Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #342

from [rkeith] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #342
Date: Wed, 16 May 2007 09:01:44 -0600 (MDT) 

SecurityFocus Microsoft Newsletter #342
----------------------------------------

This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough 
in online security - Extended Validation SSL from VeriSign.
Extended Validation triggers a green address bar in Microsoft IE7, which proves 
site identity.
Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Time for a new certification
       2. 0wning Vista from the boot
II.  MICROSOFT VULNERABILITY SUMMARY
       1. BitsCast PubDate Element Remote Denial Of Service Vulnerability
       2. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability
       3. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
       4. Caucho Resin Multiple Information Disclosure Vulnerabilities
       5. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial 
of Service Vulnerability
       6. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control 
Denial of Service Vulnerability
       7. CommuniGate Pro Web Mail HTML Injection Vulnerability
       8. yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
       9. VooDoo CIrcle Server Multiple Remote Vulnerabilities
       10. NetWin WebMail Unspecified Vulnerability
       11. Microsoft Windows Terminal Services Remote Security Restriction 
Bypass Vulnerability
       12. IBM DB2 Universal Database JDBC Applet Server Unspecified Code 
Execution Vulnerability
       13. Symantec PCAnywhere User Credential Local Information Disclosure 
Vulnerability
       14. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
       15. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote 
Code Execution Vulnerability
       16. Microsoft Office Malformed Drawing Object Remote Code Execution 
Vulnerability
       17. Microsoft Exchange IMAP Command Processing Remote Denial of Service 
Vulnerability
       18. Microsoft Exchange Base64 MIME Message Remote Code Execution 
Vulnerability
       19. Microsoft Exchange iCal Request Remote Denial of Service 
Vulnerability
       20. Microsoft Outlook Web Access Remote Script Injection Vulnerability
       21. Microsoft Word Array Remote Code Execution Vulnerability
       22. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
       23. Microsoft Excel Filter Records Remote Code Execution Vulnerability
       24. Microsoft Excel Set Font Remote Code Execution Vulnerability
       25. Microsoft Internet Explorer HTML Objects Script Errors Remote Code 
Execution Vulnerability
       26. Microsoft Internet Explorer Object Handling Remote Code Execution 
Vulnerability
       27. Microsoft Internet Explorer HTML Objects Script Errors Variant 
Remote Code Execution Vulnerability
       28. Microsoft Internet Explorer Property Method Remote Code Execution 
Vulnerability
       29. Microsoft Excel BIFF Record Remote Code Execution Vulnerability
       30. Research In Motion Blackberry TeamOn Import Object ActiveX Control 
Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. SecurityFocus Microsoft Newsletter #341
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Time for a new certification
By Don Parker
I wrote a column for Securityfocus some time ago that aired my concerns over 
GIAC dropping the practical portion of their certification process. That column 
resulted in a lot of feedback, with most agreeing about how GIAC bungled what 
was up till then, the best certification around.
http://www.securityfocus.com/columnists/443

2. 0wning Vista from the boot
By Federico Biancuzzi
Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that 
is able to load from Windows Vista boot-sectors. They discuss the "features" of 
their code, the support of the various versions of Vista, the possibility to place it 
inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's 
product activation or avoid DRM.
http://www.securityfocus.com/columnists/442


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. BitsCast PubDate Element Remote Denial Of Service Vulnerability
BugTraq ID: 23993
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23993
Summary:
BitsCast is prone to a remote denial-of-service vulnerability because it fails 
to adequately sanitize user-supplied input contained in RSS feeds.

An attacker can exploit this issue to crash the application, effectively 
denying service.

BitsCast 0.13.0 is vulnerable; other versions may also be affected.

2. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability
BugTraq ID: 23991
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23991
Summary:
Media Player Classic is prone to a denial-of-service vulnerability when 
processing a malformed MPA file.

A remote attacker can exploit this issue to crash the affected application, 
denying service to legitimate users.

This issue affects Media Player Classic 6.4.9.0; other versions may also be 
affected.

3. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 23986
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23986
Summary:
The DeWizardX ActiveX control is prone to an arbitrary-file-overwrite 
vulnerability.

An attacker can exploit this issue to overwrite arbitrary files on the affected 
computer. Successful attacks may aid in further attacks against the computer. 
Failed attempts will likely cause denial-of-service
conditions.

4. Caucho Resin Multiple Information Disclosure Vulnerabilities
BugTraq ID: 23985
Remote: Yes
Date Published: 2007-05-15
Relevant URL: http://www.securityfocus.com/bid/23985
Summary:
Caucho Resin is prone to multiple information-disclosure vulnerabilities 
because it fails to adequately sanitize user-supplied data.

Attackers can exploit these issues to access potentially sensitive data that 
may aid in further attacks.

Resin 3.1.0 is vulnerable; other versions may also be affected.

NOTE: According to the application's 3.1.1 change log, these issues affect the 
server only when installed on Microsoft Windows.

5. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of 
Service Vulnerability
BugTraq ID: 23957
Remote: Yes
Date Published: 2007-05-13
Relevant URL: http://www.securityfocus.com/bid/23957
Summary:
PrecisionID Barcode ActiveX control is prone to a denial-of-service 
vulnerability because it fails to perform adequate checks on user-supplied 
input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, 
resulting in a denial of service. Remote code execution may also be possible, 
but has not been confirmed.

PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also 
be affected.

6. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial 
of Service Vulnerability
BugTraq ID: 23954
Remote: Yes
Date Published: 2007-05-13
Relevant URL: http://www.securityfocus.com/bid/23954
Summary:
ID Automation Linear Barcode ActiveX Control is prone to a denial-of-service 
vulnerability because it fails to perform adequate checks on user-supplied 
input data.

Attackers can exploit this issue to crash the browsers of unsuspecting users, 
resulting in a denial of service. Remote code execution may also be possible, 
but has not been confirmed.

ID Automation Linear Barcode ActiveX Control version 1.6.0.5 is vulnerable; 
other versions may also be affected.

7. CommuniGate Pro Web Mail HTML Injection Vulnerability
BugTraq ID: 23950
Remote: Yes
Date Published: 2007-05-12
Relevant URL: http://www.securityfocus.com/bid/23950
Summary:
CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to 
sufficiently sanitize user-supplied input.

Exploiting this issue may allow an attacker to execute HTML and script code in 
the context of the affected site, to steal cookie-based authentication 
credentials, or to control how the site is rendered to the user; other attacks 
are also possible.

CommuniGate Pro 5.1.8 and earlier versions are vulnerable to this issue.

Note that this issue is present only when using Microsoft Internet Explorer.

8. yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability
BugTraq ID: 23948
Remote: Yes
Date Published: 2007-05-12
Relevant URL: http://www.securityfocus.com/bid/23948
Summary:
yEnc32 Decoder is prone to a heap-based buffer-overflow issue because it fails 
to properly check boundaries on user-supplied data before  copying it into an 
insufficiently sized memory buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary 
code in the context of the user running the application. Failed exploit 
attempts likely result in denial-of-service conditions.

yEnc32 Decoder 1.0.7.207 is vulnerable.

9. VooDoo CIrcle Server Multiple Remote Vulnerabilities
BugTraq ID: 23929
Remote: Yes
Date Published: 2007-05-11
Relevant URL: http://www.securityfocus.com/bid/23929
Summary:
VooDoo cIRCle is prone to multiple remote vulnerabilities, including multiple 
denial-of-service issues and a buffer-overflow issue.

An attacker can exploit these issues to execute arbitrary code within the 
context of the affected application or cause the application to crash, denying 
service to legitimate users.

These issues affect VooDoo cIRCle 1.1beta26 and prior versions.

10. NetWin WebMail Unspecified Vulnerability
BugTraq ID: 23908
Remote: Yes
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23908
Summary:
NetWin Webmail is prone to an unspecified vulnerability.

Few technical details are currently available. We will update this BID as more 
information emerges.

Webmail versions prior to 3.1s-4 are vulnerable.  NetWin SurgeMail versions 
prior to 3.8i3 are also affected because they are bundled with vulnerable 
Webmail packages.

11. Microsoft Windows Terminal Services Remote Security Restriction Bypass 
Vulnerability
BugTraq ID: 23899
Remote: Yes
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23899
Summary:
Microsoft Windows Terminal Services is prone to a remote security-restriction 
bypass vulnerability because the server software fails to properly enforce 
encryption requirements.

Users can connect to affected servers; no encryption is required. Attackers can 
thus bypass security requirements configured by administrators and perform 
man-in-the-middle attacks or eavesdrop on RDP sessions.

This issue affects Terminal Services installed on Windows 2003 Server; other 
versions may also be affected.

12. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution 
Vulnerability
BugTraq ID: 23890
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23890
Summary:
IBM DB2 Universal Database is prone to an unspecified remote code-execution 
vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of 
the user running the application. Successful attacks can result in the 
compromise of the application or can cause denial-of-service conditions.

Few technical details are currently available. We will update this BID as more 
information emerges.

13. Symantec PCAnywhere User Credential Local Information Disclosure 
Vulnerability
BugTraq ID: 23875
Remote: No
Date Published: 2007-05-09
Relevant URL: http://www.securityfocus.com/bid/23875
Summary:
Symantec pcAnywhere is prone to a local information-disclosure vulnerability.

A local attacker may exploit this issue to gain access to sensitive information 
that may lead to further attacks.

14. Microsoft Word RTF Parsing Remote Code Execution Vulnerability
BugTraq ID: 23836
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23836
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious 
Word file. Successfully exploiting this issue would allow the attacker to 
execute arbitrary code in the context of the currently logged-in user.

15. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code 
Execution Vulnerability
BugTraq ID: 23827
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23827
Summary:
The Microsoft Windows Media Server ActiveX control is prone to a remote 
code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a 
maliciously crafted HTML document.

Successful exploits will allow attackers to overwrite certain files to execute 
arbitrary code. This will result in a complete compromise of affected 
computers. Failed exploit attempts will likely result in denial-of-service 
conditions.

16. Microsoft Office Malformed Drawing Object Remote Code Execution 
Vulnerability
BugTraq ID: 23826
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23826
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing a victim into opening a 
malicious Office file.

Successful exploits will allow attackers to execute arbitrary code in the 
context of the currently logged-in user. Failed exploit attempts will likely 
result in denial-of-service conditions.

17. Microsoft Exchange IMAP Command Processing Remote Denial of Service 
Vulnerability
BugTraq ID: 23810
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23810
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because 
it fails to properly handle specially crafted IMAP commands.

Successfully exploiting this issue allows remote attackers to cause targeted 
Exchange servers' mail service to stop responding, thus denying further email 
service for legitimate users. To recover from the denial-of-service condition, 
administrators must restart the IIS Admin Service service.

18. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability
BugTraq ID: 23809
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23809
Summary:
Microsoft Exchange is prone to a remote code-execution vulnerability because 
the application fails to properly decode specially crafted email messages.

Successfully exploiting this issue allows remote attackers to execute arbitrary 
code in the context of the vulnerable application, which may lead to a complete 
compromise of affected computers.

19. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability
BugTraq ID: 23808
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23808
Summary:
Microsoft Exchange is prone to a remote denial-of-service vulnerability because 
it fails to properly handle unexpected iCal message content.

Successfully exploiting this issue allows remote attackers to cause targeted 
Exchange servers to stop responding to further requests for sending, receiving, 
or accessing email. As a result, denial-of-service conditions occur for 
legitimate users of affected servers. A denial-of-service condition will 
persist until an administrator restarts the Microsoft Exchange Information 
Store service.

20. Microsoft Outlook Web Access Remote Script Injection Vulnerability
BugTraq ID: 23806
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23806
Summary:
Microsoft Outlook Web Access is prone to a script-injection vulnerability 
because the application fails to properly handle specially crafted email 
attachments.

To exploit this issue, attackers must send specially crafted files through 
email messages to users of the affected application. When users open the file, 
attacker-supplied script code will be executed in the context of the affected 
website.

Successful exploits allow attackers to access Outlook Web Access sessions with 
the privileges of the targeted user. As a result, attackers may be able to 
obtain sensitive information and send, modify, or delete email; other attacks 
are also possible.

21. Microsoft Word Array Remote Code Execution Vulnerability
BugTraq ID: 23804
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23804
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious 
Word file. Successfully exploiting this issue would allow the attacker to 
execute arbitrary code in the context of the currently logged-in user.

22. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 23782
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23782
Summary:
The Microsoft CAPICOM ActiveX control is prone to a remote code-execution 
vulnerability.

An attacker could exploit this issue to execute code in the context of the user 
visiting a malicious web page.

23. Microsoft Excel Filter Records Remote Code Execution Vulnerability
BugTraq ID: 23780
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23780
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of 
a victim user running the application. A successful exploit will result in the 
compromise of the application and may aid in further attacks.

24. Microsoft Excel Set Font Remote Code Execution Vulnerability
BugTraq ID: 23779
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23779
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of 
a victim user running the application. A successful exploit will result in the 
compromise of the application and may aid in further attacks.

25. Microsoft Internet Explorer HTML Objects Script Errors Remote Code 
Execution Vulnerability
BugTraq ID: 23772
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23772
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in 
certain situations. An attacker could exploit this issue to execute arbitrary 
code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows 
Server 2003 SP1 and SP2, and on Windows Vista.

26. Microsoft Internet Explorer Object Handling Remote Code Execution 
Vulnerability
BugTraq ID: 23771
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23771
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles uninitialized or 
deleted objects. An attacker could exploit this issue to execute arbitrary code 
in the context of the user running the affected browser.

27. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code 
Execution Vulnerability
BugTraq ID: 23770
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23770
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

This vulnerability is related to how the browser handles script errors in 
certain situations. An attacker could exploit this issue to execute arbitrary 
code in the context of the user running the affected browser.

This issue affects Internet Explorer 7 running on Windows XP SP2, Windows 
Server 2003 SP1 and SP2, and on Windows Vista.

Microsoft states that this vulnerability is a variant of the issue discussed in 
BID 23772 (Microsoft Internet Explorer HTML Objects Script Errors Remote Code 
Execution Vulnerability).

28. Microsoft Internet Explorer Property Method Remote Code Execution 
Vulnerability
BugTraq ID: 23769
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23769
Summary:
Microsoft Internet Explorer is prone to remote code-execution vulnerability.

A remote attacker can exploit this issue to execute arbitrary code in the 
context of the user running the vulnerable application.

29. Microsoft Excel BIFF Record Remote Code Execution Vulnerability
BugTraq ID: 23760
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23760
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of 
a victim user running the application. A successful exploit will result in the 
compromise of the application and may aid in further attacks.

30. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer 
Overflow Vulnerability
BugTraq ID: 23331
Remote: Yes
Date Published: 2007-05-08
Relevant URL: http://www.securityfocus.com/bid/23331
Summary:
The Blackberry TeamOn Import Object ActiveX control is prone to a 
buffer-overflow vulnerability because the software fails to properly 
bounds-check user-supplied input before using it in an insufficiently sized 
buffer.

An attacker can exploit this issue to execute arbitrary machine-code on a 
vulnerable computer in the context of the victim running the affected 
application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #341
http://www.securityfocus.com/archive/88/468188

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: VeriSign

Increase customer confidence at transaction time with the latest breakthrough 
in online security - Extended Validation SSL from VeriSign.
Extended Validation triggers a green address bar in Microsoft IE7, which proves 
site identity.
Learn more at:

http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #342, rkeith <=
Previous by Date:  SecurityFocus Microsoft Newsletter #341, rkeith
Next by Date:  Compromising the Windows Service or Driver failure event sink, James D. Stallard
Previous by Thread:  SecurityFocus Microsoft Newsletter #341, rkeith
Next by Thread:  Compromising the Windows Service or Driver failure event sink, James D. Stallard
Indexes:  [Date] [Thread] [Top] [All Lists]