Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #390

from [Rob Keith] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #390
Date: Wed, 16 Apr 2008 16:58:13 -0600 
SecurityFocus Microsoft Newsletter #390
----------------------------------------

This issue is sponsored by Blackhat

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
      1.On the Border
      2.Catch Them if You can
II.  MICROSOFT VULNERABILITY SUMMARY
      1. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
      2. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow 
Vulnerability
      3. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
      4. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of 
Service Vulnerabilities
      5. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow 
Vulnerability
      6. Trillian DTD File XML Parser Buffer Overflow Vulnerability
      7. Symantec Altiris Deployment Solution AClient Password Disclosure 
Vulnerability
      8. Microsoft SharePoint Server Picture Source HTML Injection Vulnerability
      9. HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability
      10. Microsoft Internet Explorer Header Handling 'res://' Information 
Disclosure Vulnerability
      11. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote 
Buffer Overflow Vulnerability
      12. Microsoft Project Resource Memory Allocation Remote Code Execution 
Vulnerability
      13. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
      14. Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap 
Overflow Vulnerability
      15. Microsoft Windows GDI Stack Overflow Vulnerability
      16. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
      17. Microsoft Visio Object Header Remote Code Execution Vulnerability
      18. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation 
Vulnerability
      19. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
      20. Microsoft Internet Explorer Data Stream Handling Remote Code 
Execution Vulnerability
      21. Microsoft VBScript and JScript Scripting Engines Remote Code 
Execution Vulnerability
      22. Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with 
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through 
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or 
"National" as we locals call it. As I passed through the new magnetometer which gently 
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn 
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could 
"inspect" my laptop computer. While the inspection was cursory, the situation immediately 
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While 
many "breaches" consist of lost data or a stolen laptop, true breaches -- where 
a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
BugTraq ID: 28803
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28803
Summary:
ICQ is prone to a remote buffer-overflow vulnerability because the application 
fails to perform boundary checks before copying user-supplied data into 
sensitive process buffers.

A remote attacker may execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service. 

This issue affects ICQ 6 build 6043; other versions may also be vulnerable.

2. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28783
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28783
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data. 

Successful exploits of this vulnerability can allow remote attackers to execute 
arbitrary machine code in the context of applications using the vulnerable 
'libclamav' library. Failed exploit attempts will likely cause 
denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be 
affected.

NOTE: This BID is being retired because it is a duplicate of BID 28756.

3. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
BugTraq ID: 28775
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28775
Summary:
Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. 

This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected.

4. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of 
Service Vulnerabilities
BugTraq ID: 28759
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28759
Summary:
XM Easy Personal FTP Server is prone to multiple remote denial-of-service 
vulnerabilities.

These issues allow remote attackers to crash affected FTP servers, denying 
service to legitimate users. Given the nature of these issues, attackers may 
also be able to execute arbitrary code, but this has not been confirmed.

XM Easy Personal FTP Server 5.4.0 is vulnerable; other versions may also be 
affected.

5. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28756
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28756
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data. 

Successful exploits of this vulnerability can allow remote attackers to execute 
arbitrary machine code in the context of applications using the vulnerable 
'libclamav' library. Failed exploit attempts will likely cause 
denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be 
affected.

6. Trillian DTD File XML Parser Buffer Overflow Vulnerability
BugTraq ID: 28747
Remote: Yes
Date Published: 2008-04-11
Relevant URL: http://www.securityfocus.com/bid/28747
Summary:
Trillian is prone to a buffer-overflow vulnerability because it fails to 
perform adequate boundary checks on user-supplied input.

To exploit this issue, an attacker must entice an unsuspecting user to load a malicious '.dtd' file. Successfully exploiting this issue may allow remote attackers to execute arbitrary code with SYSTEM-level privileges. Failed exploit attempts will cause denial-of-service conditions. 

Trillian 3.1.9.0 Basic is vulnerable; other versions may also be affected.

7. Symantec Altiris Deployment Solution AClient Password Disclosure 
Vulnerability
BugTraq ID: 28707
Remote: No
Date Published: 2008-04-10
Relevant URL: http://www.securityfocus.com/bid/28707
Summary:
Symantec Altiris Deployment Solution AClient is prone to a local 
password-disclosure vulnerability because of a design error.

Exploiting this issue may allow a local attacker to access unencrypted 
passwords, potentially allowing them to access the application's administrative 
interface in an unauthorized manner. This can facilitate a complete compromise 
of affected computers.

This issue affects versions prior to Altiris Deployment Solution 6.9.164.

8. Microsoft SharePoint Server Picture Source HTML Injection Vulnerability
BugTraq ID: 28706
Remote: Yes
Date Published: 2008-04-09
Relevant URL: http://www.securityfocus.com/bid/28706
Summary:
Microsoft SharePoint Server is prone to an HTML-injection vulnerability because 
it fails to sufficiently sanitize user-supplied input data. Note that to 
perform attacks, an attacker requires access to a user account with sufficient 
privileges to edit pages.

Exploiting this issue may allow the attacker to execute HTML and script code in 
the context of the affected site, to steal cookie-based authentication 
credentials, or to control how the site is rendered to the user; other attacks 
are also possible.

Microsoft SharePoint Server 2.0 is vulnerable; other versions may also be 
affected.

9. HP OpenView Network Node Manager 'ovspmd' Buffer Overflow Vulnerability
BugTraq ID: 28689
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28689
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary 
code in the context of the Network Node Manager process. This facilitates the 
remote compromise of affected computers.

Network Node Manager 7.53 running on Microsoft Windows is affected by this 
issue; other versions and platforms may also be vulnerable.

10. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
BugTraq ID: 28667
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28667
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability. 

An attacker can exploit this issue to obtain potentially sensitive information 
from the local computer. Information obtained may aid in further attacks.

This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed. 

This issue may be related to the vulnerability discussed in BID 28581 
(Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability).

11. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer 
Overflow Vulnerability
BugTraq ID: 28662
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28662
Summary:
Tumbleweed SecureTransport is prone to a buffer-overflow vulnerability because 
it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of 
an application using the ActiveX control (typically Internet Explorer). Failed 
attacks will likely cause denial-of-service conditions.

12. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
BugTraq ID: 28607
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28607
Summary:
Microsoft Project is prone to a remote code-execution vulnerability. 

An attacker may exploit this issue to execute arbitrary code in the context of 
the affected application. Failed exploit attempts will likely result in 
denial-of-service conditions.

13. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 28606
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28606
Summary:
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption 
vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the 
context of the application using the ActiveX control (typically Internet 
Explorer). Successful exploits will compromise the application and possibly the 
underlying computer. Failed attacks will cause denial-of-service conditions.

14. Microsoft Windows GDI 'CreateDIBPatternBrushPt' Function Heap Overflow 
Vulnerability
BugTraq ID: 28571
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28571
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides 
in the GDI graphics library and can be triggered by a malformed EMF or WMF 
image file.

A successful exploit of this vulnerability can allow a remote attacker to 
completely compromise the affected computer.

15. Microsoft Windows GDI Stack Overflow Vulnerability
BugTraq ID: 28570
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28570
Summary:
Microsoft Windows is prone to a stack-based overflow vulnerability that resides 
in the GDI graphics library and can be triggered by a malformed EMF image file.

 A successful exploit of this vulnerability can allow a remote attacker to 
completely compromise the affected computer.

16. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
BugTraq ID: 28556
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28556
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it 
fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of 
the user running the application. Failed exploit attempts will result in a  
denial-of-service condition.

17. Microsoft Visio Object Header Remote Code Execution Vulnerability
BugTraq ID: 28555
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28555
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it 
fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of 
the user running the application. Failed exploit attempts will result in a  
denial-of-service condition.

18. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
BugTraq ID: 28554
Remote: No
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28554
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability. 

The vulnerability resides in the Windows kernel. A locally logged-in user can 
exploit this issue to gain kernel-level access to the operating system.

19. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
BugTraq ID: 28553
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28553
Summary:
Microsoft Windows operating systems are prone to a vulnerability that lets 
attackers spoof DNS clients. This issue occurs because the software fails to 
employ properly secure random numbers when creating DNS transaction IDs.

Successfully exploiting this issue allows remote attackers to spoof DNS 
replies, allowing them to redirect network traffic and to launch 
man-in-the-middle attacks.

20. Microsoft Internet Explorer Data Stream Handling Remote Code Execution 
Vulnerability
BugTraq ID: 28552
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability 
because it fails to adequately handle certain user-supplied data.

Attackers can leverage this issue to execute arbitrary code with the privileges 
of the application. Successful exploits will compromise affected computers. 
Failed attacks may cause denial-of-service conditions.

21. Microsoft VBScript and JScript Scripting Engines Remote Code Execution 
Vulnerability
BugTraq ID: 28551
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28551
Summary:
Microsoft VBScript and JScript are prone to a remote code-execution 
vulnerability because they fail to adequately handle user-supplied input.

Attackers can leverage this issue by enticing an unsuspecting user to view a 
malicious web document. Successful exploits would allow arbitrary code to run 
with the privileges of the victim.

These versions are affected:

VBScript 5.6 and earlier JScript 5.6 and earlier

22. Autonomy KeyView Module Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 28454
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28454
Summary:
Autonomy KeyView module is prone to multiple stack- and heap-based 
buffer-overflow vulnerabilities because it fails to perform adequate boundary 
checks on user-supplied data before copying it to insufficiently sized buffers.

Exploiting these issues will allow an attacker to corrupt memory and to cause 
denial-of-service conditions or potentially to execute arbitrary code in the 
context of the application using the module.

Multiple products using the KeyView module are affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is sponsored by Blackhat

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. www.blackhat.com


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #390, Rob Keith <=
Previous by Date:  SecurityFocus Microsoft Newsletter #389, Rob Keith
Next by Date:  SecurityFocus Microsoft Newsletter #391, Rob Keith
Previous by Thread:  SecurityFocus Microsoft Newsletter #389, Rob Keith
Next by Thread:  SecurityFocus Microsoft Newsletter #391, Rob Keith
Indexes:  [Date] [Thread] [Top] [All Lists]