SecurityFocus Microsoft Newsletter #387

rkeith Thu, 27 Mar 2008 14:13:15 -0700


SecurityFocus Microsoft Newsletter #387
----------------------------------------

This issue is sponsored by bmighty:

Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology
professionals have to say about Vista's costs, enhancements & adoption
challenges. A $199 value for FREE.
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari Window.setTimeout Variant Content Spoofing Vulnerability
2. Apple Safari File Download Remote Denial of Service Vulnerability
3. RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code
Execution Vulnerability
4. Microsoft Internet Explorer 7 'setRequestHeader()' Multiple
Vulnerabilities
5. Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution
Vulnerability
6. Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
7. Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities
8. Apple Safari Web Inspector Remote Code Injection Vulnerability
9. Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability
10. Apple Safari WebKit JavaScript Regular Expression Handling Buffer
Overflow Vulnerability
11. Apple Safari WebCore History Object Cross-Site Scripting
Vulnerability
12. Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting
Vulnerability
13. Apple Safari WebCore Java Frame Navigation Cross-Site Scripting
Vulnerability
14. Apple Safari WebCore 'window.open()' Function Cross-Site Scripting
Vulnerability
15. Apple Safari WebCore 'document.domain' Cross-Site Scripting
Vulnerability
16. Apple Safari Javascript URL Parsing Cross-Site Scripting
Vulnerability
17. Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure
Vulnerability
18. Apple Safari Error Page Cross-Site Scripting Vulnerability
19. Check Point VPN-1 IP Address Collision Denial of Service
Vulnerability
20. Microsoft Internet Explorer CreateTextRange.text Denial of Service
Vulnerability
21. RETIRED: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
22. Home FTP Server Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #386
2. More along the lines of malware disinfection
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or
"National" as we locals call it. As I passed through the new magnetometer which gently
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could
"inspect" my laptop computer. While the inspection was cursory, the situation immediately
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While
many "breaches" consist of lost data or a stolen laptop, true breaches -- where
a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari Window.setTimeout Variant Content Spoofing Vulnerability
BugTraq ID: 28405
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28405
Summary:
Apple Safari is prone to a content-spoofing vulnerability that allows attackers
to populate a vulnerable Safari browser window with arbitrary malicious
content. During such an attack, the URL and window title will display the
intended site, while the body of the webpage is spoofed.

Safari 3.1 running on Microsoft Windows is reported vulnerable.

NOTE: This issue may be related to the vulnerability discussed in BID 24457
(Apple Safari for Windows Window.setTimeout Content Spoofing Vulnerability).

2. Apple Safari File Download Remote Denial of Service Vulnerability
BugTraq ID: 28404
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28404
Summary:
Apple Safari is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying
service to legitimate users. Arbitrary code execution may be possible, but this
has not been confirmed.

This issue affects Safari 3.1 running on Microsoft Windows.

3. RETIRED: Microsoft Jet Database Engine MDB File Parsing Remote Code
Execution Vulnerability
BugTraq ID: 28398
Remote: Yes
Date Published: 2008-03-22
Relevant URL: http://www.securityfocus.com/bid/28398
Summary:
Microsoft Jet Database Engine is prone to a remote code-execution vulnerability.

Remote attackers can exploit this issue to execute arbitrary machine code in
the context of a user running affected applications. Successful exploits will
compromise the affected applications and possibly the underlying computer.
Failed attacks will likely cause denial-of-service conditions.

This issue does not affect Windows Server 2003 Service Pack 2, Windows Vista,
and Windows Vista Service Pack 1as they run a non-vulnerable version of the Jet
Database Engine.

This issue does affect Microsoft Word 2000 Service Pack 3, Microsoft Word 2002
Service Pack 3, Microsoft Word 2003 Service Pack 2, Microsoft Word 2003 Service
Pack 3, Microsoft Word 2007, and Microsoft Word 2007 Service Pack 1 on
Microsoft Windows 2000, Windows XP, or Windows Server 2003 Service Pack 1.

