Nabble - Security - Microsoft

SecurityFocus Microsoft Newsletter #414

2008-10-02T09:50:59Z

SecurityFocus Microsoft Newsletter #414
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Blaming the Good Samaritan
2.The Boston Trio and the MBTA
II. MICROSOFT VULNERABILITY SUMMARY
1. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability
2. WinZip 'gdiplus.dll' Microsoft Module Unspecified Security Vulnerability
3. Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML Injection Vulnerabilities
4. Wireshark Packet Capture File Denial of Service Vulnerability
5. Microsoft GDI+ 'GDIPLUS.dll' ICO File Divide-By-Zero Denial of Service Vulnerability
6. ZoneAlarm HTTP Proxy Remote Denial of Service Vulnerability
7. Microsoft Windows Mobile Overly Long Bluetooth Device Name Denial of Service Vulnerability
8. DATAC RealWin SCADA Server Remote Stack Buffer Overflow Vulnerability
9. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
10. phpMyAdmin Cross Site Scripting Vulnerability
11. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
12. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #413
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481

2.The Boston Trio and the MBTA
By Mark Rasch
The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a Court in Boston.
http://www.securityfocus.com/columnists/480

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ESET SysInspector 'esiadrv.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 31521
Remote: No
Date Published: 2008-10-01
Relevant URL: http://www.securityfocus.com/bid/31521
Summary:
ESET SysInspector is prone to a local privilege-escalation vulnerability that occurs in the 'esiadrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

ESET SysInspector 1.1.1.0 is vulnerable; other versions may also be affected.

2. WinZip 'gdiplus.dll' Microsoft Module Unspecified Security Vulnerability
BugTraq ID: 31485
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31485
Summary:
WinZip is prone to an unspecified vulnerability that stems from an error in the Microsoft 'gdiplus.dll' component included with the application.

NOTE: The issues described in this BID may be related to one or more of the issues described in the Microsoft MS08-052 security bulletin.

Reports indicate that this issue may allow attackers to execute arbitrary code in the context of the affected application, but Symantec has not confirmed this information.

This issue affects WinZip 11.x (prior to 11.2 SR-1) on Windows 2000 systems.

3. Marshal MailMarshal SMTP Spam Quarantine Management Multiple HTML Injection Vulnerabilities
BugTraq ID: 31483
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31483
Summary:
Marshal MailMarshal SMTP Spam Quarantine Management component is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible.

Reportedly, the attacker may be able to further exploit these issues to install arbitrary files on a victim's computer.

These issues affect MailMarshal SMTP 6.0 up to and including 6.3.

4. Wireshark Packet Capture File Denial of Service Vulnerability
BugTraq ID: 31468
Remote: Yes
Date Published: 2008-09-29
Relevant URL: http://www.securityfocus.com/bid/31468
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause crashes and deny service to legitimate users of the application.

Wireshark 1.0.3 is vulnerable; other versions may also be affected.

5. Microsoft GDI+ 'GDIPLUS.dll' ICO File Divide-By-Zero Denial of Service Vulnerability
BugTraq ID: 31432
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31432
Summary:
Microsoft GDI+ is prone to a denial-of-service vulnerability when processing a malformed ICO file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

6. ZoneAlarm HTTP Proxy Remote Denial of Service Vulnerability
BugTraq ID: 31431
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31431
Summary:
ZoneAlarm Internet Security Suite is prone to a remote denial-of-service vulnerability that occurs in the TrueVector component when connecting to a malicious HTTP proxy.

ZoneAlarm Internet Security Suite 8.0.020 is vulnerable; other versions may also be affected.

7. Microsoft Windows Mobile Overly Long Bluetooth Device Name Denial of Service Vulnerability
BugTraq ID: 31420
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31420
Summary:
Microsoft Windows Mobile is prone to a denial-of-service vulnerability because it fails to adequately validate user-supplied input.

An attacker can exploit this issue to crash a device running Windows Mobile, denying service to legitimate users. Given the nature of this issue, the attacker may also be able to run arbitrary code, but this has not been confirmed.

Windows Mobile 6.0 is vulnerable; other versions may also be affected.

8. DATAC RealWin SCADA Server Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 31418
Remote: Yes
Date Published: 2008-09-26
Relevant URL: http://www.securityfocus.com/bid/31418
Summary:
DATAC RealWin SCADA server is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the affected application. This may facilitate the complete compromise of affected computers. Failed exploit attempts may result in a denial-of-service condition.

RealWin SCADA server 2.0 is affected; other versions may also be vulnerable.

9. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
BugTraq ID: 31399
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31399
Summary:
WordPad is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted '.doc' file.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Attackers may also be able to run arbitrary code, but this has not been confirmed.

10. phpMyAdmin Cross Site Scripting Vulnerability
BugTraq ID: 31327
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31327
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.9.2 are vulnerable.

11. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31317
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31317
Summary:
DataSpade is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

DataSpade 1.0 is vulnerable; other versions may also be affected.

12. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
BugTraq ID: 31294
Remote: Yes
Date Published: 2008-09-22
Relevant URL: http://www.securityfocus.com/bid/31294
Summary:
Foxmail Email Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Foxmail Email Client 6.5 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #413
http://www.securityfocus.com/archive/88/496752

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF

SecurityFocus Microsoft Newsletter #413

2008-09-25T15:12:33Z

SecurityFocus Microsoft Newsletter #413
----------------------------------------

Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now: https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Boston Trio and the MBTA
2.From Physics to Security
II. MICROSOFT VULNERABILITY SUMMARY
1. K-Lite Mega Codec Pack 'vsfilter.dll' Denial Of Service Vulnerability
2. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
3. phpMyAdmin Cross Site Scripting Vulnerability
4. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
5. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
6. DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities
7. Kantan WEB Server Unspecified Directory Traversal Vulnerability
8. Kantan WEB Server Unspecified Cross Site Scripting Vulnerability
9. Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities
10. Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities
11. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
12. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
13. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
14. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Boston Trio and the MBTA
By Mark Rasch
The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a Court in Boston.
http://www.securityfocus.com/columnists/480

2.From Physics to Security
By Federico Biancuzzi
Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper.
http://www.securityfocus.com/columnists/479

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. K-Lite Mega Codec Pack 'vsfilter.dll' Denial Of Service Vulnerability
BugTraq ID: 31400
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31400
Summary:
K-Lite Mega Codec pack is prone to a denial-of-service vulnerability. The problem occurs when the 'vsfilter.dll' library is installed on the affected computer.

Attackers can exploit this issue to cause Windows Explorer to crash, denying service to legitimate users.

2. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
BugTraq ID: 31399
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31399
Summary:
WordPad is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted .doc file.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Arbitrary code execution may also be possible; this has not been confirmed.

3. phpMyAdmin Cross Site Scripting Vulnerability
BugTraq ID: 31327
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31327
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.9.2 are vulnerable.

4. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31317
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31317
Summary:
DataSpade is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

DataSpade 1.0 is vulnerable; other versions may also be affected.

5. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
BugTraq ID: 31294
Remote: Yes
Date Published: 2008-09-22
Relevant URL: http://www.securityfocus.com/bid/31294
Summary:
Foxmail Email Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Foxmail Email Client 6.5 is vulnerable; other versions may also be affected.

6. DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities
BugTraq ID: 31273
Remote: No
Date Published: 2008-09-20
Relevant URL: http://www.securityfocus.com/bid/31273
Summary:
DESlock+ is prone to multiple local vulnerabilities, including a buffer-overflow issue and multiple denial-of-service issues.

Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges or cause denial-of-service conditions.

These issues affect DESlock+ 3.2.7 and prior versions.

7. Kantan WEB Server Unspecified Directory Traversal Vulnerability
BugTraq ID: 31245
Remote: Yes
Date Published: 2008-09-18
Relevant URL: http://www.securityfocus.com/bid/31245
Summary:
Kantan WEB Server is prone to an unspecified directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Versions prior to Kantan WEB Server 1.9 are vulnerable.

8. Kantan WEB Server Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 31244
Remote: Yes
Date Published: 2008-09-18
Relevant URL: http://www.securityfocus.com/bid/31244
Summary:
Kantan WEB Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Kantan WEB Server 1.9 are vulnerable.

9. Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities
BugTraq ID: 31227
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31227
Summary:
Data Dynamics ActiveReports ActiveX control is prone to multiple insecure-method vulnerabilities caused by design errors.

An attacker can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.

These issues affect Data Dynamics ActiveReports Professional Edition Build 2.5.0.1314 ('ARView2.ocx' version 2.5.0.1314); other versions may also be affected.

10. Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 31226
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31226
Summary:
Acritum Femitter Server is prone to an information-disclosure vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues may allow an attacker to obtain sensitive information or cause the affected application to crash, denying service to legitimate users.

Femitter Server 1.03 is vulnerable; other versions may also be affected.

11. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
BugTraq ID: 31215
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31215
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to view a web page embedded with a malicious PNG file.

Successfully exploiting this issue will cause the application to stop responding, denying service to legitimate users.

Microsoft Internet Explorer 7 and 8 Beta 1 are vulnerable; other versions may also be affected.

12. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
BugTraq ID: 31208
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31208
Summary:
Adobe Illustrator is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects only Adobe Illustrator CS2 for Macintosh.

13. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
BugTraq ID: 31204
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31204
Summary:
Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service.

Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible.

Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable.

14. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
BugTraq ID: 31179
Remote: Yes
Date Published: 2008-09-15
Relevant URL: http://www.securityfocus.com/bid/31179
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets.

Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now: https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF

SecurityFocus Microsoft Newsletter #412

2008-09-17T15:33:07Z

SecurityFocus Microsoft Newsletter #412
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.SATAN'S Helper
2.Get Off My Cloud
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
2. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
3. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
4. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
5. Personal FTP Server 'RETR' Command Remote Denial of Service Vulnerability
6. Baidu Hi 'CSTransfer.dll' Remote Stack Buffer Overflow Vulnerability
7. Avant Browser JavaScript Engine Integer Overflow Vulnerability
8. RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
9. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
10. Maxthon Browser Remote Denial of Service Vulnerability
11. Apple iTunes Misleading Firewall Warning Weakness
12. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
13. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
14. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
15. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
16. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
17. Microsoft Organization Chart Remote Code Execution Vulnerability
18. Microsoft GDI+ BMP Integer Overflow Vulnerability
19. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
20. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
21. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
22. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #411
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.SATAN's Helper
By Federico Biancuzzi
SecurityFocus contributor Federico Biancuzzi chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix.
Venema is currently a researcher at IBM's T.J. Watson Research Center
http://www.securityfocus.com/columnists/479

2.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
BugTraq ID: 31215
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31215
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to view a web page embedded with a malicious PNG file.

Successfully exploiting this issue will cause the application to stop responding, denying service to legitimate users.

Microsoft Internet Explorer 7 and 8 Beta 1 are vulnerable; other versions may also be affected.

2. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
BugTraq ID: 31208
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31208
Summary:
Adobe Illustrator is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects only Adobe Illustrator CS2 for Macintosh.

3. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
BugTraq ID: 31204
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31204
Summary:
Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service.

Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible.

Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable.

4. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
BugTraq ID: 31179
Remote: Yes
Date Published: 2008-09-15
Relevant URL: http://www.securityfocus.com/bid/31179
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets.

Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

5. Personal FTP Server 'RETR' Command Remote Denial of Service Vulnerability
BugTraq ID: 31173
Remote: Yes
Date Published: 2008-09-14
Relevant URL: http://www.securityfocus.com/bid/31173
Summary:
Personal FTP Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

Personal FTP Server 6.0f is vulnerable; other versions may also be affected.

6. Baidu Hi 'CSTransfer.dll' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 31162
Remote: Yes
Date Published: 2008-09-13
Relevant URL: http://www.securityfocus.com/bid/31162
Summary:
Baidu Hi is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

7. Avant Browser JavaScript Engine Integer Overflow Vulnerability
BugTraq ID: 31155
Remote: Yes
Date Published: 2008-09-12
Relevant URL: http://www.securityfocus.com/bid/31155
Summary:
Avant Browser is prone to an integer-overflow vulnerability that occurs in the JavaScript engine.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious site.

Successfully exploiting this issue may allow attackers to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Avant Browser 11.7 Build 9 is vulnerable; other versions may also be affected.

NOTE: This vulnerability may be related to the issue described in BID 14917 (Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability).

8. RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
BugTraq ID: 31129
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31129
Summary:
Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This control is included with Microsoft SQL Server 2000; other versions may also be affected.

NOTE: This BID is being retired because the issue is not exploitable. The ActiveX control is not marked 'Safe for Scripting'.

9. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
BugTraq ID: 31124
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31124
Summary:
ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected.

10. Maxthon Browser Remote Denial of Service Vulnerability
BugTraq ID: 31098
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31098
Summary:
Maxthon Browser is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.

This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected.

11. Apple iTunes Misleading Firewall Warning Weakness
BugTraq ID: 31090
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31090
Summary:
Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users.

This issue may lead to a false sense of security, potentially aiding in network-based attacks.

Versions prior to Apple iTunes 8.0 are vulnerable to this issue.

12. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31089
Remote: No
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31089
Summary:
Apple iTunes is prone to a local privilege-escalation vulnerability due to an integer-overflow issue.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to iTunes 8.0 for Microsoft Windows XP and Microsoft Windows Vista.

13. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
BugTraq ID: 31086
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31086
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

14. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 31069
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31069
Summary:
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.

15. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
BugTraq ID: 31067
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31067
Summary:
Microsoft Office OneNote is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

16. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 31065
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31065
Summary:
The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

17. Microsoft Organization Chart Remote Code Execution Vulnerability
BugTraq ID: 31059
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31059
Summary:
Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation.

Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted Organization Chart document.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Microsoft Organization Chart 2.00,19 is vulnerable; other versions may also be affected.

18. Microsoft GDI+ BMP Integer Overflow Vulnerability
BugTraq ID: 31022
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31022
Summary:
Microsoft GDI+ is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.

Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

19. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

20. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
BugTraq ID: 31020
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31020
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

21. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
BugTraq ID: 31019
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31019
Summary:
Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

22. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 31018
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31018
Summary:
Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user.

23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
BugTraq ID: 30550
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/30550
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #411
http://www.securityfocus.com/archive/88/496270

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/forenterprise2

SecurityFocus Microsoft Newsletter #411

2008-09-12T08:09:20Z

SecurityFocus Microsoft Newsletter #411
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.iroky.com/forenterprise2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
2. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
3. Maxthon Browser Remote Denial of Service Vulnerability
4. Apple iTunes Misleading Firewall Warning Weakness
5. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
6. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
7. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
8. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
9. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
10. Microsoft Organization Chart Remote Code Execution Vulnerability
11. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
12. Microsoft GDI+ BMP Integer Overflow Vulnerability
13. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
14. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
15. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
16. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
17. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
18. Wireshark 1.0.2 Multiple Vulnerabilities
19. RETIRED: Moodle Multiple Remote File Include Vulnerabilities
20. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
21. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
22. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
BugTraq ID: 31129
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31129
Summary:
Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This control is included with Microsoft SQL Server 2000; other versions may also be affected.

2. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
BugTraq ID: 31124
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31124
Summary:
ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and allow the attacker to gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected.

3. Maxthon Browser Remote Denial of Service Vulnerability
BugTraq ID: 31098
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31098
Summary:
Maxthon Browser is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.

This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected.

4. Apple iTunes Misleading Firewall Warning Weakness
BugTraq ID: 31090
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31090
Summary:
Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users.

This issue may lead to a false sense of security, potentially aiding in network-based attacks.

Versions prior to Apple iTunes 8.0 are vulnerable to this issue.

5. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31089
Remote: No
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31089
Summary:
Apple iTunes is prone to a local privilege-escalation vulnerability due to an integer-overflow issue.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to iTunes 8.0 for Microsoft Windows XP and Microsoft Windows Vista.

6. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
BugTraq ID: 31086
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31086
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

7. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 31069
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31069
Summary:
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.

8. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
BugTraq ID: 31067
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31067
Summary:
Microsoft Office OneNote is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

9. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 31065
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31065
Summary:
The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

10. Microsoft Organization Chart Remote Code Execution Vulnerability
BugTraq ID: 31059
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31059
Summary:
Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation.

Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted Organization Chart document.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Microsoft Organization Chart 2.00,19 is vulnerable; other versions may also be affected.

11. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
BugTraq ID: 31058
Remote: Yes
Date Published: 2008-09-01
Relevant URL: http://www.securityfocus.com/bid/31058
Summary:
IBM DB2 Universal Database Server is prone to multiple vulnerabilities:

- A remote denial-of-service issue related to CONNECT / ATTACH processing.
- An unspecified vulnerability in the DB2FMP process.
- A remote denial-of-service issue in DB2JDS.
- The DB2FMP process executes with system privileges under Windows.

An attacker may exploit these issues to deny service to legitimate users. Other attacks may also be possible.

The CONNECT / ATTACH issue may be related to the issue discussed in BID 27870 (IBM DB2 Universal Database Multiple Vulnerabilities).

Very few details are available regarding these issues. We will update this BID as more information emerges.

These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 17.

12. Microsoft GDI+ BMP Integer Overflow Vulnerability
BugTraq ID: 31022
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31022
Summary:
Microsoft GDI+ is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.

Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

13. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

14. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
BugTraq ID: 31020
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31020
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

15. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
BugTraq ID: 31019
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31019
Summary:
Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

16. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 31018
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31018
Summary:
Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user.

17. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31014
Remote: Yes
Date Published: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31014
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document the issues when the bulletins are released.

18. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

19. RETIRED: Moodle Multiple Remote File Include Vulnerabilities
BugTraq ID: 30995
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30995
Summary:
Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect Moodle 1.8.4; other versions may also be affected.

NOTE: Further analysis indicates that these issues were previously documented in BID 28599 (kses Multiple Input Validation Vulnerabilities), so this BID is being retired.

20. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 30993
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30993
Summary:
Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Open-FTPD 1.2 is vulnerable; other versions may also be affected.

21. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30992
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30992
Summary:
@Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect the following versions:

@Mail WebMail 5.05 running on Microsoft Windows
@Mail 5.42 running on CentOS

Other versions running on different platforms may also be affected.

22. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
BugTraq ID: 30970
Remote: Yes
Date Published: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30970
Summary:
Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
BugTraq ID: 30550
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/30550
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.iroky.com/forenterprise2

SecurityFocus Microsoft Newsletter #410

2008-09-04T13:38:48Z

SecurityFocus Microsoft Newsletter #410
----------------------------------------

This issue is sponsored by Sponsored by Motorola Good technology

Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require
http://dinclinx.com/Redirect.aspx?36;1267;45;189;0;13;1ea6f133b6f4a2b1

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
2. Wireshark 1.0.2 Multiple Vulnerabilities
3. Moodle Multiple Remote File Include Vulnerabilities
4. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
5. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
6. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
7. Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
8. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities
9. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
10. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
11. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
12. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
13. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #409
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31014
Remote: Yes
Date Published: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31014
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document the issues when the bulletins are released.

2. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

3. Moodle Multiple Remote File Include Vulnerabilities
BugTraq ID: 30995
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30995
Summary:
Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect Moodle 1.8.4; other versions may also be affected.

4. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 30993
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30993
Summary:
Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Open-FTPD 1.2 is vulnerable; other versions may also be affected.

5. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30992
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30992
Summary:
@Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect the following versions:

@Mail WebMail 5.05 running on Microsoft Windows
@Mail 5.42 running on CentOS

Other versions running on different platforms may also be affected.

6. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
BugTraq ID: 30970
Remote: Yes
Date Published: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30970
Summary:
Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

7. Retired: Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability
BugTraq ID: 30933
Remote: Yes
Date Published: 2008-08-29
Relevant URL: http://www.securityfocus.com/bid/30933
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF files.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

NOTE: This BID is being retired because further analysis indicates that this vulnerability is the same issue described in BID 28571 (Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow Vulnerability).

8. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities
BugTraq ID: 30881
Remote: Yes
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30881
Summary:
PureMessage for Microsoft Exchange is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly process certain messages.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users.

PureMessage 3.0 is vulnerable; other versions may also be affected.

9. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
BugTraq ID: 30863
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30863
Summary:
Ultra Office Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

Successful exploits may allow attackers to compromise affected computers.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

10. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
BugTraq ID: 30861
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30861
Summary:
Ultra Office Control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

11. LibTIFF 'tif_lzw.c' Remote Buffer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.

LibTIFF 3.7.2 and 3.8.2 are vulnerable.

12. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
BugTraq ID: 30828
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30828
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2008 is vulnerable; other versions may also be affected.

13. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
BugTraq ID: 30818
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30818
Summary:
DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords.

Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot.

DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected.

Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #409
http://www.securityfocus.com/archive/88/495853

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Motorola Good technology

Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require
http://dinclinx.com/Redirect.aspx?36;1267;45;189;0;13;1ea6f133b6f4a2b1

SecurityFocus Microsoft Newsletter #409

2008-08-29T14:54:19Z

SecurityFocus Microsoft Newsletter #409
----------------------------------------

This issue is sponsored by Sponsored by Motorola Good technology

Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require.
http://whitepapers.securityfocus.com/option,com_categoryreport/task,viewabstract/title,1267/id,/vid,36/cat,/pathway,no/srcid,189/

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. MICROSOFT VULNERABILITY SUMMARY
1. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities
2. Mono 'System.Web' HTTP Header Injection Vulnerability
3. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
4. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
5. LibTIFF 'tif_lzw.c' Remote Integer Underflow Vulnerability
6. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
7. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
8. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability
9. Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability
10. Opera Web Browser 9.51 Multiple Security Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #408
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. PureMessage for Microsoft Exchange RTF Multiple Denial Of Service Vulnerabilities
BugTraq ID: 30881
Remote: Yes
Date Published: 2008-08-28
Relevant URL: http://www.securityfocus.com/bid/30881
Summary:
PureMessage for Microsoft Exchange is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly process certain messages.

An attacker may exploit these issues to crash the affected application, denying service to legitimate users.

PureMessage 3.0 is vulnerable; other versions may also be affected.

2. Mono 'System.Web' HTTP Header Injection Vulnerability
BugTraq ID: 30867
Remote: No
Date Published: 2008-08-20
Relevant URL: http://www.securityfocus.com/bid/30867
Summary:
Mono is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sanitize input.

By inserting arbitrary headers into an HTTP response, attackers may be able to launch cross-site request-forgery, cross-site scripting, HTTP-request-smuggling, and other attacks.

This issue affects Mono 2.0 and earlier.

3. Ultra Office Control 'Save()' Method Arbitrary File Overwrite Vulnerability
BugTraq ID: 30863
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30863
Summary:
Ultra Office Control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

Successful exploits may allow attackers to compromise affected computers.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

4. Ultra Office Control 'HttpUpload()' Method Buffer Overflow Vulnerability
BugTraq ID: 30861
Remote: Yes
Date Published: 2008-08-27
Relevant URL: http://www.securityfocus.com/bid/30861
Summary:
Ultra Office Control is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

Ultra Office Control 2.0.2008.501 is vulnerable; other versions may also be affected.

5. LibTIFF 'tif_lzw.c' Remote Integer Underflow Vulnerability
BugTraq ID: 30832
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30832
Summary:
LibTIFF is prone to an integer-underflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary malicious code in the context of the user running an application that uses the affected library. Failed exploit attempts will likely crash applications using the affected library.

LibTIFF 3.7.2 and 3.8.2 are vulnerable.

6. JustSystems Ichitaro Document Handling Unspecified Code Execution Vulnerability
BugTraq ID: 30828
Remote: Yes
Date Published: 2008-08-26
Relevant URL: http://www.securityfocus.com/bid/30828
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2008 is vulnerable; other versions may also be affected.

7. Retired: DriveCrypt Incorrect BIOS API Usage Security Vulnerability
BugTraq ID: 30818
Remote: No
Date Published: 2008-08-25
Relevant URL: http://www.securityfocus.com/bid/30818
Summary:
DriveCrypt is prone to a security vulnerability that may cause a denial-of-service condition or allow attackers to gain access to plain text passwords.

Local attackers can exploit this issue to gain access to access to sensitive information or cause the affected computer to reboot.

DriveCrypt Plus Pack version 3.9 is vulnerable; other versions may also be affected.

Note: This vulnerability is the same issue described in BID 15751 (Multiple Vendor BIOS Keyboard Buffer Password Persistence Weakness) therefore this BID is being retired.

8. Microsoft Windows Media Services 'nskey.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 30814
Remote: Yes
Date Published: 2008-08-22
Relevant URL: http://www.securityfocus.com/bid/30814
Summary:
The Microsoft Windows Media Services ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

'nskey.dll' 4.1.00.3917 is vulnerable; other versions may also be affected.

9. Folder Lock Weak Password Encryption Local Information Disclosure Vulnerability
BugTraq ID: 30771
Remote: No
Date Published: 2008-08-20
Relevant URL: http://www.securityfocus.com/bid/30771
Summary:
Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner.

A local attacker can exploit this issue to obtain passwords used by the application, which may aid in further attacks.

Folder Lock 5.9.5 is vulnerable; other versions may also be affected.

10. Opera Web Browser 9.51 Multiple Security Vulnerabilities
BugTraq ID: 30768
Remote: Yes
Date Published: 2008-08-20
Relevant URL: http://www.securityfocus.com/bid/30768
Summary:
Opera Web Browser is prone to multiple security vulnerabilities.

Successful exploits may allow attackers to:
- cause denial-of-service conditions
- violate the same-origin policy
- carry out phishing and cross-domain attacks
- execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site
- steal cookie-based authentication credentials
- present insecure websites as secure
- obtain sensitive information
- mislead a user
- carry out other attacks

Versions prior to Opera 9.52 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #408
http://www.securityfocus.com/archive/88/495736

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Motorola Good technology

Mobile Device Security: Securing the Handheld, Securing the Enterprise. Mobile devices represent a tremendous productivity advantage for today's mobile worker. However, IT organizations must give consideration to the deployment of device security policies in order to provide the level of security that enterprises require.
http://whitepapers.securityfocus.com/option,com_categoryreport/task,viewabstract/title,1267/id,/vid,36/cat,/pathway,no/srcid,189/