SecurityFocus Microsoft Newsletter #360 ----------------------------------------
This Issue is Sponsored by:Techmentor _______________________ TechMentor - Las Vegas - October 15 - 19 Join your fellow systems administrators and IT managers at the Rio Hotel & Casino in Vegas for a week of in-depth technical training. TechMentor will give you the tools and techniques to help you get the most out of your network. Register now! http://techmentorevents.com/ SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Windows Anti-Debug Reference 2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs II. MICROSOFT VULNERABILITY SUMMARY 1. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities 2. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities 3. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities 4. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities 5. Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability 6. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities 7. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability 8. COWON America jetCast Server Remote Denial Of Service Vulnerability 9. WinSCP URL Protocol Handler Arbitrary File Access Vulnerability 10. Media Player Classic Malformed AVI Header Multiple Remote Vulnerabilities 11. SWsoft Plesk PLESKSESSID Parameter Multiple SQL Injection Vulnerabilities 12. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities 13. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability 14. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities 15. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability 16. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #359 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Windows Anti-Debug Reference By Nicolas Falliere This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems. http://www.securityfocus.com/infocus/1893 2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs By Jason Ostrom and John Kindervag Testing Protection Controls on a VoIP Network - A Case Study and Method http://www.securityfocus.com/infocus/1892 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25712 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25712 Summary: Privatefirewall is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Privatefirewall 5.0.14.2 is vulnerable; other versions may also be affected. 2. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25711 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25711 Summary: Online Armor Personal Firewall is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Online Armor Personal Firewall 2.0.1.125 is vulnerable; other versions may also be affected. 3. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25709 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25709 Summary: Ghost Security Suite is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Ghost Security Suite beta 1.110 and alpha 1.200 are vulnerable; other versions may also be affected. 4. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25705 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25705 Summary: G DATA Internet Security is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. G DATA Internet Security 2007 is vulnerable; other versions may also be affected. 5. Microsoft MFC Library CFileFind::FindFile Buffer Overflow Vulnerability BugTraq ID: 25697 Remote: Yes Date Published: 2007-09-14 Relevant URL: http://www.securityfocus.com/bid/25697 Summary: The CFileFind::FindFile method in the MFC library for Microsoft Windows is prone to a buffer-overflow vulnerability because the method fails to perform adequate boundary checks of user-supplied input. Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of applications that use the vulnerable method. The MFC library included with Microsoft Windows XP SP2 is affected; other versions may also be affected. 6. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities BugTraq ID: 25687 Remote: Yes Date Published: 2007-09-17 Relevant URL: http://www.securityfocus.com/bid/25687 Summary: WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories. WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected. 7. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability BugTraq ID: 25686 Remote: Yes Date Published: 2007-09-17 Relevant URL: http://www.securityfocus.com/bid/25686 Summary: Media Player Classic is prone to a remote denial-of-service vulnerability because the application fails to handle malformed video files. Remote attackers can exploit this issue to crash the application. Reports indicate that attackers may also be able to execute code, but this has not been confirmed. Media Player Classic 6.4.9.1 and prior versions are vulnerable. 8. COWON America jetCast Server Remote Denial Of Service Vulnerability BugTraq ID: 25660 Remote: Yes Date Published: 2007-09-13 Relevant URL: http://www.securityfocus.com/bid/25660 Summary: jetCast Server is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the server, denying access to legitimate users. jetCast Server 2 is reported vulnerable; other versions may also be affected. 9. WinSCP URL Protocol Handler Arbitrary File Access Vulnerability BugTraq ID: 25655 Remote: Yes Date Published: 2007-09-13 Relevant URL: http://www.securityfocus.com/bid/25655 Summary: WinSCP is prone to a vulnerability that lets an attacker upload arbitrary files to a victim's computer or to download arbitrary files from the victim's computer in the context of the vulnerable application. This issue affects versions prior to WinSCP 4.0.4. 10. Media Player Classic Malformed AVI Header Multiple Remote Vulnerabilities BugTraq ID: 25650 Remote: Yes Date Published: 2007-09-12 Relevant URL: http://www.securityfocus.com/bid/25650 Summary: Media Player Classic (MPC) is prone to multiple remote vulnerabilities, including a heap-based buffer-overflow issue and an integer-overflow issue, when handling malformed AVI files. An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected. 11. SWsoft Plesk PLESKSESSID Parameter Multiple SQL Injection Vulnerabilities BugTraq ID: 25646 Remote: Yes Date Published: 2007-09-12 Relevant URL: http://www.securityfocus.com/bid/25646 Summary: Plesk is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Microsoft Windows are vulnerable; other versions running on different platforms may also be affected. 12. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities BugTraq ID: 25638 Remote: Yes Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25638 Summary: Microsoft Visual Studio is prone to multiple remote vulnerabilities, including two remote command-execution issues and four unspecified vulnerabilities. An attacker can exploit the remote command-execution vulnerabilities to execute arbitrary commands with the privileges of the currently logged-in user. Very little information is known about the four unspecified issues. We will update this BID as more information emerges. These issues affect Microsoft Visual Studio 6.0.0; other versions may also be affected. 13. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability BugTraq ID: 25635 Remote: Yes Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25635 Summary: Microsoft Visual Studio VB To VSI Support Library ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker can exploit this issue to overwrite arbitrary files with local data. This will likely result in denial-of-service conditions; other attacks may also be possible. 14. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities BugTraq ID: 25625 Remote: Yes Date Published: 2007-09-10 Relevant URL: http://www.securityfocus.com/bid/25625 Summary: CellFactor: Revolution is prone to multiple remote code-execution vulnerabilities, including a buffer-overflow issue and a format-string issue. Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application or to crash the application. CellFactor: Revolution 1.03 is vulnerable; other versions may also be affected. 15. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability BugTraq ID: 25620 Remote: No Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25620 Summary: Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers. Microsoft Windows Services for UNIX 3.0 and 3.5 and Microsoft Subsystem for UNIX-based Applications are vulnerable to this issue. 16. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability BugTraq ID: 25566 Remote: Yes Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25566 Summary: Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #359 http://www.securityfocus.com/archive/88/479220 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by:Techmentor _______________________ TechMentor - Las Vegas - October 15 - 19 Join your fellow systems administrators and IT managers at the Rio Hotel & Casino in Vegas for a week of in-depth technical training. TechMentor will give you the tools and techniques to help you get the most out of your network. Register now! http://techmentorevents.com/
