SecurityFocus Microsoft Newsletter #446 ----------------------------------------
This issue is sponsored by VeriSign VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers green which helps your customers know they are safe on your site. http://ad.doubleclick.net/clk;215510129;37701658;c ------------------------------------------------------------------ I. FRONT AND CENTER 1. Hacker-Tool Law Still Does Little 2. A Botnet by Any Other Name II. MICROSOFT VULNERABILITY SUMMARY 1. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability 2. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities 3. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability 4. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities 5. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability 6. TorrentTrader Classic Multiple Remote Vulnerabilities 7. Multiple Kaspersky Products PDF File Scan Evasion Vulnerability 8. SugarCRM Email Attachment Arbitrary File Upload Vulnerability 9. Multiple Symantec Products RAR/TAR/ZIP File Scan Evasion Vulnerability 10. Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 11. Apple Safari for Windows Reset Password Information Disclosure Vulnerability 12. Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 13. Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability 14. Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 15. Apple Safari CFNetwork Script Injection Weakness 16. Apple Safari Windows Installer Local Privilege Escalation Vulnerability 17. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities 18. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 19. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability 20. Kerio MailServer WebMail Cross Site Scripting Vulnerability 21. RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities 22. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness 23. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability 24. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability 25. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability 26. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability 27. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability 28. Microsoft Excel Array Indexing Remote Code Execution Vulnerability 29. Microsoft Excel Record Object Remote Code Execution Vulnerability 30. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability 31. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability 32. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability 33. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability 34. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability 35. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability 36. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability 37. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability 38. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability 39. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability 40. Microsoft Windows Search Script Injection Vulnerability 41. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability 42. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability 43. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability 44. Microsoft Windows Print Spooler Remote Code Execution Vulnerability 45. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability 46. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability 47. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability 48. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability 49. Microsoft Word Record Parsing Buffer Overflow Vulnerability 50. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability 51. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #445 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Hacker-Tool Law Still Does Little By Mark Rasch On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. http://www.securityfocus.com/columnists/502 2. A Botnet by Any Other Name By Gubter Ollmann The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents. http://www.securityfocus.com/columnists/501 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability BugTraq ID: 35432 Remote: No Date Published: 2009-06-18 Relevant URL: http://www.securityfocus.com/bid/35432 Summary: DESlock+ is prone to a local privilege-escalation vulnerability. An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer. DESlock+ 4.0.2 is vulnerable; other versions may also be affected. 2. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities BugTraq ID: 35414 Remote: Yes Date Published: 2009-06-17 Relevant URL: http://www.securityfocus.com/bid/35414 Summary: Apple iPhone and iPod touch are prone to multiple vulnerabilities. Successfully exploiting these issues may allow attackers to bypass security restrictions, obtain sensitive information, or cause denial-of-service conditions. These issues affect the following: iPhone OS 1.0 through 2.2.1 iPhone OS for iPod touch 1.1 through 2.2.1 3. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability BugTraq ID: 35411 Remote: Yes Date Published: 2009-06-17 Relevant URL: http://www.securityfocus.com/bid/35411 Summary: Multiple browsers are prone to a vulnerability that may allow attackers to spoof arbitrary HTTPS sites. Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTPS site. Successful exploits will lead to a false sensitive security since the victim is visiting a site that is assumed to be legitimate. 4. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities BugTraq ID: 35410 Remote: Yes Date Published: 2009-06-17 Relevant URL: http://www.securityfocus.com/bid/35410 Summary: ClamAV is prone to multiple vulnerabilities because it fails to properly restrict certain files after scanning them. A successful attack may allow malicious users to bypass security restrictions placed on certain files. Exploits may aid in further attacks. Versions prior to ClamAv 0.95.2 are vulnerable. 5. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability BugTraq ID: 35380 Remote: Yes Date Published: 2009-06-11 Relevant URL: http://www.securityfocus.com/bid/35380 Summary: Multiple web browsers are prone to a man-in-the-middle vulnerability. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how sites are rendered to the user. Other attacks are also possible. NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better document it. UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple browsers, not just Mozilla products. 6. TorrentTrader Classic Multiple Remote Vulnerabilities BugTraq ID: 35369 Remote: Yes Date Published: 2009-06-15 Relevant URL: http://www.securityfocus.com/bid/35369 Summary: TorrentTrader Classic is prone to multiple vulnerabilities: - An insufficient entropy weakness - Multiple information-disclosure vulnerabilities - Multiple SQL-injection vulnerabilities - Multiple HTML-injection vulnerabilities - Multiple cross-site-scripting vulnerabilities - A local-file-include vulnerability Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, access or modify data, or exploit latent vulnerabilities in the underlying database. TorrentTrader Classic 1.09 is vulnerable; other versions may also be affected. 7. Multiple Kaspersky Products PDF File Scan Evasion Vulnerability BugTraq ID: 35365 Remote: Yes Date Published: 2009-06-13 Relevant URL: http://www.securityfocus.com/bid/35365 Summary: Multiple Kaspersky products are prone to a vulnerability that may allow certain PDF files to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. 8. SugarCRM Email Attachment Arbitrary File Upload Vulnerability BugTraq ID: 35361 Remote: Yes Date Published: 2009-06-13 Relevant URL: http://www.securityfocus.com/bid/35361 Summary: SugarCRM is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately validate user-supplied input. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible. The issue affects SugarCRM 5.2.0e; prior versions may also be vulnerable. 