SecurityFocus Microsoft Newsletter #431 ----------------------------------------
This issue is sponsored by Sophos Is virtualization a black hole in your security? 5 ways to ensure it isn't... End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them. http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883a SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Don't Blame the Browser 2.Resurrecting the Killfile II. MICROSOFT VULNERABILITY SUMMARY 1. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities 2. HP OpenView Network Node Manager 'ovlaunch' Buffer Overflow Vulnerability 3. Microsoft Visio Memory Corruption Remote Code Execution Vulnerability 4. Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability 5. Microsoft Visio Object Validation Remote Code Execution Vulnerability 6. Microsoft February 2009 Advance Notification Multiple Vulnerabilities 7. Password Door Local Buffer Overflow Vulnerability 8. FeedDemon 'outline' Tag Buffer Overflow Vulnerability 9. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability 10. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability 11. Moodle Log Table HTML Injection Vulnerability 12. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability 13. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability 14. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability 15. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability 16. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities 17. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability 18. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability 19. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities 20. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability 21. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability 22. Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability 23. Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #430 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Don't Blame the Browser Melih Abdulhayoglu There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether. http://www.securityfocus.com/columnists/492 2. Resurrecting the Killfile By Oliver Day In William Gibson's Idoru, one of the book's hackers describes a community of people who all share a file of unwanted things to create the walled city of Hak Nam. "They made something like a killfile of everything, everything they didn't like, and they turned that inside out," he wrote. http://www.securityfocus.com/columnists/491 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities BugTraq ID: 33690 Remote: Yes Date Published: 2009-02-09 Relevant URL: http://www.securityfocus.com/bid/33690 Summary: Wireshark is prone to multiple denial-of-service vulnerabilities. Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed. These issues affect Wireshark 0.99.6 through 1.0.5. 2. HP OpenView Network Node Manager 'ovlaunch' Buffer Overflow Vulnerability BugTraq ID: 33668 Remote: Yes Date Published: 2009-02-06 Relevant URL: http://www.securityfocus.com/bid/33668 Summary: HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager. Failed exploits can result in a denial-of-service condition. Network Node Manager 7.53 running on Microsoft Windows is affected; other versions and platforms may also be vulnerable. 3. Microsoft Visio Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 33661 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33661 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. 4. Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 33660 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33660 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. 5. Microsoft Visio Object Validation Remote Code Execution Vulnerability BugTraq ID: 33659 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33659 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. 6. Microsoft February 2009 Advance Notification Multiple Vulnerabilities BugTraq ID: 33639 Remote: Yes Date Published: 2009-02-05 Relevant URL: http://www.securityfocus.com/bid/33639 Summary: Microsoft has released advance notification that the vendor will be releasing four security bulletins on February 10, 2009. The highest severity rating for these issues is 'Critical'. These issues affect: - Internet Explorer - Exchange - SQL Server - Office Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created for the issues when the bulletins are released. 7. Password Door Local Buffer Overflow Vulnerability BugTraq ID: 33634 Remote: No Date Published: 2009-02-05 Relevant URL: http://www.securityfocus.com/bid/33634 Summary: Password Door is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Password Door 8.4 is vulnerable; other versions may also be affected. 8. FeedDemon 'outline' Tag Buffer Overflow Vulnerability BugTraq ID: 33630 Remote: Yes Date Published: 2009-02-05 Relevant URL: http://www.securityfocus.com/bid/33630 Summary: FeedDemon is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. FeedDemon 2.7 and prior versions are vulnerable. 9. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 33628 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33628 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 10. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 33627 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33627 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 11. Moodle Log Table HTML Injection Vulnerability BugTraq ID: 33610 Remote: Yes Date Published: 2009-02-04 Relevant URL: http://www.securityfocus.com/bid/33610 Summary: Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. The following Moodle branches and corresponding versions are affected: 1.9.x: prior to 1.9.4 1.8.x: prior to 1.8.8 1.7.x: prior to 1.7.7 1.6.x: prior to 1.6.9 12. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability BugTraq ID: 33609 Remote: Yes Date Published: 2009-02-04 Relevant URL: http://www.securityfocus.com/bid/33609 Summary: QIP 2005 is prone to a remote denial-of-service vulnerability. Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users. NOTE: This issue may occur in a third-party component used by QIP 2005, but this has not been confirmed. This issue affects QIP 2005 build 8082; other versions may also be vulnerable. 13. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability BugTraq ID: 33595 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33595 Summary: Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 14. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability BugTraq ID: 33588 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33588 Summary: BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition. BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected. 15. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability BugTraq ID: 33586 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33586 Summary: Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected. 16. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities BugTraq ID: 33585 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33585 Summary: NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input. Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks. NaviCOPA Web Server 3.01 is vulnerable; other versions may also be affected. 17. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability BugTraq ID: 33584 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33584 Summary: Hex Workshop is prone to a memory-corruption vulnerability. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Hex Workshop 6 is vulnerable; other versions may also be affected. 18. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability BugTraq ID: 33581 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33581 Summary: Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl. An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible. This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl. 19. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities BugTraq ID: 33580 Remote: Yes Date Published: 2009-02-02 Relevant URL: http://www.securityfocus.com/bid/33580 Summary: Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues. An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user. These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2. 20. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability BugTraq ID: 33579 Remote: Yes Date Published: 2009-02-03 Relevant URL: http://www.securityfocus.com/bid/33579 Summary: Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected. NOTE: This BID is being retired because an attacker needs administrative access to an affected application to exploit this issue. An attacker with such access would be able to compromise the application without having to exploit any issue. 21. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability BugTraq ID: 33561 Remote: No Date Published: 2009-02-02 Relevant URL: http://www.securityfocus.com/bid/33561 Summary: Multiple Kaspersky products are prone to a local privilege-escalation vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions in the following product groups: Kaspersky AV 2008 Kaspersky AV for WorkStations 6.0 22. Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability BugTraq ID: 33136 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33136 Summary: Microsoft Exchange Server is prone to a remote denial-of-service vulnerability. A successful exploit allows a remote attacker to cause the application to stop responding, denying service to legitimate users. 23. Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability BugTraq ID: 33134 Remote: Yes Date Published: 2009-02-10 Relevant URL: http://www.securityfocus.com/bid/33134 Summary: Microsoft Exchange Server is prone to a remote code-execution vulnerability. Remote attackers may exploit this issue by sending maliciously constructed TNEF-encoded email data to vulnerable servers. This issue will be triggered when a user views or previews the malicious email. Successfully exploiting this issue would allow the attacker to execute arbitrary code on an affected computer in the context of the affected application. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #430 http://www.securityfocus.com/archive/88/500706 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to ms-secnews-unsubscr...@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email listad...@securityfocus.com and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sophos Is virtualization a black hole in your security? 5 ways to ensure it isn't... End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them. http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883a