NOTE: This issue is a duplicate of the vulnerability discussed in BID 26468
(Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow
Vulnerability).

4. Microsoft Internet Explorer 7 'setRequestHeader()' Multiple Vulnerabilities
BugTraq ID: 28379
Remote: Yes
Date Published: 2008-03-21
Relevant URL: http://www.securityfocus.com/bid/28379
Summary:
Microsoft Internet Explorer 7 is prone to multiple vulnerabilities that allow
for referer-spoofing, HTTP-request-splitting, and HTTP-request-smuggling
attacks.

A remote attacker may leverage these classes of attacks to poison web caches,
steal credentials, evade IDS signatures, and launch cross-site scripting,
HTML-injection, and session-hijacking attacks. Other attacks are also possible.

This issue reportedly affects Microsoft Internet Explorer 7.

5. Microsoft Windows Vista NoDriveTypeAutoRun Automatic File Execution
Vulnerability
BugTraq ID: 28360
Remote: No
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28360
Summary:
Microsoft Windows Vista is prone to a vulnerability that may allow a file to
automatically run because the software fails to handle the 'NoDriveTypeAutoRun'
registry value.

An attacker may exploit this issue to execute arbitary code. The attacker must
entice a victim into attaching a form of removable media, such as a USB drive
or CD-ROM.

6. Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
BugTraq ID: 28356
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28356
Summary:
Apple Safari is prone to a vulnerability that could allow a malicious HTTPS
proxy server to spoof a secure website.

An attacker could exploit this issue to harvest potentially sensitive
information; other attacks are also possible.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

7. Adobe Flash FLA File Processing Remote Code Execution Vulnerabilities
BugTraq ID: 28349
Remote: Yes
Date Published: 2008-03-20
Relevant URL: http://www.securityfocus.com/bid/28349
Summary:
Adobe Flash is prone to multiple remote code-execution vulnerabilities.

An attacker may exploit these issues to execute arbitrary code in the context
of the affected application. Failed exploit attempts will likely result in
denial-of-service conditions.

These issues affect Flash CS3 Professional, Flash Professional 8, and Flash
Basic 8.

8. Apple Safari Web Inspector Remote Code Injection Vulnerability
BugTraq ID: 28347
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28347
Summary:
Apple Safari is prone to a remote code-injection vulnerability.

Attackers may exploit this issue to run script code in other domains and access
the vulnerable computer's filesystem.

These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS
X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

9. Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability
BugTraq ID: 28342
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28342
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

An attacker may leverage this issue to access frame methods in another domain.
This may help the attacker steal potentially sensitive information and launch
other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

10. Apple Safari WebKit JavaScript Regular Expression Handling Buffer Overflow
Vulnerability
BugTraq ID: 28338
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28338
Summary:
Apple Safari is prone to a buffer-overflow vulnerability.

Attackers may exploit this issue to execute arbitrary code or to crash the
affected application. Other attacks are also possible.

This issue affects versions prior to Apple Safari 3.1 running on Apple Mac OS X
10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

11. Apple Safari WebCore History Object Cross-Site Scripting Vulnerability
BugTraq ID: 28337
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28337
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in other
frames loaded from the same web page. This may help the attacker steal
potentially sensitive information and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

12. Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting
Vulnerability
BugTraq ID: 28336
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28336
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of another site. This may help
the attacker steal potentially sensitive information and launch other attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

13. Apple Safari WebCore Java Frame Navigation Cross-Site Scripting
Vulnerability
BugTraq ID: 28335
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28335
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the
browser of an unsuspecting user in the context of another site. This may help
the attacker steal cookie-based authentication credentials and launch other
attacks.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

14. Apple Safari WebCore 'window.open()' Function Cross-Site Scripting
Vulnerability
BugTraq ID: 28332
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28332
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

15. Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability
BugTraq ID: 28330
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28330
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

16. Apple Safari Javascript URL Parsing Cross-Site Scripting Vulnerability
BugTraq ID: 28328
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28328
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

This issue affects versions prior to Apple Safari 3.1 running on Mac OS X
10.4.11, and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

17. Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure
Vulnerability
BugTraq ID: 28326
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28326
Summary:
Apple Safari is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain potentially sensitive information
that may aid in further attacks.

