SecurityFocus Microsoft Newsletter #264

Wed, 09 Nov 2005 07:34:36 -0800 

SecurityFocus Microsoft Newsletter #264
----------------------------------------

This Issue is Sponsored By: CipherTrust

CipherTrust Products have been nominated! Please Vote in the SC
Magazine Awards.
IronMail Gateway - Best E-Mail Security
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=7&Sub_ID=2&Prod_ID=122
IronMail Gateway - Best Anti-Spam
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=5&Sub_ID=2&Prod_ID=87

------------------------------------------------------------------
I.   FRONT AND CENTER
      1. Automatic graylisting of unwanted software
      2. Windows rootkits in 2005, part one
II.  MICROSOFT VULNERABILITY SUMMARY
      1. Invision Gallery Index.PHP SQL Injection Vulnerability
      2. PHP PHPInfo Cross-Site Scripting Vulnerability
      3. IOFTPD Username Enumeration Vulnerability
4. Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability 5. RhinoSoft Serv-U FTP Server Unspecified Denial of Service Vulnerability 
      6. Glider Collect'N Kill Remote Buffer Overflow Vulnerability
      7. Battle Carry Remote Denial of Service Vulnerability
      8. F-Secure Web Console Directory Traversal Vulnerability
      9. Invision Gallery Image Upload HTML Injection Vulnerability
      10. Scorched 3D Multiple Vulnerabilities
      11. vBulletin Image Upload HTML Injection Vulnerability
12. Microsoft November Advance Notification Unspecified Security Vulnerabilities 13. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability 14. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability 15. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability 
      16. IBM Lotus Domino Multiple Vulnerabilities
      17. PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
18. Jed Wing CHM Lib LZX Decompression Method Buffer Overflow Vulnerability 
      19. Zone Labs Zone Alarm Advance Program Control Bypass Weakness
      20. PHPList Multiple Input Validation Vulnerabilities
21. Microsoft Windows Graphics Rendering Engine WMF/EMF Format Code Execution Vulnerability 22. Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability 
III. MICROSOFT FOCUS LIST SUMMARY
      1. SecurityFocus Microsoft Newsletter #263
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Automatic graylisting of unwanted software
By Dr. Todd Brennan
In the race to secure endpoint systems, a new approach known as automatic graylisting can give administrators control over unwanted software installed on end user systems. 
http://www.securityfocus.com/columnists/367

2. Windows rootkits in 2005, part one
By James Butler, Sherri Sparks
This three-part article series looks at Windows rootkits indepth. Part one discusses what a rootkit is and what makes them so dangerous, by looking at various modes of execution and how they talk to the Windows kernel. 
http://www.securityfocus.com/infocus/1850


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Invision Gallery Index.PHP SQL Injection Vulnerability
BugTraq ID: 15240
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15240
Summary:
Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

2. PHP PHPInfo Cross-Site Scripting Vulnerability
BugTraq ID: 15248
Remote: Yes
Date Published: 2005-10-31
Relevant URL: http://www.securityfocus.com/bid/15248
Summary:
PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

3. IOFTPD Username Enumeration Vulnerability
BugTraq ID: 15253
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15253
Summary:
ioFTPD is prone to a username enumeration vulnerability. This issue is due to a design error in the application when verifying user-supplied input. Attackers may exploit this vulnerability to discern valid usernames. This may aid them in brute force password cracking, or other attacks.
4. Microsoft Internet Explorer Malformed HTML Parsing Denial of Service Vulnerability 
BugTraq ID: 15268
Remote: Yes
Date Published: 2005-11-01
Relevant URL: http://www.securityfocus.com/bid/15268
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability. This issue arises because the application fails to properly parse certain malformed HTML content.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.
Few details are available at this time; this BID will be updated as further information is disclosed. 

5. RhinoSoft Serv-U FTP Server Unspecified Denial of Service Vulnerability
BugTraq ID: 15273
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15273
Summary:
Serv-U FTP server is prone to an unspecified denial of service vulnerability. This issue is most likely due to a failure in the application to handle exceptional conditions.
Specific details regarding this issue are not currently available, this BID will be updated as more information becomes available.
An attacker can exploit this vulnerability to cause the server to crash, effectively denying service to legitimate users. 

6. Glider Collect'N Kill Remote Buffer Overflow Vulnerability
BugTraq ID: 15280
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15280
Summary:
Glider Connect'n Kill is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer.
An attacker can exploit this vulnerability to overflow a memory buffer, possibly resulting in a denial of service condition. Execution of arbitrary code may also be possible. 

7. Battle Carry Remote Denial of Service Vulnerability
BugTraq ID: 15282
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15282
Summary:
Battle Carry is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.
An attacker can exploit this vulnerability to crash the application, ultimately resulting in a denial of service to legitimate users. 

8. F-Secure Web Console Directory Traversal Vulnerability
BugTraq ID: 15284
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15284
Summary:
F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper are prone to a directory traversal vulnerability.
Reports indicate that the Web Console for the products can allow remote unauthorized attackers to view arbitrary files in the context of the application.
It should be noted that the Web Console for F-Secure Anti-Virus for Microsoft Exchange and F-Secure Internet Gatekeeper is configured by default to accept connections from localhost only. The remote threat only arises if the application has been configured to accept connections from elsewhere. The default configuration only poses a local threat. 

9. Invision Gallery Image Upload HTML Injection Vulnerability
BugTraq ID: 15286
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15286
Summary:
Invision Gallery is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser. 


10. Scorched 3D Multiple Vulnerabilities
BugTraq ID: 15292
Remote: Yes
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15292
Summary:
Scorched 3D is prone to multiple vulnerabilities. These issues include numerous buffer overflow, format string, denial of service and arbitrary code execution issues.
These issues are remote in nature and some vulnerabilities require successful authentication prior to exploitation. 

Scorched 3D 39.1 and prior versions are affected by these issues.

11. vBulletin Image Upload HTML Injection Vulnerability
BugTraq ID: 15296
Remote: Yes
Date Published: 2005-11-02
Relevant URL: http://www.securityfocus.com/bid/15296
Summary:
vBulletin is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser.
12. Microsoft November Advance Notification Unspecified Security Vulnerabilities 
BugTraq ID: 15300
Remote: Unknown
Date Published: 2005-11-03
Relevant URL: http://www.securityfocus.com/bid/15300
Summary:
Microsoft has released advanced notification for one security bulletin that will be released on November 8, 2005. 

This bulletin affects Microsoft Windows.

13. Clam Anti-Virus ClamAV TNEF File Handling Denial Of Service Vulnerability
BugTraq ID: 15316
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15316
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed TNEF files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service. 


14. Clam Anti-Virus ClamAV CAB File Handling Denial Of Service Vulnerability
BugTraq ID: 15317
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15317
Summary:
ClamAV is prone to a denial of service vulnerability. This is due to a failure in the application to handle malformed CAB files.
Exploitation could cause the application to enter an infinite loop, resulting in a denial of service. 


15. Clam Anti-Virus ClamAV FSG File Handling Buffer Overflow Vulnerability
BugTraq ID: 15318
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15318
Summary:
ClamAV is prone to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. 

This issue occurs when the application attempts to handle FSG files.
Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways. 

16. IBM Lotus Domino Multiple Vulnerabilities
BugTraq ID: 15321
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15321
Summary:
IBM Lotus Domino is prone to multiple vulnerabilities. Some of these issues can be exploited to trigger a crash, however, some unspecified issues with unknown impacts have also been identified. 

These issues affect Lotus Domino versions prior to 6.5.4 Fix Pack 2.

17. PunBB/Blog:CMS Image Upload HTML Injection Vulnerability
BugTraq ID: 15322
Remote: Yes
Date Published: 2005-11-04
Relevant URL: http://www.securityfocus.com/bid/15322
Summary:
PunBB and Blog:CMS are prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
This issue is only present when using the Microsoft Internet Explorer Web browser. 


18. Jed Wing CHM Lib LZX Decompression Method Buffer Overflow Vulnerability
BugTraq ID: 15338
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15338
Summary:
CHM lib is susceptible to a buffer overflow vulnerability.
Reports indicate that this issue affects the LZX decompression method. It is conjectured that the vulnerability is remote in nature and allows attackers to execute arbitrary machine code in the context of the application that utilizes the CHM lib library. Further details are not available at the moment. This BID will be updated when more information becomes available. 

19. Zone Labs Zone Alarm Advance Program Control Bypass Weakness
BugTraq ID: 15347
Remote: No
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15347
Summary:
Zone Labs Zone Alarm is prone to a weakness that permits the bypassing of the Advanced Program Control protection.
Reports indicate that applications can create a modal dialog box displaying HTML, which can then be redirected to a remote site.
This would allow a malicious program to bypass Advanced Program Control protection and send data to a remote attacker from a compromised computer.
It should be noted that this issue only presents itself if the Advanced Program Control setting has been enabled and the browser has been authorized to access the Internet. 

20. PHPList Multiple Input Validation Vulnerabilities
BugTraq ID: 15350
Remote: Yes
Date Published: 2005-11-07
Relevant URL: http://www.securityfocus.com/bid/15350
Summary:
PHPList is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly santize user-supplied input.
The application is prone to multiple cross-site scripting, HTTP injection, SQL injection and directory traversal vulnerabilities.
21. Microsoft Windows Graphics Rendering Engine WMF/EMF Format Code Execution Vulnerability 
BugTraq ID: 15352
Remote: Yes
Date Published: 2005-11-08
Relevant URL: http://www.securityfocus.com/bid/15352
Summary:
Microsoft Windows WMF/EMF graphics rendering engine is affected by a remote code execution vulnerability.
The problem presents itself when a user views a malicious WMF or EMF formatted file causing the affected engine to attempt to parse it. Exploitation of this issue can trigger an integer overflow that may facilitate heap memory corruption and arbitrary code execution.
Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Successful exploitation can facilitate a remote compromise or local privilege escalation.
22. Microsoft Windows Graphics Rendering Engine WMF Format Code Execution Vulnerability 
BugTraq ID: 15356
Remote: Yes
Date Published: 2005-11-08
Relevant URL: http://www.securityfocus.com/bid/15356
Summary:
Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability.
The problem presents itself when a user views a malicious WMF formatted file, triggering the vulnerability when the engine attempts to parse the file. A malicious file can cause an integer overflow that may facilitate heap memory corruption and arbitrary code execution.
Any code execution that occurs will be with SYSTEM privileges due to the nature of the affected engine. Successful exploitation can facilitate a remote compromise or local privilege escalation. 

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #263
http://www.securityfocus.com/archive/88/415444

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. 

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: CipherTrust

CipherTrust Products have been nominated! Please Vote in the SC
Magazine Awards.
IronMail Gateway - Best E-Mail Security
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=7&Sub_ID=2&Prod_ID=122
IronMail Gateway - Best Anti-Spam
http://www.scawards.com/vote4a.asp?Area_ID=1&Cat_ID=5&Sub_ID=2&Prod_ID=87





---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to