SecurityFocus Microsoft Newsletter #263

Wed, 02 Nov 2005 08:05:47 -0800 

SecurityFocus Microsoft Newsletter #263
----------------------------------------

Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130

------------------------------------------------------------------
I.   FRONT AND CENTER
      1. Balancing surveillance
II.  MICROSOFT VULNERABILITY SUMMARY
      1. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
      2. phpBB Avatar Upload HTML Injection Vulnerability
3. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability 
      4. Belchior Foundry VCard Remote File Include Vulnerability
5. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability 
      6. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
      7. Jed Wing CHM Lib _chm_find_in_PMGL Stack Buffer Overflow Vulnerability
      8. Invision Gallery Index.PHP SQL Injection Vulnerability
      9. PHP PHPInfo Cross-Site Scripting Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Invitation to Join the Collaborative Endpoint Security Project, sponsored by Core Security Technologies 
      2. New List - Beta-Announce
      3. SecurityFocus Microsoft Newsletter #262
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Balancing surveillance
By Scott Granneman
With camera and network surveillance now commonplace, and database abuse continuing to appear, how do we balance the positive side of security along with its potential for abuse? 
http://www.securityfocus.com/columnists/366


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15169
Summary:
phpMyAdmin is prone to a local file include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access. phpMyAdmin 2.6.4-pl2 and earlier versions are reported to be vulnerable. 


2. phpBB Avatar Upload HTML Injection Vulnerability
BugTraq ID: 15170
Remote: Yes
Date Published: 2005-10-22
Relevant URL: http://www.securityfocus.com/bid/15170
Summary:
phpBB is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser. 


3. Skype Technologies Skype Networking Routine Heap Overflow Vulnerability
BugTraq ID: 15192
Remote: Yes
Date Published: 2005-10-25
Relevant URL: http://www.securityfocus.com/bid/15192
Summary:
Skype is prone to a heap overflow vulnerability in its networking routines. Successful exploitation could result in a denial of service and remote machine code execution in the context of the affected application.
The vendor reports that this vulnerability has not been reproduced to execute arbitrary code, but the reporter of this issue states that they have successfully created proof of concept exploits against the Microsoft Windows and Linux client applications.
This issue affects Skype for Windows 1.4.*.83 and earlier, Skype for Mac OS X 1.3.*.16 and earlier, Skype for Linux 1.2.*.17 and earlier, and Skype for Pocket PC 1.1.*.6 and earlier. 


4. Belchior Foundry VCard Remote File Include Vulnerability
BugTraq ID: 15207
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15207
Summary:
vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

5. Microsoft Internet Explorer Java Applet Denial of Service Vulnerability
BugTraq ID: 15208
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15208
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. This issue only presents itself when the J2SE Java runtime environment is installed.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application. Microsoft Internet Explorer 6 SP2 is affected by this issue. 

6. Jed Wing CHM Lib Stack Buffer Overflow Vulnerability
BugTraq ID: 15211
Remote: Yes
Date Published: 2005-10-26
Relevant URL: http://www.securityfocus.com/bid/15211
Summary:
CHM lib is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check input data prior to copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of the application that utilizes the CHM lib library. 

This issue is present in versions 0.36 and prior of the library.

7. Jed Wing CHM Lib _chm_find_in_PMGL Stack Buffer Overflow Vulnerability
BugTraq ID: 15234
Remote: Yes
Date Published: 2005-10-28
Relevant URL: http://www.securityfocus.com/bid/15234
Summary:
CHM lib is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the library to properly bounds check input data prior to copying it into an insufficiently sized memory buffer.
This issue allows attackers to execute arbitrary machine code in the context of the application that utilizes the CHM lib library. 

This issue is present in versions 0.35; other versions may also be affected.

8. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 15240
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15240
Summary:
Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

9. PHP PHPInfo Cross-Site Scripting Vulnerability
BugTraq ID: 15248
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15248
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Invitation to Join the Collaborative Endpoint Security Project, sponsored by Core Security Technologies 
http://www.securityfocus.com/archive/88/415368

2. New List - Beta-Announce
http://www.securityfocus.com/archive/88/414948

3. SecurityFocus Microsoft Newsletter #262
http://www.securityfocus.com/archive/88/414828

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. 

V.   SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and network
based Intrusion Detection Systems, giving you a comprehensive view of your
computer or general network. Sign up today!

http://www.securityfocus.com/sponsor/Symantec_sf-news_041130





---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to