This issue affects versions prior to Apple Safari 3.1 running on Apple Mac OS X
10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

18. Apple Safari Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 28321
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28321
Summary:
Apple Safari is prone to a cross-site scripting vulnerability because it fails
to properly sanitize user-supplied input.

This issue affects versions prior to Apple Safari 3.1 running on Microsoft
Windows XP, and Windows Vista.

NOTE: This vulnerability was previously covered in BID 28290 (Apple Safari
Prior to 3.1 Multiple Security Vulnerabilities), but has been given its own
record to better document the issue.

19. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
BugTraq ID: 28299
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28299
Summary:
Check Point VPN-1 is prone to a denial-of-service vulnerability that can allow
attackers to obtain sensitive information. The issue occurs because the
application fails to adequately handle IP address collisions.

Attackers can exploit this issue to break site-to-site VPN connectivity between
a VPN-1 gateway and a third party, denying access to legitimate users. If
SecuRemote back-connections are enabled, the attacker can leverage this issue
to re-route site-to-site VPN traffic from the VPN gateway to their SecuRemote
client. Under certain conditions, this will cause data that was destined for
the third party to be sent to the attacker's client instead. This could contain
sensitive information that would aid in further attacks.

20. Microsoft Internet Explorer CreateTextRange.text Denial of Service
Vulnerability
BugTraq ID: 28295
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28295
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability
because the application fails to handle certain JavaScript code.

This issue is triggered when a remote attacker entices a victim to visit a
malicious site.

Attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.

21. RETIRED: Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
BugTraq ID: 28290
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28290
Summary:
Apple Safari is prone to 12 security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code, steal
cookie-based authentication credentials, spoof secure websites, obtain
sensitive information, and crash the affected application. Other attacks are
also possible.

These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS
X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

NOTE: This BID is being retired. The following individual records have been
created to fully document all the vulnerabilities that were described in this
BID:

28356 Apple Safari CFNetwork Arbitrary Secure Website Spoofing Vulnerability
28321 Apple Safari Error Page Cross-Site Scripting Vulnerability
28328 Apple Safari Javascript URL Parsing Cross-Site Scripting Vulnerability
28330 Apple Safari WebCore 'document.domain' Cross-Site Scripting Vulnerability
28347 Apple Safari Web Inspector Remote Code Injection Vulnerability
28326 Apple Safari WebCore 'Kotoeri' Password Field Information Disclosure
Vulnerability
28332 Apple Safari WebCore 'window.open()' Function Cross-Site Scripting
Vulnerability
28335 Apple Safari WebCore Java Frame Navigation Cross-Site Scripting
Vulnerability
28336 Apple Safari WebCore 'document.domain' Variant Cross-Site Scripting
Vulnerability
28337 Apple Safari WebCore History Object Cross-Site Scripting Vulnerability
28338 Apple Safari WebKit JavaScript Regular Expression Handling Buffer
Overflow Vulnerability
28342 Apple Safari WebKit Frame Method Cross-Site Scripting Vulnerability

22. Home FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 28283
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28283
Summary:
Home FTP Server is prone to a remote denial-of-service vulnerability because it
fails to handle user-supplied input.

Successfully exploiting this issue allows remote attackers to crash the
affected application, denying service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #386
http://www.securityfocus.com/archive/88/489849

2. More along the lines of malware disinfection
http://www.securityfocus.com/archive/88/489751

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.

If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by bmighty:

SecurityFocus Microsoft Newsletter #387

Reply via email to