SecurityFocus Microsoft Newsletter #350 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Achtung! New German Laws on Cybercrime 2. Don't Be Evil II. MICROSOFT VULNERABILITY SUMMARY 1. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability 2. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities 3. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability 4. Microsoft Excel Unspecified Security Vulnerability 5. Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability 6. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability 7. Media Player Classic .FLV Remote Denial Of Service Vulnerability 8. Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities 9. Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities 10. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability 11. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability 12. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability 13. Microsoft Excel Workspace Designation Remote Code Execution Vulnerability 14. Microsoft Excel Version Information Validation Remote Code Execution Vulnerability 15. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability 16. Visual IRC Join Response Buffer Overflow Vulnerability 17. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability 18. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities 19. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability 20. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability 21. Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities 22. Microsoft Internet Explorer Zone Denial of Service Vulnerability 23. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability 24. Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. USB device control software 2. SecurityFocus Microsoft Newsletter #349 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Achtung! New German Laws on Cybercrime By Federico Biancuzzi Germany is passing some new laws regarding cybercrime that might affect security professionals. Federico Biancuzzi interviewed Marco Gercke, one of the experts that was invited to the parliamentary hearing, to learn more about this delicate subject. They discussed what is covered by the new laws, which areas remain in the dark, and how they might affect vulnerability disclosure and the use of common tools, such as nmap. http://www.securityfocus.com/columnists/448 2. Don't Be Evil By Mark Rasch A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators. http://www.securityfocus.com/columnists/447 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Adobe Flash Player SWF File Handling Remote Code Execution Vulnerability BugTraq ID: 24856 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24856 Summary: Adobe Flash Player is prone to a remote code-execution vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the victim running the vulnerable application. Adobe Flash Player 9.0.45.0 and earlier, 8.0.34.0 and earlier, and 7.0.69.0 and earlier are affected. 2. CenterICQ Multiple Remote Buffer Overflow Vulnerabilities BugTraq ID: 24854 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24854 Summary: Centericq is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. 3. Sun Java System Server XSLT Processing Remote Java Method Execution Vulnerability BugTraq ID: 24850 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24850 Summary: Sun Java System Web Servers and Application Servers are prone to a vulnerability that lets attackers execute arbitrary Java methods. This issue occurs because the application fails to securely process XSLT stylesheets. Successfully exploiting this issue may allow remote attackers to execute arbitrary Java methods, aiding them in further attacks. Sun Java System Web Server 7.0 for the following operating systems is affected: - Sun Solaris SPARC and x86 platforms - Linux - Microsoft Windows - HP-UX Sun Java System Application Server Platform and Enterprise Editions 8.2 and Platform Edition 9.0 for the following operating systems are also affected: - Sun Solaris SPARC and x86 platforms - Linux - Microsoft Windows 4. Microsoft Excel Unspecified Security Vulnerability BugTraq ID: 24843 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24843 Summary: Microsoft Excel is prone to an unspecified security vulnerability. Very little information is currently available regarding this issue. We will update this BID as more information emerges. 5. Microsoft Internet Explorer FirefoxURL Protocol Handler Command Injection Vulnerability BugTraq ID: 24837 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24837 Summary: Microsoft Internet Explorer is prone to a vulnerability that lets attackers inject commands through the 'FirefoxURL' protocol handler. Exploiting the issue allows remote attackers to pass and execute arbitrary commands and arguments through the 'firefox.exe' process by employing the 'FirefoxURL' handler. An attacker can also employ this issue to carry out cross-browser scripting attacks by using the '-chrome' argument. This can allow the attacker to run JavaScript code with the privileges of trusted Chrome context and gain full access to Firefox's resources. Exploiting the issue would permit remote attackers to influence command options that can be called through the 'FirefoxURL' handler and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access. 6. Innovasys DockStudioXP InnovaDSXP2.OCX ActiveX Control Denial of Service Vulnerability BugTraq ID: 24834 Remote: Yes Date Published: 2007-07-09 Relevant URL: http://www.securityfocus.com/bid/24834 Summary: Innovasys DockStudioXP ActiveX control is prone to a denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control. The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. 7. Media Player Classic .FLV Remote Denial Of Service Vulnerability BugTraq ID: 24830 Remote: Yes Date Published: 2007-07-09 Relevant URL: http://www.securityfocus.com/bid/24830 Summary: Media Player Classic is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application. Reports indicate that remote code execution may also be possible, but this has not been confirmed. Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected. 8. Eltima Software Virtual Serial Port VSPort.DLL ActiveX Control Denial of Service Vulnerabilities BugTraq ID: 24827 Remote: Yes Date Published: 2007-07-09 Relevant URL: http://www.securityfocus.com/bid/24827 Summary: Eltima Software Virtual Serial Port ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer). Virtual Serial Port 5.0 is vulnerable; other versions may also be affected. 9. Symantec Norton Ghost FileBackup.DLL Multiple Denial of Service Vulnerabilities BugTraq ID: 24826 Remote: Yes Date Published: 2007-07-09 Relevant URL: http://www.securityfocus.com/bid/24826 Summary: Norton Ghost is prone to multiple denial-of-service vulnerabilities. Successful exploits may allow an attacker to cause denial-of-service conditions. 