SecurityFocus Microsoft Newsletter #346 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Embedded Problems 2. Security Analogies II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability 2. OpenOffice RTF File Parser Buffer Overflow Vulnerability 3. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability 4. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities 5. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities 6. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability 7. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability 8. Microsoft Windows CE MSXML Multiple Vulnerabilities 9. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities 10. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability 11. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability 12. Microsoft Windows SChannel Security Remote Code Execution Vulnerability 13. Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability 14. Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability 15. Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability 16. Microsoft Windows CE Internet Explorer Remote Denial of Service Vulnerability 17. Microsoft Windows CE Internet Explorer SSL Unspecified Denial Of Service Vulnerability 18. Microsoft Windows CE Internet Explorer Content-Type Denial of Service Vulnerability 19. Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability 20. Microsoft Windows CE Malformed RNDIS Packet Remote Denial of Service Vulnerability 21. Microsoft Visio Packed Objects Remote Code Execution Vulnerability 22. Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability 23. Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities 24. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability 25. RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities 26. ClamAV Multiple Unspecified Vulnerabilities 27. Microsoft Visio Version Number Remote Code Execution Vulnerability 28. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities 29. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability 30. RETIRED: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities 31. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities 32. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability 33. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability 34. Mozilla Firefox Resource Variant Directory Traversal Vulnerability 35. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability 36. SNMPC Username/Password Remote Denial of Service Vulnerability 37. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability 38. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Embedded Problems By Federico Biancuzzi Federico Biancuzzi interviews Barnaby Jack to discuss the vector rewrite attack, which architectures are vulnerable, how to defend the integrity of the exception vector table, some firmware extraction methods, and what bad things you can do on a cheap SOHO router. http://www.securityfocus.com/columnists/446 2. Security Analogies By Scott Granneman Scott Granneman discusses security analogies and their function in educating the masses on security concepts. http://www.securityfocus.com/columnists/445 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Office MSODataSourceControl ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 24462 Remote: Yes Date Published: 2007-06-13 Relevant URL: http://www.securityfocus.com/bid/24462 Summary: Microsoft Office MSODataSourceControl ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions. 2. OpenOffice RTF File Parser Buffer Overflow Vulnerability BugTraq ID: 24450 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24450 Summary: OpenOffice is prone to a remote heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Remote attackers may exploit this issue by enticing victims into opening maliciously crafted RTF files. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. 3. RETIRED: Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability BugTraq ID: 24448 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24448 Summary: Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents of the Navigation canceled page. This may assist in phishing or other attacks that rely on content spoofing. NOTE: This BID is being retired because this issue was previously reported in BID 22966: Microsoft Internet Explorer NavCancel.HTM Cross-Site Scripting Vulnerability. 4. Apple Safari for Windows Unspecified SVG Parse Engine Multiple Unspecified Vulnerabilities BugTraq ID: 24446 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24446 Summary: Apple Safari for Microsoft Windows is prone to multiple unspecified vulnerabilities. Few technical details are currently available. We will update this BID as more information emerges. Safari 3 public beta for Windows is reported vulnerable. 5. Microsoft Windows CE .NET Compact Framework Components Multiple Vulnerabilities BugTraq ID: 24444 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24444 Summary: Components of the .NET Compact Framework for Microsoft Windows CE are prone to multiple vulnerabilities. Exploiting these issues may allow remote attackers to cause denial-of-service conditions, corrupt memory, or execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Other attacks are also possible. 6. TEC-IT TBarCode OCX ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 24440 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24440 Summary: TBarCode ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files. The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). 7. Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability BugTraq ID: 24429 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24429 Summary: Microsoft Internet Explorer is prone to remote code-execution vulnerability because of a race-condition in its language-pack installation support. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application. 8. Microsoft Windows CE MSXML Multiple Vulnerabilities BugTraq ID: 24428 Remote: Yes Date Published: 2007-06-11 Relevant URL: http://www.securityfocus.com/bid/24428 Summary: Microsoft Windows CE is prone to multiple denial-of-service vulnerabilities and a cross-site scripting vulnerability. An attacker can exploit these issues to cause infinite-loop conditions and denial-of-service conditions or to run arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 9. Microsoft Internet Explorer Speech API 4 COM Object Instantiation Buffer Overflow Vulnerabilities BugTraq ID: 24426 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24426 Summary: Microsoft Internet Explorer is prone to multiple buffer-overflow vulnerabilities when instantiating certain COM objects. An attacker may exploit these issues by enticing victims into opening a maliciously crafted webpage. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. 10. Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability BugTraq ID: 24423 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24423 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application. 11. Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability BugTraq ID: 24418 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24418 Summary: Microsoft Internet Explorer is prone to a memory-corruption vulnerability when accessing objects that are improperly instantiated or deleted. An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers. 12. Microsoft Windows SChannel Security Remote Code Execution Vulnerability BugTraq ID: 24416 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24416 Summary: The Microsoft Windows Schannel security package is prone to a remote code-execution vulnerability. This vulnerability occurs when processing and validating server-sent digital signatures by the client application. A remote attacker could exploit this issue by convincing a victim to visit a malicious website. Remote code execution is possible, but may be extremely difficult. In most cases, denial-of-service conditions will occur. 13. Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability BugTraq ID: 24411 Remote: No Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24411 Summary: Microsoft Windows Vista is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may allow them to gain unauthorized access to the affected computer. 14. Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability BugTraq ID: 24410 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24410 Summary: Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim's browser. Attackers could exploit this issue to access sensitive information (such as cookies or passwords) that is associated with the external domain. 15. Novell NetWare Modular Authentication Service Local Information Disclosure Vulnerability BugTraq ID: 24405 Remote: No Date Published: 2007-06-07 Relevant URL: http://www.securityfocus.com/bid/24405 Summary: Novell NetWare Modular Authentication Service (NMAS) is prone to a local information-disclosure vulnerability because 'NMASINST' dumps the admin account and password into a log file in clear text. The flaw presents itself in NMAS 3.1.2; prior versions are also affected. 16. Microsoft Windows CE Internet Explorer Remote Denial of Service Vulnerability BugTraq ID: 24395 Remote: Yes Date Published: 2007-06-08 Relevant URL: http://www.securityfocus.com/bid/24395 Summary: Microsoft Windows CE Internet Explorer is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted webserver responses. Successful exploits will result in denial-of-service conditions on the affected application. Windows CE 5.0 is vulnerable to this issue. 17. Microsoft Windows CE Internet Explorer SSL Unspecified Denial Of Service Vulnerability BugTraq ID: 24394 Remote: Yes Date Published: 2007-06-08 Relevant URL: http://www.securityfocus.com/bid/24394 Summary: Microsoft Internet Explorer for Windows CE is prone to a denial-of-service vulnerability when running custom Secure Sockets Layer (SSL) web-based programs. Few technical details are currently available. We will update this BID as more information emerges. Attackers can exploit this issue to cause denial-of-service conditions. 18. Microsoft Windows CE Internet Explorer Content-Type Denial of Service Vulnerability BugTraq ID: 24393 Remote: Yes Date Published: 2007-06-08 Relevant URL: http://www.securityfocus.com/bid/24393 Summary: Microsoft Internet Explorer for Windows CE is prone to a denial-of-service vulnerability because the software fails to handle exceptional conditions. This issue is triggered when an attacker entices a victim user to visit a malicious website. Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users. Given the nature of this vulnerability, a possible cause for the problem may be a buffer overflow, but this has not been confirmed. This issue affects Internet Explorer for Windows CE 6. 19. Microsoft Outlook Express MHTML URL Parsing Information Disclosure Vulnerability BugTraq ID: 24392 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24392 Summary: Outlook Express is prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain. 20. Microsoft Windows CE Malformed RNDIS Packet Remote Denial of Service Vulnerability BugTraq ID: 24391 Remote: Yes Date Published: 2007-06-08 Relevant URL: http://www.securityfocus.com/bid/24391 Summary: Microsoft Windows CE is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted network packets and file data. Successful exploits will result in denial-of-service conditions on applications using the affected RNDIS device driver. Microsoft Windows CE 5.0 is vulnerable to this issue. 21. Microsoft Visio Packed Objects Remote Code Execution Vulnerability BugTraq ID: 24384 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24384 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. 22. Zenturi ProgramChecker ActiveX Control NavigateURL Arbitrary File Execution Vulnerability BugTraq ID: 24382 Remote: Yes Date Published: 2007-06-08 Relevant URL: http://www.securityfocus.com/bid/24382 Summary: Zenturi ProgramChecker ActiveX control is prone to a vulnerability that may allow attackers to execute arbitrary local files. Attackers can exploit this issue to execute an arbitrary file on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). 23. Zenturi ProgramChecker ActiveX Control Multiple Arbitrary File Deletion Vulnerabilities BugTraq ID: 24380 Remote: Yes Date Published: 2007-06-08 Relevant URL: http://www.securityfocus.com/bid/24380 Summary: Zenturi ProgramChecker ActiveX control is prone to multiple vulnerabilities that attackers can exploit to delete arbitrary files. The issue occurs because the software fails to properly sanitize user-supplied input. Attackers can exploit these issues to delete arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). 24. Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability BugTraq ID: 24372 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24372 Summary: Microsoft Internet Explorer is prone to remote code-execution vulnerability. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application. 25. RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities BugTraq ID: 24366 Remote: Yes Date Published: 2007-06-07 Relevant URL: http://www.securityfocus.com/bid/24366 Summary: Microsoft has released advance notification that the vendor will be releasing six security bulletins on June 12, 2007. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. These vulnerabilities have been assigned to the following BIDs: 24448 Microsoft Internet Explorer Navigation Cancel Webpage Spoofing Vulnerability 24426 Microsoft Internet Explorer Speech API 4 COM Object Instantiation Memory Corruption Vulnerability 24418 Microsoft Internet Explorer Unspecified Uninitialized Memory Corruption Vulnerability 24416 Microsoft Windows SChannel Security Remote Code Execution Vulnerability 24429 Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability 24423 Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability 24372 Microsoft Internet Explorer URLMON.DLL COM Object Instantiation Remote Code Execution Vulnerability 24410 Microsoft Outlook Express Content Disposition Parsing Information Disclosure Vulnerability 24370 Microsoft Win32 API Parameter Validation Remote Code Execution Vulnerability 24411 Microsoft Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability 24392 Microsoft Outlook Express MHTML URL Redirect Information Disclosure Vulnerability 24349 Microsoft Visio Version Number Remote Code Execution Vulnerability 24384 Microsoft Visio Packed Objects Remote Code Execution Vulnerability 23103 Microsoft Windows Vista Windows Mail Local File Execution Vulnerability 17717 Outlook Express MHTML URI Handler Information Disclosure Vulnerability 26. ClamAV Multiple Unspecified Vulnerabilities BugTraq ID: 24358 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24358 Summary: ClamAV is prone to multiple unspecified vulnerabilities. These issues arise because the software incorrectly calculates the end of a buffer and gives improper permissions to temporary files. Versions prior to ClamAV 0.90.3 are vulnerable to these issues. 27. Microsoft Visio Version Number Remote Code Execution Vulnerability BugTraq ID: 24349 Remote: Yes Date Published: 2007-06-12 Relevant URL: http://www.securityfocus.com/bid/24349 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed attempts will result in denial-of-service conditions. 28. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities BugTraq ID: 24348 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24348 Summary: Computer Associates ARCserve Backup for Laptops & Desktops is prone to multiple unspecified remote buffer-overflow vulnerabilities. These issues occur because the application fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. No further details are currently available. We will update this BID as more information emerges. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers. ARCserve Backup for Laptops & Desktops r11.1 is reported vulnerable. Update - June 7 2007: The vendor has announced that a patches are being developed to address these issues. 29. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability BugTraq ID: 24346 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24346 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files. An attacker may exploit this issue by enticing victims into opening a malicious file. Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable. 30. RETIRED: Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities BugTraq ID: 24341 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24341 Summary: Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities. No further details are currently available. We will update this BID as more information emerges. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Specific vulnerable versions of Yahoo! Messenger are not known, but versions in the 8 series for Microsoft Windows are reported affected. UPDATE (June 7, 2007): The vendor announced that a fix is being developed to address this issue. This BID has been replaced by the following writeups: BID 24355 Yahoo! Messenger Webcam Viewer ActiveX Control Buffer Overflow Vulnerability BID 24354 Yahoo! Messenger Webcam Upload ActiveX Control Buffer Overflow Vulnerability 31. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities BugTraq ID: 24339 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24339 Summary: MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer. An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected. 32. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability BugTraq ID: 24324 Remote: Yes Date Published: 2007-06-05 Relevant URL: http://www.securityfocus.com/bid/24324 Summary: A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds. An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer. Beatnik 1.0 is vulnerable; other versions may also be affected. 33. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability BugTraq ID: 24316 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24316 Summary: ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files. A successful attack may allow an attacker to cause denial-of-service conditions. Versions prior to ClamAV 0.90.3 are affected. 34. Mozilla Firefox Resource Variant Directory Traversal Vulnerability BugTraq ID: 24303 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24303 Summary: Mozilla Firefox is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data. An attacker can exploit this issue to access arbitrary files on an unsuspecting user's computer. Successful exploits can expose potentially sensitive information that could aid in further attacks. This issue was introduced as part of the fix for BID 24191 (Mozilla Firefox Resource Directory Traversal Vulnerability) in Firefox 2.0.0.4. 35. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability BugTraq ID: 24298 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24298 Summary: Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. 36. SNMPC Username/Password Remote Denial of Service Vulnerability BugTraq ID: 24292 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24292 Summary: SNMPc is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users. This issue is reported to affect versions of SNMPc prior to 7.0.19. 37. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability BugTraq ID: 24289 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24289 Summary: ClamAV is prone to a denial-of-service vulnerability. A successful attack may allow an attacker to cause denial-of-service conditions. 38. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability BugTraq ID: 24283 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24283 Summary: The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations. This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones. UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed. UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU
