SecurityFocus Microsoft Newsletter #400 ----------------------------------------
This issue is sponsored by Black Hat USA: Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Firing Up Browser Security 2.Racing Against Reversers II. MICROSOFT VULNERABILITY SUMMARY 1. Mozilla Firefox Unspecified Arbitrary File Access Weakness 2. SunAge Multiple Denial of Service Vulnerabilities 3. World in Conflict NULL Pointer Remote Denial of Service Vulnerability 4. Classic FTP 'LIST' Command Directory Traversal Vulnerability 5. WISE-FTP FTP Client 'LIST' Command Directory Traversal Vulnerability 6. Apple Safari Automatic File Launch Remote Code Execution Vulnerability 7. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability 8. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability 9. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability 10. Skulltag Malformed Packet Denial of Service Vulnerability 11. No-IP DUC Client for Windows Local Information Disclosure Vulnerability 12. 3D-FTP 'LIST' and 'MLSD' Directory Traversal Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #399 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Firing Up Browser Security By Federico Biancuzzi Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release. http://www.securityfocus.com/columnists/475 2.Racing Against Reversers By Federico Biancuzzi Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs. http://www.securityfocus.com/columnists/474 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Mozilla Firefox Unspecified Arbitrary File Access Weakness BugTraq ID: 29905 Remote: Yes Date Published: 2008-06-23 Relevant URL: http://www.securityfocus.com/bid/29905 Summary: Mozilla Firefox is prone to a weakness that may allow attackers to gain access to arbitrary files. Very little information is known about this issue. We will update this BID as soon as more information emerges. An attacker can exploit this issue in conjunction with the 'carpet-bombing' issue reported by Nitest Dhanjani to gain access to arbitrary files on the affected computer. Successfully exploiting this issue may lead to other attacks. NOTE: This issue is related to the vulnerability discussed in BID 29445 (Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability). 2. SunAge Multiple Denial of Service Vulnerabilities BugTraq ID: 29889 Remote: Yes Date Published: 2008-06-23 Relevant URL: http://www.securityfocus.com/bid/29889 Summary: SunAge is prone to multiple denial-of-service vulnerabilities. Successfully exploiting these issues allows remote attackers to crash affected game servers, denying service to legitimate users. SunAge 1.08.1 is vulnerable; previous versions may also be affected. 3. World in Conflict NULL Pointer Remote Denial of Service Vulnerability BugTraq ID: 29888 Remote: Yes Date Published: 2008-06-23 Relevant URL: http://www.securityfocus.com/bid/29888 Summary: World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker could exploit this issue to crash the affected application, denying service to legitimate users. This issue affects World in Conflict 1.008; other versions may also be affected. 4. Classic FTP 'LIST' Command Directory Traversal Vulnerability BugTraq ID: 29846 Remote: Yes Date Published: 2008-06-20 Relevant URL: http://www.securityfocus.com/bid/29846 Summary: Classic FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks. Classic FTP 1.02 for Microsoft Windows is vulnerable; other versions may also be affected. 5. WISE-FTP FTP Client 'LIST' Command Directory Traversal Vulnerability BugTraq ID: 29844 Remote: Yes Date Published: 2008-06-20 Relevant URL: http://www.securityfocus.com/bid/29844 Summary: WISE-FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks. Versions prior to WISE-FTP 5.5.9 are vulnerable. 6. Apple Safari Automatic File Launch Remote Code Execution Vulnerability BugTraq ID: 29835 Remote: Yes Date Published: 2008-06-19 Relevant URL: http://www.securityfocus.com/bid/29835 Summary: Apple Safari is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious webpage contained in a trusted Internet Explorer 7 zone or in an Internet Explorer 6 'local intranet' or 'Trusted site' zone. Successfully exploiting this issue will allow attackers to run arbitrary code with the privileges of the user running the affected application. This issue affects versions prior to Apple Safari 3.1.2 running on Microsoft Windows XP and Windows Vista. 7. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability BugTraq ID: 29792 Remote: Yes Date Published: 2008-06-18 Relevant URL: http://www.securityfocus.com/bid/29792 Summary: Microsoft Visual Basic Enterprise Edition 6 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate size checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. Microsoft Visual Basic Enterprise Edition 6 SP6 is vulnerable; other versions may also be affected. 8. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability BugTraq ID: 29784 Remote: Yes Date Published: 2008-06-17 Relevant URL: http://www.securityfocus.com/bid/29784 Summary: UltraEdit is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP/SFTP client. Exploiting this issue will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks. UltraEdit 14.00b is vulnerable; other versions may also be affected. 9. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability BugTraq ID: 29769 Remote: Yes Date Published: 2008-06-17 Relevant URL: http://www.securityfocus.com/bid/29769 Summary: Microsoft Word is prone to a remote memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files. Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user. 10. Skulltag Malformed Packet Denial of Service Vulnerability BugTraq ID: 29760 Remote: Yes Date Published: 2008-06-16 Relevant URL: http://www.securityfocus.com/bid/29760 Summary: Skulltag is prone to a vulnerability that can cause denial-of-service conditions. A successful attack will deny service to legitimate users. Skulltag 0.97d2-RC3 is vulnerable; other versions may also be affected. 11. No-IP DUC Client for Windows Local Information Disclosure Vulnerability BugTraq ID: 29758 Remote: No Date Published: 2008-06-16 Relevant URL: http://www.securityfocus.com/bid/29758 Summary: The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows. Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks. 12. 3D-FTP 'LIST' and 'MLSD' Directory Traversal Vulnerabilities BugTraq ID: 29749 Remote: Yes Date Published: 2008-06-16 Relevant URL: http://www.securityfocus.com/bid/29749 Summary: 3D-FTP is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks. 3D-FTP 8.01 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #399 http://www.securityfocus.com/archive/88/493547 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Black Hat USA: Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. www.blackhat.com
