Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #385

from [Rob Keith] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #385
Date: Thu, 13 Mar 2008 09:04:18 -0600 
SecurityFocus Microsoft Newsletter #385

----------------------------------------

This issue is sponsored by bMighty:

Is Vista Meeting Expectations? New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
www.bMighty.com
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
      1.Integrating More Intelligence into Your IDS, Part 1
      2.Let's Go Crazy
II.  MICROSOFT VULNERABILITY SUMMARY
      1. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote 
Vulnerabilities
      2. Microsoft Internet Explorer FTP Cross-Site Command Injection 
Vulnerability
      3. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting 
Vulnerability
      4. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
      5. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
      6. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation 
Vulnerability
      7. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of 
Service Vulnerabilities
      8. Microsoft Excel Conditional Formatting Values Remote Code Execution 
Vulnerability
      9. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
      10. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
      11. Microsoft Excel Style Record Remote Code Execution Vulnerability
      12. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
      13. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
      14. Microsoft Office File Memory Corruption Vulnerability
      15. MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
      16. Microsoft Internet Explorer Combined JavaScript and XML Remote 
Information Disclosure Vulnerability
      17. SynCE 'vdccm' Daemon Remote Unspecified Denial Of Service 
Vulnerability
      18. Microsoft Office Web Components ActiveX Control DataSource Remote 
Code Execution Vulnerability
      19. Microsoft Office Web Components ActiveX Control URL Parsing Remote 
Code Execution Vulnerability
      20. Microsoft March 2008 Advance Notification Multiple Vulnerabilities
      21. Ruby WEBrick Remote Directory Traversal and Information Disclosure 
Vulnerabilities
      22. ICQ Toolbar 'toolbaru.dll' ActiveX Control 'GetPropertyById' Remote 
Denial of Service Vulnerability
      23. Microsoft Excel Import Remote Code Execution Vulnerability
      24. Microsoft Excel Data Validation Record Heap Memory Corruption 
Vulnerability
      25. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote 
Vulnerability
      26. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service 
Vulnerability
      27. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
      28. Borland StarTeam Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
      1. Temp directory is odd
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Integrating More Intelligence into Your IDS, Part 1
By Don Parker and Ryan Wegner The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1898

2.Let's Go Crazy
By Mark Rasch
On February 7, 2007 Stephanie Lenz of Gallatzin, Pennsylvania posted an innocuous video of her 18-month-old son Holden pushing a baby toy while dancing to a barely recognizable song in the background. http://www.securityfocus.com/columnists/467


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote 
Vulnerabilities
BugTraq ID: 28222
Remote: Yes
Date Published: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28222
Summary:
Cisco User-Changeable Password (UCP) is prone to multiple remote 
vulnerabilities. The issues present include multiple cross-site scripting and 
buffer-overflow vulnerabilities.

Exploiting the cross-site scripting issues may help the attacker steal 
cookie-based authentication credentials and launch other attacks. Exploiting 
the buffer-overflow vulnerabilities results in remote code-execution in the 
context of the affected application, facilitating the remote compromise of 
affected computers.

These issues affect UCP versions prior to 4.2 when running on the Microsoft 
Windows platform.

The buffer-overflow vulnerabilities are tracked by Cisco Bug ID CSCsl49180. The 
cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.

2. Microsoft Internet Explorer FTP Cross-Site Command Injection Vulnerability
BugTraq ID: 28208
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28208
Summary:
Microsoft Internet Explorer is prone to a vulnerability that occurs because the 
application fails to adequately sanitize user-supplied data in FTP URI requests.

An attacker can leverage this issue by enticing an unsuspecting user to follow 
a maliciously crafted URI.  Successful exploits will allow attackers to submit 
arbitrary commands to arbitrary FTP servers on behalf of unsuspecting users.

This issue affects Internet Explorer 5 and 6; prior versions may also be 
affected.

NOTE: Access to some FTP servers may require valid authentication credentials.

3. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
BugTraq ID: 28191
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to execute arbitrary script code in the 
browser of an unsuspecting user in the context of the affected site. This may 
help the attacker steal cookie-based authentication credentials and launch 
other attacks.

ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is 
vulnerable; other versions may be affected as well.

4. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:

- A heap-based buffer-overflow vulnerability - A stack-based buffer-overflow vulnerability - A denial-of-service vulnerability - An arbitrary-file-deletion vulnerability

An attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, consume all CPU resources, and delete data contained in arbitrary files. Other attacks are possible. 

These issues affect ASG-Sentry 7.0.0; other versions may also be affected.

5. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro is prone to multiple denial-of-service vulnerabilities. 

Exploiting these issues will allow attackers to crash the affected application, 
denying further service to legitimate users.

6. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation 
Vulnerability
BugTraq ID: 28185
Remote: No
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with 
superuser privileges.  This will lead to the complete compromise of an affected 
computer.

This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms.  Other 
UNIX variants are most likely affected.  Microsoft Windows versions are not 
vulnerable to this issue.

7. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a denial-of-service vulnerability. 

Exploiting these issues will allow attackers to obtain sensitive information or 
crash the affected application, denying further service to legitimate users.

8. Microsoft Excel Conditional Formatting Values Remote Code Execution 
Vulnerability
BugTraq ID: 28170
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28170
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously 
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the 
privileges of the user running the application. This may facilitate a 
compromise of vulnerable computers.

9. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
BugTraq ID: 28168
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28168
Summary:
Microsoft Excel is prone to a heap-based buffer-overflow vulnerability. This 
issue occurs because the application fails to perform adequate boundary-checks 
on user-supplied data.

Attackers may exploit this issue by enticing victims into opening a maliciously 
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the 
privileges of the user running the application. This may facilitate a 
compromise of vulnerable computers.

10. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 28167
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28167
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously 
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the 
privileges of the user running the application. This may facilitate a 
compromise of vulnerable computers.

11. Microsoft Excel Style Record Remote Code Execution Vulnerability
BugTraq ID: 28166
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28166
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously 
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the 
privileges of the user running the application. This may facilitate a 
compromise of vulnerable computers.

12. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
BugTraq ID: 28154
Remote: Yes
Date Published: 2008-03-09
Relevant URL: http://www.securityfocus.com/bid/28154
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.

This issue arises in the SMTP server and may result in a crash of the affected service. 

This issue affects all versions of MailEnable Standard Edition, Professional 
Edition, and Enterprise Edition.

13. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the 
application fails to adequately validate user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary 
code with the privileges of the currently logged-in user. This will facilitate 
the remote compromise of affected computers.

14. Microsoft Office File Memory Corruption Vulnerability
BugTraq ID: 28146
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28146
Summary:
Microsoft Office is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Office file. 

Successfully exploiting this issue would allow the attacker to execute 
arbitrary code in the context of the currently logged-in user.

15. MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
BugTraq ID: 28145
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28145
Summary:
MailEnable is prone to multiple remote vulnerabilities in the IMAP service, 
including:

- Multiple buffer-overflow vulnerabilities.
- Multiple denial-of-service vulnerabilities due to a NULL-pointer exception.

An attacker may leverage these issues to execute arbitrary code in the context 
of the running application or to crash the application, causing a denial of 
service.

These issues affect MailEnable 3.13; other versions may also be vulnerable.

16. Microsoft Internet Explorer Combined JavaScript and XML Remote Information 
Disclosure Vulnerability
BugTraq ID: 28143
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28143
Summary:
Microsoft Internet Explorer is prone to a remote information-disclosure 
vulnerability because of a flaw in the interaction between JavaScript and XML 
processing in Internet Explorer.

To exploit this issue, an attacker must entice an unsuspecting user to visit a 
malicious website.

Successfully exploiting this issue allows remote attackers to gain access to 
the first line of arbitrary files located on computers running the vulnerable 
application.

17. SynCE 'vdccm' Daemon Remote Unspecified Denial Of Service Vulnerability
BugTraq ID: 28141
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28141
Summary:
SynCE 'vdccm' Daemon is prone to a denial-of-service vulnerability.

Remote attackers can exploit this issue to deny service to legitimate users.

This issue affects versions prior to SynCE 'vdccm' Daemon 0.10.1.

18. Microsoft Office Web Components ActiveX Control DataSource Remote Code 
Execution Vulnerability
BugTraq ID: 28136
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28136
Summary:
Microsoft Office Web Components is prone to a remote code-execution 
vulnerability.

An attacker may exploit this issue by enticing victims into opening a 
maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary 
code in the context of the application using the ActiveX control (typically 
Internet Explorer). Failed exploit attempts will likely result in 
denial-of-service conditions.

19. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code 
Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution 
vulnerability.

An attacker may exploit this issue by enticing victims into opening a 
maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary 
code in the context of the application using the ActiveX control (typically 
Internet Explorer). Failed exploit attempts will likely result in 
denial-of-service conditions.

20. Microsoft March 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 28124
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28124
Summary:
Microsoft has released advance notification that the vendor will be releasing 
four security bulletins on March 11, 2008. The highest severity rating for 
these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to 
compromise affected computers.

Individual records for these issues will be created when the bulletins are 
released.

21. Ruby WEBrick Remote Directory Traversal and Information Disclosure 
Vulnerabilities
BugTraq ID: 28123
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28123
Summary:
Ruby's WEBrick server is prone to remote directory-traversal and 
information-disclosure vulnerabilities.

Successfully exploiting these issues allows remote attackers to access the 
contents of arbitrary files. Information harvested may aid in further attacks.

These issues affect only operating systems that allow backslash (\) characters 
as path separators and operating systems that use case-insensitive filenames. 
This exposes Microsoft Windows and Apple Mac OS X operating systems to attack.

22. ICQ Toolbar 'toolbaru.dll' ActiveX Control 'GetPropertyById' Remote Denial 
of Service Vulnerability
BugTraq ID: 28118
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28118
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service 
vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in 
Internet Explorer or other applications that use the vulnerable ActiveX control.

This issue affects ICQ Toolbar 2.3; other versions may also be affected.

23. Microsoft Excel Import Remote Code Execution Vulnerability
BugTraq ID: 28095
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28095
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously 
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the 
privileges of the user running the application. This may facilitate a 
compromise of vulnerable computers.

24. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously 
crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the 
privileges of the user running the application. This may facilitate a 
compromise of vulnerable computers.

25. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote 
Vulnerability
BugTraq ID: 28087
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28087
Summary:
Microsoft Jet Database Engine is prone to an unspecifed security vulnerability.

Remote attackers can exploit this issue to execute arbitrary machine code in 
the context of a user running the application. Successful exploits will 
compromise the affected application and possibly the underlying computer. 
Failed attacks will likely cause denial-of-service conditions.

26. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service 
Vulnerability
BugTraq ID: 28086
Remote: Yes
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28086
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service 
vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in 
Internet Explorer or other applications that use the vulnerable ActiveX control.

This issue affects ICQ Toolbar 2.3 Beta; other versions may also be affected.

27. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
BugTraq ID: 28081
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28081
Summary:
Timbuktu Pro is prone to an arbitrary-file-upload vulnerability and a 
vulnerability that allows attackers to disrupt the logging of events.

An attacker can exploit these issues to upload arbitrary files and prevent the 
logging of events. This may lead to other attacks.

Timbuktu Pro 8.6.5 for Windows is vulnerable; other versions running on 
different platforms may also be affected.

The file-upload vulnerability may be related to BID 25453 (Motorola Timbuktu 
Pro Directory Traversal Vulnerability).

28. Borland StarTeam Multiple Remote Vulnerabilities
BugTraq ID: 28080
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28080
Summary:
Borland StarTeam is prone to multiple issues, including multiple 
integer-overflow vulnerabilities, a heap-overflow vulnerability, and a 
denial-of-service vulnerability.

Successfully exploiting these issues allows remote attackers to execute 
arbitrary machine code in the context of vulnerable server processes. These 
issues may facilitate the remote compromise of affected computers. Attackers 
may also trigger denial-of-service conditions.

NOTE: The StarTeam MPX vulnerabilities may actually be related to a TIBCO 
SmartSocket DLL, but this has not been confirmed. We may update this BID as 
more information emerges.

Borland StarTeam Server 2008 and MPX products are vulnerable to these issues; 
other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Temp directory is odd
http://www.securityfocus.com/archive/88/489429

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is sponsored by bMighty:

Is Vista Meeting Expectations? New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
www.bMighty.com
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #385, Rob Keith <=
Previous by Date:  Re: RE : Temp directory is odd, Geekwench
Next by Date:  Re: Temp directory is odd, eugeny gladkih
Previous by Thread:  Temp directory is odd, Lars
Next by Thread:  Compromised WinXP box prob, Mike Moratz-Coppins
Indexes:  [Date] [Thread] [Top] [All Lists]