Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SecurityFocus Microsoft Newsletter #391

from [Rob Keith] Network Security [Permanent Link]
Subject: SecurityFocus Microsoft Newsletter #391
Date: Wed, 23 Apr 2008 13:44:17 -0600 
SecurityFocus Microsoft Newsletter #391

----------------------------------------

This issue is sponsored by HP

Top 10 security vulnerabilities in .NET configuration files: are your web 
applications vulnerable?
Even the smallest opening in your web application layer can grant full access 
to an intruder. A hacker armed with nothing more than a web browser and 
knowledge of basic programming techniques can steal your most sensitive 
information by taking advantage of openings that exist in the the web server, 
application configuration and source code. This free white paper, from HP 
Software, discusses the 10 most common .NET application configuration mistakes, 
the devastating effects those mistakes can have as well as best practices for 
managing configuration files to prevent attacks.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14532&jumpid=ex_r11374_us/en/large/tsg/Top10_Security_Vulnerabilities_WP_Newsletter/3-1A4COJW_3-ULBT8Q/20080429&origin_id=3-1A4COJW


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying 
topics of interest for our community. We are proud to offer content from 
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I.   FRONT AND CENTER
      1.Just Who's Being Exploited?
      2.On the Border
II.  MICROSOFT VULNERABILITY SUMMARY
      1. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing 
Vulnerabilities
      2. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
      3. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow 
Vulnerability
      4. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
      5. IBM DB2 Universal Database ADMIN_SP_C and ADMIN_SP_C2 Prodecures 
Remote Code Execution Vulnerability
      6. IBM DB2 'NNSTAT' Procedure Arbitrary File Overwrite Vulnerability
      7. IBM DB2 Universal Database JAR File Processing Multiple Denial of 
Service Vulnerabilities
      8. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation 
Vulnerability
      9. ImageMagick Malformed PCX File Heap Overflow Vulnerability
      10. ImageMagick Malformed XCF File Heap Overflow Vulnerability
      11. Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code 
Execution Vulnerability
      12. Apple Safari WebKit JavaScript Regular Expression Repetition Counts 
Buffer Overflow Vulnerability
      13. Apple Safari WebKit URI Handling Cross-Site Scripting Vulnerability
      14. Apple Safari File Download Remote Memory Corruption Vulnerability
      15. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
      16. ClamAV 'libclamav/pe.c' WWPACK File Heap Based Buffer Overflow 
Vulnerability
      17. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer 
Overflow Vulnerability
      18. Nero MediaHome NMMediaServer.EXE Remote Denial of Service 
Vulnerability
      19. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial 
of Service Vulnerabilities
      20. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow 
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
      1. SecurityFocus Microsoft Newsletter #390
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a 
new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege 
of being the exclusive licensor of a heretofore unpublished vulnerability in 
Apple's Safari web browser to researcher, Charles Miller of Independent 
Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with 
my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through 
security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or 
"National" as we locals call it. As I passed through the new magnetometer which gently 
puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn 
Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could 
"inspect" my laptop computer. While the inspection was cursory, the situation immediately 
gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing 
Vulnerabilities
BugTraq ID: 28891
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28891
Summary:
Apple Safari is prone to multiple remote vulnerabilities, including:

- A denial-of-service vulnerability caused by a write-access violation. - A denial-of-service vulnerability caused by a read-access violation.
- A vulnerability that allows attackers to spoof the content contained in the address bar. 

An attacker can exploit these issues to crash the affected application or cause 
the victim to interact with the attacker's malicious site.

This issue affects Apple Safari 3.1.1 for Windows; other versions may also be 
affected.

2. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 28890
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28890
Summary:
Foxit Reader is prone to two remote memory-corruption vulnerabilities because 
it fails to handle specially crafted PDF files.

Remote attackers may be able to execute code, but this has not been confirmed. Failed exploit attempts will crash the application, denying service to legitimate users.
Foxit Reader 2.2 is vulnerable; other versions may also be affected.

3. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28882
Remote: Yes
Date Published: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28882
Summary:
Microsoft 'HeartbeatCtl' ActiveX control is prone to a remote buffer-overflow 
vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the 
context of the application using the ActiveX control (typically Internet 
Explorer). Successful exploits will compromise the application and possibly the 
underlying computer. Failed attacks will cause denial-of-service conditions.

4. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28858
Remote: Yes
Date Published: 2008-04-19
Relevant URL: http://www.securityfocus.com/bid/28858
Summary:
SubEdit Player is prone to a buffer-overflow vulnerability because it fails to 
perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of 
the application. Failed attacks will cause denial-of-service conditions.

The issue affects SubEdit Player Build 4066; other versions may also be 
affected.

5. IBM DB2 Universal Database ADMIN_SP_C and ADMIN_SP_C2 Prodecures Remote Code 
Execution Vulnerability
BugTraq ID: 28843
Remote: Yes
Date Published: 2008-04-18
Relevant URL: http://www.securityfocus.com/bid/28843
Summary:
IBM DB2 is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code within the context 
of the affected service. Successfully exploiting this issue may facilitate in 
the remote compromise of affected computers. Failed exploit attempts will 
likely crash the affected application.

6. IBM DB2 'NNSTAT' Procedure Arbitrary File Overwrite Vulnerability
BugTraq ID: 28836
Remote: No
Date Published: 2008-04-18
Relevant URL: http://www.securityfocus.com/bid/28836
Summary:
IBM DB2 is prone to a vulnerability that lets attackers overwrite arbitrary 
files.

An attacker can exploit this issue to execute arbitrary code within the context 
of the affected application. Successfully exploiting this issue will compromise 
the application and possibly the underlying computer.

7. IBM DB2 Universal Database JAR File Processing Multiple Denial of Service 
Vulnerabilities
BugTraq ID: 28835
Remote: Yes
Date Published: 2008-04-18
Relevant URL: http://www.securityfocus.com/bid/28835
Summary:
IBM DB2 Universal Database is prone to multiple denial-of-service 
vulnerabilities.

Successfully exploiting these issues allows authenticated attackers to cause 
server crashes, denying service to legitimate users.

IBM DB2 Universal Database 8, 9, and 9.5 on Microsoft Windows platforms are 
affected.

8. Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation 
Vulnerability
BugTraq ID: 28833
Remote: No
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28833
Summary:
Microsoft Windows is prone to a privilege-escalation vulnerability.

Successful exploits may allow authenticated users to elevate their privileges 
to LocalSystem. This facilitates the complete compromise of affected computers.

The issue affects Microsoft Windows XP Professional SP2 and all versions and 
editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

9. ImageMagick Malformed PCX File Heap Overflow Vulnerability
BugTraq ID: 28822
Remote: Yes
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28822
Summary:
ImageMagick is prone to an heap-based buffer-overflow vulnerability because it 
fails to properly bounds-check user-supplied input. The vulnerability occurs 
when handling malformed PCX files.

Successfully exploiting this issue allows attackers to execute arbitrary code 
with the privileges of a user running the application. Failed exploit attempts 
will result in a denial-of-service condition.

ImageMagick 6.2.8-0 and 6.2.4-5 are vulnerable; other versions may also be 
affected.

10. ImageMagick Malformed XCF File Heap Overflow Vulnerability
BugTraq ID: 28821
Remote: Yes
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28821
Summary:
ImageMagick is prone to a heap-based buffer-overflow vulnerability because it 
fails to properly bounds-check user-supplied input. The vulnerability occurs 
when handling malformed XCF files.

Successfully exploiting this issue allows attackers to execute arbitrary code 
with the privileges of a user running the application. Failed exploit attempts 
will result in a denial-of-service condition.

ImageMagick 6.2.8-0 and earlier are vulnerable.

11. Microsoft Works 7 'WkImgSrv.dll' ActiveX Control Remote Code Execution 
Vulnerability
BugTraq ID: 28820
Remote: Yes
Date Published: 2008-04-17
Relevant URL: http://www.securityfocus.com/bid/28820
Summary:
Microsoft Works 7 'WkImgSrv.dll' ActiveX control is prone to a remote 
code-execution vulnerability because it fails to sufficiently verify 
user-supplied input.

An attacker can exploit this issue to run arbitrary attacker-supplied code in 
the context of the currently logged-in user. Failed exploits attempts will 
trigger denial-of-service conditions.

This issue affects Microsoft Works 7 'WkImgSrv.dll' ActiveX control 7.03.0616; 
other versions may also be vulnerable.

12. Apple Safari WebKit JavaScript Regular Expression Repetition Counts Buffer Overflow Vulnerability
BugTraq ID: 28815
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28815
Summary:
Apple Safari is prone to a buffer-overflow vulnerability. 

Attackers may exploit this issue to execute arbitrary code or to crash the 
affected application. Other attacks are also possible.

This issue affects versions prior to Apple Safari 3.1.1 running on the 
following platforms:

Mac OS X v10.4.11
Mac OS X Server v10.4.11
Mac OS X v10.5.2
Mac OS X Server v10.5.2
Windows XP
Windows Vista

13. Apple Safari WebKit URI Handling Cross-Site Scripting Vulnerability
BugTraq ID: 28814
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28814
Summary:
Apple Safari WebKit is prone to a cross-site scripting vulnerability because it 
fails to properly sanitize user-supplied input.

Attackers may leverage this issue to execute arbitrary script code in the 
browser of an unsuspecting user in the context of the affected site. This may 
allow attackers to steal cookie-based authentication credentials and to launch 
other attacks.

This issue affects versions prior to Apple Safari 3.1.1 running on the 
following platforms:

Mac OS X 10.4.11 Mac OS X 10.5.2
Windows XP
Windows Vista.

14. Apple Safari File Download Remote Memory Corruption Vulnerability
BugTraq ID: 28813
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28813
Summary:
Apple Safari is prone to a remote memory-corruption vulnerability that occurs 
when downloading malicious files.

An attacker can exploit this issue to execute arbitrary code within the context 
of the affected application. Failed exploit attempts will result in a 
denial-of-service condition.

This issue affects versions prior to Apple Safari 3.1.1 running on Microsoft 
Windows XP and Windows Vista.

NOTE: This vulnerability may be related to the issue described in BID 28404 
(Apple Safari File Download Remote Denial of Service Vulnerability).

15. ICQ 'Personal Status Manager' Remote Buffer Overflow Vulnerability
BugTraq ID: 28803
Remote: Yes
Date Published: 2008-04-16
Relevant URL: http://www.securityfocus.com/bid/28803
Summary:
ICQ is prone to a remote buffer-overflow vulnerability because the application 
fails to perform boundary checks before copying user-supplied data into 
sensitive process buffers.

A remote attacker may execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial of service. 

This issue affects ICQ 6 build 6043; other versions may also be vulnerable.

16. ClamAV 'libclamav/pe.c' WWPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28798
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28798
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data. 

Successful exploits of this vulnerability can allow remote attackers to execute 
arbitrary machine code in the context of applications using the vulnerable 
'libclamav' library. Failed exploit attempts will likely cause 
denial-of-service conditions.

ClamAV 0.92.1 is vulnerable to this issue; other versions may also be affected.

17. RETIRED: ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28783
Remote: Yes
Date Published: 2008-04-15
Relevant URL: http://www.securityfocus.com/bid/28783
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data. 

Successful exploits of this vulnerability can allow remote attackers to execute 
arbitrary machine code in the context of applications using the vulnerable 
'libclamav' library. Failed exploit attempts will likely cause 
denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be 
affected.

NOTE: This BID is being retired because it is a duplicate of BID 28756.

18. Nero MediaHome NMMediaServer.EXE Remote Denial of Service Vulnerability
BugTraq ID: 28775
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28775
Summary:
Nero MediaHome is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users. 

This issue affects Nero MediaHome 3.3.3.0. Other versions may also be affected.

19. XM Easy Personal FTP Server 'PORT and 'XCWD' Multiple Remote Denial of 
Service Vulnerabilities
BugTraq ID: 28759
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28759
Summary:
XM Easy Personal FTP Server is prone to multiple remote denial-of-service 
vulnerabilities.

These issues allow remote attackers to crash affected FTP servers, denying 
service to legitimate users. Given the nature of these issues, attackers may 
also be able to execute arbitrary code, but this has not been confirmed.

XM Easy Personal FTP Server 5.4.0 is vulnerable; other versions may also be 
affected.

20. ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability
BugTraq ID: 28756
Remote: Yes
Date Published: 2008-04-14
Relevant URL: http://www.securityfocus.com/bid/28756
Summary:
ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data. 

Successful exploits of this vulnerability can allow remote attackers to execute 
arbitrary machine code in the context of applications using the vulnerable 
'libclamav' library. Failed exploit attempts will likely cause 
denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be 
affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #390
http://www.securityfocus.com/archive/88/490993

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email listadmin@securityfocus.com and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is sponsored by HP

Top 10 security vulnerabilities in .NET configuration files: are your web 
applications vulnerable?
Even the smallest opening in your web application layer can grant full access 
to an intruder. A hacker armed with nothing more than a web browser and 
knowledge of basic programming techniques can steal your most sensitive 
information by taking advantage of openings that exist in the the web server, 
application configuration and source code. This free white paper, from HP 
Software, discusses the 10 most common .NET application configuration mistakes, 
the devastating effects those mistakes can have as well as best practices for 
managing configuration files to prevent attacks.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=bto&cp=54_4012_100__&caid=14532&jumpid=ex_r11374_us/en/large/tsg/Top10_Security_Vulnerabilities_WP_Newsletter/3-1A4COJW_3-ULBT8Q/20080429&origin_id=3-1A4COJW



[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SecurityFocus Microsoft Newsletter #391, Rob Keith <=
Previous by Date:  SecurityFocus Microsoft Newsletter #390, Rob Keith
Previous by Thread:  SecurityFocus Microsoft Newsletter #390, Rob Keith
Indexes:  [Date] [Thread] [Top] [All Lists]