SecurityFocus Microsoft Newsletter #392
----------------------------------------
This issue is sponsored by HP
Industry analysts estimate that more than 70 percent of today's security
breaches occur with applications. Many are due to exploiting security defects
within the code. Download this white paper from HP, 'Top six security mistakes
.NET developers make' and learn about the top six mistakes developers should
avoid to create more secure applications.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14139&jumpid=ex_r11374_us/en/large/tsg//Top6_Security_Mistakes_WP_Newsletter/3-1A4COJO_3-ULASZJ/20080429&origin_id=3-1A4COJO
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Who's Being Exploited?
2.On the Border
II. MICROSOFT VULNERABILITY SUMMARY
1. Acritum Femitter Server 'RETR' Command Remote Denial of Service
Vulnerability
2. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
3. Apple QuickTime Unspecified Remote Code Execution Vulnerability
4. E-Post MailServer Remote Information Disclosure Vulnerability
5. Microsoft Excel JavaScript Code Remote Denial Of Service Vulnerability
6. Kantaris SSA Subtitle File Remote Buffer Overflow Vulnerability
7. National Rail Enquiries Live Departure Boards Gadget Remote Script
Code Execution Vulnerability
8. Trillian Overly Long Nickname Remote Denial Of Service Vulnerability
9. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing
Vulnerabilities
10. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
11. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow
Vulnerability
12. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
13. Rising Antivirus SSDT 'NtOpenProcess()' Hook Local Denial of Service
Vulnerability
14. Comodo Firewall Pro SSDT Hooks Multiple Local Vulnerabilities
15. BitDefender Antivirus 2008 Hooked SSDT Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Cross-Site scripting
2. SecurityFocus Microsoft Newsletter #391
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a
new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege
of being the exclusive licensor of a heretofore unpublished vulnerability in
Apple's Safari web browser to researcher, Charles Miller of Independent
Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470
2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or
"National" as we locals call it. As I passed through the new magnetometer which gently
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could
"inspect" my laptop computer. While the inspection was cursory, the situation immediately
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
BugTraq ID: 28973
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28973
Summary:
Acritum Femitter Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
Successfully exploiting this issue would cause the affected application to
crash, denying service to legitimate users.
Femitter Server 1.03 is vulnerable; other versions may also be affected.
2. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
BugTraq ID: 28967
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28967
Summary:
VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.
Successfully exploiting this issue would cause the affected application to
crash, denying service to legitimate users.
3. Apple QuickTime Unspecified Remote Code Execution Vulnerability
BugTraq ID: 28959
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28959
Summary:
Apple QuickTime is prone to an unspecified remote code-execution vulnerability.
Very few technical details are currently available. We will update this BID as
more information emerges.
Successful exploits can allow remote attackers to execute arbitrary code in the
context of the user running the application. This may facilitate a compromise
of affected computers.
This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other
versions may also be affected.
4. E-Post MailServer Remote Information Disclosure Vulnerability
BugTraq ID: 28951
Remote: Yes
Date Published: 2008-04-27
Relevant URL: http://www.securityfocus.com/bid/28951
Summary:
E-Post MailServer is prone to a remote information-disclosure vulnerability.
Exploiting this issue can allow remote attackers to obtain the POP3 password of
any known user from the POP3 service without having to log on. For an exploit
to succeed, the attacker must know the POP3 account name (email address) of the
victim.
The issue affects E-Post Mail Server 4.10 with EPSTPOP3S.EXE 4.22; other
versions may also be affected.
5. Microsoft Excel JavaScript Code Remote Denial Of Service Vulnerability
BugTraq ID: 28946
Remote: Yes
Date Published: 2008-04-26
Relevant URL: http://www.securityfocus.com/bid/28946
Summary:
Microsoft Excel is prone to a remote denial-of-service vulnerability.
Attackers can exploit this issue to deny access to legitimate users. Given the
nature of this vulnerability, attackers may also be able to execute arbitrary
code, but this has not been confirmed.
Microsoft Excel 2007 is vulnerable; other versions may also be affected.
6. Kantaris SSA Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28939
Remote: Yes
Date Published: 2008-04-26
Relevant URL: http://www.securityfocus.com/bid/28939
Summary:
Kantaris is prone to a buffer-overflow vulnerability because it fails to
perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of
the application. Failed attacks will cause denial-of-service conditions.
Kantaris 0.3.4 is vulnerable; other versions may also be affected.
7. National Rail Enquiries Live Departure Boards Gadget Remote Script Code
Execution Vulnerability
BugTraq ID: 28933
Remote: Yes
Date Published: 2008-04-25
Relevant URL: http://www.securityfocus.com/bid/28933
Summary:
National Rail Enquiries Live Departure Board Gadget is prone to a vulnerability
that lets remote attackers execute arbitrary script code because the
application fails to properly sanitize user-supplied input.
