SecurityFocus Microsoft Newsletter #429 ----------------------------------------
Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to... http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Time to Take the Theoretical Seriously 2.The Drew Verdict Makes Us All Hackers II. MICROSOFT VULNERABILITY SUMMARY 1. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability 2. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability 3. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability 4. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities 5. Zinf Multiple PlayList Files Buffer Overflow Vulnerability 6. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability 7. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities 8. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability 9. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability 10. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities 11. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability 12. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability 13. FTPShell server '.key' File Buffer Overflow Vulnerability 14. Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability 15. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability 16. Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow Vulnerability 17. Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow Vulnerability 18. Apple QuickTime AVI Movie Remote Buffer Overflow Vulnerability 19. Apple QuickTime H.263 Encoded Movie Remote Memory Corruption Vulnerability 20. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability 21. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities 22. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. customer user accounts and internal user accounts on same domain IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Time to Take the Theoretical Seriously By Chris Wysopal Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers http://www.securityfocus.com/columnists/490 2.The Drew Verdict Makes Us All Hackers By Mark Rasch Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers. http://www.securityfocus.com/columnists/489 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability BugTraq ID: 33515 Remote: Yes Date Published: 2009-01-29 Relevant URL: http://www.securityfocus.com/bid/33515 Summary: Web on Windows (WOW) ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. Successfully exploiting this issue will allow an attacker to overwrite arbitrary files and execute arbitrary code on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Web on Windows 2 is vulnerable; other versions may also be affected. 2. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability BugTraq ID: 33513 Remote: Yes Date Published: 2009-01-29 Relevant URL: http://www.securityfocus.com/bid/33513 Summary: Thomson Demo mp3PRO Player/Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Thomson Demo mp3PRO Player/Encoder 1.1.0 is vulnerable; other versions may also be affected. 3. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability BugTraq ID: 33494 Remote: Yes Date Published: 2009-01-28 Relevant URL: http://www.securityfocus.com/bid/33494 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition. Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected. NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code. 4. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities BugTraq ID: 33492 Remote: Yes Date Published: 2009-01-27 Relevant URL: http://www.securityfocus.com/bid/33492 Summary: Horde IMP Webmail Client is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible. Versions prior to IMP 4.2.2 and 4.3.3 are affected. 5. Zinf Multiple PlayList Files Buffer Overflow Vulnerability BugTraq ID: 33482 Remote: Yes Date Published: 2009-01-27 Relevant URL: http://www.securityfocus.com/bid/33482 Summary: Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes. Zinf 2.2.1 is vulnerable; other versions may also be affected. 6. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability BugTraq ID: 33454 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33454 Summary: Win FTP Server is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Win FTP Server 2.3.0 is vulnerable; other versions may also be affected. 7. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities BugTraq ID: 33450 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33450 Summary: Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected. 8. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability BugTraq ID: 33440 Remote: No Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33440 Summary: The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths. A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords. 9. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability BugTraq ID: 33432 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33432 Summary: Nokia Multimedia Player is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected application, denying service to legitimate users. Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected. 10. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities BugTraq ID: 33426 Remote: Yes Date Published: 2009-01-26 Relevant URL: http://www.securityfocus.com/bid/33426 Summary: WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. WFTPD Pro 3.30.0.1 is vulnerable; other versions may also be affected. Update (29th January, 2009): This issue is reported to only affect servers which have the 'Enable Security' configuration option disabled. 11. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability BugTraq ID: 33420 Remote: Yes Date Published: 2009-01-25 Relevant URL: http://www.securityfocus.com/bid/33420 Summary: MediaMonkey is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. MediaMonkey 3.0.6 is vulnerable; other versions may also be affected. 12. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability BugTraq ID: 33419 Remote: Yes Date Published: 2009-01-25 Relevant URL: http://www.securityfocus.com/bid/33419 Summary: Merak Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Merak Media Player 3.2 is vulnerable; other versions may also be affected. 13. FTPShell server '.key' File Buffer Overflow Vulnerability BugTraq ID: 33403 Remote: Yes Date Published: 2009-01-22 Relevant URL: http://www.securityfocus.com/bid/33403 Summary: FTPShell Server is prone to a stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. FTPShell Server 4.3 is vulnerable; other versions may also be affected. 14. Apple QuickTime MPEG-2 Playback Component Remote Memory Corruption Vulnerability BugTraq ID: 33393 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33393 Summary: The Apple QuickTime MPEG-2 Playback Component is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime MPEG-2 Playback Component running on Microsoft Windows Vista and Windows XP SP2 and SP3. 15. Apple QuickTime 'jpeg' Atoms Movie File Remote Buffer Overflow Vulnerability BugTraq ID: 33390 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33390 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X. 16. Apple QuickTime MPEG-2 Movie File Remote Buffer Overflow Vulnerability BugTraq ID: 33389 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33389 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X. 17. Apple QuickTime Cinepak Encoded Movie Remote Buffer Overflow Vulnerability BugTraq ID: 33388 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33388 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X. 18. Apple QuickTime AVI Movie Remote Buffer Overflow Vulnerability BugTraq ID: 33387 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33387 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2, and Mac OS X. 19. Apple QuickTime H.263 Encoded Movie Remote Memory Corruption Vulnerability BugTraq ID: 33386 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33386 Summary: Apple QuickTime is prone to a memory-corruption issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X. 20. Apple QuickTime QTVR Movie Remote Buffer Overflow Vulnerability BugTraq ID: 33384 Remote: Yes Date Published: 2009-01-21 Relevant URL: http://www.securityfocus.com/bid/33384 Summary: Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP2 and SP3, and Mac OS X. 21. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities BugTraq ID: 33363 Remote: Yes Date Published: 2009-01-20 Relevant URL: http://www.securityfocus.com/bid/33363 Summary: easyHDR Pro is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. easyHDR Pro 1.60.2 is vulnerable; prior versions may also be affected. 22. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability BugTraq ID: 33359 Remote: Yes Date Published: 2009-01-20 Relevant URL: http://www.securityfocus.com/bid/33359 Summary: Microsoft Windows Mobile is prone to a directory-traversal vulnerability in the OBEX FTP service. Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory, download arbitrary files, and obtain sensitive information. Other attacks may also be possible. Windows Mobile 5.0 and 6.0 are vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. customer user accounts and internal user accounts on same domain http://www.securityfocus.com/archive/88/500442 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ Vulnerability Management for Dummies: How to Implement a Successful Vulnerability Management Program As a business owner, or someone responsible for network security within your organization, you need to understand how to prevent attacks and eliminate network weaknesses that leave your business exposed and at risk. Vulnerability Management for Dummies arms you with the facts and shows you how to... http://dinclinx.com/Redirect.aspx?36;2468;35;189;0;8;259;73c7a1ae59c7a92e
