SecurityFocus Microsoft Newsletter #361 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D3WW SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Windows Anti-Debug Reference 2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Windows Explorer PNG Image Local Denial Of Service Vulnerability 2. IBM Rational ClearQuest Data Corruption Denial of Service Vulnerability 3. Microsoft Live Messenger Shared Files Denial of Service Vulnerability 4. Symantec Veritas Backup Exec for Windows Unspecified Vulnerability 5. ebCrypt ActiveX Control AddString Denial of Service Vulnerability 6. Imatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability 7. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability 8. ImageMagick ReadDIBImage Integer Overflow Vulnerability 9. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities 10. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities 11. Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability 12. NetSupport Manager Remote Authentication Bypass Vulnerability 13. Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability 14. Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability 15. Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability 16. Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability 17. COWON America jetAudio JetFlExt.dll ActiveX Control Insecure Method Vulnerability 18. Microsoft RegMon SSDT Hooks Multiple Local Vulnerabilities 19. Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities 20. ProSecurity SSDT Hooks Multiple Local Vulnerabilities 21. DiamondCS ProcessGuard SSDT Hooks Multiple Local Vulnerabilities 22. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities 23. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities 24. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities 25. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities 26. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities 27. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Windows Anti-Debug Reference By Nicolas Falliere This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems. http://www.securityfocus.com/infocus/1893 2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs By Jason Ostrom and John Kindervag Testing Protection Controls on a VoIP Network - A Case Study and Method http://www.securityfocus.com/infocus/1892 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Windows Explorer PNG Image Local Denial Of Service Vulnerability BugTraq ID: 25816 Remote: Yes Date Published: 2007-09-26 Relevant URL: http://www.securityfocus.com/bid/25816 Summary: Microsoft Windows Explorer is prone to a denial-of-service vulnerability because it fails to handle malformed PNG image files. Attackers can exploit this issue to cause Windows Explorer to exhaust CPU cycles and become unresponsive. 2. IBM Rational ClearQuest Data Corruption Denial of Service Vulnerability BugTraq ID: 25810 Remote: Yes Date Published: 2007-09-25 Relevant URL: http://www.securityfocus.com/bid/25810 Summary: IBM Rational ClearQuest is prone to a denial-of-service vulnerability. Successfully exploiting this issue allows attackers to corrupt data stored in Microsoft SQL Server- or IBM DB2-based ClearQuest databases. Oracle-based databases are not prone to this issue. A successful attack will deny service to legitimate users. 3. Microsoft Live Messenger Shared Files Denial of Service Vulnerability BugTraq ID: 25795 Remote: Yes Date Published: 2007-09-24 Relevant URL: http://www.securityfocus.com/bid/25795 Summary: Microsoft Live Messenger is prone to a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input. Successfully exploiting this issue allows remote attackers to crash affected applications, denying service to legitimate users. Given the nature of this issue, remote attackers may also be able to execute code, but this has not been confirmed. Live Messenger 8.1 is vulnerable to this issue; other versions may also be affected. 4. Symantec Veritas Backup Exec for Windows Unspecified Vulnerability BugTraq ID: 25793 Remote: Yes Date Published: 2007-09-24 Relevant URL: http://www.securityfocus.com/bid/25793 Summary: Symantec Veritas Backup Exec for Windows is prone to an unspecified vulnerability. Very few technical details are currently available. We will update this BID as more information emerges. This issue affects Backup Exec 11d for Windows Servers. 5. ebCrypt ActiveX Control AddString Denial of Service Vulnerability BugTraq ID: 25789 Remote: Yes Date Published: 2007-09-24 Relevant URL: http://www.securityfocus.com/bid/25789 Summary: ebCrypt ActiveX control is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer). ebCrypt 2.0 is vulnerable; other versions may also be affected. 6. Imatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability BugTraq ID: 25772 Remote: Yes Date Published: 2007-09-24 Relevant URL: http://www.securityfocus.com/bid/25772 Summary: Xitami is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Xitami 2.5 is vulnerable to this issue; other versions may also be affected. 7. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability BugTraq ID: 25766 Remote: Yes Date Published: 2007-09-21 Relevant URL: http://www.securityfocus.com/bid/25766 Summary: ImageMagick is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application. Versions prior to ImageMagick 6.3.5-9 are vulnerable. 8. ImageMagick ReadDIBImage Integer Overflow Vulnerability BugTraq ID: 25765 Remote: Yes Date Published: 2007-09-21 Relevant URL: http://www.securityfocus.com/bid/25765 Summary: ImageMagick is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. Versions prior to ImageMagick 6.3.5-9 are vulnerable to this issue. 9. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities BugTraq ID: 25764 Remote: Yes Date Published: 2007-09-21 Relevant URL: http://www.securityfocus.com/bid/25764 Summary: ImageMagick is prone to multiple remote denial-of-service vulnerabilities. An attacker could exploit these issues by enticing an unsuspecting victim to open a malicious image file. Successfully exploiting these issues will allow the attacker to consume excessive amounts of CPU resources on affected computers, denying service to legitimate users. These issues affect ImageMagick 6.3.4; prior versions are also affected. 10. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities BugTraq ID: 25763 Remote: Yes Date Published: 2007-09-21 Relevant URL: http://www.securityfocus.com/bid/25763 Summary: ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. These issues affect versions prior to ImageMagick 6.3.5-9. 11. Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability BugTraq ID: 25762 Remote: Yes Date Published: 2007-09-21 Relevant URL: http://www.securityfocus.com/bid/25762 Summary: Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Versions between Ipswitch IMail Server 8.01 and 8.11 are vulnerable to this issue; other versions may also be affected. NOTE: This issue may be related to previously disclosed vulnerabilities in IMail, but due to a lack of information we cannot confirm this. We will update this BID as more information emerges. 12. NetSupport Manager Remote Authentication Bypass Vulnerability BugTraq ID: 25761 Remote: Yes Date Published: 2007-09-21 Relevant URL: http://www.securityfocus.com/bid/25761 Summary: NetSupport Manager is prone to an authentication-bypass vulnerability because the client application fails to properly require authentication when handling connections. Attackers can exploit this issue to gain unauthorized access to computers running the affected application. This issue affects versions prior to NetSupport Manager 10.20.0004 on Microsoft Windows platforms. 13. Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability BugTraq ID: 25753 Remote: Yes Date Published: 2007-09-20 Relevant URL: http://www.securityfocus.com/bid/25753 Summary: Microsoft ISA Server is prone to an information-disclosure vulnerability that occurs when SOCKS4 handles empty packets. An attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue affects Microsoft ISA Server 2004 SP1 and SP2. 14. Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability BugTraq ID: 25751 Remote: Yes Date Published: 2007-09-20 Relevant URL: http://www.securityfocus.com/bid/25751 Summary: Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage. Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Microsoft Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. This issue affects Xunlei Web Thunder 5.6.8.344; other versions may also be affected. 15. Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability BugTraq ID: 25733 Remote: Yes Date Published: 2007-09-19 Relevant URL: http://www.securityfocus.com/bid/25733 Summary: Mercury/32 is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. To exploit this issue, attackers must have authenticated access to the affected application. An attacker can exploit this issue to execute arbitrary machine code within the context of the user running the application. Failed exploit attempts will result in a denial-of-service vulnerability. This issue affects Mercury/32 4.52; other versions may also be affected. 16. Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability BugTraq ID: 25725 Remote: Yes Date Published: 2007-09-19 Relevant URL: http://www.securityfocus.com/bid/25725 Summary: Bugzilla is prone to a security-bypass vulnerability because it fails to adequately validate user-supplied input. Attackers can exploit this issue to create Bugzilla user accounts on computers that also have the 'SOAP::Lite' Perl module installed. NOTE: The application is vulnerable even if account creation has been disabled. Versions prior to Bugzilla 3.0.2 and 3.1.2 are vulnerable. 17. COWON America jetAudio JetFlExt.dll ActiveX Control Insecure Method Vulnerability BugTraq ID: 25723 Remote: Yes Date Published: 2007-09-19 Relevant URL: http://www.securityfocus.com/bid/25723 Summary: jetAudio is prone to a vulnerability that lets attackers overwrite arbitrary files. The problem stems from an insecure method caused by a design error in the affected application. An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). This issue affects jetAudio 7.0.3 Basic; other versions may also be affected. 18. Microsoft RegMon SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25721 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25721 Summary: RegMon is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. RegMon 7.04 is vulnerable to these issues; other versions may also be affected. 19. Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25719 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25719 Summary: Process Monitor is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Process Monitor 1.22 is vulnerable to these issues; other versions may also be affected. 20. ProSecurity SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25718 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25718 Summary: ProSecurity is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. ProSecurity 1.40 beta 2 is vulnerable to these issues; other versions may also be affected. 21. DiamondCS ProcessGuard SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25714 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25714 Summary: ProcessGuard is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. ProcessGuard 3.410 is vulnerable; other versions may also be affected. 22. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25712 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25712 Summary: Privatefirewall is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Privatefirewall 5.0.14.2 is vulnerable; other versions may also be affected. 23. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25711 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25711 Summary: Online Armor Personal Firewall is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Online Armor Personal Firewall 2.0.1.125 is vulnerable; other versions may also be affected. 24. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25709 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25709 Summary: Ghost Security Suite is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. Ghost Security Suite beta 1.110 and alpha 1.200 are vulnerable; other versions may also be affected. 25. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities BugTraq ID: 25705 Remote: No Date Published: 2007-09-18 Relevant URL: http://www.securityfocus.com/bid/25705 Summary: G DATA Internet Security is prone to multiple local vulnerabilities. Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed. G DATA Internet Security 2007 is vulnerable; other versions may also be affected. 26. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities BugTraq ID: 25687 Remote: Yes Date Published: 2007-09-17 Relevant URL: http://www.securityfocus.com/bid/25687 Summary: WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories. WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected. 27. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability BugTraq ID: 25686 Remote: Yes Date Published: 2007-09-17 Relevant URL: http://www.securityfocus.com/bid/25686 Summary: Media Player Classic is prone to a remote denial-of-service vulnerability because the application fails to handle malformed video files. Remote attackers can exploit this issue to crash the application. Reports indicate that attackers may also be able to execute code, but this has not been confirmed. Media Player Classic 6.4.9.1 and prior versions are vulnerable. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D3WW
