SecurityFocus Microsoft Newsletter #445 ----------------------------------------
This issue is sponsored by VeriSign VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers green which helps your customers know they are safe on your site. http://ad.doubleclick.net/clk;215510119;37701656;z SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Hacker-Tool Law Still Does Little 2. A Botnet by Any Other Name II. MICROSOFT VULNERABILITY SUMMARY 1. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 2. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability 3. Kerio MailServer WebMail Cross Site Scripting Vulnerability 4. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities 5. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness 6. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability 7. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability 8. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability 9. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability 10. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability 11. Microsoft Excel Array Indexing Remote Code Execution Vulnerability 12. Microsoft Excel Record Object Remote Code Execution Vulnerability 13. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability 14. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities 15. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability 16. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability 17. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability 18. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability 19. Online Armor Personal Firewall IOCTL Request Local Privilege Escalation Vulnerability 20. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability 21. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability 22. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability 23. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability 24. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability 25. Microsoft Windows Search Script Injection Vulnerability 26. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability 27. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability 28. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability 29. Microsoft June 2009 Advance Notification Multiple Vulnerabilities 30. Microsoft Windows Print Spooler Remote Code Execution Vulnerability 31. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability 32. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability 33. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability 34. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability 35. Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability 36. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability 37. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability 38. Apple QuickTime PSD Image Buffer Overflow Vulnerability 39. Apple QuickTime Clipping Region (CRGN) Atom Types Heap Overflow Vulnerability 40. Apple QuickTime Image Description Atom Sign Extension Vulnerability 41. Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability 42. Apple QuickTime PICT Image Heap Overflow Vulnerability 43. Apple QuickTime MS ADPCM Audio File Heap Buffer Overflow Vulnerability 44. Apple QuickTime User Atom Data Size Uninitialized Memory Access Remote Code Execution Vulnerability 45. Apple QuickTime FLC Compression File Heap Overflow Vulnerability 46. Apple QuickTime Sorenson 3 Video File Remote Memory Corruption Vulnerability 47. Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability 48. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Hacker-Tool Law Still Does Little By Mark Rasch On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. http://www.securityfocus.com/columnists/502 2. A Botnet by Any Other Name By Gubter Ollmann The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents. http://www.securityfocus.com/columnists/501 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability BugTraq ID: 35308 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35308 Summary: Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to adequately handle TrueType fonts. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to Safari 4.0 running on Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 2. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability BugTraq ID: 35275 Remote: Yes Date Published: 2009-06-10 Relevant URL: http://www.securityfocus.com/bid/35275 Summary: Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Freelance file. Successful exploits can allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. 3. Kerio MailServer WebMail Cross Site Scripting Vulnerability BugTraq ID: 35264 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35264 Summary: Kerio MailServer WebMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Kerio MailServer versions 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are vulnerable. 4. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities BugTraq ID: 35260 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35260 Summary: Apple Safari is prone to multiple security vulnerabilities. Attackers may exploit these issues to execute arbitrary code, launch cross-site scripting attacks, elevate privileges, or obtain sensitive information. Other attacks are also possible. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Microsoft Windows XP, and Windows Vista. 5. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness BugTraq ID: 35255 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35255 Summary: Microsoft Windows is prone to a weakness that affects the Windows DNS client and arises because of a design error in the DNS devolution process. The attacker could set up a malicious site and carry out attacks against victims who are inadvertently directed to the malicious site. These attacks could include disclosure of the private IP address, disclosure of authentication credentials, modification of client proxy settings, phishing, redirection to other malicious sites, enticing vulnerable users to download malware, and more. 6. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability BugTraq ID: 35248 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35248 Summary: eBay Enhanced Picture Services ActiveX control is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 7. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability BugTraq ID: 35246 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35246 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel ('.xls') file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 8. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability BugTraq ID: 35245 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35245 Summary: Microsoft Excel is prone to an integer-overflow vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 9. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability BugTraq ID: 35244 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35244 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 10. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability BugTraq ID: 35243 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35243 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 11. Microsoft Excel Array Indexing Remote Code Execution Vulnerability BugTraq ID: 35242 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35242 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 12. Microsoft Excel Record Object Remote Code Execution Vulnerability BugTraq ID: 35241 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35241 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 13. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability BugTraq ID: 35240 Remote: No Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35240 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. 14. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities BugTraq ID: 35239 Remote: Yes Date Published: 2009-06-05 Relevant URL: http://www.securityfocus.com/bid/35239 Summary: XM Easy Personal FTP Server is prone to multiple remote buffer-overflow vulnerabilities because the application fails to sufficiently sanitize user-supplied arguments to multiple FTP commands. An attacker can exploit these issues to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. XM Easy Personal FTP Server 5.7.0 is vulnerable; other versions may also be affected. 15. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability BugTraq ID: 35238 Remote: No Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35238 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. 16. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability BugTraq ID: 35235 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35235 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 17. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability BugTraq ID: 35234 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35234 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 18. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability BugTraq ID: 35232 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35232 Summary: Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability because it fails to properly enforce access restrictions on certain requests to a site that requires authentication. An attacker can exploit this issue to gain unauthorized access to protected resources, which may lead to other attacks. This issue affects IIS 5.0. 