SecurityFocus Microsoft Newsletter #441 ----------------------------------------
This issue is sponsored by Webex Desktop Security On Demand Today, the pressures of technology threats, regulatory compliance, and cost control have combined to force a renewed focus on corporate IT management. As a result, security and system management are top-of-mind considerations for IT managers within businesses of all sizes. Learn more today! http://dinclinx.com/Redirect.aspx?36;4905;35;189;0;3;259;0e72602f272b1d7e SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Celebrity Viruses Improve Security 2.Good Obfuscation, Bad Code II. MICROSOFT VULNERABILITY SUMMARY 1. Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability 2. Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability 3. Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities 4. Acritum Femitter Server Remote File Disclosure Vulnerability 5. Xitami HTTP Server Multiple Socket HEAD Request Remote Denial Of Service Vulnerability 6. Sun Java Runtime Environment Unspecified Remote Code Execution Vulnerability 7. Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability 8. Groovy Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability 9. 1by1 '.m3u' File Remote Stack Buffer Overflow Vulnerability 10. Microsoft Windows Media Player WAV File Multiple Denial of Service Vulnerabilities 11. Microsoft GDI+ Plugin PNG File Infinite Loop Denial of Service Vulnerability 12. Microsoft Windows Media Player MIDI File Denial of Service Vulnerability 13. MagicISO CCD/Cue File Heap Overflow Vulnerability 14. MiniWeb Source Code Information Disclosure Vulnerability 15. MiniWeb Remote Buffer Overflow Vulnerability 16. Elecard AVC HD Player '.xpl' File Remote Stack Buffer Overflow Vulnerability 17. Apollo 'm3u' Playlist File Heap Buffer Overflow Vulnerability 18. RETIRED: Microsoft Windows Media Player MID File Parsing Integer Overflow Vulnerability 19. Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities 20. Zervit 'http.c' Remote Buffer Overflow Vulnerability 21. Mini-stream Software RM-MP3 Converter '.pls' File Remote Stack Buffer Overflow Vulnerability 22. Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability 23. Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability 24. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability 25. Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability 26. Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability 27. Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability 28. Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability 29. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability 30. Microsoft WinHTTP Server Name Mismatch Certificate Validation Security Bypass Vulnerability 31. Microsoft WinHTTP Integer Underflow Memory Corruption Remote Code Execution Vulnerability 32. Microsoft Internet Explorer Marquee Tag Handling Remote Code Execution Vulnerability 33. Microsoft Internet Explorer 'EMBED' Tag Uninitialized Memory Remote Code Execution Vulnerability 34. Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability 35. Microsoft ISA Server and Forefront Threat Management Gateway Cross-Site Scripting Vulnerability 36. Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability 37. Microsoft Excel Malformed Object Remote Memory Corruption Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #440 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Celebrity Viruses Improve Security By Adam O'Donnell Every so often, a computer virus becomes more than just a novelty for anti-virus researchers and moves into the consciousness of the mass media, even if it's not a grave threat. http://www.securityfocus.com/columnists/499 2.Good Obfuscation, Bad Code Antivirus analysts and security testers have to deal with a fundamental question every day: Is obfuscated code good or bad? http://www.securityfocus.com/columnists/498 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability BugTraq ID: 34699 Remote: Yes Date Published: 2009-04-23 Relevant URL: http://www.securityfocus.com/bid/34699 Summary: Popcorn is prone to a remote heap-based buffer-overflow vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition. Popcorn 1.87 is vulnerable; other versions may also be affected. 2. Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability BugTraq ID: 34698 Remote: Yes Date Published: 2009-04-23 Relevant URL: http://www.securityfocus.com/bid/34698 Summary: Home Web Server is prone to a denial-of-service vulnerability because it fails to adequately handle malformed HTTP requests. Attackers can exploit this issue to cause the graphical interface of the server to stop responding, denying service to the administrator. Home Web Server 1.7.1.147 is vulnerable; other versions may also be affected. 