10. Symantec Norton Ghost RemoteCommand.DLL Buffer Overflow Vulnerability BugTraq ID: 24825 Remote: Yes Date Published: 2007-07-09 Relevant URL: http://www.securityfocus.com/bid/24825 Summary: Symantec Norton Ghost is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects Symantec Ghost 12.0; other versions may also be affected. 11. Microsoft Windows Vista Kernel Unspecified Remote Denial Of Service Vulnerability BugTraq ID: 24816 Remote: Yes Date Published: 2007-07-09 Relevant URL: http://www.securityfocus.com/bid/24816 Summary: Microsoft Windows Vista is prone to an unspecified remote denial-of-service vulnerability. Attackers may exploit this issue to crash the affected operating system, denying further service to legitimate users. Remote code-execution may be possible, but this has not been confirmed. 12. Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability BugTraq ID: 24811 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24811 Summary: Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions. 13. Microsoft Excel Workspace Designation Remote Code Execution Vulnerability BugTraq ID: 24803 Remote: Yes Date Published: 2007-07-06 Relevant URL: http://www.securityfocus.com/bid/24803 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file (.xls). Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers. 14. Microsoft Excel Version Information Validation Remote Code Execution Vulnerability BugTraq ID: 24801 Remote: Yes Date Published: 2007-07-06 Relevant URL: http://www.securityfocus.com/bid/24801 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls'). Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers. 15. Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability BugTraq ID: 24800 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24800 Summary: Microsoft Windows is prone to a remote code-execution vulnerability because Microsoft Active Directory fails to handle specially crafted user-supplied Lightweight Directory Access Protocol (LDAP) requests. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 16. Visual IRC Join Response Buffer Overflow Vulnerability BugTraq ID: 24798 Remote: Yes Date Published: 2007-07-06 Relevant URL: http://www.securityfocus.com/bid/24798 Summary: Visual IRC (ViRC) is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of a user running the affected application. Successful attacks will compromise the application. Failed exploits will likely cause denial-of-service conditions. ViRC 2.0 is vulnerable; other versions may also be affected. 17. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability BugTraq ID: 24796 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24796 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory fails to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests. An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users. 18. Microsoft .Net Framework Multiple Null Byte Injection Vulnerabilities BugTraq ID: 24791 Remote: Yes Date Published: 2007-07-06 Relevant URL: http://www.securityfocus.com/bid/24791 Summary: Microsoft .NET Framework is prone to multiple NULL-byte injection vulnerabilities because it fails to adequately sanitize user-supplied data. An attacker can exploit these issues to access sensitive information that may aid in further attacks; other attacks are also possible. 19. Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability BugTraq ID: 24779 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24779 Summary: Windows Firewall for Windows Vista is prone to a vulnerability that may permit a bypass of existing firewall rules. An attacker may trigger this vulnerability by sending malicious network data through the Teredo network transport system to obtain sensitive information; other attacks are also possible. Note that Windows Vista systems configured with a 'Public' network profile are not vulnerable to this issue. 20. Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability BugTraq ID: 24778 Remote: Yes Date Published: 2007-07-10 Relevant URL: http://www.securityfocus.com/bid/24778 Summary: Microsoft .NET Framework is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of a user running the application. Successful exploits can result in the complete compromise of affected computers. Failed attacks will likely result in denial-of-service conditions. 21. Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities BugTraq ID: 24771 Remote: Yes Date Published: 2007-07-05 Relevant URL: http://www.securityfocus.com/bid/24771 Summary: Microsoft has released advance notification that the vendor will be releasing six security bulletins on July 10, 2007. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. These vulnerabilities have been assigned to the following BIDs: 24800 Microsoft Windows Active Directory LDAP Request Validation Remote Code Execution Vulnerability 24796 Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability 24778 Microsoft .NET Framework PE Loader Remote Buffer Overflow Vulnerability 24791 Microsoft .Net Framework Null Byte Injection Vulnerability 24811 Microsoft .NET Framework JIT Compiler Remote Buffer Overflow Vulnerability 20753 Microsoft .NET Framework Request Filtering Bypass Vulnerability 24779 Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability 24801 Microsoft Excel Version Information Validation Remote Code Execution Vulnerability 22555 Microsoft Excel Worksheet Remote Code Execution Vulnerability 24803 Microsoft Excel Workspace Designation Remote Code Execution Vulnerability 24843 Microsoft Excel Unspecified Security Vulnerability 22702 Microsoft Office Publisher Invalid Memory Reference Remote Code Execution Vulnerability 15921 Microsoft Internet Information Server 5.1 DLL Request Remote Code Execution Vulnerability 22. Microsoft Internet Explorer Zone Denial of Service Vulnerability BugTraq ID: 24744 Remote: Yes Date Published: 2007-07-02 Relevant URL: http://www.securityfocus.com/bid/24744 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions. Remote attackers can exploit this issue to cause the application to hang when viewing arbitrary websites. This issue affects Internet Explorer 6 and 7. 23. PHPEventCalendar Eventdisplay.PHP Script SQL Injection Vulnerability BugTraq ID: 24721 Remote: Yes Date Published: 2007-07-01 Relevant URL: http://www.securityfocus.com/bid/24721 Summary: phpEventCalendar is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. phpEventCalendar 0.2.3 and prior versions are reported prone to this issue. 24. Symantec Veritas Backup Exec for Windows Server Unspecified Heap Buffer Overflow Vulnerability BugTraq ID: 23897 Remote: Yes Date Published: 2007-07-11 Relevant URL: http://www.securityfocus.com/bid/23897 Summary: Symantec Veritas Backup Exec for Windows Server is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. USB device control software http://www.securityfocus.com/archive/88/472910 2. SecurityFocus Microsoft Newsletter #349 http://www.securityfocus.com/archive/88/472860 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000Cu6j
