SecurityFocus Microsoft Newsletter #390
----------------------------------------
This issue is sponsored by Blackhat
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
2. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow
Vulnerability
3. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
4. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of
Service Vulnerabilities
5. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow
Vulnerability
6. Trillian DTD File XML Parser Buffer Overflow Vulnerability
7. Symantec Altiris Deployment Solution AClient Password Disclosure
Vulnerability
8. Microsoft SharePoint Server Picture Source HTML Injection Vulnerability
9. HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability
10. Microsoft Internet Explorer Header Handling 'res://' Information
Disclosure Vulnerability
11. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote
Buffer Overflow Vulnerability
12. Microsoft Project Resource Memory Allocation Remote Code Execution
Vulnerability
13. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
14. Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap
Overflow Vulnerability
15. Microsoft Windows GDI Stack Overflow Vulnerability
16. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
17. Microsoft Visio Object Header Remote Code Execution Vulnerability
18. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation
Vulnerability
19. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
20. Microsoft Internet Explorer Data Stream Handling Remote Code
Execution Vulnerability
21. Microsoft VBScript and JScript Scripting Engines Remote Code
Execution Vulnerability
22. Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or
"National" as we locals call it. As I passed through the new magnetometer which gently
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could
"inspect" my laptop computer. While the inspection was cursory, the situation immediately
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469
2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While
many "breaches" consist of lost data or a stolen laptop, true breaches -- where
a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
BugTraq ID: 28803
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28803
Summary:
ICQ is prone to a remote buffer-overflow vulnerability because the application
fails to perform boundary checks before copying user-supplied data into
sensitive process buffers.
A remote attacker may execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service.
This issue affects ICQ 6 build 6043; other versions may also be vulnerable.
2. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow
Vulnerability
BugTraq ID: 28783
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28783
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.
Successful exploits of this vulnerability can allow remote attackers to execute
arbitrary machine code in the context of applications using the vulnerable
'libclamav' library. Failed exploit attempts will likely cause
denial-of-service conditions.
ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be
affected.
NOTE: This BID is being retired because it is a duplicate of BID 28756.
3. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
BugTraq ID: 28775
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28775
Summary:
Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.
This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected.
4. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of
Service Vulnerabilities
BugTraq ID: 28759
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28759
Summary:
XM Easy Personal FTP Server is prone to multiple remote denial-of-service
vulnerabilities.
These issues allow remote attackers to crash affected FTP servers, denying
service to legitimate users. Given the nature of these issues, attackers may
also be able to execute arbitrary code, but this has not been confirmed.
XM Easy Personal FTP Server 5.4.0 is vulnerable; other versions may also be
affected.
5. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28756
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28756
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.
Successful exploits of this vulnerability can allow remote attackers to execute
arbitrary machine code in the context of applications using the vulnerable
'libclamav' library. Failed exploit attempts will likely cause
denial-of-service conditions.
ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be
affected.
6. Trillian DTD File XML Parser Buffer Overflow Vulnerability
BugTraq ID: 28747
Remote: Yes
Date Published: 2008-04-11
Relevant URL: http://www.securityfocus.com/bid/28747
Summary:
Trillian is prone to a buffer-overflow vulnerability because it fails to
perform adequate boundary checks on user-supplied input.
To exploit this issue, an attacker must entice an unsuspecting user to load a malicious '.dtd' file. Successfully exploiting this issue may allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will cause denial-of-service conditions.
Trillian 3.1.9.0 Basic is vulnerable; other versions may also be affected.
7. Symantec Altiris Deployment Solution AClient Password Disclosure
Vulnerability
BugTraq ID: 28707
Remote: No
Date Published: 2008-04-10
Relevant URL: http://www.securityfocus.com/bid/28707
Summary:
Symantec Altiris Deployment Solution AClient is prone to a local
password-disclosure vulnerability because of a design error.
Exploiting this issue may allow a local attacker to access unencrypted
passwords, potentially allowing them to access the application's administrative
interface in an unauthorized manner. This can facilitate a complete compromise
of affected computers.
This issue affects versions prior to Altiris Deployment Solution 6.9.164.
8. Microsoft SharePoint Server Picture Source HTML Injection Vulnerability
BugTraq ID: 28706
Remote: Yes
Date Published: 2008-04-09
Relevant URL: http://www.securityfocus.com/bid/28706
Summary:
Microsoft SharePoint Server is prone to an HTML-injection vulnerability because
it fails to sufficiently sanitize user-supplied input data. Note that to
perform attacks, an attacker requires access to a user account with sufficient
privileges to edit pages.
Exploiting this issue may allow the attacker to execute HTML and script code in
the context of the affected site, to steal cookie-based authentication
credentials, or to control how the site is rendered to the user; other attacks
are also possible.
Microsoft SharePoint Server 2.0 is vulnerable; other versions may also be
affected.
9. HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability
BugTraq ID: 28689
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28689
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.
Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the Network Node Manager process. This facilitates the
remote compromise of affected computers.
Network Node Manager 7.53 running on Microsoft Windows is affected by this
issue; other versions and platforms may also be vulnerable.
10. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure
Vulnerability
BugTraq ID: 28667
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28667
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to obtain potentially sensitive information
from the local computer. Information obtained may aid in further attacks.
This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed.
This issue may be related to the vulnerability discussed in BID 28581
(Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability).
11. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer
Overflow Vulnerability
BugTraq ID: 28662
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28662
Summary:
Tumbleweed SecureTransport is prone to a buffer-overflow vulnerability because
it fails to perform adequate boundary checks on user-supplied input.
An attacker can exploit this issue to execute arbitrary code in the context of
an application using the ActiveX control (typically Internet Explorer). Failed
attacks will likely cause denial-of-service conditions.
12. Microsoft Project Resource Memory Allocation Remote Code Execution
Vulnerability
BugTraq ID: 28607
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28607
Summary:
Microsoft Project is prone to a remote code-execution vulnerability.
An attacker may exploit this issue to execute arbitrary code in the context of
the affected application. Failed exploit attempts will likely result in
denial-of-service conditions.
13. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 28606
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28606
Summary:
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption
vulnerability.
Remote attackers can exploit this issue to execute arbitrary code in the
context of the application using the ActiveX control (typically Internet
Explorer). Successful exploits will compromise the application and possibly the
underlying computer. Failed attacks will cause denial-of-service conditions.
14. Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow
Vulnerability
BugTraq ID: 28571
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28571
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides
in the GDI graphics library and can be triggered by a malformed EMF or WMF
image file.
A successful exploit of this vulnerability can allow a remote attacker to
completely compromise the affected computer.
15. Microsoft Windows GDI Stack Overflow Vulnerability
BugTraq ID: 28570
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28570
Summary:
Microsoft Windows is prone to a stack-based overflow vulnerability that resides
in the GDI graphics library and can be triggered by a malformed EMF image file.
A successful exploit of this vulnerability can allow a remote attacker to
completely compromise the affected computer.
16. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
BugTraq ID: 28556
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28556
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it
fails to adequately handle user-supplied data.
Attackers can exploit this issue to execute arbitrary code in the context of
the user running the application. Failed exploit attempts will result in a
denial-of-service condition.
17. Microsoft Visio Object Header Remote Code Execution Vulnerability
BugTraq ID: 28555
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28555
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it
fails to adequately handle user-supplied data.
Attackers can exploit this issue to execute arbitrary code in the context of
the user running the application. Failed exploit attempts will result in a
denial-of-service condition.
18. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation
Vulnerability
BugTraq ID: 28554
Remote: No
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28554
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.
The vulnerability resides in the Windows kernel. A locally logged-in user can
exploit this issue to gain kernel-level access to the operating system.
19. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
BugTraq ID: 28553
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28553
Summary:
Microsoft Windows operating systems are prone to a vulnerability that lets
attackers spoof DNS clients. This issue occurs because the software fails to
employ properly secure random numbers when creating DNS transaction IDs.
Successfully exploiting this issue allows remote attackers to spoof DNS
replies, allowing them to redirect network traffic and to launch
man-in-the-middle attacks.
20. Microsoft Internet Explorer Data Stream Handling Remote Code Execution
Vulnerability
BugTraq ID: 28552
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability
because it fails to adequately handle certain user-supplied data.
Attackers can leverage this issue to execute arbitrary code with the privileges
of the application. Successful exploits will compromise affected computers.
Failed attacks may cause denial-of-service conditions.
21. Microsoft VBScript and JScript Scripting Engines Remote Code Execution
Vulnerability
BugTraq ID: 28551
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28551
Summary:
Microsoft VBScript and JScript are prone to a remote code-execution
vulnerability because they fail to adequately handle user-supplied input.
Attackers can leverage this issue by enticing an unsuspecting user to view a
malicious web document. Successful exploits would allow arbitrary code to run
with the privileges of the victim.
These versions are affected:
VBScript 5.6 and earlier
JScript 5.6 and earlier
22. Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 28454
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28454
Summary:
Autonomy KeyView module is prone to multiple stack- and heap-based
buffer-overflow vulnerabilities because it fails to perform adequate boundary
checks on user-supplied data before copying it to insufficiently sized buffers.
Exploiting these issues will allow an attacker to corrupt memory and to cause
denial-of-service conditions or potentially to execute arbitrary code in the
context of the application using the module.
Multiple products using the KeyView module are affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Blackhat
Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com