9. Multiple Symantec Products RAR/TAR/ZIP File Scan Evasion Vulnerability BugTraq ID: 35354 Remote: Yes Date Published: 2009-06-12 Relevant URL: http://www.securityfocus.com/bid/35354 Summary: Multiple Symantec products are prone to a vulnerability that may allow certain compressed archives to bypass the scan engine. Successful exploits will allow attackers to distribute files containing malicious code that the antivirus application will fail to detect. The following products are affected: Symantec Mail Security for Domino Symantec Mail Security for Microsoft Exchange Symantec Mail Security for SMTP Symantec Brightmail Gateway Symantec AntiVirus for Network Attached Storage Symantec AntiVirus for Caching Symantec AntiVirus for Messaging Symantec Protection for SharePoint Servers Symantec Protection Suite Symantec Scan Engine Symantec Client Security Symantec Endpoint Protection Symantec AntiVirus Corporate Edition Norton Internet Security Norton 360 Norton AntiVirus Norton Systemworks 10. Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability BugTraq ID: 35353 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35353 Summary: Safari is prone to a security-bypass vulnerability because it fails to properly verify X.509 extended validation (EV) certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted webservers. This will aid in further attacks. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 11. Apple Safari for Windows Reset Password Information Disclosure Vulnerability BugTraq ID: 35352 Remote: No Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35352 Summary: Apple Safari is prone to a local information-disclosure vulnerability. A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 12. Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability BugTraq ID: 35351 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35351 Summary: Apple Safari is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application or to obtain sensitive information. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 13. Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability BugTraq ID: 35347 Remote: No Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35347 Summary: Apple Safari is prone to an information-disclosure vulnerability. A local attacker can exploit this issue to access other users' files as they are downloaded. This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 14. Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability BugTraq ID: 35346 Remote: No Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35346 Summary: Apple Safari is prone to a local information-disclosure vulnerability. A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks. This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 15. Apple Safari CFNetwork Script Injection Weakness BugTraq ID: 35344 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35344 Summary: Apple Safari is prone to a weakness that may allow attackers to run arbitrary script code. Attackers may exploit this issue through social engineering or through exploiting other latent vulnerabilities to execute arbitrary script code in the context of the victim. This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7 and on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 16. Apple Safari Windows Installer Local Privilege Escalation Vulnerability BugTraq ID: 35339 Remote: No Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35339 Summary: Apple Safari is prone to a local privilege-escalation vulnerability. A local attacker may be able to exploit this issue to gain elevated privileges, which may aid in further attacks. This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 17. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities BugTraq ID: 35335 Remote: Yes Date Published: 2009-06-12 Relevant URL: http://www.securityfocus.com/bid/35335 Summary: Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because it fails to properly restrict access to certain functionality when handling media files. An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks. 18. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability BugTraq ID: 35308 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35308 Summary: Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to adequately handle TrueType fonts. An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to Safari 4.0 running on Windows XP and Vista. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. 19. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability BugTraq ID: 35275 Remote: Yes Date Published: 2009-06-10 Relevant URL: http://www.securityfocus.com/bid/35275 Summary: Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Freelance file. Successful exploits can allow the attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. 20. Kerio MailServer WebMail Cross Site Scripting Vulnerability BugTraq ID: 35264 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35264 Summary: Kerio MailServer WebMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are vulnerable. 21. RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities BugTraq ID: 35260 Remote: Yes Date Published: 2009-06-08 Relevant URL: http://www.securityfocus.com/bid/35260 Summary: Safari is prone to multiple security vulnerabilities that have been addressed in Apple security advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista. NOTE: This BID is being retired because the following individual records have been created to better document issues previously mentioned in this BID: 35321 WebKit XML External Entity Information Disclosure Vulnerability 35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability 35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability 35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability 35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability 35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability 35317 WebKit Subframe Click Jacking Vulnerability 35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability 35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability 35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability 35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability 35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability 35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability 35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability 35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability 35272 WebKit Drag Event Remote Information Disclosure Vulnerability 35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability 33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure Vulnerability 35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability 35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability 35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability 35350 WebKit Java Applet Remote Code Execution Vulnerability 35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing Vulnerability 35348 WebKit Web Inspector Cross Site Scripting Vulnerability 35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability 35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability 35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability 35333 WebKit File Enumeration Information Disclosure Vulnerability 35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability 35332 WebKit 'about:blank' Security Bypass Vulnerability 35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability 35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability 35328 WebKit Frame Transition Cross Domain Scripting Vulnerability 35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability 35344 Apple Safari CFNetwork Script Injection Weakness 35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability 22. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness BugTraq ID: 35255 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35255 Summary: Microsoft Windows is prone to a weakness that affects the Windows DNS client and arises because of a design error in the DNS devolution process. The attacker could set up a malicious site and carry out attacks against victims who are inadvertently directed to the malicious site. These attacks could include disclosure of the private IP address, disclosure of authentication credentials, modification of client proxy settings, phishing, redirection to other malicious sites, enticing vulnerable users to download malware, and more. 23. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability BugTraq ID: 35248 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35248 Summary: eBay Enhanced Picture Services ActiveX control is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 24. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability BugTraq ID: 35246 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35246 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel ('.xls') file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 25. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability BugTraq ID: 35245 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35245 Summary: Microsoft Excel is prone to an integer-overflow vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 26. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability BugTraq ID: 35244 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35244 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 27. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability BugTraq ID: 35243 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35243 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 28. Microsoft Excel Array Indexing Remote Code Execution Vulnerability BugTraq ID: 35242 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35242 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 29. Microsoft Excel Record Object Remote Code Execution Vulnerability BugTraq ID: 35241 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35241 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 30. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability BugTraq ID: 35240 Remote: No Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35240 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. 31. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability BugTraq ID: 35238 Remote: No Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35238 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successful exploits will result in the complete compromise of affected computers. 32. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability BugTraq ID: 35235 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35235 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 33. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability BugTraq ID: 35234 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35234 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 34. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability BugTraq ID: 35232 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35232 Summary: Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability because it fails to properly enforce access restrictions on certain requests to a site that requires authentication. An attacker can exploit this issue to gain unauthorized access to protected resources, which may lead to other attacks. This issue affects IIS 5.0. 35. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 35226 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35226 Summary: Microsoft Active Directory is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the application. Successful exploits will completely compromise the affected computer. Failed attacks will cause denial-of-service conditions. 36. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability BugTraq ID: 35225 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35225 Summary: Microsoft Active Directory is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the server, denying access to legitimate users. 37. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35224 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35224 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 38. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35223 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35223 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 39. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35222 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35222 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks may cause denial-of-service conditions. 40. Microsoft Windows Search Script Injection Vulnerability BugTraq ID: 35220 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35220 Summary: Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when previewing search results. Successful exploits will cause malicious script code to run in the local context, allowing attackers to steal potentially sensitive information or perform other attacks. The issue affects Windows Search installed on all supported editions of Windows XP and Windows Server 2003. Note that Windows Vista and Windows Server 2008 are not affected. 41. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability BugTraq ID: 35219 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35219 Summary: Microsoft Windows RPC Marshalling Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue by sending a specially crafted RPC request to an affected computer. Successfully exploiting this issue will allow the attacker to execute arbitrary code with full system rights, completely compromising affected computers. Failed exploit attempts will likely result in a denial-of-service condition. 42. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability BugTraq ID: 35218 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35218 Summary: Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 43. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability BugTraq ID: 35215 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35215 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 44. Microsoft Windows Print Spooler Remote Code Execution Vulnerability BugTraq ID: 35209 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35209 Summary: Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler service. A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, which can result in the complete compromise of affected computers. 45. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability BugTraq ID: 35208 Remote: No Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35208 Summary: Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects the Print Spooler service. Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in further attacks. 46. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35206 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35206 Summary: Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the Windows Print Spooler. Exploiting this vulnerability allows attackers to execute arbitrary code with system-level privileges. Failed exploit attempts will likely cause denial-of-service conditions. 47. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability BugTraq ID: 35200 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35200 Summary: Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or may aid in further attacks. 48. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability BugTraq ID: 35198 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35198 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. Failed attacks may cause denial-of-service conditions. 49. Microsoft Word Record Parsing Buffer Overflow Vulnerability BugTraq ID: 35190 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35190 Summary: Microsoft Word is prone to a buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 50. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35188 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35188 Summary: Microsoft Word is prone to a stack-based buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 51. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability BugTraq ID: 35184 Remote: Yes Date Published: 2009-06-09 Relevant URL: http://www.securityfocus.com/bid/35184 Summary: Microsoft Office Works for Windows document converters are prone to a remote code-execution vulnerability because the application fails to properly handle specially crafted files. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successful exploits would allow the attacker to execute arbitrary code in the context of the currently logged-in user. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #445 http://www.securityfocus.com/archive/88/504256 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by VeriSign VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers green which helps your customers know they are safe on your site. http://ad.doubleclick.net/clk;215510129;37701658;c
