SecurityFocus Microsoft Newsletter #342 ----------------------------------------
This Issue is Sponsored by: VeriSign Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign. Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity. Learn more at: http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/ SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Time for a new certification 2. 0wning Vista from the boot II. MICROSOFT VULNERABILITY SUMMARY 1. BitsCast PubDate Element Remote Denial Of Service Vulnerability 2. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability 3. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability 4. Caucho Resin Multiple Information Disclosure Vulnerabilities 5. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability 6. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability 7. CommuniGate Pro Web Mail HTML Injection Vulnerability 8. yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability 9. VooDoo CIrcle Server Multiple Remote Vulnerabilities 10. NetWin WebMail Unspecified Vulnerability 11. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability 12. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability 13. Symantec PCAnywhere User Credential Local Information Disclosure Vulnerability 14. Microsoft Word RTF Parsing Remote Code Execution Vulnerability 15. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability 16. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability 17. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability 18. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability 19. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability 20. Microsoft Outlook Web Access Remote Script Injection Vulnerability 21. Microsoft Word Array Remote Code Execution Vulnerability 22. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability 23. Microsoft Excel Filter Records Remote Code Execution Vulnerability 24. Microsoft Excel Set Font Remote Code Execution Vulnerability 25. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability 26. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability 27. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability 28. Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability 29. Microsoft Excel BIFF Record Remote Code Execution Vulnerability 30. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #341 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Time for a new certification By Don Parker I wrote a column for Securityfocus some time ago that aired my concerns over GIAC dropping the practical portion of their certification process. That column resulted in a lot of feedback, with most agreeing about how GIAC bungled what was up till then, the best certification around. http://www.securityfocus.com/columnists/443 2. 0wning Vista from the boot By Federico Biancuzzi Federico Biancuzzi interviews Nitin and Vipin Kumar, authors of VBootkit, a rootkit that is able to load from Windows Vista boot-sectors. They discuss the "features" of their code, the support of the various versions of Vista, the possibility to place it inside the BIOS (it needs around 1500 bytes), and the chance to use it to bypass Vista's product activation or avoid DRM. http://www.securityfocus.com/columnists/442 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. BitsCast PubDate Element Remote Denial Of Service Vulnerability BugTraq ID: 23993 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23993 Summary: BitsCast is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input contained in RSS feeds. An attacker can exploit this issue to crash the application, effectively denying service. BitsCast 0.13.0 is vulnerable; other versions may also be affected. 2. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability BugTraq ID: 23991 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23991 Summary: Media Player Classic is prone to a denial-of-service vulnerability when processing a malformed MPA file. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Media Player Classic 6.4.9.0; other versions may also be affected. 3. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 23986 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23986 Summary: The DeWizardX ActiveX control is prone to an arbitrary-file-overwrite vulnerability. An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service conditions. 4. Caucho Resin Multiple Information Disclosure Vulnerabilities BugTraq ID: 23985 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23985 Summary: Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data. Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks. Resin 3.1.0 is vulnerable; other versions may also be affected. NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows. 5. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability BugTraq ID: 23957 Remote: Yes Date Published: 2007-05-13 Relevant URL: http://www.securityfocus.com/bid/23957 Summary: PrecisionID Barcode ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data. Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed. PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected. 6. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability BugTraq ID: 23954 Remote: Yes Date Published: 2007-05-13 Relevant URL: http://www.securityfocus.com/bid/23954 Summary: ID Automation Linear Barcode ActiveX Control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data. Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed. ID Automation Linear Barcode ActiveX Control version 1.6.0.5 is vulnerable; other versions may also be affected. 7. CommuniGate Pro Web Mail HTML Injection Vulnerability BugTraq ID: 23950 Remote: Yes Date Published: 2007-05-12 Relevant URL: http://www.securityfocus.com/bid/23950 Summary: CommuniGate Pro is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible. CommuniGate Pro 5.1.8 and earlier versions are vulnerable to this issue. Note that this issue is present only when using Microsoft Internet Explorer. 8. yEnc32 Decoder Overly Long Filename Heap Buffer Overflow Vulnerability BugTraq ID: 23948 Remote: Yes Date Published: 2007-05-12 Relevant URL: http://www.securityfocus.com/bid/23948 Summary: yEnc32 Decoder is prone to a heap-based buffer-overflow issue because it fails to properly check boundaries on user-supplied data before copying it into an insufficiently sized memory buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. yEnc32 Decoder 1.0.7.207 is vulnerable. 9. VooDoo CIrcle Server Multiple Remote Vulnerabilities BugTraq ID: 23929 Remote: Yes Date Published: 2007-05-11 Relevant URL: http://www.securityfocus.com/bid/23929 Summary: VooDoo cIRCle is prone to multiple remote vulnerabilities, including multiple denial-of-service issues and a buffer-overflow issue. An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the application to crash, denying service to legitimate users. These issues affect VooDoo cIRCle 1.1beta26 and prior versions. 10. NetWin WebMail Unspecified Vulnerability BugTraq ID: 23908 Remote: Yes Date Published: 2007-05-09 Relevant URL: http://www.securityfocus.com/bid/23908 Summary: NetWin Webmail is prone to an unspecified vulnerability. Few technical details are currently available. We will update this BID as more information emerges. Webmail versions prior to 3.1s-4 are vulnerable. NetWin SurgeMail versions prior to 3.8i3 are also affected because they are bundled with vulnerable Webmail packages. 11. Microsoft Windows Terminal Services Remote Security Restriction Bypass Vulnerability BugTraq ID: 23899 Remote: Yes Date Published: 2007-05-09 Relevant URL: http://www.securityfocus.com/bid/23899 Summary: Microsoft Windows Terminal Services is prone to a remote security-restriction bypass vulnerability because the server software fails to properly enforce encryption requirements. Users can connect to affected servers; no encryption is required. Attackers can thus bypass security requirements configured by administrators and perform man-in-the-middle attacks or eavesdrop on RDP sessions. This issue affects Terminal Services installed on Windows 2003 Server; other versions may also be affected. 12. IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability BugTraq ID: 23890 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23890 Summary: IBM DB2 Universal Database is prone to an unspecified remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the user running the application. Successful attacks can result in the compromise of the application or can cause denial-of-service conditions. Few technical details are currently available. We will update this BID as more information emerges. 13. Symantec PCAnywhere User Credential Local Information Disclosure Vulnerability BugTraq ID: 23875 Remote: No Date Published: 2007-05-09 Relevant URL: http://www.securityfocus.com/bid/23875 Summary: Symantec pcAnywhere is prone to a local information-disclosure vulnerability. A local attacker may exploit this issue to gain access to sensitive information that may lead to further attacks. 14. Microsoft Word RTF Parsing Remote Code Execution Vulnerability BugTraq ID: 23836 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23836 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 15. Microsoft Windows Media Server MDSAuth.DLL ActiveX Control Remote Code Execution Vulnerability BugTraq ID: 23827 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23827 Summary: The Microsoft Windows Media Server ActiveX control is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successful exploits will allow attackers to overwrite certain files to execute arbitrary code. This will result in a complete compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions. 16. Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability BugTraq ID: 23826 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23826 Summary: Microsoft Office is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing a victim into opening a malicious Office file. Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 17. Microsoft Exchange IMAP Command Processing Remote Denial of Service Vulnerability BugTraq ID: 23810 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23810 Summary: Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle specially crafted IMAP commands. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers' mail service to stop responding, thus denying further email service for legitimate users. To recover from the denial-of-service condition, administrators must restart the IIS Admin Service service. 18. Microsoft Exchange Base64 MIME Message Remote Code Execution Vulnerability BugTraq ID: 23809 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23809 Summary: Microsoft Exchange is prone to a remote code-execution vulnerability because the application fails to properly decode specially crafted email messages. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the vulnerable application, which may lead to a complete compromise of affected computers. 19. Microsoft Exchange iCal Request Remote Denial of Service Vulnerability BugTraq ID: 23808 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23808 Summary: Microsoft Exchange is prone to a remote denial-of-service vulnerability because it fails to properly handle unexpected iCal message content. Successfully exploiting this issue allows remote attackers to cause targeted Exchange servers to stop responding to further requests for sending, receiving, or accessing email. As a result, denial-of-service conditions occur for legitimate users of affected servers. A denial-of-service condition will persist until an administrator restarts the Microsoft Exchange Information Store service. 20. Microsoft Outlook Web Access Remote Script Injection Vulnerability BugTraq ID: 23806 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23806 Summary: Microsoft Outlook Web Access is prone to a script-injection vulnerability because the application fails to properly handle specially crafted email attachments. To exploit this issue, attackers must send specially crafted files through email messages to users of the affected application. When users open the file, attacker-supplied script code will be executed in the context of the affected website. Successful exploits allow attackers to access Outlook Web Access sessions with the privileges of the targeted user. As a result, attackers may be able to obtain sensitive information and send, modify, or delete email; other attacks are also possible. 21. Microsoft Word Array Remote Code Execution Vulnerability BugTraq ID: 23804 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23804 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 22. Microsoft Capicom ActiveX Control Remote Code Execution Vulnerability BugTraq ID: 23782 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23782 Summary: The Microsoft CAPICOM ActiveX control is prone to a remote code-execution vulnerability. An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page. 23. Microsoft Excel Filter Records Remote Code Execution Vulnerability BugTraq ID: 23780 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23780 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks. 24. Microsoft Excel Set Font Remote Code Execution Vulnerability BugTraq ID: 23779 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23779 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks. 25. Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability BugTraq ID: 23772 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23772 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser. This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista. 26. Microsoft Internet Explorer Object Handling Remote Code Execution Vulnerability BugTraq ID: 23771 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23771 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles uninitialized or deleted objects. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser. 27. Microsoft Internet Explorer HTML Objects Script Errors Variant Remote Code Execution Vulnerability BugTraq ID: 23770 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23770 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. This vulnerability is related to how the browser handles script errors in certain situations. An attacker could exploit this issue to execute arbitrary code in the context of the user running the affected browser. This issue affects Internet Explorer 7 running on Windows XP SP2, Windows Server 2003 SP1 and SP2, and on Windows Vista. Microsoft states that this vulnerability is a variant of the issue discussed in BID 23772 (Microsoft Internet Explorer HTML Objects Script Errors Remote Code Execution Vulnerability). 28. Microsoft Internet Explorer Property Method Remote Code Execution Vulnerability BugTraq ID: 23769 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23769 Summary: Microsoft Internet Explorer is prone to remote code-execution vulnerability. A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application. 29. Microsoft Excel BIFF Record Remote Code Execution Vulnerability BugTraq ID: 23760 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23760 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of a victim user running the application. A successful exploit will result in the compromise of the application and may aid in further attacks. 30. Research In Motion Blackberry TeamOn Import Object ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 23331 Remote: Yes Date Published: 2007-05-08 Relevant URL: http://www.securityfocus.com/bid/23331 Summary: The Blackberry TeamOn Import Object ActiveX control is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before using it in an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary machine-code on a vulnerable computer in the context of the victim running the affected application. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #341 http://www.securityfocus.com/archive/88/468188 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: VeriSign Increase customer confidence at transaction time with the latest breakthrough in online security - Extended Validation SSL from VeriSign. Extended Validation triggers a green address bar in Microsoft IE7, which proves site identity. Learn more at: http://clk.atdmt.com/SFI/go/srv0890000048sfi/direct/01/
