SecurityFocus Microsoft Newsletter #375 ----------------------------------------
This issue is Sponsored by: Black Hat DC Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Real Flaws in Virtual Worlds 2.Copyrights and Wrongs II. MICROSOFT VULNERABILITY SUMMARY 1. ClamAV Multiple Insecure File Handling and Scanner Bypass Vulnerabilities 2. Total Player M3U File Denial of Service Vulnerability 3. Winace UUE File Handling Buffer Overflow Vulnerability 4. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #374 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Real Flaws in Virtual Worlds By Federico Biancuzzi Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business. http://www.securityfocus.com/columnists/461 2.Copyrights and Wrongs By Mark Rasch On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000. http://www.securityfocus.com/columnists/460 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. ClamAV Multiple Insecure File Handling and Scanner Bypass Vulnerabilities BugTraq ID: 27064 Remote: Yes Date Published: 2007-12-29 Relevant URL: http://www.securityfocus.com/bid/27064 Summary: ClamAV is prone to multiple vulnerabilities due to the insecure handling of files, and due to a failure to scan certain files. A successful attack may allow malicious users to perform symbolic-link attacks, or to bypass scanning. Exploits may aid in further attacks. ClamAV version 0.92 is vulnerable to these issues; other versions may also be affected. 2. Total Player M3U File Denial of Service Vulnerability BugTraq ID: 27021 Remote: Yes Date Published: 2007-12-25 Relevant URL: http://www.securityfocus.com/bid/27021 Summary: Total Player is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the application. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed. This issue is reported to affect Total Player 3.0; other versions may also be vulnerable. 3. Winace UUE File Handling Buffer Overflow Vulnerability BugTraq ID: 27017 Remote: Yes Date Published: 2007-12-25 Relevant URL: http://www.securityfocus.com/bid/27017 Summary: Winace is prone to a buffer-overflow vulnerability when handling malicious UUE files. A successful attack can allow a remote attacker to corrupt process memory by triggering a heap-overflow condition when the application handles excessive data in the archive. This vulnerability affects Winace versions prior to 2.69. 4. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability BugTraq ID: 27007 Remote: Yes Date Published: 2007-12-24 Relevant URL: http://www.securityfocus.com/bid/27007 Summary: Zoom Player is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application or to crash the application, denying further service to legitimate users. This issue affects Zoom Player version 6.00 beta 2 and all releases contained in the Zoom Player version 5 branch. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #374 http://www.securityfocus.com/archive/88/485652 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Black Hat DC Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft. www.blackhat.com
