SecurityFocus Microsoft Newsletter #344

rkeith Thu, 31 May 2007 09:33:25 -0700


SecurityFocus Microsoft Newsletter #344
----------------------------------------

This Issue is Sponsored by: ByteCrusher

"Please come in and trash the place - I'll be back in 8 hours"
Fact: It can take up to 8 hours for anti-virus companies to fix a new security hole.
WindowZones by ByteCrusher protects your computer in that critical 8 hour period when
your Anti-Virus is "out to lunch". Learn More.

http://landing.bytecrusher.com/windowzones/sflanding1.aspx?Referrer=sf-A21sfMicro-wz1&cm_mmc=Security%20Focus-_-USA-_-Newsletter-_-Newsletter%3A%20Other%3A%20A21%3A%20sfMicro%3A%20wz1

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Analogies
2. Your Space, My Space, Everybody's Space
II. MICROSOFT VULNERABILITY SUMMARY
1. Avira Antivir Tar Archive Handling Remote Denial Of Service
Vulnerability
2. F-Secure Multiple Products Real-time Scanning Component Local
Privilege Escalation Vulnerability
3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
4. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete
Vulnerability
5. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control
Buffer Overflow Vulnerability
6. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer
Overflow Vulnerabilities
7. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service
Vulnerability
8. Avira Antivir Antivirus Multiple Remote Vulnerabilities
9. Dart Zip Compression DartZip.DLL ActiveX Control Buffer Overflow
Vulnerability
10. UltraISO Cue File Stack Buffer Overflow Vulnerability
11. Credant Mobile Guardian Shield Information Disclosure Vulnerability
12. Microsoft Visual Basic 6.0 Project Company Name Denial of Service
Vulnerability
13. Microsoft Visual Basic 6.0 Project Description Buffer Overflow
Vulnerability
14. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of
Service Vulnerability
15. Symantec Enterprise Security Manager Misinterpreted Information
Denial of Service Vulnerability
16. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow
Vulnerability
17. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
18. Microsoft Internet Information Server Hit Highlighting
Authentication Bypass Vulnerability
19. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer
Overflow Vulnerability
20. NOD32 Multiple Buffer Overflow Vulnerabilities
21. GD Graphics Library PNG File Processing Denial of Service
Vulnerability
22. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Reconstruction of MS terminal services sessions
2. SecurityFocus Microsoft Newsletter #343
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their function in educating
the masses on security concepts.
http://www.securityfocus.com/columnists/445

2. Your Space, My Space, Everybody's Space
By Mark Rasch
Privacy is about protecting data when somebody wants it for some purpose. It is
easy to protect data that nobody wants.
http://www.securityfocus.com/columnists/444

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 24239
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24239
Summary:
Avira Antivir is prone to a denial-of-service vulnerability because the
application fails to handle certain TAR archives.

Remote attackers may exploit this issue by enticing victims into opening
maliciously crafted TAR archives.

A successful attack may allow an attacker to cause denial-of-service conditions.

2. F-Secure Multiple Products Real-time Scanning Component Local Privilege
Escalation Vulnerability
BugTraq ID: 24237
Remote: No
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24237
Summary:
Multiple F-Secure workstation and file-server products are prone to a local
privilege-escalation vulnerability.

Exploiting this vulnerability allows local attackers to gain superuser or
SYSTEM-level privileges, leading to a complete compromise of the affected
computer.

3. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability
BugTraq ID: 24235
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24235
Summary:
Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow
vulnerability when they process certain files. This issue occurs because the
applications fail to properly check boundaries on user-supplied data before
copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the
privileges of the vulnerable application. Failed exploit attempts will likely
result in denial-of-service conditions.

4. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete
Vulnerability
BugTraq ID: 24230
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24230
Summary:
The EDraw Office Viewer Component ActiveX Control is prone to an
arbitrary-file-delete vulnerability.

An attacker can exploit this issue to delete arbitrary files on the affected
computer. Successful attacks can result in denial-of-service conditions.

5. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer
Overflow Vulnerability
BugTraq ID: 24229
Remote: Yes
Date Published: 2007-05-30
Relevant URL: http://www.securityfocus.com/bid/24229
Summary:
EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow
vulnerability because it fails to bounds-check user-supplied data before
copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition.
Arbitrary code execution may be possible, but has not been confirmed.

This issue affects EDraw Office Viewer Component 4.0.5.20; other versions may
also be affected.

6. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 24217
Remote: Yes
Date Published: 2007-05-29
Relevant URL: http://www.securityfocus.com/bid/24217
Summary:
Several Zenturi ProgramChecker ActiveX controls are prone to multiple
buffer-overflow vulnerabilities because they fail to bounds-check user-supplied
data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allow remote attackers to execute
arbitrary code in the context of the application using the ActiveX control
(typically Internet Explorer). Failed exploit attempts likely result in
denial-of-service conditions.

7. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service
Vulnerability
BugTraq ID: 24188
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24188
Summary:
Microsoft DirectX Media ActiveX control is prone to a denial-of-service
vulnerability because it fails to perform adequate checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to crash
applications using the affected ActiveX control (typically Internet Explorer).
Given the nature of this issue, remote code execution may be possible, but this
has not been confirmed.

8. Avira Antivir Antivirus Multiple Remote Vulnerabilities
BugTraq ID: 24187
Remote: Yes
Date Published: 2007-05-28
Relevant URL: http://www.securityfocus.com/bid/24187
Summary:
Avira Antivir Antivirus is prone to multiple remote vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute
arbitrary machine code with elevated privileges, facilitating the complete
compromise of affected computers. Attackers may also trigger denial-of-service
conditions by crashing the application or causing infinite loops.

These issues affect:

Avira Antivir AVPack versions prior to 7.03.00.09
Engine versions prior to 7.04.00.24

9. Dart Zip Compression DartZip.DLL ActiveX Control Buffer Overflow
Vulnerability
BugTraq ID: 24163
Remote: Yes
Date Published: 2007-05-25
Relevant URL: http://www.securityfocus.com/bid/24163
Summary:
Dart Zip Compression for ActiveX is prone to a buffer-overflow vulnerability
because the application fails to bounds-check user-supplied data before copying
it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary
code in the context of the application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts likely result in denial-of-service
conditions.

Dart Zip Compression for ActiveX 1.8.5.3 is vulnerable to this issue; other
versions may also be affected.

NOTE: Due to code reuse, this issue is similar or possibly identical to the one
described in BID 24099 (Dart ZipLite Compression DartZipLite.DLL ActiveX
Control Buffer Overflow Vulnerability). This has not been confirmed.

10. UltraISO Cue File Stack Buffer Overflow Vulnerability
BugTraq ID: 24140
Remote: Yes
Date Published: 2007-05-24
Relevant URL: http://www.securityfocus.com/bid/24140
Summary:
UltraISO is prone to a remote stack-based buffer-overflow vulnerability because
it fails to adequately bounds-check user-supplied data before copying it to an
insufficiently sized memory buffer.

Successful exploits may allow attackers to execute arbitrary code with the
privileges of the affected application. Failed exploit attempts will likely
result in denial-of-service conditions.

UltraISO 8.6.2.2011 is vulnerable; other versions may also be affected.

11. Credant Mobile Guardian Shield Information Disclosure Vulnerability
BugTraq ID: 24139
Remote: Yes
Date Published: 2007-05-24
Relevant URL: http://www.securityfocus.com/bid/24139
Summary:
Credant Mobile Guardian Shield is prone to an information-disclosure
vulnerability because it stores sensitive password information in plain text.

This issue affects Credant Mobile Guardian Shield 5.2.1.105 and prior versions.

12. Microsoft Visual Basic 6.0 Project Company Name Denial of Service
Vulnerability
BugTraq ID: 24129
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24129
Summary:
Microsoft Visual Basic 6.0 is prone to a denial-of-service vulnerability
because the application fails to bounds-check user-supplied data before copying
it into an insufficiently sized buffer.

An attacker can exploit this issue to cause a denial-of-service condition. The
attacker may also be able to execute arbitrary code within the context of the
affected application, but this has not been confirmed.

13. Microsoft Visual Basic 6.0 Project Description Buffer Overflow Vulnerability
BugTraq ID: 24128
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24128
Summary:
Microsoft Visual Basic 6.0 is prone to a stack-based buffer-overflow
vulnerability because the application fails to bounds-check user-supplied data
before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. Failed exploit attempts will result in a denial of
service.

14. Microsoft VDT Database Designer VDT70.DLL ActiveX Control Denial Of Service
Vulnerability
BugTraq ID: 24127
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24127
Summary:
Microsoft Visual Database Tools Database Designer ActiveX Control is prone to a
denial-of-service vulnerability because the application fails to handle overly
long user-supplied strings.

Attackers can exploit this issue to crash Internet Explorer or other
applications that use the vulnerable ActiveX control, resulting in
denial-of-service conditions.

NOTE: Given the nature of this issue, attackers may be able to execute remote
code, but this has not been confirmed.

15. Symantec Enterprise Security Manager Misinterpreted Information Denial of
Service Vulnerability
BugTraq ID: 24123
Remote: Yes
Date Published: 2007-05-24
Relevant URL: http://www.securityfocus.com/bid/24123
Summary:
Symantec Enterprise Security Manager is prone to a denial-of-service
vulnerability caused by a race condition.

Attackers may exploit this issue to cause the application to become
unresponsive, effectively denying service to legitimate users.

ESM Agent and Manager Platforms 6.5.3 for Microsoft Windows are affected.

16. Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow
Vulnerability
BugTraq ID: 24118
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24118
Summary:
Microsoft Office 2000 UA ActiveX Control is prone to a buffer-overflow
vulnerability because the application fails to bounds-check user-supplied data
before copying it into an insufficiently sized buffer.

17. EScan Agent Service MWAGENT.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 24112
Remote: Yes
Date Published: 2007-05-23
Relevant URL: http://www.securityfocus.com/bid/24112
Summary:
eScan is prone to a buffer-overflow vulnerability because it fails to
sufficiently bounds-check user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges. A successful remote exploit of this issue would result in the
complete compromise of affected computers.

This issue affects eScan 9.0.715.1; other versions may also be affected.

18. Microsoft Internet Information Server Hit Highlighting Authentication
Bypass Vulnerability
BugTraq ID: 24105
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24105
Summary:
Microsoft IIS is prone to an authentication-bypass vulnerability due to its
implementation of 'Hit-highlighting' functionality.

Attackers can exploit this issue to access private files hosted on an IIS
website. Successful exploits may allow attackers to gain access to potentially
sensitive information. Other attacks are possible.

NOTE: Presumably, accessing a Trusted Zone may allow attackers to execute
commands; this has not been confirmed.

19. Dart ZipLite Compression DartZipLite.DLL ActiveX Control Buffer Overflow
Vulnerability
BugTraq ID: 24099
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24099
Summary:
The Dart ZipLite Compression ActiveX control is prone to a buffer-overflow
vulnerability because the application fails to bounds-check user-supplied data
before copying it into an insufficiently sized buffer.

Dart ZipLite Compression ActiveX control 1.8.5.3 is vulnerable to this issue;
other versions may also be affected.

20. NOD32 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24098
Remote: No
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24098
Summary:
NOD32 is prone to multiple stack-based buffer-overflow vulnerabilities because
the application fails to bounds-check user-supplied data before copying it into
an insufficiently sized buffer.

An attacker can exploit these issues to execute arbitrary code with
SYSTEM-level privileges. Successful exploits will result in the complete
compromise of affected computers. Failed exploit attempts will cause
denial-of-service conditions.

These issue affects NOD32 2.7 prior to update 2.70.37.0

21. GD Graphics Library PNG File Processing Denial of Service Vulnerability
BugTraq ID: 24089
Remote: Yes
Date Published: 2007-05-22
Relevant URL: http://www.securityfocus.com/bid/24089
Summary:
The GD graphics library is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in
applications implementing the affected library.

GD graphics library 2.0.34 is reported vulnerable; other versions may be
affected as well.

22. Opera Web Browser Torrent File Handling Buffer Overflow Vulnerability
BugTraq ID: 24080
Remote: Yes
Date Published: 2007-05-21
Relevant URL: http://www.securityfocus.com/bid/24080
Summary:
The Opera Web Browser is prone to a buffer-overflow vulnerability because it
fails to sufficiently bounds-check user-supplied input.

Exploiting this issue may allow an attacker to execute arbitrary code with the
privileges of the user running the affected application.

Versions of Opera prior to 9.21 are vulnerable.

NOTE: This issue is reported to affect only Opera running on Microsoft Windows.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Reconstruction of MS terminal services sessions
http://www.securityfocus.com/archive/88/469865

2. SecurityFocus Microsoft Newsletter #343
http://www.securityfocus.com/archive/88/469513

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.

If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: ByteCrusher

http://landing.bytecrusher.com/windowzones/sflanding1.aspx?Referrer=sf-A21sfMicro-wz1&cm_mmc=Security%20Focus-_-USA-_-Newsletter-_-Newsletter%3A%20Other%3A%20A21%3A%20sfMicro%3A%20wz1

SecurityFocus Microsoft Newsletter #344

Reply via email to