SecurityFocus Microsoft Newsletter #398 ----------------------------------------
This issue is sponsored by IBM® Rational® AppScan Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack. https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Racing Against Reversers 2.Anti-Social Networking II. MICROSOFT VULNERABILITY SUMMARY 1. RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities 2. IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities 3. Microsoft Windows WINS Server Local Privilege Escalation Vulnerability 4. ALFTP FTP Client 'LIST' Command Directory Traversal Vulnerability 5. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability 6. Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability 7. Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability 8. RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities 9. Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability 10. Sleipnir 'favorite search' Function Script Code Execution Vulnerability 11. Sun Java ASP Server Information Disclosure Vulnerability 12. Sun Java ASP Server Multiple Directory Traversal Vulnerabilities 13. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability 14. Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability 15. Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. default for requiring authentication 2003 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Racing Against Reversers By Federico Biancuzzi Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs. http://www.securityfocus.com/columnists/474 2.Anti-Social Networking By Mark Rasch On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions. http://www.securityfocus.com/columnists/473 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities BugTraq ID: 29619 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29619 Summary: Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code. These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions. Versions prior to QuickTime 7.5 are affected. NOTE: This BID is being retired; the following individual records have been created to better document the issues: 29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability 29650 Apple QuickTime 'file:' URI File Execution Vulnerability 29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability 29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability 29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability 2. IBM DB2 Universal Database Prior to 9.1 Fixpak 5 Multiple Vulnerabilities BugTraq ID: 29601 Remote: Yes Date Published: 2008-06-02 Relevant URL: http://www.securityfocus.com/bid/29601 Summary: IBM DB2 Universal Database is prone to multiple vulnerabilities, including buffer-overflow issues, local privilege-escalation issues, and an unspecified issue. An attacker may exploit these issues to execute arbitrary code, gain elevated privileges, or crash the affected application, denying service to legitimate users. These vulnerabilities affect versions prior to DB2 9.1 Fixpak 5. 3. Microsoft Windows WINS Server Local Privilege Escalation Vulnerability BugTraq ID: 29588 Remote: No Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29588 Summary: Microsoft Windows WINS server is prone to a local privilege-escalation vulnerability that may be triggered by malicious WINS network packets. Successful exploits allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the affected computer. 4. ALFTP FTP Client 'LIST' Command Directory Traversal Vulnerability BugTraq ID: 29585 Remote: Yes Date Published: 2008-06-06 Relevant URL: http://www.securityfocus.com/bid/29585 Summary: ALFTP is prone to a directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client. Exploiting these issues will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks. ALFTP 4.1 beta 2 (English) and 5.0 (Korean) are vulnerable; other versions may also be affected. 5. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability BugTraq ID: 29584 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29584 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM (Active Directory Application Mode), and AD LDS (Active Directory Lightweight Directory Service) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests. An attacker can exploit this issue by sending a specially crafted LDAP request to the affected computer. This would cause the affected system to temporarily stop responding to LDAP requests, thus denying further service to legitimate users. Note that the attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and on any system that has ADAM installed. This issue affects these components: - Active Directory on Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008 - ADAM on Windows XP Professional and Windows Server 2003 - AD LDS on Windows Server 2008 Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 6. Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability BugTraq ID: 29581 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29581 Summary: Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 7. Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability BugTraq ID: 29578 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29578 Summary: Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling malformed SAMI files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 8. RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 29576 Remote: Yes Date Published: 2008-06-05 Relevant URL: http://www.securityfocus.com/bid/29576 Summary: Microsoft has released advance notification that the vendor will be releasing seven security bulletins on June 10, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. NOTE: The following individual records have been created to document these vulnerabilities: 29522 Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability 29556 Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability 28379 Microsoft Internet Explorer 'setRequestHeader()' Multiple Vulnerabilities 22359 Microsoft Windows Speech Components Voice Recognition Command Execution Vulnerability 29558 Backweb 'LiteInstActivator.dll' ActiveX Control Remote Code Execution Vulnerability 29581 Microsoft DirectX MJPEG Video Streaming Remote Code Execution Vulnerability 29578 Microsoft DirectX SAMI File Parsing Remote Code Execution Vulnerability 29588 Microsoft Windows WINS Server Local Privilege Escalation Vulnerability 29584 Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability 29508 Microsoft Windows PGM Invalid Length Remote Denial of Service Vulnerability 29509 Microsoft Windows PGM Invalid Fragment Remote Denial of Service Vulnerability 9. Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability BugTraq ID: 29556 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29556 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to perform adequate boundary checks when handling certain HTML object data. Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions. 10. Sleipnir 'favorite search' Function Script Code Execution Vulnerability BugTraq ID: 29555 Remote: Yes Date Published: 2008-06-04 Relevant URL: http://www.securityfocus.com/bid/29555 Summary: Sleipnir is prone to a vulnerability that lets remote attackers execute arbitrary script code because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code within the context of the affected application. Sleipnir 2.7.1 is vulnerable; prior versions may also be affected. 11. Sun Java ASP Server Information Disclosure Vulnerability BugTraq ID: 29540 Remote: Yes Date Published: 2008-06-04 Relevant URL: http://www.securityfocus.com/bid/29540 Summary: Sun Java ASP Server is prone to an information-disclosure issue because it fails to restrict access to potentially sensitive information. Attackers can exploit this issue to obtain information that will aid in further attacks. Java ASP Server 4.0.2 and prior versions are vulnerable. NOTE: This issue does not affect instances of the server when running on Microsoft Windows. 12. Sun Java ASP Server Multiple Directory Traversal Vulnerabilities BugTraq ID: 29538 Remote: Yes Date Published: 2008-06-04 Relevant URL: http://www.securityfocus.com/bid/29538 Summary: Sun Java ASP Server is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues using directory-traversal sequences ('../') to view or delete arbitrary files with the privileges of the webserver process. Information obtained may aid in further attacks. Versions prior to Sun Java ASP Server 4.0.3 are vulnerable. 13. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability BugTraq ID: 29522 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29522 Summary: Microsoft Windows is prone to a remote code-execution vulnerability because its implementation of the Bluetooth stack fails to adequately handle a flood of specially crafted SDP (Service Discovery Protocol) requests. To exploit this issue, an attacker must be within close physical proximity of the affected computer. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. This issue affects only computers with Bluetooth capability. 14. Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability BugTraq ID: 29509 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29509 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM (Pragmatic General Multicast) network traffic. Attackers can exploit this issue to cause affected computers to stop responding until all the malformed packets have been processed. Successful attacks will deny service to legitimate users. On computers running Windows XP and Windows Server 2003, PGM is enabled only when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default. On computers running Windows Vista or Windows Server 2008, PGM is enabled only when Microsoft Message Queuing (MSMQ) 4.0 is installed and when PGM is specifically enabled. The MSMQ service is not installed by default. When MSMQ is installed, PGM processing is not enabled by default. 15. Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability BugTraq ID: 29508 Remote: Yes Date Published: 2008-06-10 Relevant URL: http://www.securityfocus.com/bid/29508 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM (Pragmatic General Multicast) network traffic. Attackers can exploit this issue to cause an affected computer to stop responding until it is manually restarted. Successful attacks will deny service to legitimate users. NOTE: PGM is enabled only when Microsoft Message Queuing (MSMQ) 3.0 is installed on computers running Windows XP and Windows Server 2003. The MSMQ service is not installed by default. Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. default for requiring authentication 2003 http://www.securityfocus.com/archive/88/493298 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by IBM® Rational® AppScan Failure to properly secure Web applications significantly impacts your ability to protect sensitive client and corporate data. IBM Rational AppScan is an automated scanner that monitors, identifies and helps remediate vulnerabilities. Download a free trial of AppScan and see how it can help prevent against the threat of attack. https://www.watchfire.com/securearea/appscan.aspx?id=701700000009T0r
