SecurityFocus Microsoft Newsletter #385
----------------------------------------
This issue is sponsored by bMighty:
Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
www.bMighty.com
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Integrating More Intelligence into Your IDS, Part 1
2.Let's Go Crazy
II. MICROSOFT VULNERABILITY SUMMARY
1. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote
Vulnerabilities
2. Microsoft Internet Explorer FTP Cross-Site Command Injection
Vulnerability
3. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting
Vulnerability
4. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
5. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
6. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
Vulnerability
7. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
8. Microsoft Excel Conditional Formatting Values Remote Code Execution
Vulnerability
9. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
10. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
11. Microsoft Excel Style Record Remote Code Execution Vulnerability
12. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
13. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
14. Microsoft Office File Memory Corruption Vulnerability
15. MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
16. Microsoft Internet Explorer Combined JavaScript and XML Remote
Information Disclosure Vulnerability
17. SynCE 'vdccm' Daemon Remote Unspecified Denial Of Service
Vulnerability
18. Microsoft Office Web Components ActiveX Control DataSource Remote
Code Execution Vulnerability
19. Microsoft Office Web Components ActiveX Control URL Parsing Remote
Code Execution Vulnerability
20. Microsoft March 2008 Advance Notification Multiple Vulnerabilities
21. Ruby WEBrick Remote Directory Traversal and Information Disclosure
Vulnerabilities
22. ICQ Toolbar 'toolbaru.dll' ActiveX Control 'GetPropertyById' Remote
Denial of Service Vulnerability
23. Microsoft Excel Import Remote Code Execution Vulnerability
24. Microsoft Excel Data Validation Record Heap Memory Corruption
Vulnerability
25. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote
Vulnerability
26. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service
Vulnerability
27. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
28. Borland StarTeam Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Temp directory is odd
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Integrating More Intelligence into Your IDS, Part 1
By Don Parker and Ryan Wegner
The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1898
2.Let's Go Crazy
By Mark Rasch
On February 7, 2007 Stephanie Lenz of Gallatzin, Pennsylvania posted an innocuous video of her 18-month-old son Holden pushing a baby toy while dancing to a barely recognizable song in the background.
http://www.securityfocus.com/columnists/467
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote
Vulnerabilities
BugTraq ID: 28222
Remote: Yes
Date Published: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28222
Summary:
Cisco User-Changeable Password (UCP) is prone to multiple remote
vulnerabilities. The issues present include multiple cross-site scripting and
buffer-overflow vulnerabilities.
Exploiting the cross-site scripting issues may help the attacker steal
cookie-based authentication credentials and launch other attacks. Exploiting
the buffer-overflow vulnerabilities results in remote code-execution in the
context of the affected application, facilitating the remote compromise of
affected computers.
These issues affect UCP versions prior to 4.2 when running on the Microsoft
Windows platform.
The buffer-overflow vulnerabilities are tracked by Cisco Bug ID CSCsl49180. The
cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.
2. Microsoft Internet Explorer FTP Cross-Site Command Injection Vulnerability
BugTraq ID: 28208
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28208
Summary:
Microsoft Internet Explorer is prone to a vulnerability that occurs because the
application fails to adequately sanitize user-supplied data in FTP URI requests.
An attacker can leverage this issue by enticing an unsuspecting user to follow
a maliciously crafted URI. Successful exploits will allow attackers to submit
arbitrary commands to arbitrary FTP servers on behalf of unsuspecting users.
This issue affects Internet Explorer 5 and 6; prior versions may also be
affected.
NOTE: Access to some FTP servers may require valid authentication credentials.
3. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting
Vulnerability
BugTraq ID: 28191
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of the affected site. This may
help the attacker steal cookie-based authentication credentials and launch
other attacks.
ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is
vulnerable; other versions may be affected as well.
4. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:
- A heap-based buffer-overflow vulnerability
- A stack-based buffer-overflow vulnerability
- A denial-of-service vulnerability
- An arbitrary-file-deletion vulnerability
An attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, consume all CPU resources, and delete data contained in arbitrary files. Other attacks are possible.
These issues affect ASG-Sentry 7.0.0; other versions may also be affected.
5. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues will allow attackers to crash the affected application,
denying further service to legitimate users.
6. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation
Vulnerability
BugTraq ID: 28185
Remote: No
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.
Exploiting this issue allows local attackers to execute arbitrary code with
superuser privileges. This will lead to the complete compromise of an affected
computer.
This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other
UNIX variants are most likely affected. Microsoft Windows versions are not
vulnerable to this issue.
7. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of
Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a denial-of-service vulnerability.
Exploiting these issues will allow attackers to obtain sensitive information or
crash the affected application, denying further service to legitimate users.
8. Microsoft Excel Conditional Formatting Values Remote Code Execution
Vulnerability
BugTraq ID: 28170
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28170
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
9. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
BugTraq ID: 28168
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28168
Summary:
Microsoft Excel is prone to a heap-based buffer-overflow vulnerability. This
issue occurs because the application fails to perform adequate boundary-checks
on user-supplied data.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
10. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 28167
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28167
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
11. Microsoft Excel Style Record Remote Code Execution Vulnerability
BugTraq ID: 28166
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28166
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
12. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
BugTraq ID: 28154
Remote: Yes
Date Published: 2008-03-09
Relevant URL: http://www.securityfocus.com/bid/28154
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.
This issue arises in the SMTP server and may result in a crash of the affected service.
This issue affects all versions of MailEnable Standard Edition, Professional
Edition, and Enterprise Edition.
13. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the
application fails to adequately validate user-supplied data.
Successfully exploiting this issue will allow attackers to execute arbitrary
code with the privileges of the currently logged-in user. This will facilitate
the remote compromise of affected computers.
14. Microsoft Office File Memory Corruption Vulnerability
BugTraq ID: 28146
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28146
Summary:
Microsoft Office is prone to a remote memory-corruption vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
15. MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
BugTraq ID: 28145
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28145
Summary:
MailEnable is prone to multiple remote vulnerabilities in the IMAP service,
including:
- Multiple buffer-overflow vulnerabilities.
- Multiple denial-of-service vulnerabilities due to a NULL-pointer exception.
An attacker may leverage these issues to execute arbitrary code in the context
of the running application or to crash the application, causing a denial of
service.
These issues affect MailEnable 3.13; other versions may also be vulnerable.
16. Microsoft Internet Explorer Combined JavaScript and XML Remote Information
Disclosure Vulnerability
BugTraq ID: 28143
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28143
Summary:
Microsoft Internet Explorer is prone to a remote information-disclosure
vulnerability because of a flaw in the interaction between JavaScript and XML
processing in Internet Explorer.
To exploit this issue, an attacker must entice an unsuspecting user to visit a
malicious website.
Successfully exploiting this issue allows remote attackers to gain access to
the first line of arbitrary files located on computers running the vulnerable
application.
17. SynCE 'vdccm' Daemon Remote Unspecified Denial Of Service Vulnerability
BugTraq ID: 28141
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28141
Summary:
SynCE 'vdccm' Daemon is prone to a denial-of-service vulnerability.
Remote attackers can exploit this issue to deny service to legitimate users.
This issue affects versions prior to SynCE 'vdccm' Daemon 0.10.1.
18. Microsoft Office Web Components ActiveX Control DataSource Remote Code
Execution Vulnerability
BugTraq ID: 28136
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28136
Summary:
Microsoft Office Web Components is prone to a remote code-execution
vulnerability.
An attacker may exploit this issue by enticing victims into opening a
maliciously crafted HTML document.
Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions.
19. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code
Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution
vulnerability.
An attacker may exploit this issue by enticing victims into opening a
maliciously crafted HTML document.
Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts will likely result in
denial-of-service conditions.
20. Microsoft March 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 28124
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28124
Summary:
Microsoft has released advance notification that the vendor will be releasing
four security bulletins on March 11, 2008. The highest severity rating for
these issues is 'Critical'.
Successfully exploiting these issues may allow remote or local attackers to
compromise affected computers.
Individual records for these issues will be created when the bulletins are
released.
21. Ruby WEBrick Remote Directory Traversal and Information Disclosure
Vulnerabilities
BugTraq ID: 28123
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28123
Summary:
Ruby's WEBrick server is prone to remote directory-traversal and
information-disclosure vulnerabilities.
Successfully exploiting these issues allows remote attackers to access the
contents of arbitrary files. Information harvested may aid in further attacks.
These issues affect only operating systems that allow backslash (\) characters
as path separators and operating systems that use case-insensitive filenames.
This exposes Microsoft Windows and Apple Mac OS X operating systems to attack.
22. ICQ Toolbar 'toolbaru.dll' ActiveX Control 'GetPropertyById' Remote Denial
of Service Vulnerability
BugTraq ID: 28118
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28118
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service
vulnerability.
An attacker can exploit this issue to trigger denial-of-service conditions in
Internet Explorer or other applications that use the vulnerable ActiveX control.
This issue affects ICQ Toolbar 2.3; other versions may also be affected.
23. Microsoft Excel Import Remote Code Execution Vulnerability
BugTraq ID: 28095
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28095
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
24. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.
Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file ('.xls').
Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application. This may facilitate a
compromise of vulnerable computers.
25. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote
Vulnerability
BugTraq ID: 28087
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28087
Summary:
Microsoft Jet Database Engine is prone to an unspecifed security vulnerability.
Remote attackers can exploit this issue to execute arbitrary machine code in
the context of a user running the application. Successful exploits will
compromise the affected application and possibly the underlying computer.
Failed attacks will likely cause denial-of-service conditions.
26. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service
Vulnerability
BugTraq ID: 28086
Remote: Yes
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28086
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service
vulnerability.
An attacker can exploit this issue to trigger denial-of-service conditions in
Internet Explorer or other applications that use the vulnerable ActiveX control.
This issue affects ICQ Toolbar 2.3 Beta; other versions may also be affected.
27. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
BugTraq ID: 28081
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28081
Summary:
Timbuktu Pro is prone to an arbitrary-file-upload vulnerability and a
vulnerability that allows attackers to disrupt the logging of events.
An attacker can exploit these issues to upload arbitrary files and prevent the
logging of events. This may lead to other attacks.
Timbuktu Pro 8.6.5 for Windows is vulnerable; other versions running on
different platforms may also be affected.
The file-upload vulnerability may be related to BID 25453 (Motorola Timbuktu
Pro Directory Traversal Vulnerability).
28. Borland StarTeam Multiple Remote Vulnerabilities
BugTraq ID: 28080
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28080
Summary:
Borland StarTeam is prone to multiple issues, including multiple
integer-overflow vulnerabilities, a heap-overflow vulnerability, and a
denial-of-service vulnerability.
Successfully exploiting these issues allows remote attackers to execute
arbitrary machine code in the context of vulnerable server processes. These
issues may facilitate the remote compromise of affected computers. Attackers
may also trigger denial-of-service conditions.
NOTE: The StarTeam MPX vulnerabilities may actually be related to a TIBCO
SmartSocket DLL, but this has not been confirmed. We may update this BID as
more information emerges.
Borland StarTeam Server 2008 and MPX products are vulnerable to these issues;
other versions may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Temp directory is odd
http://www.securityfocus.com/archive/88/489429
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by bMighty:
Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
www.bMighty.com
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV
