SecurityFocus Microsoft Newsletter #388
----------------------------------------
This issue is sponsored by IBM® Rational® AppScan
Failure to properly secure Web applications significantly impacts your ability
to protect sensitive client and corporate data. IBM Rational AppScan is an
automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the
threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft April 2008 Advance Notification Multiple Vulnerabilities
2. Microsoft Internet Explorer 'ieframe.dll' Script Injection
Vulnerability
3. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service
Vulnerability
4. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow
Vulnerability
5. IBM DB2 Content Manager Unspecified Security Vulnerability
6. NoticeWare Corporation NoticeWare Email Server Denial Of Service
Vulnerability
7. Microsoft Crypto API X.509 Certificate Validation Remote Information
Disclosure Vulnerability
8. PowerDNS Remote Cache Poisoning Vulnerability
9. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption
Vulnerabilities
10. avast! Home/Professional Local Privilege Escalation Vulnerability
11. Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing
Vulnerability
12. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
13. Quick Tftp Server Pro 'mode' Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. More along the lines of malware disinfection
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or
"National" as we locals call it. As I passed through the new magnetometer which gently
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could
"inspect" my laptop computer. While the inspection was cursory, the situation immediately
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469
2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While
many "breaches" consist of lost data or a stolen laptop, true breaches -- where
a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft April 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 28598
Remote: Yes
Date Published: 2008-04-03
Relevant URL: http://www.securityfocus.com/bid/28598
Summary:
Microsoft has released advance notification that the vendor will be releasing
eight security bulletins on April 8, 2008. The highest severity rating for
these issues is 'Critical'.
Successfully exploiting these issues may allow remote or local attackers to
compromise affected computers.
2. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability
BugTraq ID: 28581
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28581
Summary:
Microsoft Internet Explorer is prone to a script-injection vulnerability when
handling specially crafted requests to 'acr_error.htm' via the 'res://'
protocol. The file resides in the 'ieframe.dll' dynamic-link library.
An attacker may leverage this issue to execute arbitrary code in the context of
a user's browser. Successful exploits can allow the attacker to steal
cookie-based authentication credentials, obtain potentially sensitive
information stored on the victim's computer, and launch other attacks.
Internet Explorer 8 is vulnerable. Internet Explorer 7 is likely vulnerable as
well, but this has not been confirmed.
3. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service
Vulnerability
BugTraq ID: 28580
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28580
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
An attacker may exploit this issue by enticing victims into opening a
maliciously crafted webpage.
Successfully exploiting this issue will allow attackers to crash the application, denying service to legitimate users.
This issue affects Microsoft Internet Explorer 8 Beta 1.
4. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability
BugTraq ID: 28569
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28569
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.
Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the Network Node Manager process. This facilitates the
remote compromise of affected computers.
Network Node Manager 7.51 running on Microsoft Windows is affected by this
issue; other versions and platforms may also be vulnerable.
5. IBM DB2 Content Manager Unspecified Security Vulnerability
BugTraq ID: 28567
Remote: No
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28567
Summary:
IBM DB2 Content Manager is prone to an unspecified security vulnerability.
Very few technical details are currently available. We will update this BID as
more information emerges.
Versions prior to 8.3 Fix Pack 8 are vulnerable.
6. NoticeWare Corporation NoticeWare Email Server Denial Of Service
Vulnerability
BugTraq ID: 28559
Remote: Yes
Date Published: 2008-04-01
Relevant URL: http://www.securityfocus.com/bid/28559
Summary:
NoticeWare Email Server is prone to a denial-of-service vulnerability due to an
unspecified error.
Remote attackers can exploit this issue to deny service to legitimate users.
The issue affects NoticeWare Email Server 4.6.1.0; other versions may also be
vulnerable.
7. Microsoft Crypto API X.509 Certificate Validation Remote Information
Disclosure Vulnerability
BugTraq ID: 28548
Remote: Yes
Date Published: 2008-04-01
Relevant URL: http://www.securityfocus.com/bid/28548
Summary:
Microsoft's Crypto API library is prone to an information-disclosure
vulnerability because HTTP requests to arbitrary hosts and ports may be
automatically triggered when validating X.509 certificates.
