft Windows is prone to a vulnerability that can allow attackers to execute arbitrary remote code. This issue occurs because of a memory-corruption error caused when handling malformed cursor or icon files. An attacker can exploit this issue to execute arbitrary code with the privileges of an unsuspecting user. A successful attack can result in the compromise of affected user accounts and computers. This issue affects Windows XP SP2 and Windows Server 2003 SP1 when running Internet Explorer 6 and 7; other versions may also be affected. 3. NaviCopa Web Server GET Request Buffer Overflow Vulnerability BugTraq ID: 23179 Remote: Yes Date Published: 2007-03-28 Relevant URL: http://www.securityfocus.com/bid/23179 Summary: NaviCOPA Web Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code with the privileges of the application. Successful attacks will result in the compromise of the application. Failed attempts will likely cause denial-of-service conditions. Version 2.01 is vulnerable; prior versions may also be affected. 4. Microsoft Internet Explorer HTML Denial of Service Vulnerability BugTraq ID: 23178 Remote: Yes Date Published: 2007-03-28 Relevant URL: http://www.securityfocus.com/bid/23178 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. This issue affects Internet Explorer version 7. 5. Corel WordPerfect Office PRS Stack Buffer Overflow Vulnerability BugTraq ID: 23177 Remote: Yes Date Published: 2007-03-28 Relevant URL: http://www.securityfocus.com/bid/23177 Summary: Corel WordPerfect Office is prone to a stack-based buffer-overflow vulnerability because the software fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. A successful attack can result in the compromise of the application. Failed attempts will likely result in denial-of-service conditions. WordPerfect X3 version 13.0.0.565 is vulnerable to this issue; other versions may also be affected. 6. IBM Lotus Domino Web Access Email Message HTML Injection Vulnerability BugTraq ID: 23173 Remote: Yes Date Published: 2007-03-28 Relevant URL: http://www.securityfocus.com/bid/23173 Summary: IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 7. SignKorea SKCommAX ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 23149 Remote: Yes Date Published: 2007-03-26 Relevant URL: http://www.securityfocus.com/bid/23149 Summary: SignKorea SKCommAX ActiveX control is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers. Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications that employ the vulnerable controls (typically Microsoft Internet Explorer). SignKorea SKCommAX ActiveX Control 7.2.0.2 and 6.6.0.1 are vulnerable to this issue; other versions may also be vulnerable. 8. Microsoft Windows Vista Windows Mail Local File Execution Vulnerability BugTraq ID: 23103 Remote: Yes Date Published: 2007-03-23 Relevant URL: http://www.securityfocus.com/bid/23103 Summary: Microsoft Windows Vista Windows Mail is prone to a local file-execution vulnerability due to a design error. An attackers may exploit this issue to execute local files. The attacker must entice a victim into opening a maliciously crafted link using the affected application. Note: We were unable to reproduce this vulnerability using a default Microsoft Windows Vista installation. Symantec is currently investigating this issue further. 9. 0IRC IRC Client Null Pointer Dereference Remote Denial of Service Vulnerability BugTraq ID: 23101 Remote: Yes Date Published: 2007-03-22 Relevant URL: http://www.securityfocus.com/bid/23101 Summary: 0irc is prone to a remote denial-of-service vulnerability. The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may cause an affected client to crash. 0irc version 1345 build 20060823 is vulnerable to this issue; other versions may also be affected. 10. IASystemInfo.DLL ActiveX Control Remote Buffer Overflow Vulnerabilities BugTraq ID: 23071 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23071 Summary: The IASystemInfo.dll ActiveX control of InterActual Player and CinePlayer is prone to buffer-overflow vulnerabilities. This software fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer. InterActual Player version 2.60.12.0717 is vulnerable to these issues; other versions may also be affected. CinePlayer version 3.2 is vulnerable to these issues; other versions may also be affected. 11. NETXAutomation NETXEIB OPC Server Multiple Arbitrary Code Execution Vulnerabilities BugTraq ID: 23059 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23059 Summary: NETxAutomation NETxEIB is prone to multiple vulnerabilities that will allow remote attackers to execute arbitrary code on an affected computer. Successful exploits will allow attacker-supplied arbitrary code to run within the context of the affected server. Failed exploit attempts will likely cause denial-of-service conditions. 12. Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability BugTraq ID: 23058 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23058 Summary: Mercur IMAPD is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. Version 1 SP4 is vulnerable; other versions may also be affected. 13. Intervations FileCopa Unspecified Remote Stack Buffer Overflow Vulnerability BugTraq ID: 23056 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23056 Summary: FileCopa is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed attempts may cause denial-of-service conditions. 14. Atrium Mercur IMap Subscribe Stack Buffer Overflow Vulnerability BugTraq ID: 23050 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23050 Summary: Mercur IMAP is prone to a stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Currently, few technical details are available. This BID will be updated as more information becomes available. This issue may be related to BID 7842 (Atrium Software Mercur Mailserver IMAP Remote Buffer Overflow Vulnerability). An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. 15. FTPDMIN List Command Remote Denial of Service Vulnerability BugTraq ID: 23049 Remote: Yes Date Published: 2007-03-20 Relevant URL: http://www.securityfocus.com/bid/23049 Summary: FTPDMIN is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users. This issue affects version 0.96; other versions may also be affected. 16. Microsoft Windows Ndistapi Local Privilege Escalation Vulnerability BugTraq ID: 23025 Remote: No Date Published: 2007-03-19 Relevant URL: http://www.securityfocus.com/bid/23025 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to execute arbitrary machine code with Dispatch-level privileges or potentially crash the affected computer. 17. F-Secure Anti-Virus Client Security Local Format String Vulnerability BugTraq ID: 23023 Remote: No Date Published: 2007-03-19 Relevant URL: http://www.securityfocus.com/bid/23023 Summary: F-Secure Anti-Virus Client Security is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before using it in the format-specifier argument to a formatted-printing function. Successfully exploiting this vulnerability may allow an attacker to access sensitive process memory or to crash the application. Code execution may potentially be possible, but this has not been confirmed. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Multiple Profile ~ XP http://www.securityfocus.com/archive/88/463814 2. Administrivia: New List Moderators http://www.securityfocus.com/archive/88/463538 3. Administrivia: Farewell http://www.securityfocus.com/archive/88/463531 4. Shared drives through a firewall http://www.securityfocus.com/archive/88/463468 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How a Hacker Launches a SQL Injection Attack!"- SPI Dynamics White Paper It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000CkvN
