SecurityFocus Microsoft Newsletter #425 ----------------------------------------
This issue is sponsored by Purewire NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers" Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks. http://www.purewire.com/lp/sec SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Time to Exclude Bad ISPs 2.Standing on Other's Shoulders II. MICROSOFT VULNERABILITY SUMMARY 1. SaschArt SasCam Webcam Server ActiveX Control 'Get' Method Buffer Overflow Vulnerability 2. Winace Malformed Filename Remote Denial of Service Vulnerability 3. Microsoft Windows Media Player WAV File Parsing Code Execution Vulnerability 4. BulletProof FTP Client '.bps' File Stack Buffer Overflow Vulnerability 5. BreakPoint Software Hex Workshop CMAP File Handling Buffer Overflow Vulnerability 6. RETIRED: Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability 7. SAWStudio '.prf' File Buffer Overflow Vulnerability 8. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability 9. Retired: Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability 10. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #424 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Time to Exclude Bad ISPs By Oliver Day In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam. http://www.securityfocus.com/columnists/487 2. Standing on Other's Shoulders By Chris Wysopal "If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build. http://www.securityfocus.com/columnists/486 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. SaschArt SasCam Webcam Server ActiveX Control 'Get' Method Buffer Overflow Vulnerability BugTraq ID: 33053 Remote: Yes Date Published: 2008-12-29 Relevant URL: http://www.securityfocus.com/bid/33053 Summary: SasCam Webcam Server ActiveX control is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in denial-of-service conditions. SasCam Webcam Server 2.6.5 is vulnerable; other versions may also be affected. 2. Winace Malformed Filename Remote Denial of Service Vulnerability BugTraq ID: 33049 Remote: Yes Date Published: 2008-12-29 Relevant URL: http://www.securityfocus.com/bid/33049 Summary: Winace is prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash Windows Explorer, denying service to legitimate users. Due to the nature of this issue arbitrary code-execution is possible; however this has not been confirmed. Winace 2.2 is vulnerable; other versions may also be affected. 3. Microsoft Windows Media Player WAV File Parsing Code Execution Vulnerability BugTraq ID: 33042 Remote: Yes Date Published: 2008-12-29 Relevant URL: http://www.securityfocus.com/bid/33042 Summary: Microsoft Windows Media Player is prone to a code-execution vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will allow arbitrary code to run in the context of the user running the application. 4. BulletProof FTP Client '.bps' File Stack Buffer Overflow Vulnerability BugTraq ID: 33024 Remote: Yes Date Published: 2008-12-28 Relevant URL: http://www.securityfocus.com/bid/33024 Summary: BulletProof FTP Client is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. 5. BreakPoint Software Hex Workshop CMAP File Handling Buffer Overflow Vulnerability BugTraq ID: 33023 Remote: Yes Date Published: 2008-12-28 Relevant URL: http://www.securityfocus.com/bid/33023 Summary: Hex Workshop is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Hex Workshop 5.1.4 is vulnerable; other versions may also be affected. 6. RETIRED: Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability BugTraq ID: 33018 Remote: Yes Date Published: 2008-12-25 Relevant URL: http://www.securityfocus.com/bid/33018 Summary: Microsoft Windows Media Player is prone to an integer-overflow vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will result in a crash of the affected application. Arbitrary code execution is not believed to be possible. NOTE: This BID is being retired because exploits of this issue would have no security impacts. 7. SAWStudio '.prf' File Buffer Overflow Vulnerability BugTraq ID: 33011 Remote: Yes Date Published: 2008-12-24 Relevant URL: http://www.securityfocus.com/bid/33011 Summary: SAWStudio is prone a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions. SAWStudio 3.9i is vulnerable; other versions may also be affected. 8. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability BugTraq ID: 33007 Remote: Yes Date Published: 2008-12-24 Relevant URL: http://www.securityfocus.com/bid/33007 Summary: BulletProof FTP Client is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. BulletProof FTP Client 2.63 is vulnerable; other versions may also be affected. 9. Retired: Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability BugTraq ID: 32999 Remote: Yes Date Published: 2008-12-23 Relevant URL: http://www.securityfocus.com/bid/32999 Summary: Internet Explorer is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input. Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands with the privileges of a user running the application. Attackers may also be able to leverage this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Internet Explorer 8 beta 2 is vulnerable; other versions may also be affected. This issue is being retired as a duplicate of BID 32997 (Google Chrome 'chromeHTML://' Command Line Parameter Injection Vulnerability). 10. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities BugTraq ID: 32972 Remote: Yes Date Published: 2008-12-22 Relevant URL: http://www.securityfocus.com/bid/32972 Summary: freeSSHd is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. These issues affect freeSSHd 1.2.1; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #424 http://www.securityfocus.com/archive/88/499615 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Purewire NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers" Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks. http://www.purewire.com/lp/sec
