SecurityFocus Microsoft Newsletter #368 ----------------------------------------
This issue is Sponsored by: SPI Dynamics ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper. https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Don't blame the IDS 2.E-mail privacy to disappear? II. MICROSOFT VULNERABILITY SUMMARY 1. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities 2. Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities 3. Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability 4. Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability 5. Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities 6. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability 7. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities 8. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability 9. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability 10. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability 11. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability 12. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities 13. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability 14. Microsoft Windows Recursive DNS Spoofing Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #367 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Don't blame the IDS By Don Parker Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part. http://www.securityfocus.com/columnists/457 2.E-mail privacy to disappear? By Mark Rasch On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your e-mail -- similar to the way they could simply subpoena any physical mail sitting on your desk -- is unconstitutionally broad. http://www.securityfocus.com/columnists/456 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities BugTraq ID: 26430 Remote: Yes Date Published: 2007-11-13 Relevant URL: http://www.securityfocus.com/bid/26430 Summary: WebEx is prone to multiple remote denial-of-service vulnerabilities. Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users. 2. Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities BugTraq ID: 26414 Remote: Yes Date Published: 2007-11-12 Relevant URL: http://www.securityfocus.com/bid/26414 Summary: Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users. Note: Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0. 3. Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability BugTraq ID: 26405 Remote: Yes Date Published: 2007-11-12 Relevant URL: http://www.securityfocus.com/bid/26405 Summary: Microsoft Office Web Component is prone to a denial-of-service vulnerability because of a memory access violation. Attackers can exploit this issue to crash Internet Explorer and deny service to legitimate users. This issue affects OWC11 for Microsoft Office 2003. 4. Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability BugTraq ID: 26381 Remote: Yes Date Published: 2007-11-08 Relevant URL: http://www.securityfocus.com/bid/26381 Summary: Cerberus FTP Server web interface is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects versions prior to Cerberus FTP Server 2.46. 5. Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities BugTraq ID: 26380 Remote: Yes Date Published: 2007-11-08 Relevant URL: http://www.securityfocus.com/bid/26380 Summary: Microsoft has released advance notification that the vendor will be releasing two security bulletins on November 13, 2007. The highest severity rating for these issues is 'Critical'. The following individual records have been created to document these vulnerabilities: 25945 Microsoft Windows URI Handler Command Execution Vulnerability 25919 Microsoft Windows Recursive DNS Spoofing Vulnerability 6. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability BugTraq ID: 26359 Remote: No Date Published: 2007-11-06 Relevant URL: http://www.securityfocus.com/bid/26359 Summary: Microsoft DebugView is prone to a local privilege-escalation vulnerability because it allows user-supplied data to be copied into memory addresses reserved for the kernel. An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions. Microsoft DebugView 4.64 is vulnerable; other versions may also be affected. 7. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities BugTraq ID: 26345 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26345 Summary: Apple QuickTime is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted PICT image file. Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. These issues affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 8. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability BugTraq ID: 26344 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26344 Summary: Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted image file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 9. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability BugTraq ID: 26342 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26342 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 10. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability BugTraq ID: 26341 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26341 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 11. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability BugTraq ID: 26340 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26340 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 12. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities BugTraq ID: 26339 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26339 Summary: Apple QuickTime for Java is prone to multiple unspecified privilege-escalation vulnerabilities. Successfully exploiting these issues allows remote attackers to access potentially sensitive information or to execute arbitrary code with elevated privileges. These issues facilitate the remote compromise of affected computers. These issues affect QuickTime for Java for both Apple Mac OS X and Microsoft Windows platforms. 13. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability BugTraq ID: 26338 Remote: Yes Date Published: 2007-11-05 Relevant URL: http://www.securityfocus.com/bid/26338 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OSX. 14. Microsoft Windows Recursive DNS Spoofing Vulnerability BugTraq ID: 25919 Remote: Yes Date Published: 2007-11-13 Relevant URL: http://www.securityfocus.com/bid/25919 Summary: Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests. A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #367 http://www.securityfocus.com/archive/88/483444 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: SPI Dynamics ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper. https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl
