SecurityFocus Microsoft Newsletter #338 ----------------------------------------
This Issue is Sponsored by: Kapersky Lab Try Kaspersky Antivirus 6.0 Software Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. The Politics of E-Mail 2. Notes On Vista Forensics, Part Two II. MICROSOFT VULNERABILITY SUMMARY 1. Foxit Reader Malformed PDF File Denial of Service Vulnerability 2. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie 3. Nullsoft Winamp WMV File Processing Denial of Service Vulnerability 4. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability 5. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability 6. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability 7. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities 8. Oracle April 2007 Security Update Multiple Vulnerabilities 9. NetSprint Toolbar ActiveX Denial of Service Vulnerability 10. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability 11. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability 12. FileZilla Multiple Unspecified Format String Vulnerabilities 13. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability 14. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability 15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities 16. Acubix PicoZip Archive Directory Traversal Vulnerability 17. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability 18. KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerabilities 19. Drupal Database Administration Module Multiple HTML-injection Vulnerabilities 20. IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability 21. MarkAny MaPrintModule ActiveX Denial of Service Vulnerability 22. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability 23. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability 24. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability 25. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability 26. Microsoft Agent URI Processing Remote Code Execution Vulnerability 27. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability 28. Microsoft Content Management Server Remote Code Execution Vulnerability 29. Microsoft Content Management Server Cross-Site Scripting Vulnerability 30. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. Shared drives through a firewall 2. Help with Exploit IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. The Politics of E-Mail By Mark Rasch It's springtime in Washington, D.C. The cherry blossoms have bloomed, the tourists descended, and on both sides of Pennsylvania Avenue a new "scandal" is erupting. http://www.securityfocus.com/columnists/440 2. Notes On Vista Forensics, Part Two By Jamie Morris In part one of this series we looked at the different editions of Vista available and discussed the various encryption and backup features which might be of interest to forensic examiners. In this article we will look at the user and system features of Vista which may (or may not) present new challenges for investigators and discuss the use of Vista itself as a platform for forensic analysis. http://www.securityfocus.com/infocus/1890 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Foxit Reader Malformed PDF File Denial of Service Vulnerability BugTraq ID: 23576 Remote: Yes Date Published: 2007-04-20 Relevant URL: http://www.securityfocus.com/bid/23576 Summary: Foxit Reader is prone to a denial-of-service vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Foxit Reader 2.0; other versions may also be affected. 2. RaidenFTPD Multiple Remote Denial of Service Vulnerabilitie BugTraq ID: 23570 Remote: Yes Date Published: 2007-04-19 Relevant URL: http://www.securityfocus.com/bid/23570 Summary: RaidenFTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to properly handle user-supplied input. Exploiting these issues allows remote attackers to crash the application, denying further service to legitimate users. These issues affect RaidenFTPD 2.4; other versions may also be vulnerable. 3. Nullsoft Winamp WMV File Processing Denial of Service Vulnerability BugTraq ID: 23568 Remote: Yes Date Published: 2007-04-19 Relevant URL: http://www.securityfocus.com/bid/23568 Summary: Nullsoft Winamp is prone to a denial-of-service vulnerability when processing malformed WMV files. Successfully exploiting this issue allows remote attackers to crash affected applications. Code execution may also be possible, but this has not been confirmed. This issue is reported to affect Winamp 5.3; other versions may also be affected. 4. OpenAFS for Microsoft Windows Local Denial of Service Vulnerability BugTraq ID: 23566 Remote: No Date Published: 2007-04-19 Relevant URL: http://www.securityfocus.com/bid/23566 Summary: OpenAFS for Microsoft Windows is prone to a local denial-of-service vulnerability because the application fails to properly handle unexpected conditions. Successfully exploiting this issue allows local attackers to trigger computer crashes. These crashes will occur every time Windows tries to start, creating a prolonged denial-of-service condition. Versions of OpenAFS prior to 1.5.19 running on Windows are vulnerable. Note that this issue is present only if MIT Kerberos for Windows is also installed on vulnerable computers. 5. Novell Groupwise WebAccess GWINTER.EXE Remote Buffer Overflow Vulnerability BugTraq ID: 23556 Remote: Yes Date Published: 2007-04-18 Relevant URL: http://www.securityfocus.com/bid/23556 Summary: Novell Groupwise WebAccess is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 6. Novell SecureLogin Security Bypass And Privilege Escalation Vulnerability BugTraq ID: 23547 Remote: Yes Date Published: 2007-04-18 Relevant URL: http://www.securityfocus.com/bid/23547 Summary: Novell SecureLogin is prone to a vulnerability that allows attackers to bypass security restrictions as well as a vulnerability that may allow attackers to gain elevated privileges on the affected computer. These issues affect Novell Access Management Server 3 IR1. 7. NetSprint Ask IE Toolbar Multiple Denial of Service Vulnerabilities BugTraq ID: 23535 Remote: Yes Date Published: 2007-04-17 Relevant URL: http://www.securityfocus.com/bid/23535 Summary: NetSprint Ask IE Toolbar ActiveX control is prone to multiple denial-of-service vulnerabilities. Exploiting these issues allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially exploit these issues to execute code, but this has not been confirmed. NetSprint Ask IE Toolbar 1.1 is vulnerable; other versions may also be affected. 8. Oracle April 2007 Security Update Multiple Vulnerabilities BugTraq ID: 23532 Remote: Yes Date Published: 2007-04-17 Relevant URL: http://www.securityfocus.com/bid/23532 Summary: Oracle has released a Critical Patch Update advisory for April 2007 to address these vulnerabilities for supported releases. Earlier unsupported releases are likely to be affected by these issues as well. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Various levels of authorization are needed to leverage some of the issues, but other issues do not require any authorization. The most severe of the vulnerabilities could possibly expose affected computers to complete compromise. 9. NetSprint Toolbar ActiveX Denial of Service Vulnerability BugTraq ID: 23530 Remote: Yes Date Published: 2007-04-17 Relevant URL: http://www.securityfocus.com/bid/23530 Summary: NetSprint Toolbar ActiveX control is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). Attackers may potentially be able to exploit this issue to execute code, but this has not been confirmed. NetSprint Toolbar ActiveX Control 1.1 is vulnerable to this issue; other versions may also be vulnerable. 10. MiniShare Multiple Request Handling Remote Denial of Service Vulnerability BugTraq ID: 23517 Remote: Yes Date Published: 2007-04-16 Relevant URL: http://www.securityfocus.com/bid/23517 Summary: MiniShare is prone to a remote denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash the server application, denying further service to legitimate users. 11. SSH Tectia Server IBM z/OS Local Privilege Escalation Vulnerability BugTraq ID: 23508 Remote: No Date Published: 2007-04-16 Relevant URL: http://www.securityfocus.com/bid/23508 Summary: SSH Tectia server for IBM z/OS is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to gain certain elevated privileges on a vulnerable computer and launch further attacks. Successful exploits may facilitate a compromise of vulnerable computers. This issue affects versions prior to 5.4.0. 12. FileZilla Multiple Unspecified Format String Vulnerabilities BugTraq ID: 23506 Remote: Yes Date Published: 2007-04-16 Relevant URL: http://www.securityfocus.com/bid/23506 Summary: FileZilla is prone to multiple unspecified format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. An attacker can exploit these issues to execute arbitrary code within the context of the affected application, denying service to legitimate users. These issues affect versions prior to 2.2.32. 13. ZoneAlarm Vsdatant.SYS Driver Local Denial of Service Vulnerability BugTraq ID: 23494 Remote: No Date Published: 2007-04-15 Relevant URL: http://www.securityfocus.com/bid/23494 Summary: ZoneAlarm is prone to a local denial-of-service vulnerability. This issue occurs when attackers supply invalid argument values to the 'vsdatant.sys' driver. A local attacker may exploit this issue to crash affected computers, denying service to legitimate users. ZoneAlarm Pro 6.5.737.000 and 6.1.744.001 are prone to this issue; other versions may be affected as well. 14. LanDesk Management Suite Alert Service AOLSRVR.EXE Buffer Overflow Vulnerability BugTraq ID: 23483 Remote: Yes Date Published: 2007-04-13 Relevant URL: http://www.securityfocus.com/bid/23483 Summary: LANDesk Management Suite is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue would result in the complete compromise of affected computers. Failed exploit attempts will result in a denial of service. This issue affects LANDesk Management Suite 8.7; prior versions may also be affected. 15. Clam AntiVirus ClamAV Multiple Remote Vulnerabilities BugTraq ID: 23473 Remote: Yes Date Published: 2007-04-13 Relevant URL: http://www.securityfocus.com/bid/23473 Summary: ClamAV is prone to a file-descriptor leakage vulnerability and a buffer-overflow vulnerability. A successful attack may allow an attacker to obtain sensitive information, cause denial-of-service conditions, and execute arbitrary code in the context of the user running the affected application. ClamAV versions prior to 0.90.2 are vulnerable to these issues. 16. Acubix PicoZip Archive Directory Traversal Vulnerability BugTraq ID: 23471 Remote: Yes Date Published: 2007-04-13 Relevant URL: http://www.securityfocus.com/bid/23471 Summary: PicoZip is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to extract files into directories of their choosing and overwrite arbitrary files. Successful exploits may aid in further attacks. This issue affects PicoZip 4.02; other versions may also be affected. 17. Microsoft Windows DNS Server Escaped Zone Name Parameter Buffer Overflow Vulnerability BugTraq ID: 23470 Remote: Yes Date Published: 2007-04-13 Relevant URL: http://www.securityfocus.com/bid/23470 Summary: Microsoft Windows Domain Name System (DNS) Server Service is prone to a stack-based buffer-overflow vulnerability in its Remote Procedure Call (RPC) interface. A remote attacker may exploit this issue to run arbitrary code in the context of the DNS Server Service. The DNS service runs in the 'SYSTEM' context. Successfully exploiting this issue allows attackers to execute arbitrary code, facilitating the remote compromise of affected computers. Windows Server 2000 Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2 are confirmed vulnerable to this issue. Microsoft Windows 2000 Professional SP4, Windows XP SP2, and Windows Vista are not affected by this vulnerability. 18. KarjaSoft Sami HTTP Server Request Remote Denial of Service Vulnerabilities BugTraq ID: 23445 Remote: Yes Date Published: 2007-04-12 Relevant URL: http://www.securityfocus.com/bid/23445 Summary: Sami HTTP Server is prone to multiple remote denial-of-service vulnerabilities because the software fails to handle exceptional conditions. Exploiting these issues allows remote attackers to crash the server application, denying further service to legitimate users. This issue affects Sami HTTP Server 2.0.1; other versions may also be affected. 19. Drupal Database Administration Module Multiple HTML-injection Vulnerabilities BugTraq ID: 23440 Remote: Yes Date Published: 2007-04-12 Relevant URL: http://www.securityfocus.com/bid/23440 Summary: Drupal Database Administration Module is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before displaying it in dynamically generated content. To exploit this issue, an attacker must have Site Administrator privileges. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Drupal Database Administration versions prior to 4.7.0-1.2 and all versions of the 4.6.0 branch are vulnerable to these issues. 20. IBM Lotus Domino Web Access Active Content Filter HTML Injection Vulnerability BugTraq ID: 23421 Remote: Yes Date Published: 2007-04-11 Relevant URL: http://www.securityfocus.com/bid/23421 Summary: IBM Lotus Domino Web Access is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 21. MarkAny MaPrintModule ActiveX Denial of Service Vulnerability BugTraq ID: 23420 Remote: Yes Date Published: 2007-04-11 Relevant URL: http://www.securityfocus.com/bid/23420 Summary: MarkAny MaPrintModule ActiveX control is prone to a denial-of-service vulnerability. Exploiting this issue allows remote attackers to crash applications that employ the vulnerable controls (typically Microsoft Internet Explorer). MarkAny MaPrintModule ActiveX Control 1.0.0.2 and 2.1.1.0 through 2.1.1.2 are vulnerable to this issue; other versions may also be vulnerable. NOTE: Newly available technical information indicates that this is not a buffer-overflow issue and may be exploited only to cause denial-of-service conditions. This BID has been updated to reflect this new information. 22. Roxio CinePlayer SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 23412 Remote: Yes Date Published: 2007-04-11 Relevant URL: http://www.securityfocus.com/bid/23412 Summary: Roxio CinePlayer is prone to a stack-based buffer-overflow vulnerability because it fails to sufficiently check boundaries of user-supplied input before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue by enticing victims into opening a malicious HTML document. Exploiting this issue allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions. Roxio CinePlayer 3.2 is vulnerable to this issue; other versions may also be affected. 23. Microsoft Windows UPnP Remote Stack Buffer Overflow Vulnerability BugTraq ID: 23371 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23371 Summary: Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This occurs when handling certain HTTP requests. To exploit this issue, an attacker must be in the same network segment as the victim. Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected service. Failed exploits attempts will likely result in denial-of-service conditions. 24. Windows VDM Zero Page Race Condition Local Privilege Escalation Vulnerability BugTraq ID: 23367 Remote: No Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23367 Summary: Microsoft Windows is prone to a local privilege-escalation vulnerability because of a race condition in the Virtual DOS Machine (VDM). A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. A successful exploit will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 25. Microsoft Windows CSRSS CSRFinalizeContext Local Privilege Escalation Vulnerability BugTraq ID: 23338 Remote: No Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23338 Summary: Microsoft Windows CSRSS (client/server run-time subsystem) is prone to local privilege-escalation vulnerability. Successful attacks will result in the complete compromise of affected computers. 26. Microsoft Agent URI Processing Remote Code Execution Vulnerability BugTraq ID: 23337 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23337 Summary: The Microsoft Agent ActiveX control is prone to remote code execution. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. Note that users who are running Windows Internet Explorer 7 are not affected by this vulnerability. 27. Microsoft Windows CSRSS MSGBox Remote Code Execution Vulnerability BugTraq ID: 23324 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/23324 Summary: Microsoft Windows CSRSS (client/server run-time subsystem) MsgBox is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Note that this issue can also be exploited locally by an authenticated user to gain elevated privileges. Under default settings, Windows Vista is not prone to remote attacks that attempt to exploit this issue. Update: This issue was originally disclosed as part of BID 21688, but has now been assigned its own record. 28. Microsoft Content Management Server Remote Code Execution Vulnerability BugTraq ID: 22861 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/22861 Summary: Microsoft Content Management Server (MCMS) is prone to an arbitrary code-execution vulnerability because the software fails to properly validate user-supplied input. Exploiting this issue allows remote attackers to execute arbitrary machine code on affected computers with the privileges of the vulnerable application. 29. Microsoft Content Management Server Cross-Site Scripting Vulnerability BugTraq ID: 22860 Remote: Yes Date Published: 2007-04-10 Relevant URL: http://www.securityfocus.com/bid/22860 Summary: Microsoft Content Management Server (MCMS) is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials, spoof content, or perform actions on behalf of the victim user; this could aid in further attacks. 30. Mozilla Firefox/SeaMonkey/Thunderbird Multiple Remote Vulnerabilities BugTraq ID: 21668 Remote: Yes Date Published: 2007-04-18 Relevant URL: http://www.securityfocus.com/bid/21668 Summary: The Mozilla Foundation has released nine security advisories specifying vulnerabilities in Firefox, SeaMonkey, and Thunderbird. These vulnerabilities allow attackers to: - execute arbitrary code - perform cross-site scripting attacks - inject arbitrary content - gain escalated privileges - crash affected applications and potentially execute arbitrary code. Other attacks may also be possible. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Shared drives through a firewall http://www.securityfocus.com/archive/88/463468 2. Help with Exploit http://www.securityfocus.com/archive/88/458938 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: Kapersky Lab Try Kaspersky Antivirus 6.0 Software Download Kaspersky's Award-Winning antivirus & antispyware solution with anti-spam and firewall Free http://newsletter.industrybrains.com/c?fe;1;5f04b;1000f;345;0;da4