19. Online Armor Personal Firewall IOCTL Request Local Privilege Escalation Vulnerability BugTraq ID: 35227 Remote: No Date Published: 2009-06-04 Relevant URL: http://www.securityfocus.com/bid/35227 Summary: Online Armor Personal Firewall is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer. Online Armor Personal Firewall 3.5.0.12 and prior versions are affected. Online Armor Personal Firewall AV+ is also vulnerable. 20. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 35226 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35226 Summary: Microsoft Active Directory is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful exploits will completely compromise the affected computer. Failed attacks will cause denial-of-service conditions. 21. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability BugTraq ID: 35225 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35225 Summary: Microsoft Active Directory is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the server, denying access to legitimate users. 22. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35224 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35224 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 23. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35223 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35223 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 24. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35222 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35222 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 25. Microsoft Windows Search Script Injection Vulnerability BugTraq ID: 35220 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35220 Summary: Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when previewing search results. Successful exploits will cause malicious script code to run in the local context, allowing attackers to steal potentially sensitive information or perform other attacks. The issue affects Windows Search installed on all supported editions of Windows XP and Windows Server 2003. Note that Windows Vista and Windows Server 2008 are not affected. 26. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability BugTraq ID: 35219 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35219 Summary: Microsoft Windows RPC Marshalling Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue by sending a specially crafted RPC request to an affected computer. Successfully exploiting this issue will allow the attacker to execute arbitrary code with full system rights, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service condition. 27. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability BugTraq ID: 35218 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35218 Summary: Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 28. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability BugTraq ID: 35215 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35215 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 29. Microsoft June 2009 Advance Notification Multiple Vulnerabilities BugTraq ID: 35213 Remote: Yes Date Published: 2009-06-04 Relevant URL: http://www.securityfocus.com/bid/35213 Summary: Microsoft has released advance notification that on June 9, 2009 the vendor will be releasing 10 security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'. These issues affect the following: Windows Internet Explorer Word Excel Office Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. We will create individual records to better document these issues when the bulletins are released. 30. Microsoft Windows Print Spooler Remote Code Execution Vulnerability BugTraq ID: 35209 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35209 Summary: Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service. A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers. 31. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability BugTraq ID: 35208 Remote: No Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35208 Summary: Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects the Print Spooler service. Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in further attacks. 32. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35206 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35206 Summary: Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the Windows Print Spooler. Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. 33. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability BugTraq ID: 35200 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35200 Summary: Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks. 34. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35198 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35198 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. 35. Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability BugTraq ID: 35190 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35190 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 36. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35188 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35188 Summary: Microsoft Word is prone to a stack-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 37. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability BugTraq ID: 35184 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35184 Summary: Microsoft Office Works for Windows document converters are prone to a remote code-execution vulnerability because the application fails to properly handle specially crafted files. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 38. Apple QuickTime PSD Image Buffer Overflow Vulnerability BugTraq ID: 35168 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35168 Summary: Apple QuickTime is prone to a buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted image. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 39. Apple QuickTime Clipping Region (CRGN) Atom Types Heap Overflow Vulnerability BugTraq ID: 35167 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35167 Summary: Apple QuickTime is prone to a heap-based buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista and Windows XP SP3. 40. Apple QuickTime Image Description Atom Sign Extension Vulnerability BugTraq ID: 35166 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35166 Summary: Apple QuickTime is prone to a vulnerability that occurs because the bit width of a number is increased without changing its sign in certain image description atoms. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted Apple video file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 41. Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability BugTraq ID: 35165 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35165 Summary: Apple QuickTime is prone to a heap-based buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 42. Apple QuickTime PICT Image Heap Overflow Vulnerability BugTraq ID: 35164 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35164 Summary: Apple QuickTime is prone to a heap-based buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 43. Apple QuickTime MS ADPCM Audio File Heap Buffer Overflow Vulnerability BugTraq ID: 35163 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35163 Summary: Apple QuickTime is prone to a heap-based buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially AVI crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 44. Apple QuickTime User Atom Data Size Uninitialized Memory Access Remote Code Execution Vulnerability BugTraq ID: 35162 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35162 Summary: Apple QuickTime is prone to a remote code-execution vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 45. Apple QuickTime FLC Compression File Heap Overflow Vulnerability BugTraq ID: 35161 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35161 Summary: Apple QuickTime is prone to a heap-based buffer-overflow vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 46. Apple QuickTime Sorenson 3 Video File Remote Memory Corruption Vulnerability BugTraq ID: 35159 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35159 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted file. Successful exploits will allow the attacker to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X. 47. Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability BugTraq ID: 35157 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35157 Summary: Apple iTunes is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks before copying user-supplied data to an insufficiently sized buffer. Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the affected application. Failed attacks will likely cause denial-of-service conditions. 48. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35154 Remote: Yes Date Published: 2009-06-01 Relevant URL: http://www.securityfocus.com/bid/35154 Summary: SafeNet SoftRemote is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. Versions prior to SoftRemote 10.8.6 are vulnerable. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to ms-secnews-unsubscr...@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email listad...@securityfocus.com and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by VeriSign VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers green which helps your customers know they are safe on your site. http://ad.doubleclick.net/clk;215510119;37701656;z