To exploit this issue, attackers must be able to perform a man-in-the-middle
attack against the website that the gadget accesses for departure information.
An attacker may leverage this issue to execute arbitrary code on an affected
computer with the privileges of the affected process. This may facilitate
unauthorized access.
Versions prior to National Rail Enquiries Live Departure Board Gadget 1.1 are
vulnerable.
8. Trillian Overly Long Nickname Remote Denial Of Service Vulnerability
BugTraq ID: 28925
Remote: Yes
Date Published: 2008-04-24
Relevant URL: http://www.securityfocus.com/bid/28925
Summary:
Trillian is prone to a remote denial-of-service vulnerability because it fails
to sufficiently bounds-check user-supplied data.
Few details regarding this vulnerability are available; we will update this BID
when more information emerges.
Exploiting this issue allows remote attackers to trigger denial-of-service
conditions, denying further service to legitimate users.
Trillian 3.1 is vulnerable; other versions may also be affected.
9. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing
Vulnerabilities
BugTraq ID: 28891
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28891
Summary:
Apple Safari is prone to multiple remote vulnerabilities, including:
- A denial-of-service vulnerability caused by a write-access violation.
- A denial-of-service vulnerability caused by a read-access violation.
- A vulnerability that allows attackers to spoof the content contained in the address bar.
An attacker can exploit these issues to crash the affected application or cause
the victim to interact with the attacker's malicious site.
This issue affects Apple Safari 3.1.1 for Windows; other versions may also be
affected.
10. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 28890
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28890
Summary:
Foxit Reader is prone to two remote memory-corruption vulnerabilities because
it fails to handle specially crafted PDF files.
Remote attackers may be able to execute code, but this has not been confirmed.
Failed exploit attempts will crash the application, denying service to
legitimate users.
Foxit Reader 2.2 is vulnerable; other versions may also be affected.
11. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow
Vulnerability
BugTraq ID: 28882
Remote: Yes
Date Published: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28882
Summary:
Microsoft 'HeartbeatCtl' ActiveX control is prone to a remote buffer-overflow
vulnerability.
Remote attackers can exploit this issue to execute arbitrary code in the
context of the application using the ActiveX control (typically Internet
Explorer). Successful exploits will compromise the application and possibly the
underlying computer. Failed attacks will cause denial-of-service conditions.
12. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28858
Remote: Yes
Date Published: 2008-04-19
Relevant URL: http://www.securityfocus.com/bid/28858
Summary:
SubEdit Player is prone to a buffer-overflow vulnerability because it fails to
perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of
the application. Failed attacks will cause denial-of-service conditions.
The issue affects SubEdit Player Build 4066; other versions may also be
affected.
13. Rising Antivirus SSDT 'NtOpenProcess()' Hook Local Denial of Service
Vulnerability
BugTraq ID: 28744
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28744
Summary:
Rising Antivirus is prone to a local denial-of-service vulnerability.
Exploiting this vulnerability allows local attackers to crash affected
computers, denying service to legitimate users.
Rising Antivirus 19.60.0.0 and 19.66.0.0 are vulnerable; other versions may
also be affected.
14. Comodo Firewall Pro SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 28742
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28742
Summary:
Comodo Firewall Pro is prone to multiple local vulnerabilities.
Exploiting these vulnerabilities allows local attackers to crash affected
computers, denying service to legitimate users. Attackers might also be able to
gain elevated privileges by executing arbitrary machine code in the context of
the kernel, but this has not been confirmed.
Comodo Firewall Pro 2.4.18.184 is vulnerable; other versions may also be
affected.
15. BitDefender Antivirus 2008 Hooked SSDT Denial of Service Vulnerability
BugTraq ID: 28741
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28741
Summary:
BitDefender Antivirus 2008 is prone to a local denial-of-service vulnerability
because they fail to adequately bounds-check user-supplied data.
Exploiting this vulnerability allows local attackers to crash affected
computers, denying service to legitimate users. Attackers might also be able to
gain elevated privileges by executing arbitrary machine code in the context of
the kernel, but this has not been confirmed.
BitDefender Antivirus 2008 Build 11.0.11 is vulnerable; other versions may also
be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Cross-Site scripting
http://www.securityfocus.com/archive/88/491393
2. SecurityFocus Microsoft Newsletter #391
http://www.securityfocus.com/archive/88/491252
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP
Industry analysts estimate that more than 70 percent of today's security
breaches occur with applications. Many are due to exploiting security defects
within the code. Download this white paper from HP, 'Top six security mistakes
.NET developers make' and learn about the top six mistakes developers should
avoid to create more secure applications.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14139&jumpid=ex_r11374_us/en/large/tsg//Top6_Security_Mistakes_WP_Newsletter/3-1A4COJO_3-ULASZJ/20080429&origin_id=3-1A4COJO
