Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #260

from [Marc Fossi] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #260
Date: Wed, 12 Oct 2005 07:28:56 -0600 (MDT) 
SecurityFocus Microsoft Newsletter #260
----------------------------------------

This Issue is Sponsored By: Qualys

Test your Network Security with QualysGuard
Testing and improving your network security has never been easier. Requiring NO software, QualysGuard will safely and accurately audit your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation.

http://altfarm.mediaplex.com/ad/ck/6148-32572-6929-1

------------------------------------------------------------------
I. FRONT AND CENTER
1. Can writing software be a crime?
2. Reducing browser privileges
II. MICROSOFT VULNERABILITY SUMMARY
1. Bugzilla config.cgi Information Disclosure Vulnerability
2. Bugzilla User-Matching Information Disclosure Vulnerability
3. Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow Vulnerability
4. MailEnable W3C Logging Buffer Overflow Vulnerability
5. Microsoft Windows Wireless Zero Configuration Service Information Disclosure Vulnerability
6. ALTools ALZip Multiple Archive Formats File Name Buffer Overflow Vulnerability
7. Sun ONE Directory Server Unspecified Remote Vulnerability
8. Webroot Software Desktop Firewall Multiple Local Vulnerabilities
9. Microsoft October Advance Notification Unspecified Security Vulnerabilities
10. MediaWiki HTML Inline Style Attributes Unspecified Cross-Site Scripting Vulnerability
11. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
12. PHPMyAdmin Local File Include Vulnerability
13. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
14. Microsoft Windows MSDTC Memory Corruption Vulnerability
15. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
16. Microsoft MSDTC TIP Denial Of Service Vulnerability
17. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
18. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
19. RARLAB WinRAR Multiple Remote Vulnerabilities
20. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
21. Microsoft Windows Explorer Web View Script Injection Vulnerability
22. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
23. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
24. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #259
2. windows secure copy
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Can writing software be a crime?
By Mark Rasch
Can writing software be a crime? A recent indictment in San Diego, California indicates that the answer to that question may be yes.
http://www.securityfocus.com/columnists/360

2. Reducing browser privileges
By Mark Squire
Security companies and researchers have made careers out of identifying the latest bugs in Internet Explorer.
http://www.securityfocus.com/infocus/1848


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Bugzilla config.cgi Information Disclosure Vulnerability
BugTraq ID: 14995
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14995
Summary:
Bugzilla is prone to an information disclosure issue exposed through config.cgi. This may allow an unauthorized user to access product names that are supposed to be confidential.

Bugzilla versions 2.18rc1 to 2.18.3, 2.19 to 2.20rc2, and 2.21 are affected.

2. Bugzilla User-Matching Information Disclosure Vulnerability
BugTraq ID: 14996
Remote: Yes
Date Published: 2005-10-01
Relevant URL: http://www.securityfocus.com/bid/14996
Summary:
Bugzilla is prone to an information disclosure vulnerability when user-matching is turned on. This could allow an attacker to enumerate usernames on the system.

Bugzilla 2.19.1 to 2.20rc2 and 2.21 are prone to this vulnerability.


3. Symantec AntiVirus Scan Engine Web Service Administrative Interface Buffer Overflow Vulnerability
BugTraq ID: 15001
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15001
Summary:
A buffer overflow vulnerability exists in the Web-based administrative interface of the Symantec Antivirus Scan Engine. This issue is due to improper bound checking of user-supplied data prior to copying it into an insufficiently sized memory buffer.

This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. This allows remote attackers to gain privileged remote access to computers running the affected application.

4. MailEnable W3C Logging Buffer Overflow Vulnerability
BugTraq ID: 15006
Remote: Yes
Date Published: 2005-10-03
Relevant URL: http://www.securityfocus.com/bid/15006
Summary:
MailEnable is prone to a buffer overflow vulnerability.

This issue arises when the application processes W3C logging and may allow an attacker to execute arbitrary code on a vulnerable computer with SYSTEM privileges.

MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.

