SecurityFocus Microsoft Newsletter #449 ----------------------------------------
This issue is sponsored by IronKey INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field. Learn more at https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter ------------------------------------------------------------------ I. FRONT AND CENTER 1.The Scale of Security 2.Hacker-Tool Law Still Does Little II. MICROSOFT VULNERABILITY SUMMARY 1. World in Conflict Typecheck Remote Denial of Service Vulnerability 2. Wireshark 1.2.0 Multiple Vulnerabilities 3. Google Chrome Privilege Escalation Weakness 4. MightSOFT Audio Editor Pro MP3 File Unspecified Memory Corruption Vulnerability 5. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability 6. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability 7. LibTIFF Multiple Remote Integer Overflow Vulnerabilities 8. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability 9. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability 10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability 11. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability 12. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability 13. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability 14. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability 15. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Forcing Password Changes for Non-Interacitve Logons IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.The Scale of Security By Adam O'Donnell Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem. http://www.securityfocus.com/columnists/503 2. Hacker-Tool Law Still Does Little By Mark Rasch On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. http://www.securityfocus.com/columnists/502 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. World in Conflict Typecheck Remote Denial of Service Vulnerability BugTraq ID: 35751 Remote: Yes Date Published: 2009-07-16 Relevant URL: http://www.securityfocus.com/bid/35751 Summary: World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker could exploit this issue to crash the affected application, denying service to legitimate users. This issue affects World in Conflict 1.0.1.1 and prior versions. 2. Wireshark 1.2.0 Multiple Vulnerabilities BugTraq ID: 35748 Remote: Yes Date Published: 2009-07-20 Relevant URL: http://www.securityfocus.com/bid/35748 Summary: Wireshark is prone to multiple vulnerabilities, including a buffer-overflow issue and denial-of-service issues. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed. These issues affect Wireshark 0.9.2 through 1.2.0. 3. Google Chrome Privilege Escalation Weakness BugTraq ID: 35723 Remote: Yes Date Published: 2009-07-16 Relevant URL: http://www.securityfocus.com/bid/35723 Summary: Google Chrome is prone to a weakness that may allow attackers to escalate privileges after carrying out a successful code-execution attack against a renderer (tab) process. This issue affects versions prior to Chrome 2.0.172.37. 4. MightSOFT Audio Editor Pro MP3 File Unspecified Memory Corruption Vulnerability BugTraq ID: 35719 Remote: Yes Date Published: 2009-07-16 Relevant URL: http://www.securityfocus.com/bid/35719 Summary: MightSOFT Audio Editor Pro is prone to an unspecified memory-corruption vulnerability. An attacker can exploit this issue by tricking a victim into opening a malicious MP3 file to execute arbitrary code and to cause denial-of-service conditions. Audio Editor Pro 2.91 is vulnerable; other versions may also be affected. 5. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability BugTraq ID: 35667 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35667 Summary: Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. Icarus 2.0 is vulnerable; other versions may also be affected. 6. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability BugTraq ID: 35660 Remote: Yes Date Published: 2009-07-13 Relevant URL: http://www.securityfocus.com/bid/35660 Summary: Mozilla Firefox is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the affected application. Failed attempts will likely result in denial-of-service conditions. The issue affects Firefox 3.5; other versions may also be vulnerable. NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A crash was observed in Firefox 3.5 on Windows XP SP3. UPDATE (July 15, 2009): Remote code execution is also possible in Firefox 3.5 running on Apple Mac OS X. 7. LibTIFF Multiple Remote Integer Overflow Vulnerabilities BugTraq ID: 35652 Remote: Yes Date Published: 2009-07-13 Relevant URL: http://www.securityfocus.com/bid/35652 Summary: LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit these issues to execute arbitrary malicious code in the context of a user running an application that uses the affected library. Failed exploit attempts will likely crash the application. LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected. 8. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability BugTraq ID: 35642 Remote: Yes Date Published: 2009-07-13 Relevant URL: http://www.securityfocus.com/bid/35642 Summary: Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs: 0002E541-0000-0000-C000-000000000046 0002E559-0000-0000-C000-000000000046 An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 9. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability BugTraq ID: 35631 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35631 Summary: Microsoft ISA Server is prone to an authentication-bypass vulnerability. An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources within the context of the selected account. 10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability BugTraq ID: 35616 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35616 Summary: Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow component. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. 11. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability BugTraq ID: 35601 Remote: No Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35601 Summary: Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by an error in decoding privileged instructions. Note that this issue affects only systems that do not use hardware-assisted virtualization. Successful exploits may allow local attackers to elevate privileges within a guest operating system. 12. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability BugTraq ID: 35600 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35600 Summary: Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow component. Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition. 13. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability BugTraq ID: 35599 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35599 Summary: Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 14. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability BugTraq ID: 35187 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35187 Summary: Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer. 15. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability BugTraq ID: 35186 Remote: Yes Date Published: 2009-07-14 Relevant URL: http://www.securityfocus.com/bid/35186 Summary: Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Forcing Password Changes for Non-Interacitve Logons http://www.securityfocus.com/archive/88/505115 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by IronKey INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200 series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2 standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components, while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most sensitive data. Enterprise-class central management capabilities also make it easy to enforce security policies on fleets of drives and even remotely destroy drives in the field. Always-On AES 256-bit Hardware Encryption FIPS 140-2 Level 3 Validated Hardened Case?Waterproof Beyond MIL-STD-810F Remote Management Software Research for the IronKey architecture was funded in part by the U.S. Department of Homeland Security. In addition, IronKey maintains a trusted supply chain: all research and development is performed in the USA, and all boards are built and all drives are assembled in secure facilities in the USA. IronKey Basic S200 drives will also be available in high-capacity 16GB models. https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter
