SecurityFocus Microsoft Newsletter #274

Tue, 17 Jan 2006 17:59:40 -0800 

SecurityFocus Microsoft Newsletter #274
----------------------------------------

This Issue is Sponsored By: SpiDynamics
ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities. 

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003P6V

------------------------------------------------------------------
I.   FRONT AND CENTER
     1. Wiretapping, FISA, and the NSA
     2. Sebek 3: tracking the attackers, part one
II.  MICROSOFT VULNERABILITY SUMMARY
      1. NetSarang XLPD Remote Denial of Service Vulnerability
2. Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities 
      3. Microsoft Excel Unspecified Code Execution Vulnerability
4. Clam Anti-Virus ClamAV UPX Compressed File Heap Buffer Overflow Vulnerability 
      5. Microsoft Windows Embedded Web Font Buffer Overflow Vulnerability
6. Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code Execution Vulnerability 
      7. PostgreSQL Postmaster Denial Of Service Vulnerability
8. Apple QuickTime PictureViewer JPEG/PICT File Buffer Overflow Vulnerability 9. eStara Softphone SIP SDP Data Packet Remote Buffer Overflow Vulnerability 10. Microsoft Visual Studio UserControl Remote Code Execution Vulnerability 11. Toshiba Bluetooth Stack Object Push Service File Upload Directory Traversal Vulnerability 
      12. Helmsman HomeFtp Remote Denial Of Service Vulnerability
13. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability 14. AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow Vulnerability 
      15. AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability
      16. WehnTrust Path Specification Local Privilege Escalation Vulnerability
      17. Mozilla Thunderbird File Attachment Spoofing Vulnerability
      18. EMC Legato Networker Multiple Remote Vulnerabilities
      19. Antiword Insecure Temporary File Creation Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
      1. Windows wireless flaw...
      2. SecurityFocus Microsoft Newsletter #273
      3. How to disable interactive logon for service accounts on W2K and W2K3
      4. Different side of the problem (was)  New article on SecurityFocus
      5. patching servers...
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Wiretapping, FISA, and the NSA
By Mark Rasch
U.S. wiretapping laws, FISA and Presidential powers given to the NSA to intercept communications make for interesting times when coupled with technology. What are the issues surrounding privacy, search, seizure and surveillance? 
http://www.securityfocus.com/columnists/379

2. Sebek 3: tracking the attackers, part one
By Raul Siles, GSE
The first of this two-part series will discuss what Sebek is and what makes it so interesting, first by looking at the new capabilities of version 3 and how it integrates with GenIII Honeynet infrastructures. 
http://www.securityfocus.com/infocus/1855


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. NetSarang XLPD Remote Denial of Service Vulnerability
BugTraq ID: 16164
Remote: Yes
Date Published: 2006-01-07
Relevant URL: http://www.securityfocus.com/bid/16164
Summary:
Xlpd is prone to a remote denial of service vulnerability. This issue is due to a failure in the application to handle exceptional conditions.
A remote attacker can exploit this issue to crash the affected application effectively denying service to legitimate users.
This issue is reported to affect Xlpd version 2.1; other versions may also be vulnerable.
2. Microsoft Windows Graphics Rendering Engine Multiple Memory Corruption Vulnerabilities 
BugTraq ID: 16167
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16167
Summary:
Microsoft Windows WMF graphics rendering engine is affected by multiple memory corruption vulnerabilities. These issues affect the 'ExtCreateRegion' and 'ExtEscape' functions.
These problems present themselves when a user views a malicious WMF formatted file containing specially crafted data.
Reports indicate that these issues lead to a denial of service condition. Earlier conjectures that the issues may result in the execution of arbitrary code appear at this point to be incorrect. Attackers could force a crash or restart of the viewing application. 

3. Microsoft Excel Unspecified Code Execution Vulnerability
BugTraq ID: 16181
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16181
Summary:
Microsoft Excel is susceptible to an unspecified code execution vulnerability. The issue presents itself when Microsoft Excel attempts to process malformed or corrupted XLS files.
Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application.
This BID will be updated as further information is disclosed. This issue is not believed to be related to the ones described in BID 15926 (Microsoft Excel Unspecified Memory Corruption Vulnerabilities).
4. Clam Anti-Virus ClamAV UPX Compressed File Heap Buffer Overflow Vulnerability 
BugTraq ID: 16191
Remote: Yes
Date Published: 2006-01-09
Relevant URL: http://www.securityfocus.com/bid/16191
Summary:
ClamAV is prone to a heap buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to an insufficiently sized memory buffer. 

This issue occurs when the application attempts to handle compressed UPX files.
Exploitation of this issue could allow attacker-supplied machine code to be executed in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways. 

5. Microsoft Windows Embedded Web Font Buffer Overflow Vulnerability
BugTraq ID: 16194
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16194
Summary:
Microsoft Windows is susceptible to a remotely exploitable buffer overflow vulnerability. This issue is due to a failure of the software to properly bounds check user-supplied input prior to copying it to an insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer.
6. Microsoft Outlook / Microsoft Exchange TNEF Decoding Remote Code Execution Vulnerability 
BugTraq ID: 16197
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16197
Summary:
Microsoft Exchange Server and Outlook email clients are prone to a remote code execution vulnerability. This vulnerability presents itself when the applications decode a message containing a specially crafted TNEF MIME attachment. Successful exploitation may result in arbitrary code execution facilitating a remote compromise.
An attack against Microsoft Exchange Server could lead to a SYSTEM level remote compromise, while attacks against Outlook would result in arbitrary code execution in the context of the current user. 


7. PostgreSQL Postmaster Denial Of Service Vulnerability
BugTraq ID: 16201
Remote: Yes
Date Published: 2006-01-10
Relevant URL: http://www.securityfocus.com/bid/16201
Summary:
PostgreSQL is prone to a denial of service vulnerability. This issue is due to a failure in the application to properly handle exceptional conditions.
A remote attacker can exploit this issue to crash the postmaster service, thus denying future connections until the service is manually restarted. 

This issue only affects PostgreSQL for Microsoft Windows.

8. Apple QuickTime PictureViewer JPEG/PICT File Buffer Overflow Vulnerability
BugTraq ID: 16212
Remote: Yes
Date Published: 2006-01-11
Relevant URL: http://www.securityfocus.com/bid/16212
Summary:
Apple QuickTime is prone to a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data before copying it to finite sized process buffers.
An attacker may be able to exploit this issue to execute arbitrary machine code in the context of the affected application; this has not been confirmed. Unsuccessful exploitation attempts will most likely result in a crash of the application.
This issue affects QuickTime versions 6.5.2 and 7.0.3; other versions may also be vulnerable. Version 7.0.4 may also be vulnerable, this has not been confirmed.
This issue may have previously been discussed in BID 16202 (Apple QuickTime Multiple Code Execution Vulnerabilities). 

9. eStara Softphone SIP SDP Data Packet Remote Buffer Overflow Vulnerability
BugTraq ID: 16213
Remote: Yes
Date Published: 2006-01-11
Relevant URL: http://www.securityfocus.com/bid/16213
Summary:
A remote buffer overflow vulnerability affects eStara Softphone. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the vulnerable application. This may facilitate unauthorized access or privilege escalation.
eStara Softphone versions 3.0.1.14, and 3.0.1.46 are vulnerable to this issue; other versions may also be affected. 

10. Microsoft Visual Studio UserControl Remote Code Execution Vulnerability
BugTraq ID: 16225
Remote: Yes
Date Published: 2006-01-12
Relevant URL: http://www.securityfocus.com/bid/16225
Summary:
Microsoft Visual Studio is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a design flaw that executes code contained in a project file without first notifying users.
This issue allows attackers to execute arbitrary code in the context of the user viewing a malicious project file. As viewing a project file is usually considered to be a safe operation, users may have a false sense of security by attempting to inspect unknown code prior to compiling or executing it.
This vulnerability may be remotely exploited due to project files originating from untrusted sources.
Visual Studio 2005 is reportedly vulnerable to this issue; other versions may also be affected.
11. Toshiba Bluetooth Stack Object Push Service File Upload Directory Traversal Vulnerability 
BugTraq ID: 16236
Remote: Yes
Date Published: 2006-01-13
Relevant URL: http://www.securityfocus.com/bid/16236
Summary:
Toshiba Bluetooth Stack is prone to directory traversal attacks during Bluetooth file uploads. The issue exists in the Object Push Service.
This vulnerability may allow an attacker to upload malicious files to arbitrary locations on affected computers over Bluetooth. An attacker can take advantage of the issue to execute arbitrary code by uploading executables to a location on the computer where they will later be executed. 

12. Helmsman HomeFtp Remote Denial Of Service Vulnerability
BugTraq ID: 16238
Remote: Yes
Date Published: 2006-01-14
Relevant URL: http://www.securityfocus.com/bid/16238
Summary:
Helmsman HomeFtp is prone to a remote denial of service vulnerability. Successfully authentication is required to exploit this issue. 

A remote attacker may exploit this issue to deny service for legitimate users.
13. Microsoft Internet Explorer Malformed IMG and XML Parsing Denial of Service Vulnerability 
BugTraq ID: 16240
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16240
Summary:
Microsoft Internet Explorer is affected by a denial of service vulnerability.
This issue presents itself when the browser handles a specially crafted IMG element in a malformed XML block.
An attacker may exploit this issue by enticing a user to visit a malicious site resulting in a denial of service condition in the application.
14. AmbiCom Blue Neighbors Bluetooth Stack Object Push Buffer Overflow Vulnerability 
BugTraq ID: 16258
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16258
Summary:
AmbiCom Blue Neighbors Bluetooth stack is prone to a buffer overflow vulnerability. The issue exists in the Object Push Service.
This issue allows remote attackers to execute arbitrary code in the context of the vulnerable application. Failed exploitation attempts likely result in the application or device crashing. 

15. AOL You've Got Pictures ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 16262
Remote: Yes
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16262
Summary:
AOL You've Got Pictures ActiveX control is prone to a buffer overflow vulnerability.
It is possible to invoke the object from a malicious Web page to trigger the condition. If the vulnerability were successfully exploited, this would result in a denial of service due to a runtime error in the affected module that causes the running instance of the client application that the object is invoked through (typically Internet Explorer) to crash. It may also be possible to exploit the condition to corrupt process memory, resulting in arbitrary code execution. Arbitrary code would be executed in the context of the client application.
The affected ActiveX control was distributed in various versions of AOL Client Software, and on the You've Got Pictures Web site prior to 2004. 

16. WehnTrust Path Specification Local Privilege Escalation Vulnerability
BugTraq ID: 16268
Remote: No
Date Published: 2006-01-16
Relevant URL: http://www.securityfocus.com/bid/16268
Summary:
Wehnus WehnTrust is prone to a vulnerability that could allow an arbitrary file to be executed.
The application adds a registry key to automatically start a service upon computer restarts without using properly quoted paths. Successful exploitation may allow local attackers to gain elevated privileges. Specific version information about affected versions of WehnTrust is unavailable at this time. This BID will be updated as further information is disclosed. 

17. Mozilla Thunderbird File Attachment Spoofing Vulnerability
BugTraq ID: 16271
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16271
Summary:
Mozilla Thunderbird is prone to a file attachment spoofing vulnerability. Successful exploitation may allow attackers to place malicious files on a user's computer by tricking users into saving seemingly safe attachments. If the user subsequently opens the file, this vulnerability may facilitate arbitrary code execution in the context of the user. 

Thunderbird versions prior to 1.5 are affected.

18. EMC Legato Networker Multiple Remote Vulnerabilities
BugTraq ID: 16275
Remote: Yes
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16275
Summary:
EMC Legato Networker is affected by multiple remote vulnerabilities. A denial of service issue, and two remote code execution issues have been identified, but no specific details have been released. 

This BID will be updated as further information is disclosed.
Version 7.2.1 of Legato Networker is vulnerable to these issues; prior versions may also be affected. 

19. Antiword Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 16278
Remote: No
Date Published: 2006-01-17
Relevant URL: http://www.securityfocus.com/bid/16278
Summary:
Antiword creates temporary files in an insecure manner.
Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well. 

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows wireless flaw...
http://www.securityfocus.com/archive/88/421962

2. SecurityFocus Microsoft Newsletter #273
http://www.securityfocus.com/archive/88/421687

3. How to disable interactive logon for service accounts on W2K and W2K3
http://www.securityfocus.com/archive/88/421523

4. Different side of the problem (was)  New article on SecurityFocus
http://www.securityfocus.com/archive/88/421522

5. patching servers...
http://www.securityfocus.com/archive/88/421403

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. 

V.   SPONSOR INFORMATION
------------------------
This Issue is Sponsored By: SpiDynamics
ALERT: Learn to Think Like a Hacker- Simulate a Hacker Breaking into Your Web Apps The speed with which Web Applications are developed make them prime targets for attackers, often these applications were developed so quickly that they are not coded properly or subjected to any security testing. Hackers know this and use it as their weapon. Download this *FREE* test guide from SPI Dynamics to check for Web application vulnerabilities. 

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=701300000003P6V




---------------------------------------------------------------------------
---------------------------------------------------------------------------

Reply via email to