SecurityFocus Microsoft Newsletter #389
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
SecurityFocus Microsoft Newsletter #389
by Rob Keith
::
Rate this Message:
SecurityFocus Microsoft Newsletter #389
---------------------------------------- This issue is sponsored by Solidcore Systems PCI DSS Compliance for $25/node Learn how companies like Restoration Hardware, Convergys, and others have achieved PCI compliance. Download the Solidcore S3 Control PCI Starter Edition now! http://www.solidcore.com/landing_pages/pci_starter_sf.html SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.On the Border 2.Catch Them if You can II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability 2. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability 3. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities 4. SmarterTools SmarterMail HTTP Request Handling Denial Of Service Vulnerability 5. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability 6. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability 7. iMatix Xitami Multiple Format String Vulnerabilities 8. Borland StarTeam Multicast Service 'GMWebHandler::parse_request()' Buffer Overflow Vulnerability 9. Microsoft April 2008 Advance Notification Multiple Vulnerabilities 10. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability 11. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability 12. Microsoft Windows GDI Heap Overflow Vulnerability 13. Microsoft Windows GDI Stack Overflow Vulnerability 14. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability 15. IBM DB2 Content Manager Unspecified Security Vulnerability 16. NoticeWare Corporation NoticeWare Email Server Denial Of Service Vulnerability 17. Microsoft Visio Memory Validation Remote Code Execution Vulnerability 18. Microsoft Visio Object Header Remote Code Execution Vulnerability 19. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability 20. Microsoft Windows DNS Client Service Response Spoofing Vulnerability 21. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability 22. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability 23. Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability 24. PowerDNS Remote Cache Poisoning Vulnerability 25. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities 26. avast! Home/Professional Local Privilege Escalation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #388 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.On the Border By Mark Rasch Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway? http://www.securityfocus.com/columnists/469 2.Catch Them if You Can By Don Parker High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common http://www.securityfocus.com/columnists/468 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability BugTraq ID: 28667 Remote: Yes Date Published: 2008-04-07 Relevant URL: http://www.securityfocus.com/bid/28667 Summary: Microsoft Internet Explorer is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain potentially sensitive information from the local computer. Information obtained may aid in further attacks. This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed. This issue may be related to the vulnerability discussed in BID 28581 (Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability). 2. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 28662 Remote: Yes Date Published: 2008-04-07 Relevant URL: http://www.securityfocus.com/bid/28662 Summary: Tumbleweed SecureTransport is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. 3. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities BugTraq ID: 28616 Remote: Yes Date Published: 2008-04-04 Relevant URL: http://www.securityfocus.com/bid/28616 Summary: Computer Associates ARCserve Backup for Laptops and Desktops is prone to multiple remote issues, including a buffer-overflow vulnerability and a denial-of-service vulnerability. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges. This will result in a complete compromise of affected computers. Attackers may also trigger application crashes, denying service to legitimate users. These issues are related to the ones documented in BID 24348 (Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities). The fixes for CVE-2007-3216 and CVE-2007-5005 did not completely resolve the previous issues. 4. SmarterTools SmarterMail HTTP Request Handling Denial Of Service Vulnerability BugTraq ID: 28610 Remote: Yes Date Published: 2008-04-04 Relevant URL: http://www.securityfocus.com/bid/28610 Summary: SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it will crash. Remote attackers can exploit this issue to deny service to legitimate users. SmarterMail 5.0 is vulnerable; other versions may also be affected. 5. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability BugTraq ID: 28607 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28607 Summary: Microsoft Project is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. 6. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability BugTraq ID: 28606 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28606 Summary: Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 7. iMatix Xitami Multiple Format String Vulnerabilities BugTraq ID: 28603 Remote: Yes Date Published: 2008-04-03 Relevant URL: http://www.securityfocus.com/bid/28603 Summary: Xitami is prone to multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A remote attacker may potentially execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service. These issues affect Xitami 2.5c2; other versions may be affected as well. 8. Borland StarTeam Multicast Service 'GMWebHandler::parse_request()' Buffer Overflow Vulnerability BugTraq ID: 28602 Remote: Yes Date Published: 2008-04-03 Relevant URL: http://www.securityfocus.com/bid/28602 Summary: Borland StarTeam Multicast Service is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This issue affects Borland StarTeam Multicast Service 6.4 included in Borland CaliberRM 2006, 2007, and 2008. Other Borland products may also be affected. 9. Microsoft April 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 28598 Remote: Yes Date Published: 2008-04-03 Relevant URL: http://www.securityfocus.com/bid/28598 Summary: Microsoft has released advance notification that the vendor will be releasing eight security bulletins on April 8, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. 10. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability BugTraq ID: 28581 Remote: Yes Date Published: 2008-04-02 Relevant URL: http://www.securityfocus.com/bid/28581 Summary: Microsoft Internet Explorer is prone to a script-injection vulnerability when handling specially crafted requests to 'acr_error.htm' via the 'res://' protocol. The file resides in the 'ieframe.dll' dynamic-link library. An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks. Internet Explorer 8 is vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed. 11. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability BugTraq ID: 28580 Remote: Yes Date Published: 2008-04-02 Relevant URL: http://www.securityfocus.com/bid/28580 Summary: Microsoft Internet Explorer is prone to a denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage. Successfully exploiting this issue will allow attackers to crash the application, denying service to legitimate users. This issue affects Microsoft Internet Explorer 8 Beta 1. 12. Microsoft Windows GDI Heap Overflow Vulnerability BugTraq ID: 28571 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28571 Summary: Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file. A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer. 13. Microsoft Windows GDI Stack Overflow Vulnerability BugTraq ID: 28570 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28570 Summary: Microsoft Windows is prone to a stack-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF image file. A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer. 14. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability BugTraq ID: 28569 Remote: Yes Date Published: 2008-04-02 Relevant URL: http://www.securityfocus.com/bid/28569 Summary: HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers. Network Node Manager 7.51 running on Microsoft Windows is affected by this issue; other versions and platforms may also be vulnerable. 15. IBM DB2 Content Manager Unspecified Security Vulnerability BugTraq ID: 28567 Remote: No Date Published: 2008-04-02 Relevant URL: http://www.securityfocus.com/bid/28567 Summary: IBM DB2 Content Manager is prone to an unspecified security vulnerability. Very few technical details are currently available. We will update this BID as more information emerges. Versions prior to 8.3 Fix Pack 8 are vulnerable. 16. NoticeWare Corporation NoticeWare Email Server Denial Of Service Vulnerability BugTraq ID: 28559 Remote: Yes Date Published: 2008-04-01 Relevant URL: http://www.securityfocus.com/bid/28559 Summary: NoticeWare Email Server is prone to a denial-of-service vulnerability due to an unspecified error. Remote attackers can exploit this issue to deny service to legitimate users. The issue affects NoticeWare Email Server 4.6.1.0; other versions may also be vulnerable. 17. Microsoft Visio Memory Validation Remote Code Execution Vulnerability BugTraq ID: 28556 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28556 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. 18. Microsoft Visio Object Header Remote Code Execution Vulnerability BugTraq ID: 28555 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28555 Summary: Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition. 19. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability BugTraq ID: 28554 Remote: No Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28554 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability. The vulnerability resides in the Windows Kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system. 20. Microsoft Windows DNS Client Service Response Spoofing Vulnerability BugTraq ID: 28553 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28553 Summary: Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs. Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks. 21. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability BugTraq ID: 28552 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28552 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data. Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions. 22. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability BugTraq ID: 28551 Remote: Yes Date Published: 2008-04-08 Relevant URL: http://www.securityfocus.com/bid/28551 Summary: Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input. Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary code to run with the privileges of the victim. These versions are affected: VBScript 5.6 and earlier JScript 5.6 and earlier 23. Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability BugTraq ID: 28548 Remote: Yes Date Published: 2008-04-01 Relevant URL: http://www.securityfocus.com/bid/28548 Summary: Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates. Successful exploits allow attackers to trigger HTTP requests to arbitrary hosts and ports without confirmation or notification to unsuspecting users. Attackers may use this for determining when email and documents are read, for port scanning, or for aiding in other attacks. The following products are known to exhibit this issue: Microsoft Outlook 2007 Microsoft Windows Live Mail 2008 Microsoft Office 2007 Other products that use the Crypto API provided by Windows may also be affected. 24. PowerDNS Remote Cache Poisoning Vulnerability BugTraq ID: 28517 Remote: Yes Date Published: 2008-03-31 Relevant URL: http://www.securityfocus.com/bid/28517 Summary: PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators. An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks. Versions prior to PowerDNS 3.1.5 are vulnerable to this issue. 25. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities BugTraq ID: 28505 Remote: Yes Date Published: 2008-03-31 Relevant URL: http://www.securityfocus.com/bid/28505 Summary: SLMail Pro is prone to multiple remote denial-of-service vulnerabilities and memory-corruption vulnerabilities. Attackers can exploit these issues to crash the application, resulting in denial-of-service conditions. Given the nature of some of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed. SLMail Pro 6.3.1.0 is vulnerable; other versions may also be affected. 26. avast! Home/Professional Local Privilege Escalation Vulnerability BugTraq ID: 28502 Remote: No Date Published: 2008-03-30 Relevant URL: http://www.securityfocus.com/bid/28502 Summary: avast! is prone to a local privilege-escalation vulnerability because it fails adequately sanitize user-supplied data. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Versions prior to avast! Home/Professional 4.8.1169 are vulnerable. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #388 http://www.securityfocus.com/archive/88/490435 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email listadmin@... and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Solidcore Systems PCI DSS Compliance for $25/node Learn how companies like Restoration Hardware, Convergys, and others have achieved PCI compliance. Download the Solidcore S3 Control PCI Starter Edition now! http://www.solidcore.com/landing_pages/pci_starter_sf.html |
| Free Forum Powered by Nabble | Forum Help |