SecurityFocus Microsoft Newsletter #377 ----------------------------------------
This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Finding a Cure for Data Loss 2.Real Flaws in Virtual Worlds II. MICROSOFT VULNERABILITY SUMMARY 1. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability 2. Microsoft Excel Header Parsing Remote Code Execution Vulnerability 3. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability 4. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability 5. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability 6. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability 7. Cisco VPN Client for Windows Local Denial of Service Vulnerability 8. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities 9. Moodle 'install.php' Cross Site Scripting Vulnerability 10. Microsoft Visual Interdev SLN File Buffer Overflow Vulnerability 11. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities 12. IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability 13. Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability 14. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability 15. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability 16. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability 17. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability 18. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability 19. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability 20. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability 21. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability 22. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SQL scalar function to convert big int to dot notation 2. Country by Country Computer Sets now available for ISA 2004 3. Country by Country ISA Computer Sets 4. At long last - Extra Outlooks! 5. SecurityFocus Microsoft Newsletter #376 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Finding a Cure for Data Loss By Jamie Reid Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers. http://www.securityfocus.com/columnists/462 2.Real Flaws in Virtual Worlds By Federico Biancuzzi Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business. http://www.securityfocus.com/columnists/461 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability BugTraq ID: 27321 Remote: Yes Date Published: 2008-01-16 Relevant URL: http://www.securityfocus.com/bid/27321 Summary: BitTorrent and uTorrent are to a remote denial-of-service vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects the following versions of the affected applications: - BitTorrent versions prior to 6.0 - uTorrent versions prior to 1.7.5 - uTorrent versions prior to 1.8-alpha-7834 2. Microsoft Excel Header Parsing Remote Code Execution Vulnerability BugTraq ID: 27305 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27305 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Reportedly, the issue affects the following versions: Microsoft Office Excel 2003 Service Pack 2 Microsoft Office Excel Viewer 2003 Microsoft Office Excel 2002 Microsoft Office Excel 2000 Microsoft Excel 2004 for Mac. The following versions are not affected: Microsoft Office Excel 2007 Microsoft Office Excel 2007 Service Pack 1 Microsoft Excel 2008 for Mac Microsoft Office Excel 2003 Service Pack 3. Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges. 3. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability BugTraq ID: 27301 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27301 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 4. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability BugTraq ID: 27300 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27300 Summary: Apple QuickTime is prone to a buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 5. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability BugTraq ID: 27299 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27299 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 6. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability BugTraq ID: 27298 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27298 Summary: Apple QuickTime is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects versions prior to QuickTime 7.4 running on the following operating systems: Mac OS X 10.3.9 Mac OS X 10.4.9 or later Mac OS X 10.5 or later Microsoft Windows XP Microsoft Windows Vista 7. Cisco VPN Client for Windows Local Denial of Service Vulnerability BugTraq ID: 27289 Remote: No Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27289 Summary: Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs. Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users. This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected. 8. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities BugTraq ID: 27275 Remote: Yes Date Published: 2008-01-14 Relevant URL: http://www.securityfocus.com/bid/27275 Summary: BugTracker.NET is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. These issues affect versions prior to BugTracker.NET 2.7.2. 9. Moodle 'install.php' Cross Site Scripting Vulnerability BugTraq ID: 27259 Remote: Yes Date Published: 2008-01-12 Relevant URL: http://www.securityfocus.com/bid/27259 Summary: Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. This issue affects versions prior to Moodle 1.8.4. 10. Microsoft Visual Interdev SLN File Buffer Overflow Vulnerability BugTraq ID: 27250 Remote: Yes Date Published: 2008-01-11 Relevant URL: http://www.securityfocus.com/bid/27250 Summary: Microsoft Visual Interdev is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects Microsoft Visual InterDev 6.0; other versions may also be affected. 11. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities BugTraq ID: 27238 Remote: Yes Date Published: 2008-01-10 Relevant URL: http://www.securityfocus.com/bid/27238 Summary: Drupal is prone to multiple remote vulnerabilities, including multiple cross-site scripting issues and a cross-site request-forgery issue. Attackers can exploit these issues to execute arbitrary script code in the browser of a user in the context of the affected site, steal cookie-based authentication credentials, and perform certain actions using users' active sessions; other attacks are also possible. These issues affect versions prior to Drupal 4.7.11 and 5.6. 12. IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability BugTraq ID: 27235 Remote: Yes Date Published: 2008-01-10 Relevant URL: http://www.securityfocus.com/bid/27235 Summary: IBM Tivoli Storage Manager Express is prone to a remote heap-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM privileges. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects IBM Tivoli Storage Manager Express 5.3 for Microsoft Windows 2003 server platforms; other versions may also be vulnerable. 13. Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability BugTraq ID: 27225 Remote: Yes Date Published: 2008-01-10 Relevant URL: http://www.securityfocus.com/bid/27225 Summary: Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. QuickTime 7.3.1.70 is vulnerable to this issue; other versions may also be affected. NOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X. 14. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 27205 Remote: Yes Date Published: 2008-01-09 Relevant URL: http://www.securityfocus.com/bid/27205 Summary: Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected. 15. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability BugTraq ID: 27201 Remote: Yes Date Published: 2008-01-09 Relevant URL: http://www.securityfocus.com/bid/27201 Summary: Mircrosoft Rich TextBox Control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. This issue affects 'richtx32.ocx' 6.1.97.82; other versions may also be affected. 16. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability BugTraq ID: 27199 Remote: Yes Date Published: 2008-01-09 Relevant URL: http://www.securityfocus.com/bid/27199 Summary: Microsoft VFP_OLE_Server ActiveX control is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with the privileges of the currently logged-in user. 17. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability BugTraq ID: 27191 Remote: No Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27191 Summary: SSH Tectia Client and Server software running on UNIX operating systems is prone to a local privilege-escalation vulnerability. Successful exploits allow local attackers to gain superuser-level access to affected computers. This facilitates the complete compromise of affected computers. This issue affects these versions: SSH Tectia Client/Server 5.0 through 5.2.3 SSH Tectia Client/Server 5.3 through 5.3.5. This issue affects only UNIX-based platforms. 18. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability BugTraq ID: 27179 Remote: No Date Published: 2008-01-07 Relevant URL: http://www.securityfocus.com/bid/27179 Summary: Creative Ensoniq PCI ES1371 WDM drivers are prone to a local privilege-escalation vulnerability. Successful exploits allow local users to execute arbitrary machine code with kernel-level privileges, facilitating the complete compromise of affected computers. This issue occurs when the vulnerable driver is running in a Microsoft Windows Vista environment. This occurs in VMware Server and Workstation environments when running Microsoft Vista guest operating systems with sound enabled. This issue affects 'es1371mp.sys' 5.1.3612.0. Given the nature of the issue, other device drivers and versions may also be vulnerable, but this has not been confirmed. 19. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability BugTraq ID: 27178 Remote: Yes Date Published: 2008-01-07 Relevant URL: http://www.securityfocus.com/bid/27178 Summary: SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers. SynCE 0.92 is vulnerable; other versions may also be affected. 20. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability BugTraq ID: 27139 Remote: Yes Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27139 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed. NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server. 21. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability BugTraq ID: 27100 Remote: Yes Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27100 Summary: Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003. 22. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability BugTraq ID: 27099 Remote: No Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27099 Summary: Microsoft Windows Local Security Authority Subsystem Service (LSASS) is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SQL scalar function to convert big int to dot notation http://www.securityfocus.com/archive/88/486430 2. Country by Country Computer Sets now available for ISA 2004 http://www.securityfocus.com/archive/88/486429 3. Country by Country ISA Computer Sets http://www.securityfocus.com/archive/88/486307 4. At long last - Extra Outlooks! http://www.securityfocus.com/archive/88/486181 5. SecurityFocus Microsoft Newsletter #376 http://www.securityfocus.com/archive/88/486115 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com
