SecurityFocus Microsoft Newsletter
|
View:
New views
1 Messages
—
Rating Filter:
Alert me
|
 |
SecurityFocus Microsoft Newsletter
by Rob Keith
::
Rate this Message:
SecurityFocus Microsoft Newsletter #382
---------------------------------------- This issue is Sponsored by: HP HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web Applications Secure Enough? In June 2008, the major credit card vendors will require compliance with requirement 6 of the PCI DSS, "Ensure that all web facing applications are protected against known attacks." Join HP Software and the former SPI Dynamics for this free webinar to learn how you can easily satisfy this requirement and build a powerful web application security program at the same time. During this event, you will receive the tools and knowledge to ensure your web applications comply with PCI requirements and block hackers. https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Tweaking Social Security to Combat Fraud 2. Skills for the Future II. MICROSOFT VULNERABILITY SUMMARY 1. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities 2. SmarterTools SmarterMail Subject Field HTML Injection Vulnerability 3. webcamXP Multiple Information Disclosure and Denial of Service Vulnerabilities 4. Foxit WAC Remote Access Server Heap Buffer Overflow Vulnerability 5. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities 6. Kerio MailServer Multiple Unspecified Vulnerabilities 7. DESLock+ IOCTL Request Local Code Execution and Denial of Service Vulnerabilities 8. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities 9. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of Service Vulnerabilities 10. Fortinet FortiClient 'fortimon.sys' Local Privilege Escalation Vulnerability 11. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow Vulnerabilities 12. ClamAV Heap Corruption and Integer Overflow Vulnerabilities 13. Microsoft Publisher Memory Index Code Execution Vulnerability 14. Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability 15. Microsoft Office Execution Jump Memory Corruption Vulnerability 16. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability 17. Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability 18. Microsoft Internet Information Services ASP Remote Code Execution Vulnerability 19. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability 20. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability 21. Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability 22. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability 23. Microsoft Works File Converter Field Length Remote Code Execution Vulnerability 24. Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability 25. Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability 26. Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability 27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability 28. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability 29. Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Tweaking Social Security to Combat Fraud By Tim Mullen Americans lost over 45 billion dollars in identity-related fraud in 2007. Reports are so commonplace that we've actually become de-sensitized to them. "200,000 victims reported..." "500,000 victims reported..." Even figures into the millions don't seem to faze us anymore. And that is a Bad Thing. http://www.securityfocus.com/columnists/465 2.Skills for the Future By Don Parker A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst. http://www.securityfocus.com/columnists/464 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities BugTraq ID: 27915 Remote: Yes Date Published: 2008-02-20 Relevant URL: http://www.securityfocus.com/bid/27915 Summary: EMC RepliStor is prone to multiple remote heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. A remote attacker may be able to exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. These issues affect EMC RepliStor 6.2 SP2; other versions may also be affected. 2. SmarterTools SmarterMail Subject Field HTML Injection Vulnerability BugTraq ID: 27878 Remote: Yes Date Published: 2008-02-19 Relevant URL: http://www.securityfocus.com/bid/27878 Summary: SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing theft of cookie-based authentication credentials or control of how the site is rendered to the user; other attacks are also possible. SmarterMail Enterprise 4.3 is vulnerable; other versions may also be affected. 3. webcamXP Multiple Information Disclosure and Denial of Service Vulnerabilities BugTraq ID: 27875 Remote: Yes Date Published: 2008-02-19 Relevant URL: http://www.securityfocus.com/bid/27875 Summary: webcamXP is prone to multiple information-disclosure and denial-of-service vulnerabilities because it fails to check user-supplied input data. Attackers can exploit these issues to access potentially sensitive information or crash the application. Successful exploits could aid in further attacks or deny service to legitimate users. These issues affect webcamXP versions 3.72.440 and 4.05.280 beta and prior. 4. Foxit WAC Remote Access Server Heap Buffer Overflow Vulnerability BugTraq ID: 27873 Remote: Yes Date Published: 2008-02-16 Relevant URL: http://www.securityfocus.com/bid/27873 Summary: Foxit WAC Remote Access Server is prone to a heap-based buffer-overflow vulnerability. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. This issue affects versions 2.0 Build 3503 and prior. 5. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities BugTraq ID: 27870 Remote: Yes Date Published: 2008-02-15 Relevant URL: http://www.securityfocus.com/bid/27870 Summary: IBM DB2 Universal Database is prone to multiple vulnerabilities, including denial-of-service issues and multiple issues with unspecified impact. Successfully exploiting these issues may allow attackers to cause denial-of-service conditions and carry out other attacks. Very few details are currently available regarding these issues. We will update this BID as more information emerges. These issues affect IBM DB2 Universal Database 9.1 versions prior to Fixpak 4a. 6. Kerio MailServer Multiple Unspecified Vulnerabilities BugTraq ID: 27868 Remote: Yes Date Published: 2008-02-19 Relevant URL: http://www.securityfocus.com/bid/27868 Summary: Kerio MailServer is prone to multiple unspecified vulnerabilities. Attackers can exploit these issues to cause denial-of-service conditions or potentially execute arbitrary code in the context of the application; other attacks are also possible. Very few details are currently available regarding these issues. We will update this BID as more information emerges. Versions prior to Kerio MailServer 6.5.0 are vulnerable. 7. DESLock+ IOCTL Request Local Code Execution and Denial of Service Vulnerabilities BugTraq ID: 27862 Remote: No Date Published: 2008-02-18 Relevant URL: http://www.securityfocus.com/bid/27862 Summary: DESlock+ is prone to multiple vulnerabilities that allow arbitrary code to run with SYSTEM-level privileges or cause denial-of-service conditions. Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise the computer or cause a denial-of-service. DESlock+ version 3.2.6 and prior are vulnerable. 8. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities BugTraq ID: 27817 Remote: Yes Date Published: 2008-02-15 Relevant URL: http://www.securityfocus.com/bid/27817 Summary: Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may also be affected. 9. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of Service Vulnerabilities BugTraq ID: 27804 Remote: Yes Date Published: 2008-02-14 Relevant URL: http://www.securityfocus.com/bid/27804 Summary: Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions. An attacker can exploit these issues to crash the affected application, denying service to legitimate users. Universal FTP Server 1.0.44 is vulnerable; other versions may also be affected. 