SecurityFocus Microsoft Newsletter #451 ----------------------------------------
This issue is sponsored by Immunet Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet Protect here: https://www.immunet.com/user/new ------------------------------------------------------------------ I. FRONT AND CENTER 1.The Scale of Security 2.Hacker-Tool Law Still Does Little II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability 2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability 3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability 4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability 5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability 6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability 7. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability 8. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability 9. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability 10. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability 11. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability 12. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability 13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability 14. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability 15. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.The Scale of Security By Adam O'Donnell Human beings do not naturally understand scale. While we speak of financial transactions in the hundreds of billions of dollars as being something as routine as brushing our teeth, we question the value of programs that cost in the single-digit millions and quibble with friends over dollars. Similarly, there are many problems in our industry that, when explained to an outsider, sound like they should have been solved decades ago. It is only when we relate the number of systems that need to be considered in the repair that we truly communicate the difficulty of the problem. http://www.securityfocus.com/columnists/503 2. Hacker-Tool Law Still Does Little By Mark Rasch On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted to make the creation or distribution of computer security software a criminal offense. http://www.securityfocus.com/columnists/502 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability BugTraq ID: 36029 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/36029 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability. This issue may affect the Embedded OpenType font engine. Remote attackers can exploit this issue to cause affected computers to crash with a Blue Screen crash event. Remote code execution may also be possible, but this currently has not been been confirmed. 2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability BugTraq ID: 35993 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35993 Summary: Microsoft Windows is prone to an authentication-bypass vulnerability that exists in the Telnet protocol. An attacker can exploit this issue to gain unauthorized access to the affected computer with the privileges of the victim user. Successfully exploiting this issue may compromise the affected computer. 3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability BugTraq ID: 35992 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35992 Summary: Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability BugTraq ID: 35991 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35991 Summary: Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability BugTraq ID: 35990 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35990 Summary: Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage. Successfully exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability BugTraq ID: 35985 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35985 Summary: Microsoft ASP.NET is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause the application pool on the affected webserver to become unresponsive, denying service to legitimate users. NOTE: This issue only affects ASP.NET on webservers running IIS 7 in integrated mode. 7. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability BugTraq ID: 35982 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35982 Summary: The Microsoft Active Template Library is prone to a remote code-execution vulnerability. This issue affects a private version of the ATL used internally by Microsoft; components written by other vendors are unlikely to be affected. Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user running an application built against the affected library. Failed exploit attempts will result in a denial-of-service condition. 8. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability BugTraq ID: 35981 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35981 Summary: The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. 9. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability BugTraq ID: 35980 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35980 Summary: The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will completely compromise affected computers. Failed exploit attempts will result in a denial-of-service condition. 10. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability BugTraq ID: 35973 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35973 Summary: Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow vulnerability. Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious Web page. Successful exploits will allow attackers to execute arbitrary code within the context of the affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. 11. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability BugTraq ID: 35972 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35972 Summary: Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue by sending specially crafted Remote Procedure Call (RPC) messages to a vulnerable computer. Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will result in a denial-of-service condition. 12. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability BugTraq ID: 35971 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35971 Summary: Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability when processing certain parameters returned by a malicious RDP (Remote Desktop Protocol) server. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely cause denial-of-service conditions. 13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability BugTraq ID: 35970 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35970 Summary: Microsoft Windows is prone to a remote integer-overflow vulnerability. This issue arises when an affected Windows component handles a malicious Audio Video Interleave (AVI) file. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit attempts will result in a denial-of-service condition. NOTE: The affected Windows operating system component is independent of Windows Media Player therefore this issue does not specifically affect Windows Media Player. 14. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability BugTraq ID: 35969 Remote: No Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35969 Summary: The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploits will cause a denial of service. 15. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability BugTraq ID: 35967 Remote: Yes Date Published: 2009-08-11 Relevant URL: http://www.securityfocus.com/bid/35967 Summary: Microsoft Windows is prone to a remote code-execution vulnerability. This issue arises when an affected Windows component handles a malicious Audio Video Interleave (AVI) file. An attacker can exploit this issue to execute arbitrary code with the privileges of the affected user. Failed exploit attempts will result in a denial-of-service condition. NOTE: The affected Windows operating system component is independent of Windows Media Player therefore this issue does not specifically affect Windows Media Player. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Immunet Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet Protect here: https://www.immunet.com/user/new