3. Symantec Norton Ghost 'EasySetupInt.dll' ActiveX Multiple Remote Denial of Service Vulnerabilities BugTraq ID: 34696 Remote: Yes Date Published: 2009-04-23 Relevant URL: http://www.securityfocus.com/bid/34696 Summary: Symantec Norton Ghost EasySetup Wizard ActiveX control is prone to multiple denial-of-service vulnerabilities. A successful attack allows an attacker to crash the application using the affected control (typically Internet Explorer), causing denial-of-service conditions. The attacker may also be able to run arbitrary code, but this has not been confirmed. These issues are reported to affect 'EasySetupInt.dll' 14.0.4.30167; other versions may also be affected. 4. Acritum Femitter Server Remote File Disclosure Vulnerability BugTraq ID: 34689 Remote: Yes Date Published: 2009-04-22 Relevant URL: http://www.securityfocus.com/bid/34689 Summary: Acritum Femitter Server is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view local files in the context of the server process. This may aid in further attacks. Acritum Femitter Server 0.96 and 1.03 are affected; other versions may be vulnerable as well. 5. Xitami HTTP Server Multiple Socket HEAD Request Remote Denial Of Service Vulnerability BugTraq ID: 34681 Remote: Yes Date Published: 2009-04-22 Relevant URL: http://www.securityfocus.com/bid/34681 Summary: Xitami HTTP server is prone to a denial-of-service vulnerability because it fails to adequately handle multiple socket requests. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Xitami 5.0 is vulnerable; other versions may also be affected. 6. Sun Java Runtime Environment Unspecified Remote Code Execution Vulnerability BugTraq ID: 34667 Remote: Yes Date Published: 2009-04-22 Relevant URL: http://www.securityfocus.com/bid/34667 Summary: Sun Java Runtime Environment (JRE) is prone to an unspecified security vulnerability that allows attackers to execute arbitrary code. Attackers can exploit this issue to execute arbitrary code in the context of the application, JRE 6 Update 1 and 2 are vulnerable. 7. Zervit HTTP Server Malformed URI Remote Denial Of Service Vulnerability BugTraq ID: 34637 Remote: Yes Date Published: 2009-04-21 Relevant URL: http://www.securityfocus.com/bid/34637 Summary: Zervit HTTP server is prone to a denial-of-service vulnerability because it fails to adequately sanitize user-supplied input. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Zervit 0.3 is vulnerable; other versions may also be affected. 8. Groovy Media Player '.m3u' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34621 Remote: Yes Date Published: 2009-04-20 Relevant URL: http://www.securityfocus.com/bid/34621 Summary: Groovy Media Player is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Groovy Media Player 1.1.0 is vulnerable; other versions may also be affected. 9. 1by1 '.m3u' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34618 Remote: Yes Date Published: 2009-04-20 Relevant URL: http://www.securityfocus.com/bid/34618 Summary: The '1by1' program is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. This issue affects 1by1 1.67; other versions may also be affected. 10. Microsoft Windows Media Player WAV File Multiple Denial of Service Vulnerabilities BugTraq ID: 34587 Remote: Yes Date Published: 2009-04-17 Relevant URL: http://www.securityfocus.com/bid/34587 Summary: Microsoft Windows Media Player is prone to multiple denial-of-service vulnerabilities when processing malformed WAV files. A remote attacker can exploit these issues to cause the affected application to crash, denying service to legitimate users. 11. Microsoft GDI+ Plugin PNG File Infinite Loop Denial of Service Vulnerability BugTraq ID: 34586 Remote: Yes Date Published: 2009-04-17 Relevant URL: http://www.securityfocus.com/bid/34586 Summary: Microsoft GDI+ is prone to a denial-of-service vulnerability when processing a malformed PNG file. A remote attacker can exploit this issue to cause an infinite loop, which will consume processing resources, denying service to legitimate users. 12. Microsoft Windows Media Player MIDI File Denial of Service Vulnerability BugTraq ID: 34585 Remote: Yes Date Published: 2009-04-17 Relevant URL: http://www.securityfocus.com/bid/34585 Summary: Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed MIDI file. A remote attacker can exploit this issue to cause the affected application to enter an infinite loop, denying service to legitimate users. 13. MagicISO CCD/Cue File Heap Overflow Vulnerability BugTraq ID: 34574 Remote: Yes Date Published: 2009-04-16 Relevant URL: http://www.securityfocus.com/bid/34574 Summary: MagicISO is prone to a heap-overflow vulnerability that may be triggered by a malicious '.ccd' or '.cue' file. A successful exploit will crash the application. An attacker may also be able to execute arbitrary code in the context of the application, but this has not been confirmed. 14. MiniWeb Source Code Information Disclosure Vulnerability BugTraq ID: 34565 Remote: Yes Date Published: 2009-04-16 Relevant URL: http://www.securityfocus.com/bid/34565 Summary: MiniWeb is prone to a vulnerability that lets attackers access source code because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable computer in the context of the webserver process. Information obtained may aid in further attacks. We don't know which versions of MiniWeb are affected. We will update this BID when further details are available. 15. MiniWeb Remote Buffer Overflow Vulnerability BugTraq ID: 34563 Remote: Yes Date Published: 2009-04-16 Relevant URL: http://www.securityfocus.com/bid/34563 Summary: MiniWeb is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 16. Elecard AVC HD Player '.xpl' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34560 Remote: Yes Date Published: 2009-04-16 Relevant URL: http://www.securityfocus.com/bid/34560 Summary: Elecard AVC HD Player is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. 17. Apollo 'm3u' Playlist File Heap Buffer Overflow Vulnerability BugTraq ID: 34554 Remote: Yes Date Published: 2009-04-16 Relevant URL: http://www.securityfocus.com/bid/34554 Summary: Apollo is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Apollo 37zz is vulnerable; other versions may also be affected. 18. RETIRED: Microsoft Windows Media Player MID File Parsing Integer Overflow Vulnerability BugTraq ID: 34534 Remote: Yes Date Published: 2009-04-15 Relevant URL: http://www.securityfocus.com/bid/34534 Summary: Microsoft Windows Media Player is prone to an integer-overflow vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will allow the attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. Windows Media Player 11 is vulnerable; other versions may also be affected. NOTE: This BID is being retired because exploits of this issue would have no security impact. 19. Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities BugTraq ID: 34532 Remote: Yes Date Published: 2009-04-15 Relevant URL: http://www.securityfocus.com/bid/34532 Summary: The Microsoft Intelligent Application Gateway (IAG) 2007 Client Components ActiveX Control is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. The ActiveX control is identified by CLSID: 8D9563A9-8D5F-459B-87F2-BA842255CB9A Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. NOTE: IAG was formerly known as Whale Communications Intelligent Application Gateway. Versions prior to IAG 2007 3.7 SP2 are vulnerable. 20. Zervit 'http.c' Remote Buffer Overflow Vulnerability BugTraq ID: 34530 Remote: Yes Date Published: 2009-04-15 Relevant URL: http://www.securityfocus.com/bid/34530 Summary: Zervit is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Zervit 0.2 is vulnerable; other versions may also be affected. 21. Mini-stream Software RM-MP3 Converter '.pls' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 34514 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34514 Summary: Mini-stream Software RM-MP3 Converter is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. 22. Microsoft WordPad Word 97 Converter Remote Code Execution Vulnerability BugTraq ID: 34470 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34470 Summary: Microsoft WordPad is prone to a remote code-execution vulnerability because of a stack-based buffer overflow that may result in corrupted memory. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions. 23. Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability BugTraq ID: 34469 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34469 Summary: Microsoft Word 2000 is prone to a remote code-execution vulnerability because it fails to properly validate an unspecified string when parsing a WordPerfect document. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions. 24. Microsoft DirectX DirectShow MJPEG Video Decompression Remote Code Execution Vulnerability BugTraq ID: 34460 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34460 Summary: Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component fails to properly handle compressed media files. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. 25. Microsoft Windows Thread Pool ACL Local Privilege Escalation Vulnerability BugTraq ID: 34444 Remote: No Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34444 Summary: Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows Vista Windows Server 2008 26. Microsoft Windows RPCSS Service Isolation Local Privilege Escalation Vulnerability BugTraq ID: 34443 Remote: No Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34443 Summary: Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows XP SP2 Windows Server 2003 27. Microsoft Windows WMI Service Isolation Local Privilege Escalation Vulnerability BugTraq ID: 34442 Remote: No Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34442 Summary: Microsoft Windows is prone to a privilege-escalation vulnerability. Successful exploits may allow attackers to elevate their privileges to LocalSystem, which would facilitate the complete compromise of affected computers. The issue affects the following: Windows XP SP2 Windows Server 2003 Windows Vista Windows Server 2008 28. Microsoft Windows NTLM Credential Reflection Remote Code Execution Vulnerability BugTraq ID: 34439 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34439 Summary: Microsoft Windows is prone to a vulnerability that could let attackers replay NTLM (NT LAN Manager) credentials. A successful exploit would let an attacker execute arbitrary code in the context of the affected user. 29. Microsoft Internet Explorer Page Transition Remote Code Execution Vulnerability BugTraq ID: 34438 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34438 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks will cause denial-of-service conditions. 30. Microsoft WinHTTP Server Name Mismatch Certificate Validation Security Bypass Vulnerability BugTraq ID: 34437 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34437 Summary: Microsoft Windows HTTP Services (WinHTTP) is prone to a security-bypass vulnerability because of an error in verifying website certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. 31. Microsoft WinHTTP Integer Underflow Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 34435 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34435 Summary: Microsoft Windows HTTP Services (WinHTTP) is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise an affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. 32. Microsoft Internet Explorer Marquee Tag Handling Remote Code Execution Vulnerability BugTraq ID: 34426 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34426 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. 33. Microsoft Internet Explorer 'EMBED' Tag Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 34424 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34424 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. 34. Microsoft Internet Explorer Uninitialized Memory Variant One Remote Code Execution Vulnerability BugTraq ID: 34423 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34423 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. 35. Microsoft ISA Server and Forefront Threat Management Gateway Cross-Site Scripting Vulnerability BugTraq ID: 34416 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34416 Summary: Microsoft ISA (Internet Security and Acceleration) Server and Forefront Threat Management Gateway (TMG) are prone to a cross-site scripting vulnerability because the software fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal potentially sensitive information and launch other attacks. 36. Microsoft ISA Server and Forefront Threat Management Gateway Denial of Service Vulnerability BugTraq ID: 34414 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34414 Summary: Microsoft ISA Server and Forefront Threat Management Gateway are prone to a remote denial-of-service vulnerability. A remote, anonymous attacker could exploit this issue to cause the Web proxy listener to become unresponsive, denying service legitimate users. 37. Microsoft Excel Malformed Object Remote Memory Corruption Vulnerability BugTraq ID: 34413 Remote: Yes Date Published: 2009-04-14 Relevant URL: http://www.securityfocus.com/bid/34413 Summary: Microsoft Excel is prone to a memory-corruption vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #440 http://www.securityfocus.com/archive/88/502793 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Webex Desktop Security On Demand Today, the pressures of technology threats, regulatory compliance, and cost control have combined to force a renewed focus on corporate IT management. As a result, security and system management are top-of-mind considerations for IT managers within businesses of all sizes. Learn more today! http://dinclinx.com/Redirect.aspx?36;4905;35;189;0;3;259;0e72602f272b1d7e