10. Fortinet FortiClient 'fortimon.sys' Local Privilege Escalation Vulnerability BugTraq ID: 27776 Remote: No Date Published: 2008-02-13 Relevant URL: http://www.securityfocus.com/bid/27776 Summary: Fortinet FortiClient is prone to a local privilege-escalation vulnerability because it fails to perform adequate device filtering. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers. Versions prior to FortiClient 3.0 MR5 Patch 4 are vulnerable. 11. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow Vulnerabilities BugTraq ID: 27769 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27769 Summary: Apple QuickTime 'QTPlugin.ocx' ActiveX control is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker may exploit these issues to execute arbitrary code within the context of application that invoked the ActiveX control (typically Internet Explorer). Failed exploit attempts will result in a denial-of-service condition. These issues affect QuickTime 7.4.1 and prior versions. 12. ClamAV Heap Corruption and Integer Overflow Vulnerabilities BugTraq ID: 27751 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27751 Summary: ClamAV is prone to a heap-corruption vulnerability and an integer-overflow vulnerability. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Failed exploit attempts likely result in application crashes. Versions prior to ClamAV 0.92.1 are affected by these issues. 13. Microsoft Publisher Memory Index Code Execution Vulnerability BugTraq ID: 27740 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27740 Summary: Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 14. Microsoft Publisher Invalid Memory Reference Remote Code Execution Vulnerability BugTraq ID: 27739 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27739 Summary: Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 15. Microsoft Office Execution Jump Memory Corruption Vulnerability BugTraq ID: 27738 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27738 Summary: Microsoft Office is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Office file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 16. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability BugTraq ID: 27725 Remote: Yes Date Published: 2008-02-11 Relevant URL: http://www.securityfocus.com/bid/27725 Summary: ITN News Gadget is prone to a vulnerability that lets remote attackers execute arbitrary code because the application fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access. ITN News Gadget 1.06 is vulnerable; other versions may also be affected. 17. Microsoft Internet Explorer Argument Handling Memory Corruption Vulnerability BugTraq ID: 27689 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27689 Summary: Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 18. Microsoft Internet Information Services ASP Remote Code Execution Vulnerability BugTraq ID: 27676 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27676 Summary: Microsoft Internet Information Services (IIS) is prone to a remote code-execution vulnerability that can be exploited through malicious input to vulnerable ASP pages. A successful exploit of this vulnerability could let remote attackers execute arbitrary code in the context of the Worker Process Identity, which by default has Network Service privileges. 19. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability BugTraq ID: 27670 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27670 Summary: Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer. To be affected, the Web Client service must be enabled on the computer. The Web Client service is disabled by default on Microsoft Windows Server 2003. 20. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption Vulnerability BugTraq ID: 27668 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27668 Summary: Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 21. Microsoft Internet Explorer Property Method Remote Memory Corruption Vulnerability BugTraq ID: 27666 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27666 Summary: Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 22. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability BugTraq ID: 27661 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27661 Summary: Microsoft Object Linking and Embedding (OLE) Automation is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to open a malicious web document. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 23. Microsoft Works File Converter Field Length Remote Code Execution Vulnerability BugTraq ID: 27659 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27659 Summary: Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 24. Microsoft Works File Converter Section Header Index Table Remote Code Execution Vulnerability BugTraq ID: 27658 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27658 Summary: Microsoft Works File Converter is prone to a remote code-execution vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 25. Microsoft Works File Converter Section Length Header Remote Heap Overflow Vulnerability BugTraq ID: 27657 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27657 Summary: Microsoft Works File Converter is prone to a remote heap-overflow vulnerability because it fails to adequately validate user-supplied input. An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 26. Microsoft Word Unspecified Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 27656 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27656 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability BugTraq ID: 27638 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27638 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory and ADAM (Active Directory Application Mode) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests. An attacker can exploit this issue to cause the affected application to stop responding, denying further service to legitimate users. Note that an attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and Windows XP. This issue affects Active Directory on Microsoft Windows 2000 and Windows Server 2003. The issue affects ADAM when installed on Windows XP and Windows Server 2003. 28. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability BugTraq ID: 27634 Remote: Yes Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27634 Summary: Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. 29. Microsoft IIS File Change Notification Local Privilege Escalation Vulnerability BugTraq ID: 27101 Remote: No Date Published: 2008-02-12 Relevant URL: http://www.securityfocus.com/bid/27101 Summary: Microsoft Internet Information Service (IIS) is prone to a local privilege-escalation vulnerability that occurs when handling file change notifications. A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email listadmin@... and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: HP HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web Applications Secure Enough? In June 2008, the major credit card vendors will require compliance with requirement 6 of the PCI DSS, "Ensure that all web facing applications are protected against known attacks." Join HP Software and the former SPI Dynamics for this free webinar to learn how you can easily satisfy this requirement and build a powerful web application security program at the same time. During this event, you will receive the tools and knowledge to ensure your web applications comply with PCI requirements and block hackers. https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA |
| Free Forum Powered by Nabble | Forum Help |