SecurityFocus Microsoft Newsletter #450
----------------------------------------
This issue is sponsored by SC World Congress
Make plans now to attend the second annual SC World Congress - Enterprise Data
Security, October
13-14 in New York City. The Congress features a comprehensive, two-day program
presented in four
tracks-including the unique Editors Choice sessions-and the industry's largest
fall product expo
showcasing IT security solutions from the leading vendors and hot start-ups.
Emphasizing quality
content, innovative formats and sessions, global perspectives and ROI, this is
the one event you
can't afford to miss. Register by August 31 for big savings.
www.scworldcongress.com
------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of
Service Vulnerability
2. Microsoft Windows Telnet NTLM Credential Reflection Authentication
Bypass Vulnerability
3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code
Execution Vulnerability
4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote
Code Execution
Vulnerability
5. Microsoft Office Web Components ActiveX Control Memory Allocation
Code Execution
Vulnerability
6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
7. Subversion Binary Delta Processing Multiple Integer Overflow
Vulnerabilities
8. Microsoft Active Template Library Object Type Mismatch Remote Code
Execution Vulnerability
9. Microsoft Windows WINS Server Network Buffer Length Integer Overflow
Vulnerability
10. Microsoft Windows WINS Server Network Packet Remote Heap Buffer
Overflow Vulnerability
11. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory
Corruption Vulnerability
12. Microsoft August 2009 Advance Notification Multiple Vulnerabilities
13. Microsoft Remote Desktop Connection ActiveX Control Heap Based
Buffer Overflow Vulnerability
14. Microsoft Windows Workstation Service Double Free Remote Code
Execution Vulnerability
15. Microsoft Remote Desktop Connection Client Heap Based Buffer
Overflow Vulnerability
16. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow
Vulnerability
17. Microsoft Message Queuing Service NULL Pointer Dereference Local
Privilege Escalation
Vulnerability
18. Microsoft Windows Malformed AVI File Header Parsing Remote Code
Execution Vulnerability
19. UltraPlayer Malformed '.usk' Playlist File Buffer Overflow
Vulnerability
20. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution
Vulnerability
21. Microsoft Internet Explorer 8 Denial of Service Vulnerability
22. BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial
transactions in the
hundreds of billions of dollars as being something as routine as brushing our
teeth, we question the
value of programs that cost in the single-digit millions and quibble with
friends over dollars.
Similarly, there are many problems in our industry that, when explained to an
outsider, sound like
they should have been solved decades ago. It is only when we relate the number
of systems that need
to be considered in the repair that we truly communicate the difficulty of the
problem.
http://www.securityfocus.com/columnists/503
2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect.
The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime,
could be interpreted
to make the creation or distribution of computer security software a criminal
offense.
http://www.securityfocus.com/columnists/502
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of
Service Vulnerability
BugTraq ID: 36029
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36029
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability.
This issue may affect the Embedded OpenType font engine.
Remote attackers can exploit this issue to cause affected computers to crash
with a Blue Screen
crash event. Remote code execution may also be possible, but this currently
has not been been
confirmed.
2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass
Vulnerability
BugTraq ID: 35993
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35993
Summary:
Microsoft Windows is prone to an authentication-bypass vulnerability that
exists in the Telnet protocol.
An attacker can exploit this issue to gain unauthorized access to the affected
computer with the
privileges of the victim user. Successfully exploiting this issue may
compromise the affected computer.
3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code
Execution Vulnerability
BugTraq ID: 35992
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35992
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote
code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to visit a
maliciously crafted webpage.
Successfully exploiting this issue will allow attackers to execute arbitrary
code within the context
of the affected application that uses the ActiveX control (typically Internet
Explorer). Failed
exploit attempts will result in a denial-of-service condition.
4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code
Execution Vulnerability
BugTraq ID: 35991
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35991
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote
code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to visit a
maliciously crafted webpage.
Successfully exploiting this issue will allow attackers to execute arbitrary
code within the context
of the affected application that uses the ActiveX control (typically Internet
Explorer). Failed
exploit attempts will result in a denial-of-service condition.
5. Microsoft Office Web Components ActiveX Control Memory Allocation Code
Execution Vulnerability
BugTraq ID: 35990
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35990
Summary:
Microsoft Office Web Components OWC10 ActiveX control is prone to a remote
code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to visit a
maliciously crafted webpage.
Successfully exploiting this issue will allow attackers to execute arbitrary
code within the context
of the affected application that uses the ActiveX control (typically Internet
Explorer). Failed
exploit attempts will result in a denial-of-service condition.
6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
BugTraq ID: 35985
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35985
Summary:
Microsoft ASP.NET is prone to a denial-of-service vulnerability.
An attacker can exploit this issue to cause the application pool on the
affected webserver to become
unresponsive, denying service to legitimate users.
NOTE: This issue only affects ASP.NET on webservers running IIS 7 in integrated
mode.
7. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35983
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35983
Summary:
Subversion is prone to multiple integer-overflow vulnerabilities.
Attackers can exploit these issues to execute arbitrary code in the context of
Subversion clients
and servers. Successful exploits will compromise the affected application and
possibly the computer.
Failed attacks will cause denial-of-service conditions.
The issues affect the following:
Subversion clients and servers versions 1.5.6 and prior.
Subversion clients and servers versions 1.6.0 through 1.6.3.
8. Microsoft Active Template Library Object Type Mismatch Remote Code Execution
Vulnerability
BugTraq ID: 35982
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35982
Summary:
The Microsoft Active Template Library is prone to a remote code-execution
vulnerability.
This issue affects a private version of the ATL used internally by Microsoft;
components written by
other vendors are unlikely to be affected.
Remote attackers can exploit this issue to execute arbitrary code with the
privileges of the user
running an application built against the affected library. Failed exploit
attempts will result in a
denial-of-service condition.
9. Microsoft Windows WINS Server Network Buffer Length Integer Overflow
Vulnerability
BugTraq ID: 35981
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35981
Summary:
The Microsoft Windows WINS Server is prone to a remote integer-overflow
vulnerability.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges.
Successfully exploiting this issue will completely compromise affected
computers. Failed exploit
attempts will result in a denial-of-service condition.
10. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow
Vulnerability
BugTraq ID: 35980
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35980
Summary:
The Microsoft Windows WINS Server is prone to a remote heap-based
buffer-overflow vulnerability
because the application fails to perform adequate boundary-checks on
user-supplied data.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges.
Successfully exploiting this issue will completely compromise affected
computers. Failed exploit
attempts will result in a denial-of-service condition.
11. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory
Corruption Vulnerability
BugTraq ID: 35977
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35977
Summary:
Sun OpenSSO Enterprise (formerly Sun Java System Access Manager and Sun Java
System Identity Server)
is prone to a memory-corruption vulnerability because it fails to properly
handle specially crafted
XML documents.
Very few details are available regarding this issue. We will update this BID as
more information
emerges.
An attacker can exploit this issue to execute arbitrary code within the context
of the vulnerable
application. Failed exploit attempts will result in a denial-of-service
condition.
12. Microsoft August 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35974
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35974
Summary:
Microsoft has released advance notification that on August 11, 2009 the vendor
will be releasing 9
security bulletins covering multiple issues. The highest severity rating for
these issues is 'Critical'.
These issues affect the following:
Windows
Outlook Express
Media Player
.NET
Client for Mac
Office
Visual Studio
ISA Server
BizTalk Server
Successfully exploiting these issues may allow remote or local attackers to
compromise affected
computers.
Individual records will be created to document these issues when the bulletins
are released.
13. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer
Overflow Vulnerability
BugTraq ID: 35973
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35973
Summary:
Microsoft Remote Desktop Connection ActiveX control is prone to a remote
heap-based buffer-overflow
vulnerability.
Attackers may exploit this issue by enticing an unsuspecting victim to view a
malicious webpage.
Successful exploits will allow attackers to execute arbitrary code within the
context of the
affected application that uses the ActiveX control (typically Internet
Explorer). Failed exploit
attempts will result in a denial-of-service condition.
14. Microsoft Windows Workstation Service Double Free Remote Code Execution
Vulnerability
BugTraq ID: 35972
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35972
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.
An attacker can exploit this issue by sending specially-crafted Remote
Procedure Call (RPC) messages
to a vulnerable computer.
Successfully exploiting this issue will allow attackers to execute arbitrary
code with SYSTEM-level
privileges, completely compromising affected computers. Failed exploit attempts
will result in a
denial-of-service condition.
15. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow
Vulnerability
BugTraq ID: 35971
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35971
Summary:
Microsoft Remote Desktop Connection client is prone to a heap-based
buffer-overflow vulnerability
when processing certain parameters returned by a malicious RDP (Remote Desktop
Protocol) server.
Successfully exploiting this issue would allow an attacker to corrupt heap
memory and execute
arbitrary code in the context of the currently logged-in user. Failed exploit
attempts will likely
cause denial-of-service conditions.
16. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow
Vulnerability
BugTraq ID: 35970
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35970
Summary:
Microsoft Windows is prone to a remote integer-overflow vulnerability.
This issue arises when an affected Windows component handles a malicious Audio
Video Interleave
(AVI) file.
An attacker can exploit this issue to execute arbitrary code with the
privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.
NOTE: The affected Windows operating system component is independent of Windows
Media Player
therefore this issue does not specifically affect Windows Media Player.
17. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege
Escalation Vulnerability
BugTraq ID: 35969
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35969
Summary:
The Microsoft Message Queuing service is prone to a local privilege-escalation
vulnerability because
it fails to adequately handle user-supplied input.
An attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges.
Successfully exploiting this issue will result in the complete compromise of
affected computers.
Failed exploits will cause a denial of service.
18. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution
Vulnerability
BugTraq ID: 35967
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35967
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.
This issue arises when an affected Windows component handles a malicious Audio
Video Interleave
(AVI) file.
An attacker can exploit this issue to execute arbitrary code with the
privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.
NOTE: The affected Windows operating system component is independent of Windows
Media Player
therefore this issue does not specifically affect Windows Media Player.
19. UltraPlayer Malformed '.usk' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 35956
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35956
Summary:
UltraPlayer is prone to a buffer-overflow vulnerability because the
application fails to
bounds-check user-supplied data before copying it into an insufficiently sized
buffer.
Attackers can execute arbitrary code in the context of the affected
application. Failed exploit
attempts will result in a denial-of-service condition.
UltraPlayer 2.112 is vulnerable; other versions may also be affected.
20. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution
Vulnerability
BugTraq ID: 35945
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35945
Summary:
Java Web Start ActiveX Control included in Sun JRE and JDK is prone to a remote
code-execution
vulnerability.
A remote attacker can exploit this issue by enticing an unsuspecting victim to
view a malicious
webpage. If successful, the attacker can run arbitrary code with the privileges
of the user running
the affected application. Failed exploit attempts will likely result in a
denial-of-service condition.
This issue is caused by the vulnerabilities described in Microsoft security
advisory 973883 and is
related to the following BIDs:
35828 Microsoft Visual Studio Active Template Library COM Object Remote Code
Execution Vulnerability
35830 Microsoft Visual Studio Active Template Library NULL String Information
Disclosure Vulnerability
35832 Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution
Vulnerability
This issue affects the following:
JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior
NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple
Security
Vulnerabilities), but has been assigned its own record to better document it.
21. Microsoft Internet Explorer 8 Denial of Service Vulnerability
BugTraq ID: 35941
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35941
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service
vulnerability.
Successful exploits can allow attackers to crash the affected browser,
resulting in
denial-of-service conditions. Due to the nature of this issue attackers may be
able to corrupt
process memory and execute arbitrary code, but this has not been confirmed.
The issue affects Internet Explorer 8; other versions may also be vulnerable.
22. BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow
Vulnerability
BugTraq ID: 35918
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35918
Summary:
BlazeDVD Professional is prone to a buffer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context
of the application
or trigger a denial-of-service condition.
BlazeDVD Professional 5.1 and Blaze Video HDTV Player 6.0 are vulnerable; other
versions may also be
affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
[email protected] from the
subscribed address. The contents of the subject or message body do not matter.
You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [email protected] and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is sponsored by SC World Congress
Make plans now to attend the second annual SC World Congress - Enterprise Data
Security, October
13-14 in New York City. The Congress features a comprehensive, two-day program
presented in four
tracks-including the unique Editors Choice sessions-and the industry's largest
fall product expo
showcasing IT security solutions from the leading vendors and hot start-ups.
Emphasizing quality
content, innovative formats and sessions, global perspectives and ROI, this is
the one event you
can't afford to miss. Register by August 31 for big savings.
www.scworldcongress.com
