SecurityFocus Microsoft Newsletter #337 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000ClcR SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Metasploit 3.0 day 2. Blanket Discovery for Stolen Laptops II. MICROSOFT VULNERABILITY SUMMARY 1. AOL AIM and ICQ Clients Directory Traversal Vulnerability 2. JustSystem Ichitaro Unspecified Remote Code Execution Vulnerability 3. Microsoft Windows Help File Unspecified Heap Overflow Vulnerability 4. Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability 5. Microsoft Windows Explorer ANI File Denial of Service Vulnerability 6. ArchiveXpert Multiple Directory Traversal Vulnerabilities 7. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability 8. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability 9. Youngzsoft CMailServer Comment Parameter Cross-Site Scripting Vulnerability 10. CompreXX Multiple Directory Traversal Vulnerabilities 11. Youngzsoft CMailServer Signup.ASP Cross-Site Scripting Vulnerability 12. Winamp LibSNDFile.DLL Component Remote Code Execution Vulnerability 13. Winamp IN_Mod.DLL Plugin Remote Code Execution Vulnerability 14. ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities 15. Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow Vulnerability 16. Wserve HTTP Server GET Request Buffer Overflow Vulnerability 17. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability 18. Microsoft Agent URI Processing Remote Code Execution Vulnerability 19. Microsoft April 2007 Advance Notification Multiple Vulnerabilities 20. Microsoft Windows Unspecified Remote Code Execution Vulnerability 21. Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability 22. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability 23. VMware Unspecified Double Free Memory Corruption Vulnerability 24. Microsoft Windows Explorer BMP Image Denial of Service Vulnerability 25. IrfanView Multiple BMP Denial of Service Vulnerabilities 26. ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities 27. FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities 28. Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness 29. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities 30. Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability 31. Microsoft Vista Spoof On Bridge HELLO Packet Security Restriction Bypass Vulnerability 32. Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability 33. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability 34. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability 35. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability 36. Microsoft Windows GDI WMF Remote Denial of Service Vulnerability 37. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability 38. Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability 39. Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness 40. Microsoft Windows Vista ARP table Entries Denial of Service Vulnerability 41. Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability 42. Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability 43. RETIRED: Microsoft Windows SVCHost.EXE Remote Buffer Overflow Vulnerability 44. ImageMagic Multiple Integer Overflow Vulnerabilities 45. Microsoft Content Management Server Remote Code Execution Vulnerability 46. Microsoft Content Management Server Cross-Site Scripting Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. [Fwd: Finding License Codes for Re-install] 2. Running commands on workstations from domain controller 3. blocking thru IE 4. SecurityFocus Microsoft Newsletter #336 5. Discovering Active Direcory users with blank passwords IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Metasploit 3.0 day By Federico Biancuzzi The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law. http://www.securityfocus.com/columnists/439 2. Blanket Discovery for Stolen Laptops By Mark Rasch Mark Rasch discusses the legal issues behind the discovery and recovery of stolen laptops that use LoJack-style homing devices to announce their location, and the location of the thieves, anywhere in the world. http://www.securityfocus.com/columnists/438 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. AOL AIM and ICQ Clients Directory Traversal Vulnerability BugTraq ID: 23391 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23391 Summary: AOL AIM and ICQ Clients are prone to a directory-traversal vulnerability because the software fails to properly sanitize user-supplied input during a file transfer. An attacker may exploit this issue by enticing victims into receiving a malicious file via the application. Successful exploits will allow attackers to save files on arbitrary locations on a victim's computer. 2. JustSystem Ichitaro Unspecified Remote Code Execution Vulnerability BugTraq ID: 23386 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23386 Summary: Ichitaro is prone to an unspecified remotely exploitable code-execution vulnerability. Remote attackers may exploit this issue to execute arbitrary code within the context of the affected system or to cause a denial of service. Few details are available regarding this issue. This BID will be updated when more information emerges. 3. Microsoft Windows Help File Unspecified Heap Overflow Vulnerability BugTraq ID: 23382 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23382 Summary: The Microsoft Windows Help File viewer is reported prone to a heap-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers. This vulnerability presents itself when the application handles a specially crafted Windows Help ('.hlp') file. A successful attack may facilitate arbitrary code execution in the context of a vulnerable user who opens a malicious file. Failed exploit attempts will likely result in denial-of-service conditions. 4. Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability BugTraq ID: 23380 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23380 Summary: Microsoft Word is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue by enticing a victim to open a malicious Word file. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 5. Microsoft Windows Explorer ANI File Denial of Service Vulnerability BugTraq ID: 23373 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23373 Summary: Windows Explorer is prone to a denial-of-service vulnerability. An attacker could exploit this issue to cause Explorer to crash, effectively denying service. Arbitrary code execution may be possible, but this has not been confirmed. This issue affects Windows Explorer on Microsoft Windows XP SP2; other operating systems and versions may also be affected. 6. ArchiveXpert Multiple Directory Traversal Vulnerabilities BugTraq ID: 23372 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23372 Summary: ArchiveXpert is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to extract files into arbitrary directories and overwrite arbitrary files. Successful exploits may aid in further attacks. These issues affect ArchiveXpert 2.02 build 80; other versions may also be affected. 7. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability BugTraq ID: 23371 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23371 Summary: Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests. To exploit this issue, an attacker must be in the same network segment as the victim. Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected service. Failed exploits attempts will likely result in denial-of-service conditions. 8. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability BugTraq ID: 23367 Remote: No Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23367 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability because of a race condition in the Virtual DOS Machine (VDM). A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 9. Youngzsoft CMailServer Comment Parameter Cross-Site Scripting Vulnerability BugTraq ID: 23363 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23363 Summary: Youngzsoft CMailServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Youngzsoft CMailServer 5.4.3 is vulnerable to this issue; other versions may also be affected. 10. CompreXX Multiple Directory Traversal Vulnerabilities BugTraq ID: 23362 Remote: Yes Date Published: 2007-04-09 Relevant URL: http://www.securityfocus.com/bid/23362 Summary: CompreXX is prone to multiple directory-traversal vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to extract files into arbitrary directories and overwrite arbitrary files. Successful exploits may aid in further attacks. These issues affect CompreXX 4.1; other versions may also be affected. 11. Youngzsoft CMailServer Signup.ASP Cross-Site Scripting Vulnerability BugTraq ID: 23360 Remote: Yes Date Published: 2007-04-07 Relevant URL: http://www.securityfocus.com/bid/23360 Summary: Youngzsoft CMailServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Youngzsoft CMailServer 5.3.4 is vulnerable to this issue; other versions may also be affected. 12. Winamp LibSNDFile.DLL Component Remote Code Execution Vulnerability BugTraq ID: 23351 Remote: Yes Date Published: 2007-04-06 Relevant URL: http://www.securityfocus.com/bid/23351 Summary: Winamp is prone to a remote code-execution vulnerability resulting from an off-by-zero memory-corruption error. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. Winamp 5.33 is vulnerable; other versions may also be affected. 13. Winamp IN_Mod.DLL Plugin Remote Code Execution Vulnerability BugTraq ID: 23350 Remote: Yes Date Published: 2007-04-06 Relevant URL: http://www.securityfocus.com/bid/23350 Summary: The IN_MOD.DLL plugin for Winamp is prone to a remote code-execution issue because it fails to handle malformed files. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application. IN_MOD.DLL 5.33 is vulnerable; other versions may also be affected. 14. ImageMagick DCM XWD Formats Multiple Integer Overflow Vulnerabilities BugTraq ID: 23347 Remote: Yes Date Published: 2007-04-06 Relevant URL: http://www.securityfocus.com/bid/23347 Summary: ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. ImageMagick 6.2.9 through 6.3.3-4 are vulnerable. 15. Kaspersky Antivirus Engine ARJ Archive Remote Heap Overflow Vulnerability BugTraq ID: 23346 Remote: Yes Date Published: 2007-04-06 Relevant URL: http://www.securityfocus.com/bid/23346 Summary: Kaspersky Anti-Virus Engine is prone to a remote heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer. An attacker could leverage this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of affected computers. 16. Wserve HTTP Server GET Request Buffer Overflow Vulnerability BugTraq ID: 23341 Remote: Yes Date Published: 2007-04-05 Relevant URL: http://www.securityfocus.com/bid/23341 Summary: Wserve HTTP Server is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to cause denial-of-service conditions and possibly to execute arbitrary code with the privileges of the application. Wserve HTTP Server 4.6 is vulnerable; prior versions may also be affected. 17. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability BugTraq ID: 23338 Remote: No Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23338 Summary: Microsoft Windows CSRSS (client/server run-time subsystem) is prone to local privilege-escalation vulnerability. Successful attacks will result in the complete compromise of affected computers. 18. Microsoft Agent URI Processing Remote Code Execution Vulnerability BugTraq ID: 23337 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23337 Summary: The Microsoft Agent ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability. 19. Microsoft April 2007 Advance Notification Multiple Vulnerabilities BugTraq ID: 23335 Remote: Yes Date Published: 2007-04-05 Relevant URL: http://www.securityfocus.com/bid/23335 Summary: Microsoft has released advance notification that the vendor will be releasing five security bulletins on April 10, 2007. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. 20. Microsoft Windows Unspecified Remote Code Execution Vulnerability BugTraq ID: 23332 Remote: Yes Date Published: 2007-04-05 Relevant URL: http://www.securityfocus.com/bid/23332 Summary: Microsoft Windows is prone to an unspecified remote code-execution vulnerability. Exploiting this issue reportedly requires minimal user interaction. Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers. Few technical details regarding this issue are currently available. This BID will be updated as more information emerges. 21. Kaspersky Internet Security Suite Klif.SYS Driver Local Heap Overflow Vulnerability BugTraq ID: 23326 Remote: No Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23326 Summary: Kaspersky Internet Security Suite is prone to a heap-overflow vulnerability because it fails to perform sufficient boundary checks on user-supplied data before copying it to a buffer. An attacker could leverage this issue to execute arbitrary code with kernel-level privileges. A successful exploit could result in the complete compromise of the affected system. Kaspersky Internet Security Suite 6.0.1.411 for Microsoft Windows is reported vulnerable; previous versions may be vulnerable as well. 22. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability BugTraq ID: 23324 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23324 Summary: Microsoft Windows CSRSS (client/server run-time subsystem) MsgBox is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Note that this issue can also be exploited locally by an authenticated user to gain elevated privileges. Under default settings, Windows Vista is not prone to remote attacks that attempt to exploit this issue. Update: This issue was originally disclosed as part of BID 21688, but has now been assigned its own record. 23. VMware Unspecified Double Free Memory Corruption Vulnerability BugTraq ID: 23323 Remote: Yes Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23323 Summary: VMware is prone to a double-free memory-corruption vulnerability. An attacker can exploit this issue to access potentially sensitive information or to cause denial-of-service conditions. Presumably, this issue can be leveraged to execute arbitrary code, but this has not been confirmed. 24. Microsoft Windows Explorer BMP Image Denial of Service Vulnerability BugTraq ID: 23321 Remote: Yes Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23321 Summary: Windows Explorer is prone to a denial-of-service vulnerability. Few technical details regarding this issue are currently available. This BID will be updated as more information emerges. An attacker could exploit this issue to cause denial-of-service conditions on a victim compute. Presumably, this issue stems from a buffer overflow, but this has not been confirmed. This issue affects Windows XP SP1; other operating systems and versions may be affected as well. 25. IrfanView Multiple BMP Denial of Service Vulnerabilities BugTraq ID: 23318 Remote: Yes Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23318 Summary: IrfanView is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files. Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed. IrfanView 3.99 is affected; other versions may also be vulnerable. 26. ACDSee 9.0 Photo Manager Multiple BMP Denial of Service Vulnerabilities BugTraq ID: 23317 Remote: Yes Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23317 Summary: ACDSee 9.0 Photo Manager is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files. Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed. Version 9.0 of the application is affected; other versions may also be vulnerable. 27. FastStone Image Viewer Multiple BMP Denial of Service Vulnerabilities BugTraq ID: 23312 Remote: Yes Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23312 Summary: FastStone Image Viewer is prone to multiple denial-of-service vulnerabilities because the application fails to properly handle malformed BMP image files. Successfully exploiting these issues allows attackers to crash the affected application. Due to the nature of the issues, code execution may also be possible, but this has not been confirmed. Version 2.9 of the application is affected; other versions may also be vulnerable. 28. Microsoft Windows Vista Teredo UDP Nonce Spoofing Weakness BugTraq ID: 23301 Remote: Yes Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23301 Summary: Windows Vistsa Teredo server is prone to a nonce-spoofing weakness due to its use of a nonce during the lifetime of certain connections. This weakness can aid in attempts to spoof a Teredo server. 29. ImageMagick XGetPixel/XInitImage Multiple Integer Overflow Vulnerabilities BugTraq ID: 23300 Remote: Yes Date Published: 2007-04-04 Relevant URL: http://www.securityfocus.com/bid/23300 Summary: ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to properly validate user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. 30. Microsoft Windows Vista Neighbor Discovery Spoofing Vulnerability BugTraq ID: 23293 Remote: Yes Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23293 Summary: Microsoft Windows Vista is prone to a discovery-spoofing vulnerability. An attacker can exploit this issue to conduct redirect attacks on another host on the network. This may lead to further attacks. Note that to exploit this issue, the attacker must have access to the local network segment of a target computer. 31. Microsoft Vista Spoof On Bridge HELLO Packet Security Restriction Bypass Vulnerability BugTraq ID: 23280 Remote: Yes Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23280 Summary: The Microsoft Vista operating system is prone to a security-restriction-bypass vulnerability because the software fails to properly sanitize user-supplied packet-level data. Attackers can exploit this issue to bypass the security restrictions and gain unauthorized access to restricted sites. This may allow attackers to bypass the security restrictions enforced by the Microsoft Vista operating system. 32. Microsoft Vista Spoofed LLTD HELLO Packet Security Restriction Bypass Vulnerability BugTraq ID: 23279 Remote: Yes Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23279 Summary: The Microsoft Windows Vista operating system is prone to a security-restriction-bypass vulnerability because the software fails to properly sanitize user-supplied packet-level data. Attackers can exploit this issue to bypass the security restrictions and gain unauthorized access to restricted sites. This may allow attackers to bypass the security restrictions enforced by the Vista operating system. 33. Microsoft Windows Graphics Rendering Engine EMF File Privilege Escalation Vulnerability BugTraq ID: 23278 Remote: No Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23278 Summary: Microsoft Windows Graphics Rendering Engine is prone to a local privilege-escalation vulnerability when rendering malformed EMF image files. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. 34. Microsoft Windows GDI Invalid Window Size Local Privilege Escalation Vulnerability BugTraq ID: 23277 Remote: No Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23277 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 35. Microsoft Windows Graphics Device Interface Font Rasterizer Local Privilege Escalation Vulnerability BugTraq ID: 23276 Remote: No Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23276 Summary: Microsoft Windows GDI Font Rasterizer is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain complete control of an affected computer. Failed attempts will likely cause the operating system to crash, resulting in denial-of-service conditions. 36. Microsoft Windows GDI WMF Remote Denial of Service Vulnerability BugTraq ID: 23275 Remote: Yes Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23275 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because the software fails to handle malicious WMF files. Exploiting this issue may cause Microsoft Windows to crash, denying service to legitimate users. 37. Microsoft Windows Graphics Rendering Engine GDI Local Privilege Escalation Vulnerability BugTraq ID: 23273 Remote: No Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23273 Summary: Microsoft Windows Graphics Rendering Engine is prone to local privilege-escalation vulnerability. Successful exploits may result in a complete compromise of affected computers. 38. Microsoft Windows Vista LLTD Mapper EMIT Packet Remote Denial Of Service Vulnerability BugTraq ID: 23271 Remote: Yes Date Published: 2007-04-03 Relevant URL: http://www.securityfocus.com/bid/23271 Summary: Microsoft Windows Vista is prone to a remote denial-of-service vulnerability because the software fails to handle exceptional conditions. An attacker can exploit this issue to cause a mapping failure, denying further service to legitimate users. 39. Microsoft Windows Vista Teredo Protocol Insecure Connection Weakness BugTraq ID: 23267 Remote: No Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23267 Summary: Microsoft Windows Vista is prone to a weakness that may result in a false sense of security. Teredo protocol can become activated without user interaction, which is contradictory to the documentation. As a result, an affected computer can become vulnerable to attacks that leverage latent Teredo protocol vulnerabilities. 40. Microsoft Windows Vista ARP table Entries Denial of Service Vulnerability BugTraq ID: 23266 Remote: Yes Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23266 Summary: Microsoft Windows Vista is prone to a denial-of-service vulnerability. Remote attackers may exploit this issue by submitting malicious ARP requests to the vulnerable computer. To exploit this issue the attacker must have access to the local network segment of a target computer. A remote attacker can exploit this issue to cause the network interface to stop responding, denying further service to legitimate users. 41. Microsoft Windows Vista LLTD Responder Discovery Packet Spoofing Vulnerability BugTraq ID: 23263 Remote: Yes Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23263 Summary: Microsoft Windows Vista is prone to a vulnerability that permits an attacker to spoof arbitrary hosts through a network-based race condition. An attacker can exploit this issue to impersonate another host on the network. This may lead to further attacks. 42. Ipswitch WS_FTP Long Site Command Buffer Overflow Vulnerability BugTraq ID: 23260 Remote: No Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23260 Summary: Ipswitch WS_FTP is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker may exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. This issue affects version 5.05; other versions may also be affected. 43. RETIRED: Microsoft Windows SVCHost.EXE Remote Buffer Overflow Vulnerability BugTraq ID: 23255 Remote: Yes Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23255 Summary: Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied input before copying it to an insufficiently sized buffer. A successful attack will result in denial-of-service conditions. Arbitrary code execution may also be possible, but this has not yet been confirmed. NOTE: This BID is being retired because the reporter has admitted that the issue is a hoax. 44. ImageMagic Multiple Integer Overflow Vulnerabilities BugTraq ID: 23252 Remote: Yes Date Published: 2007-04-02 Relevant URL: http://www.securityfocus.com/bid/23252 Summary: ImageMagic is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data. An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions. 45. Microsoft Content Management Server Remote Code Execution Vulnerability BugTraq ID: 22861 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/22861 Summary: Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application. 46. Microsoft Content Management Server Cross-Site Scripting Vulnerability BugTraq ID: 22860 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/22860 Summary: Microsoft Content Management Server (MCMS) is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials, spoof content, or perform actions on behalf of the victim user; this could aid in further attacks. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. [Fwd: Finding License Codes for Re-install] http://www.securityfocus.com/archive/88/465217 2. Running commands on workstations from domain controller http://www.securityfocus.com/archive/88/465105 3. blocking thru IE http://www.securityfocus.com/archive/88/465056 4. SecurityFocus Microsoft Newsletter #336 http://www.securityfocus.com/archive/88/464824 5. Discovering Active Direcory users with blank passwords http://www.securityfocus.com/archive/88/464483 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!"- White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000ClcR
