SecurityFocus Microsoft Newsletter #419 ----------------------------------------
This issue is sponsored by IronKey: IronKey flash drives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/secure-flash-drive1a SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Clicking to the Past 2. The Vice of Vice Presidential E-Mail II. MICROSOFT VULNERABILITY SUMMARY 1. pi3Web ISAPI Directory Remote Denial Of Service Vulnerability 2. Microsoft Windows 'UnhookWindowsHookEx' Local Denial Of Service Vulnerability 3. Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability 4. Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities 5. VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability 6. Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability 7. Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities 8. Adobe Flash Player Multiple Security Vulnerabilities 9. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability 10. Network-Client FTP Now Heap Buffer Overflow Vulnerability 11. Microsoft Windows Media Player MIDI File MThd Header Parsing Denial of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Clicking to the Past By Chris Wysopal When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book. http://www.securityfocus.com/columnists/483 2a .The Vice of Vice Presidential E-Mail By Mark Rasch Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business. In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins http://www.securityfocus.com/columnists/482 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. pi3Web ISAPI Directory Remote Denial Of Service Vulnerability BugTraq ID: 32287 Remote: Yes Date Published: 2008-11-13 Relevant URL: http://www.securityfocus.com/bid/32287 Summary: pi3Web is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the server, denying access to legitimate users. pi3Web 2.0.13 is vulnerable; other versions may also be affected. 2. Microsoft Windows 'UnhookWindowsHookEx' Local Denial Of Service Vulnerability BugTraq ID: 32206 Remote: No Date Published: 2008-11-09 Relevant URL: http://www.securityfocus.com/bid/32206 Summary: Microsoft Windows is prone to a local denial-of-service vulnerability. Attackers may exploit this issue to deny further service to legitimate users. This issue affects Windows 2003 and Windows Vista; other versions may also be affected. 3. Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability BugTraq ID: 32204 Remote: Yes Date Published: 2008-11-11 Relevant URL: http://www.securityfocus.com/bid/32204 Summary: Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks. 4. Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities BugTraq ID: 32202 Remote: No Date Published: 2008-11-07 Relevant URL: http://www.securityfocus.com/bid/32202 Summary: ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer. The following applications are vulnerable: Anti-Trojan Elite 4.2.1 and earlier Anti-Keylogger Elite 3.3.0 and earlier 5. VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability BugTraq ID: 32168 Remote: No Date Published: 2008-11-06 Relevant URL: http://www.securityfocus.com/bid/32168 Summary: VMware products are prone to a privilege-escalation vulnerability caused by an unspecified flaw in the CPU hardware emulation. Successful exploits may allow local attackers to elevate privileges in a guest operating system. These issues affect versions prior to: Workstation 6.5.0 build 118166 Workstation 5.5.9 build 126128 Player 2.5.0 build 118166 Player 1.0.9 build 126128 ACE Windows 2.5.0 build 118166 ACE Windows 1.0.8 build 125922 Server 1.0.8 build 126538 ESXi 3.5 ESXe350-200810401-O-UG ESX 3.5 ESX350-200810201-UG ESX 3.0.3 ESX303-200810501-BG ESX 3.0.2 ESX-1006680 ESX 2.5.5 upgrade patch 10 ESX 2.5.4 upgrade patch 21 6. Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability BugTraq ID: 32155 Remote: Yes Date Published: 2008-11-11 Relevant URL: http://www.securityfocus.com/bid/32155 Summary: Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly handle certain error checks. An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks. 7. Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 32153 Remote: Yes Date Published: 2008-11-06 Relevant URL: http://www.securityfocus.com/bid/32153 Summary: Microsoft has released advance notification that the vendor will be releasing two security bulletins on November 11, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. The following individual records cover these issues: 7385 Microsoft Windows SMB Credential Reflection Vulnerability 21872 Microsoft XML Core Services Race Condition Memory Corruption Vulnerability 32155 Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability 32204 Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability 8. Adobe Flash Player Multiple Security Vulnerabilities BugTraq ID: 32129 Remote: Yes Date Published: 2008-11-06 Relevant URL: http://www.securityfocus.com/bid/32129 Summary: Adobe Flash Player is prone to multiple security vulnerabilities. Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, or execute arbitrary script code in the context of the application. Other attacks may also be possible. These issues affect Flash Player 9.0.124.0 and prior versions. 9. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 32105 Remote: Yes Date Published: 2008-11-04 Relevant URL: http://www.securityfocus.com/bid/32105 Summary: NOS Microsystems getPlus Download Manager ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. The following applications use the getPlus Download Manager: Adobe Acrobat Professional Adobe Acrobat Reader getPlus Download Manager 1.2.2.50 is vulnerable; other versions may also be affected. 10. Network-Client FTP Now Heap Buffer Overflow Vulnerability BugTraq ID: 32080 Remote: Yes Date Published: 2008-11-03 Relevant URL: http://www.securityfocus.com/bid/32080 Summary: Network-Client FTP Now is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Network-Client FTP Now 2.6 is vulnerable; other versions may also be affected. 11. Microsoft Windows Media Player MIDI File MThd Header Parsing Denial of Service Vulnerability BugTraq ID: 32077 Remote: Yes Date Published: 2008-11-03 Relevant URL: http://www.securityfocus.com/bid/32077 Summary: Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed MIDI file. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by IronKey: IronKey flash drives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/secure-flash-drive1a
