SecurityFocus Microsoft Newsletter #343 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CqBQ SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Your Space, My Space, Everybody's Space II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability 2. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability 3. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability 4. Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability 5. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability 6. NOD32 Multiple Buffer Overflow Vulnerabilities 7. GD Graphics Library PNG File Processing Denial of Service Vulnerability 8. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability 9. Rational Software Hidden Administrator Unspecified Authentication Bypass Vulnerability 10. Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability 11. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Arbitrary File Overwrite Vulnerability 12. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Buffer Overflow Vulnerability 13. NewzCrawler Enclosure Element Remote Denial of Service Vulnerability 14. BitsCast PubDate Element Remote Denial Of Service Vulnerability 15. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability 16. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability 17. Caucho Resin Multiple Information Disclosure Vulnerabilities 18. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability 19. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Compromising the Windows Service or Driver failure event sink IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Your Space, My Space, Everybody's Space By Mark Rasch Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants. http://www.securityfocus.com/columnists/444 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service Vulnerability BugTraq ID: 24127 Remote: Yes Date Published: 2007-05-23 Relevant URL: http://www.securityfocus.com/bid/24127 Summary: Microsoft Visual Database Tools Database Designer ActiveX Control is prone to a denial-of-service vulnerability because the application fails to handle overly-long user-supplied strings. Attackers can exploit this issue to crash Internet Explorer or other applications that use the vulnerable ActiveX control, resulting in denial-of-service conditions. NOTE: Due to the nature of this vulnerability, attackers may be able to leverage the issue to execute remote code, however, this has not been confirmed. 2. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 24118 Remote: Yes Date Published: 2007-05-23 Relevant URL: http://www.securityfocus.com/bid/24118 Summary: Microsoft Office 2000 UA ActiveX Control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. 3. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability BugTraq ID: 24112 Remote: Yes Date Published: 2007-05-23 Relevant URL: http://www.securityfocus.com/bid/24112 Summary: eScan is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. A successful remote exploit of this issue would result in the complete compromise of affected computers. This issue affects eScan 9.0.715.1; other versions may also be affected. 4. Microsoft Internet Information Server Hit Highlighting Authentication Bypass Vulnerability BugTraq ID: 24105 Remote: Yes Date Published: 2007-05-22 Relevant URL: http://www.securityfocus.com/bid/24105 Summary: Microsoft IIS is prone to an authentication-bypass vulnerability due to its implementation of 'Hit-highlighting' functionality. Attackers can exploit this issue to access private files hosted on an IIS website. Successful exploits may allow attackers to gain access to potentially sensitive information. Other attacks are possible. NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute commands; this has not been confirmed. 5. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 24099 Remote: Yes Date Published: 2007-05-22 Relevant URL: http://www.securityfocus.com/bid/24099 Summary: The Dart ZipLite Compression ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Dart ZipLite Compression ActiveX control 1.8.5.3 is vulnerable to this issue; other versions may also be affected. 6. NOD32 Multiple Buffer Overflow Vulnerabilities BugTraq ID: 24098 Remote: No Date Published: 2007-05-22 Relevant URL: http://www.securityfocus.com/bid/24098 Summary: NOD32 is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will result in the complete compromise of affected computers. Failed exploit attempts will cause denial-of-service conditions. These issue affects NOD32 2.7 prior to update 2.70.37.0 7. GD Graphics Library PNG File Processing Denial of Service Vulnerability BugTraq ID: 24089 Remote: Yes Date Published: 2007-05-22 Relevant URL: http://www.securityfocus.com/bid/24089 Summary: The GD graphics library is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library. GD graphics library 2.0.34 is reported vulnerable; other versions may be affected as well. 8. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability BugTraq ID: 24080 Remote: Yes Date Published: 2007-05-21 Relevant URL: http://www.securityfocus.com/bid/24080 Summary: The Opera Web Browser is prone to a buffer-overflow vulnerability because it fails to sufficiently bounds-check user-supplied input. Exploiting this issues may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Versions of Opera prior to 9.21 are vulnerable. NOTE: This issue is reported to affect only Opera running on Microsoft Windows. 9. Rational Software Hidden Administrator Unspecified Authentication Bypass Vulnerability BugTraq ID: 24049 Remote: Yes Date Published: 2007-05-18 Relevant URL: http://www.securityfocus.com/bid/24049 Summary: Hidden Administrator is prone to an unspecified authentication-bypass vulnerability. Attackers can exploit this issue to execute arbitrary code on affected computers with the privileges of the application. Hidden Administrator 1.7 is vulnerable; other versions may also be affected. 10. Magic ISO Maker Cue File Stack Buffer Overflow Vulnerability BugTraq ID: 24029 Remote: Yes Date Published: 2007-05-17 Relevant URL: http://www.securityfocus.com/bid/24029 Summary: Magic ISO Maker is prone to a remote stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Successful exploits may allow attackers to execute arbitrary code with the privileges of the affected library. Failed exploit attempts will likely result in denial-of-service conditions. Magic ISO Maker 5.4(build239) is vulnerable; other versions may also be affected. 11. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 24014 Remote: Yes Date Published: 2007-05-16 Relevant URL: http://www.securityfocus.com/bid/24014 Summary: PrecisionID Barcode ActiveX control is prone to a vulnerability that lets an attacker overwrite arbitrary files on the affected computer. PrecisionID Barcode ActiveX control 1.9 is vulnerable; other versions may also be affected. 12. PrecisionID Barcode PrecisionID_Barcode.DLL ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 24010 Remote: Yes Date Published: 2007-05-16 Relevant URL: http://www.securityfocus.com/bid/24010 Summary: PrecisionID Barcode ActiveX control is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. PrecisionID Barcode ActiveX control 1.9 is vulnerable; other versions may also be affected. 13. NewzCrawler Enclosure Element Remote Denial of Service Vulnerability BugTraq ID: 23994 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23994 Summary: NewzCrawler is prone to a denial-of-service vulnerability when processing an RSS feed with an invalid string. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects NewzCrawler 1.8; other versions may also be affected. 14. BitsCast PubDate Element Remote Denial Of Service Vulnerability BugTraq ID: 23993 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23993 Summary: BitsCast is prone to a remote denial-of-service vulnerability because it fails to adequately sanitize user-supplied input contained in RSS feeds. An attacker can exploit this issue to crash the application, effectively denying service. BitsCast 0.13.0 is vulnerable; other versions may also be affected. 15. Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability BugTraq ID: 23991 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23991 Summary: Media Player Classic is prone to a denial-of-service vulnerability when processing a malformed MPA file. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Media Player Classic 6.4.9.0; other versions may also be affected. 16. DeWizardX ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 23986 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23986 Summary: The DeWizardX ActiveX control is prone to an arbitrary-file-overwrite vulnerability. An attacker can exploit this issue to overwrite arbitrary files on the affected computer. Successful attacks may aid in further attacks against the computer. Failed attempts will likely cause denial-of-service conditions. 17. Caucho Resin Multiple Information Disclosure Vulnerabilities BugTraq ID: 23985 Remote: Yes Date Published: 2007-05-15 Relevant URL: http://www.securityfocus.com/bid/23985 Summary: Caucho Resin is prone to multiple information-disclosure vulnerabilities because it fails to adequately sanitize user-supplied data. Attackers can exploit these issues to access potentially sensitive data that may aid in further attacks. Resin 3.1.0 is vulnerable; other versions may also be affected. NOTE: According to the application's 3.1.1 change log, these issues affect the server only when installed on Microsoft Windows. 18. PrecisionID Barcode PrecisionID_DataMatrix.DLL ActiveX Control Denial of Service Vulnerability BugTraq ID: 23957 Remote: Yes Date Published: 2007-05-13 Relevant URL: http://www.securityfocus.com/bid/23957 Summary: PrecisionID Barcode ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data. Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed. PrecisionID Barcode ActiveX control 1.3 is vulnerable; other versions may also be affected. 19. ID Automation Linear Barcode IDAutomationLinear6.DLL ActiveX Control Denial of Service Vulnerability BugTraq ID: 23954 Remote: Yes Date Published: 2007-05-13 Relevant URL: http://www.securityfocus.com/bid/23954 Summary: ID Automation Linear Barcode ActiveX Control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied input data. Attackers can exploit this issue to crash the browsers of unsuspecting users, resulting in a denial of service. Remote code execution may also be possible, but has not been confirmed. ID Automation Linear Barcode ActiveX Control version 1.6.0.5 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Compromising the Windows Service or Driver failure event sink http://www.securityfocus.com/archive/88/469330 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CqBQ