Successful exploits allow attackers to trigger HTTP requests to arbitrary hosts
and ports without confirmation or notification to unsuspecting users. Attackers
may use this for determining when email and documents are read, for port
scanning, or for aiding in other attacks.
The following products are known to exhibit this issue:
Microsoft Outlook 2007
Microsoft Windows Live Mail 2008
Microsoft Office 2007
Other products that use the Crypto API provided by Windows may also be affected.
8. PowerDNS Remote Cache Poisoning Vulnerability
BugTraq ID: 28517
Remote: Yes
Date Published: 2008-03-31
Relevant URL: http://www.securityfocus.com/bid/28517
Summary:
PowerDNS is prone to a remote cache-poisoning vulnerability because of a
weakness in the use of random number generators.
An attacker may leverage this issue to manipulate cache data, potentially
facilitating man-in-the-middle, site-impersonation, or denial-of-service
attacks.
Versions prior to PowerDNS 3.1.5 are vulnerable to this issue.
9. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption
Vulnerabilities
BugTraq ID: 28505
Remote: Yes
Date Published: 2008-03-31
Relevant URL: http://www.securityfocus.com/bid/28505
Summary:
SLMail Pro is prone to multiple remote denial-of-service vulnerabilities and
memory-corruption vulnerabilities.
Attackers can exploit these issues to crash the application, resulting in
denial-of-service conditions. Given the nature of some of these issues,
attackers may also be able to execute arbitrary code, but this has not been
confirmed.
SLMail Pro 6.3.1.0 is vulnerable; other versions may also be affected.
10. avast! Home/Professional Local Privilege Escalation Vulnerability
BugTraq ID: 28502
Remote: No
Date Published: 2008-03-30
Relevant URL: http://www.securityfocus.com/bid/28502
Summary:
avast! is prone to a local privilege-escalation vulnerability because it fails
adequately sanitize user-supplied data.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level
privileges. Successful attacks will completely compromise affected computers.
Versions prior to avast! Home/Professional 4.8.1169 are vulnerable.
11. Microsoft Internet Explorer 7 Popup Window Address Bar URI Spoofing
Vulnerability
BugTraq ID: 28498
Remote: Yes
Date Published: 2008-03-28
Relevant URL: http://www.securityfocus.com/bid/28498
Summary:
Internet Explorer 7 is affected by a URI-spoofing vulnerability.
An attacker may leverage this issue by inserting strings to spoof the source
URI of a file presented to an unsuspecting user. This may lead to a false sense
of trust because the user may be presented with a source URI of a trusted site
while interacting with the attacker's malicious site.
Internet Explorer 7 is affected by this issue.
Reports indicate that unspecified versions of Firefox are also prone to this
issue, but this has not been confirmed.
12. Wireshark 0.99.8 Multiple Denial of Service Vulnerabilities
BugTraq ID: 28485
Remote: Yes
Date Published: 2008-03-28
Relevant URL: http://www.securityfocus.com/bid/28485
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.
Exploiting these issues may allow attackers to cause crashes and deny service
to legitimate users of the application. Attackers may be able to leverage some
of these vulnerabilities to execute arbitrary code, but this has not been
confirmed.
These issues affect Wireshark 0.99.2 up to and including 0.99.8.
13. Quick Tftp Server Pro 'mode' Remote Buffer Overflow Vulnerability
BugTraq ID: 28459
Remote: Yes
Date Published: 2008-03-26
Relevant URL: http://www.securityfocus.com/bid/28459
Summary:
Quick Tftp Server Pro is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. Failed exploit attempts will result in a
denial-of-service condition.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. More along the lines of malware disinfection
http://www.securityfocus.com/archive/88/489751
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IBM® Rational® AppScan
Failure to properly secure Web applications significantly impacts your ability
to protect sensitive client and corporate data. IBM Rational AppScan is an
automated scanner that monitors, identifies and helps remediate vulnerabilities.
Download a free trial of AppScan and see how it can help prevent against the
threat of attack.
https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r