5. Microsoft Windows Wireless Zero Configuration Service Information Disclosure Vulnerability
BugTraq ID: 15008
Remote: Unknown
Date Published: 2005-10-04
Relevant URL: http://www.securityfocus.com/bid/15008
Summary:
WZCSVC is affected by an information disclosure vulnerability. Reportedly, the Pairwise Master Key (PMK) of the Wi-Fi Protected Access (WPA) preshared key authentication and the WEP keys of the interface may be obtained by a local unauthorized attacker.

A successful attack can allow an attacker to obtain the keys and subsequently gain unauthorized access to a device. This attack would likely present itself in a multi-user environment with restricted or temporary wireless access such as an Internet cafe, where an attacker could return at a later time and gain unauthorized access.

Microsoft Windows XP SP2 was reported to be vulnerable, however, it is possible that other versions are affected as well.

6. ALTools ALZip Multiple Archive Formats File Name Buffer Overflow Vulnerability
BugTraq ID: 15010
Remote: Yes
Date Published: 2005-10-05
Relevant URL: http://www.securityfocus.com/bid/15010
Summary:
ALZip is prone to a buffer overflow when handling various archive formats.

Long file names can be copied into a finite stack-based buffer without adequate limitations on the size of the source data resulting in corruption of adjacent regions of stack-based memory. This issue could be exploited to execute arbitrary code facilitating a remote compromise.

7. Sun ONE Directory Server Unspecified Remote Vulnerability
BugTraq ID: 15013
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15013
Summary:
Sun ONE Directory Server is prone to an unspecified remote vulnerability.

The cause of this issue was not specified, however, it was reported that this issue can allow attackers to remotely compromise a vulnerable computer.

Sun ONE Directory Server 5.2 patch 3 and prior versions are affected by this issue. It is possible that Sun Java System Directory Server is vulnerable as well.

Due to a lack of details, further information is not available at the moment. This BID will be updated when more details become available.

8. Webroot Software Desktop Firewall Multiple Local Vulnerabilities
BugTraq ID: 15016
Remote: No
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15016
Summary:
Webroot Software Desktop Firewall is susceptible to multiple local vulnerabilities.

The first issue is a buffer overflow vulnerability, due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

Local attackers may exploit this first issue to execute arbitrary machine code with SYSTEM privileges. Attackers require the ability to modify the firewall's list of allowed applications.

The second issue is an authentication bypass vulnerability. This issue is due to a failure of the firewall to properly enforce built-in password protection, allowing local attackers to disable the firewall.

Local attackers may exploit the second issue to disable the firewall, aiding them in further attacks.

These issues may only be exploited by local attackers with privileges allowing them to utilize 'DeviceIoControl()' to send commands to the firewall driver.

These issues are reported to exist in version 1.3.0.43. Other versions may also be affected.

9. Microsoft October Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 15020
Remote: Unknown
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15020
Summary:
Microsoft has released advanced notification for nine security bulletins that will be released on October 11, 2005.

Eight of these security bulletins affect Microsoft Windows and one affects Microsoft Exchange and Microsoft Windows.

10. MediaWiki HTML Inline Style Attributes Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 15024
Remote: Yes
Date Published: 2005-10-06
Relevant URL: http://www.securityfocus.com/bid/15024
Summary:
MediaWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.


11. Multiple Vendor Antivirus Products Malformed Archives Scan Evasion Vulnerability
BugTraq ID: 15046
Remote: Yes
Date Published: 2005-10-08
Relevant URL: http://www.securityfocus.com/bid/15046
Summary:
Multiple antivirus products from various vendors are reported prone to a vulnerability that may allow malformed archive files to bypass detection.

This issue arises when an affected application processes a specially altered archive file that contains a fake, misleading MS-DOS executable MZ header.

This issue could result in malicious archives bypassing detection and allowing the contents to be opened by a recipient.

It should be noted that specific information regarding affected packages and versions is currently unavailable. The reporter of this issue used the EICAR test message stored in multiple different malformed archives. It may be possible that some of the reportedly affected packages may actually be immune to this issue.

This BID will be updated as further information is disclosed.

12. PHPMyAdmin Local File Include Vulnerability
BugTraq ID: 15053
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15053
Summary:
phpMyAdmin is prone to a local file include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. phpMyAdmin 2.6.4-pl1 is reported to be vulnerable. Other versions may be affected as well.

13. Kaspersky Anti-Virus Engine CHM File Parser Remote Buffer Overflow Vulnerability
BugTraq ID: 15054
Remote: Yes
Date Published: 2005-10-10
Relevant URL: http://www.securityfocus.com/bid/15054
Summary:
Kaspersky Anti-Virus Engine is prone to a remote buffer overflow vulnerability.

This issue presents itself when an attacker sends a maliciously crafted CHM file to an affected computer and this file is processed by Kaspersky's CHM file parser.

This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application. Attackers may gain privileged remote access to computers running the affected application.

14. Microsoft Windows MSDTC Memory Corruption Vulnerability
BugTraq ID: 15056
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15056
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a memory corruption vulnerability. This issue could allow for execution of arbitrary code in the context of the service. The vulnerability may be remotely exploitable in some circumstances, but will also permit local privilege escalation.

This issue is remotely exploitable on Windows 2000 platforms, since the Network DTC is enabled by default on this platform. On Windows XP, this issue may be remotely exploitable if a local user has started the service. On Windows Server 2003, this vulnerability is limited to local privilege escalation unless Network DTC has been explicitly enabled by an administrator. This issue is not present on Windows XP SP2 and Windows Server 2003 SP1.


15. Microsoft MSDTC COM+ Remote Code Execution Vulnerability
BugTraq ID: 15057
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15057
Summary:
Microsoft Windows is prone to a vulnerability in the COM+ (Component Object Model) functionality of the MSDTC (Microsoft Distribution Transaction Coordinator) service. This issue may permit remote and local attackers to execute arbitrary code in the context of the service.

This issue may be exploited by remote anonymous attackers on Windows 2000 platforms. On Windows XP versions up to and including SP1, the attacker must authenticate as the Guest or another account prior to exploitation. On Windows XP SP2 and all Windows Server 2003 operating systems, this issue is limited to local privilege escalation.


16. Microsoft MSDTC TIP Denial Of Service Vulnerability
BugTraq ID: 15058
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15058
Summary:
The Microsoft Windows MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a denial of service vulnerability. The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC. This vulnerability may be exploited by a remote attacker to deny the availability of services that depend on MSDTC.

This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.


17. Microsoft MSDTC TIP Distributed Denial Of Service Vulnerability
BugTraq ID: 15059
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15059
Summary:
The Microsoft MSDTC (Microsoft Distribution Transaction Coordinator) service is prone to a vulnerability that may permit denial of service attacks against the service or facilitate distributed denial of service attacks against other computers.

The vulnerability exists in the TIP (Transaction Internet Protocol) functionality that is provided by MSDTC. This issue only exists on operating systems that have support for the TIP protocol enabled. This vulnerability is remotely exploitable on default configurations on Windows 2000. TIP is not enabled by default on Windows XP and Windows Server 2003 even if the MSDTC service is running.


18. Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability
BugTraq ID: 15061
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15061
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is related to instantiation of COM objects.

Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user on the affected computer.

This is a variant of the vulnerability described in BID 14511 Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability. The difference between this issue and BID 14511 is that a different set of COM objects are affected that were not addressed in the previous BID.


19. RARLAB WinRAR Multiple Remote Vulnerabilities
BugTraq ID: 15062
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15062
Summary:
WinRAR is prone to multiple remote vulnerabilities. These issues include a format string and a buffer overflow vulnerability. Successful exploitation may allow an attacker to execute arbitrary code on a vulnerable computer.

WinRAR 3.50 and prior versions are vulnerable to these issues.

20. Microsoft DirectX DirectShow AVI Processing Buffer Overflow Vulnerability
BugTraq ID: 15063
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15063
Summary:
A buffer overflow vulnerability exists in the Microsoft Windows DirectX component. This issue is related to processing of .AVI (Audio Visual Interleave) media files. The specific vulnerability exists in DirectShow and could be exposed through applications that employ DirectShow to process .AVI files.

Successful exploitation will permit execution of arbitrary code in the context of the user who opens a malicious .AVI file.

This issue could be exploited through any means that will allow the attacker to deliver a malicious .AVI file to a victim user. In Web-based attack scenarios, exploitation could occur automatically if the malicious Web page can cause the .AVI file to be loaded automatically by Windows Media Player. Other attack vectors such as email or instant messaging may require the victim user to manually open the malicious .AVI.

It is not known if third-party applications rely on DirectShow to process .AVI files. If so, these applications could also present an attack vector.


21. Microsoft Windows Explorer Web View Script Injection Vulnerability
BugTraq ID: 15064
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15064
Summary:
Microsoft Windows Explorer Web View is affected by an arbitrary script injection vulnerability. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to preview it in Windows Explorer.

A successful attack can result in a remote compromise in the context of the vulnerable user.


22. Microsoft Windows Plug And Play UMPNPMGR.DLL wsprintfW Buffer Overflow Vulnerability
BugTraq ID: 15065
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15065
Summary:
Microsoft Windows Plug and Play is prone to a buffer overflow vulnerability. This issue is due to a failure of the service to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue takes place when the PnP service handles malformed messages containing excessive data. This vulnerability facilitates local privilege escalation and unauthorized remote access depending on the underlying operating system. A successful attack may result in arbitrary code execution resulting in an attacker gaining SYSTEM privileges.

This issue is unrelated to the one documented in BID 14513, "Microsoft Windows Plug and Play Buffer Overflow Vulnerability", but they both have similar attack scenarios and affects.

23. Microsoft Windows Client Service For Netware Buffer Overflow Vulnerability
BugTraq ID: 15066
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15066
Summary:
Microsoft Client Service for Netware is prone to a buffer overflow vulnerability that could permit the execution of arbitrary remote code.

A remote attacker can exploit this vulnerability to execute arbitrary code and completely compromise the computer. This issue could also be exploited by local attackers to gain elevated privileges.

It should be noted that the Client Service for Netware is not installed by default on any affected operating system. Microsoft Windows XP Home is not affected by this vulnerability at all.

24. Microsoft Collaboration Data Objects Remote Buffer Overflow Vulnerability
BugTraq ID: 15067
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15067
Summary:
Microsoft CDO is susceptible to a remote buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.

This issue presents itself when an attacker sends a specifically crafted email message to an email server utilizing the affected library.

Further details are not currently available. This BID will be updated as more information is disclosed.

This issue allows remote attackers to execute arbitrary machine code in the context of the application utilizing the library.

25. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability
BugTraq ID: 15069
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15069
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties. This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.

This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.

This BID is related to the issue described in BID 15070 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability).

26. Microsoft Windows Malicious Shortcut Handling Remote Code Execution Variant Vulnerability
BugTraq ID: 15070
Remote: Yes
Date Published: 2005-10-11
Relevant URL: http://www.securityfocus.com/bid/15070
Summary:
Microsoft Windows is prone to a remote code execution vulnerability when handling a malicious shortcut (.lnk) file. An attacker can exploit this issue by crafting a malicious file and placing it on a Web site or sending it to a user through email followed by enticing them to open it and view the file's properties. This issue also poses a local threat as a local unprivileged attacker could exploit this issue without user interaction to gain elevated privileges.

This vulnerability can facilitate arbitrary code execution with SYSTEM privileges.

This BID is related to the issue described in BID 15069 (Microsoft Windows Malicious Shortcut Handling Remote Code Execution Vulnerability).

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #259
http://www.securityfocus.com/archive/88/412498

2. windows secure copy
http://www.securityfocus.com/archive/88/412368

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: Qualys

Test your Network Security with QualysGuard
Testing and improving your network security has never been easier. Requiring NO software, QualysGuard will safely and accurately audit your network and provide you with the necessary fixes to proactively guard your network. Try QualysGuard Risk Free with No Obligation.

http://altfarm.mediaplex.com/ad/ck/6148-32572-6929-1





---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #260, Marc Fossi <=
Previous by Date:  Authentication History Windows, Bart Seresia
Next by Date:  Auditing Options, Russell Lavoie
Previous by Thread:  Authentication History Windows, Bart Seresia
Next by Thread:  Auditing Options, Russell Lavoie
Indexes:  [Date] [Thread] [Top] [All Lists]