SecurityFocus Microsoft Newsletter #448 ----------------------------------------
This issue is sponsored by Ironkey INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE Designed to meet the needs of military, government and demanding enterprise users, the IronKey. S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field. Learn more at https://www.ironkey.com/S200_Launch ------------------------------------------------------------------ I. FRONT AND CENTER 1. Hacker-Tool Law Still Does Little 2. A Botnet by Any Other Name II. MICROSOFT VULNERABILITY SUMMARY 1. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability 2. Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability 3. LibTIFF Multiple Remote Integer Overflow Vulnerabilities 4. Wyse Device Manager Unspecified Remote Buffer Overflow Vulnerability 5. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability 6. Pirch IRC Client Remote Buffer Overflow Vulnerability 7. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability 8. Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability 9. Microsoft July 2009 Advance Notification Multiple Vulnerabilities 10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability 11. Bugzilla Bug Status Modification Security Bypass Vulnerability 12. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability 13. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability 14. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability 15. Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability 16. Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability 17. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability 18. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Hacker-Tool Law Still Does Little By Mark Rasch On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. http://www.securityfocus.com/columnists/502 2. A Botnet by Any Other Name By Gubter Ollmann The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million malicious agents. http://www.securityfocus.com/columnists/501 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35667 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35667 Summary: Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Icarus 2.0 is vulnerable; other versions may also be affected. 2. Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability BugTraq ID: 35660 Remote: Yes Date Published: 2009-07-13 Relevant URL: http://www.securityfocus.com/bid/35660 Summary: Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. The issue affects Firefox 3.5; other versions may also be vulnerable. NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Windows XP SP3. 3. LibTIFF Multiple Remote Integer Overflow Vulnerabilities BugTraq ID: 35652 Remote: Yes Date Published: 2009-07-13 Relevant URL: http://www.securityfocus.com/bid/35652 Summary: LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected. 4. Wyse Device Manager Unspecified Remote Buffer Overflow Vulnerability BugTraq ID: 35649 Remote: Yes Date Published: 2009-07-10 Relevant URL: http://www.securityfocus.com/bid/35649 Summary: Wyse Device Manager is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 5. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability BugTraq ID: 35642 Remote: Yes Date Published: 2009-07-13 Relevant URL: http://www.securityfocus.com/bid/35642 Summary: Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs: 0002E541-0000-0000-C000-000000000046 0002E559-0000-0000-C000-000000000046 An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 6. Pirch IRC Client Remote Buffer Overflow Vulnerability BugTraq ID: 35639 Remote: Yes Date Published: 2009-07-12 Relevant URL: http://www.securityfocus.com/bid/35639 Summary: Pirch IRC is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server. Successful attacks will allow arbitrary code to run within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Pirch IRC 98 is vulnerable; other versions may also be affected. NOTE: The vulnerability may be related to the issue described in BID 5079. We will update the BID when more information emerges. 7. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability BugTraq ID: 35631 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35631 Summary: Microsoft ISA Server is prone to an authentication-bypass vulnerability. An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources within the context of the selected account. 8. Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability BugTraq ID: 35620 Remote: Yes Date Published: 2009-07-09 Relevant URL: http://www.securityfocus.com/bid/35620 Summary: Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Reports indicate that this issue may be used to corrupt process memory and be leveraged to execute code, but this has not been confirmed. Internet Explorer 7 and 8 are known to be vulnerable; other versions may be affected as well. 9. Microsoft July 2009 Advance Notification Multiple Vulnerabilities BugTraq ID: 35617 Remote: Yes Date Published: 2009-07-09 Relevant URL: http://www.securityfocus.com/bid/35617 Summary: Microsoft has released advance notification that on July 14, 2009 the vendor will be releasing six security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'. These issues affect the following: Windows DirectX Virtual PC Virtual Server ISA Server Publisher Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. We will create individual records to better document these issues when the bulletins are released. 10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability BugTraq ID: 35616 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35616 Summary: Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow component. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. 11. Bugzilla Bug Status Modification Security Bypass Vulnerability BugTraq ID: 35604 Remote: Yes Date Published: 2009-07-08 Relevant URL: http://www.securityfocus.com/bid/35604 Summary: Bugzilla is prone to a security-bypass vulnerability. Successful exploits will allow authenticated attackers to modify the status of bug reports, which may aid in further attacks. The following are vulnerable: Bugzilla 3.1.1 through 3.2.3 Bugzilla 3.3.1 through 3.3.4 12. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability BugTraq ID: 35601 Remote: No Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35601 Summary: Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by an error in decoding privileged instructions. Note that this issue affects only systems that do not use hardware-assisted virtualization. Successful exploits may allow local attackers to elevate privileges within a guest operating system. 13. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability BugTraq ID: 35600 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35600 Summary: Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow component. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. 14. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability BugTraq ID: 35599 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35599 Summary: Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 15. Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability BugTraq ID: 35585 Remote: Yes Date Published: 2009-07-06 Relevant URL: http://www.securityfocus.com/bid/35585 Summary: Microsoft Windows is prone to a remote memory-corruption vulnerability that affects the Video Control ActiveX control. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected. 16. Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability BugTraq ID: 35558 Remote: Yes Date Published: 2009-07-06 Relevant URL: http://www.securityfocus.com/bid/35558 Summary: Microsoft Windows is prone to a remote code-execution vulnerability that affects the TV Tuner library. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected. 17. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability BugTraq ID: 35187 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35187 Summary: Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer. 18. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability BugTraq ID: 35186 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35186 Summary: Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Ironkey INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE Designed to meet the needs of military, government and demanding enterprise users, the IronKey. S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field. . Always-On AES 256-bit Hardware Encryption . FIPS 140-2 Level 3 Validated . Hardened Case.Waterproof Beyond MIL-STD-810F . Remote Management Software Research for the IronKey architecture was funded in part by the U.S. Department of Homeland Security. In addition, IronKey maintains a trusted supply chain: all research and development is performed in the USA, and all boards are built and all drives are assembled in secure facilities in the USA. IronKey Basic S200 drives will also be available in high-capacity 16GB models. https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter
