SecurityFocus Microsoft Newsletter #345 ----------------------------------------
This Issue is Sponsored by: Norwich University Norwich University's Master of Science in Information Assurance Program compliments the skills of information security professionals while preparing them to take on management roles in an organization-wide information security program, such as Chief Security Officers, Security Administrators and Chief Information Security Officers. This 18 month program is conveniently delivered online and is accredited by The National Security Agency and Department of Homeland Security as a "Center for Academic Excellence in Information Assurance Education" For more information, visit http://www.msia.norwich.edu/msec SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Security Analogies 2. Your Space, My Space, Everybody's Space II. MICROSOFT VULNERABILITY SUMMARY 1. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities 2. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability 3. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities 4. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities 5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability 6. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability 7. Mozilla Firefox Resource Variant Directory Traversal Vulnerability 8. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability 9. SNMPC Username/Password Remote Denial of Service Vulnerability 10. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability 11. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability 12. DVD X Player PLF File Buffer Overflow Vulnerability 13. Microsoft Active Directory Logon Hours Username Enumeration Weakness 14. Acoustica MP3 CD Burner PlayList Files Buffer Overflow Vulnerability 15. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability 16. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability 17. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability 18. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete Vulnerability 19. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability 20. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities 21. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service Vulnerability 22. Avira Antivir Antivirus Multiple Remote Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #344 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Security Analogies By Scott Granneman Scott Granneman discusses security analogies and their function in educating the masses on security concepts. http://www.securityfocus.com/columnists/445 2. Your Space, My Space, Everybody's Space By Mark Rasch Privacy is about protecting data when somebody wants it for some purpose. It is easy to protect data that nobody wants. http://www.securityfocus.com/columnists/444 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Computer Associates ARCserve Backup Multiple Unspecified Remote Buffer Overflow Vulnerabilities BugTraq ID: 24348 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24348 Summary: Computer Associates ARCserve Backup for Laptops & Desktops is prone to multiple unspecified remote buffer-overflow vulnerabilities. These issues occur because the application fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. No further details are currently available. We will update this BID as more information emerges. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-Level privileges. This will result in a complete compromise of affected computers. ARCserve Backup for Laptops & Desktops r11.1 is reported vulnerable. 2. Microsoft Windows GDI+ ICO File Remote Denial of Service Vulnerability BugTraq ID: 24346 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24346 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to properly handle maliciously crafted ICO files. An attacker may exploit this issue by enticing victims into opening a malicious file. Successful exploits will result in denial-of-service conditions on applications using the affected library. Applications such as Windows Explorer or Picture and Fax viewer have been identified as vulnerable. 3. Yahoo! Messenger Multiple Unspecified Remote Code Execution Vulnerabilities BugTraq ID: 24341 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24341 Summary: Yahoo! Messenger is prone to multiple unspecified remote code-execution vulnerabilities. No further information is currently available. This BID will be updated as more information is disclosed. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Specific vulnerable Yahoo! Messenger versions are not known, but versions in the 8 series for Microsoft Windows are reportedly affected. 4. MPlayer Multiple CDDB Parsing Buffer Overflow Vulnerabilities BugTraq ID: 24339 Remote: Yes Date Published: 2007-06-06 Relevant URL: http://www.securityfocus.com/bid/24339 Summary: MPlayer is prone to multiple buffer-overflow vulnerabilities when it attempts to process malformed album and category titles. These issues occur because the application fails to perform proper bounds-checking on user-supplied data before copying it to an insufficiently sized memory buffer. An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation. MPlayer 1.0rc1 is vulnerable to these issues; other versions may also be affected. 5. Mozilla Firefox Beatnik Extension Remote Script Code Execution Vulnerability BugTraq ID: 24324 Remote: Yes Date Published: 2007-06-05 Relevant URL: http://www.securityfocus.com/bid/24324 Summary: A remote code-execution vulnerability affects the Beatnik extension for Mozilla Firefox because the application fails to validate input errors when processing RSS feeds. An attacker may leverage this issue to execute arbitrary code in the context of the user account running the affected extension. This may facilitate cross-site scripting as well as a compromise of an affected computer. Beatnik 1.0 is vulnerable; other versions may also be affected. 6. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of Service Vulnerability BugTraq ID: 24316 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24316 Summary: ClamAV is prone to a denial-of-service vulnerability when handling malformed OLE2 files. A successful attack may allow an attacker to cause denial-of-service conditions. Versions prior to ClamAV 0.90.3 are affected. 7. Mozilla Firefox Resource Variant Directory Traversal Vulnerability BugTraq ID: 24303 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24303 Summary: Mozilla Firefox is prone to a directory-traversal vulnerability because it fails to adequately sanitize user-supplied data. An attacker can exploit this issue to access arbitrary files on an unsuspecting user's computer. Successful exploits can expose potentially sensitive information that could aid in further attacks. This issue was introduced as part of the fix for BID 24191 (Mozilla Firefox Resource Directory Traversal Vulnerability) in Firefox 2.0.0.4. 8. Microsoft Internet Explorer Location Object Webpage Spoofing Vulnerability BugTraq ID: 24298 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24298 Summary: Microsoft Internet Explorer is prone to a webpage-spoofing vulnerability. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. 9. SNMPC Username/Password Remote Denial of Service Vulnerability BugTraq ID: 24292 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24292 Summary: SNMPc is prone to a remote denial-of-service vulnerability. Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users. This issue is reported to affect versions of SNMPc prior to 7.0.19. 10. Clam AntiVirus ClamAV RAR Handling Remote Denial Of Service Vulnerability BugTraq ID: 24289 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24289 Summary: ClamAV is prone to a denial-of-service vulnerability. A successful attack may allow an attacker to cause denial-of-service conditions. 11. Microsoft Internet Explorer Javascript Cross Domain Information Disclosure Vulnerability BugTraq ID: 24283 Remote: Yes Date Published: 2007-06-04 Relevant URL: http://www.securityfocus.com/bid/24283 Summary: The browser is prone to a cross-domain information-disclosure vulnerability because scripts may persist across navigations. This vulnerability may let a malicious site interact with a site in an arbitrary external domain. Attackers could exploit this to gain access to sensitive information that is associated with the external domain. Other attacks may be possible, such as executing script code in other browser security zones. UPDATE: Reports indicate that Safari browser may also be vulnerable, but this has not been confirmed. UPDATE (June 6, 2007): The WebKit framework used by Safari is reported vulnerable. Builds 522 and later, which are associated with the nightly WebKit build, are vulnerable; other versions may also be affected. 12. DVD X Player PLF File Buffer Overflow Vulnerability BugTraq ID: 24278 Remote: Yes Date Published: 2007-06-02 Relevant URL: http://www.securityfocus.com/bid/24278 Summary: DVD X Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes. This issue affects DVD X Player 4.1; other versions may also be affected. 13. Microsoft Active Directory Logon Hours Username Enumeration Weakness BugTraq ID: 24248 Remote: Yes Date Published: 2007-05-31 Relevant URL: http://www.securityfocus.com/bid/24248 Summary: Microsoft Active Directory is prone to a username-enumeration weakness because of a design error in the application when verifying user-supplied input. Attackers may exploit this weakness to discern valid usernames. This may aid them in brute-force password cracking or other attacks. Microsoft Active Directory on Microsoft Windows Server 2003 Standard Edition is vulnerable; other versions may also be affected. 14. Acoustica MP3 CD Burner PlayList Files Buffer Overflow Vulnerability BugTraq ID: 24247 Remote: Yes Date Published: 2007-05-31 Relevant URL: http://www.securityfocus.com/bid/24247 Summary: Acoustica MP3 CD Burner is prone to a a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes. 15. Avira Antivir Tar Archive Handling Remote Denial Of Service Vulnerability BugTraq ID: 24239 Remote: Yes Date Published: 2007-05-30 Relevant URL: http://www.securityfocus.com/bid/24239 Summary: Avira Antivir is prone to a denial-of-service vulnerability because the application fails to handle certain TAR archives. Remote attackers may exploit this issue by enticing victims into opening maliciously crafted TAR archives. A successful attack may allow attackers to cause denial-of-service conditions. 16. F-Secure Multiple Products Real-time Scanning Component Local Privilege Escalation Vulnerability BugTraq ID: 24237 Remote: No Date Published: 2007-05-30 Relevant URL: http://www.securityfocus.com/bid/24237 Summary: Multiple F-Secure workstation and file-server products are prone to a local privilege-escalation vulnerability. Exploiting this vulnerability allows local attackers to gain superuser or SYSTEM-level privileges, leading to a complete compromise of the affected computer. 17. F-Secure Anti-Virus LHA Processing Buffer Overflow Vulnerability BugTraq ID: 24235 Remote: Yes Date Published: 2007-05-30 Relevant URL: http://www.securityfocus.com/bid/24235 Summary: Multiple F-Secure Anti-Virus applications are prone to a buffer-overflow vulnerability when they process certain LHA archive files. This issue occurs because the applications fail to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer. Successful exploits can allow attackers to execute arbitrary code with the privileges of the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions. Reports indicate that this vulnerability also occurs when processing malformed LZH archives, ARJ files, and FSG packed files. 18. EDraw Office Viewer Component ActiveX Control Arbitrary File Delete Vulnerability BugTraq ID: 24230 Remote: Yes Date Published: 2007-05-30 Relevant URL: http://www.securityfocus.com/bid/24230 Summary: The EDraw Office Viewer Component ActiveX Control is prone to an arbitrary-file-delete vulnerability. An attacker can exploit this issue to delete arbitrary files on the affected computer. Successful attacks can result in denial-of-service conditions. 19. EDraw Office Viewer Component EDrawOfficeViewer.OCX ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 24229 Remote: Yes Date Published: 2007-05-30 Relevant URL: http://www.securityfocus.com/bid/24229 Summary: EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause a denial-of-service condition. Arbitrary code execution may be possible, but has not been confirmed. This issue affects EDraw Office Viewer Component 4.0.5.20; other versions may also be affected. 20. Zenturi ProgramChecker SASATL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities BugTraq ID: 24217 Remote: Yes Date Published: 2007-05-29 Relevant URL: http://www.securityfocus.com/bid/24217 Summary: Several Zenturi ProgramChecker ActiveX controls are prone to multiple buffer-overflow vulnerabilities because they fail to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting these issues allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. 21. Microsoft DirectX Media DXTMSFT.DLL ActiveX Control Denial of Service Vulnerability BugTraq ID: 24188 Remote: Yes Date Published: 2007-05-28 Relevant URL: http://www.securityfocus.com/bid/24188 Summary: Microsoft DirectX Media ActiveX control is prone to a denial-of-service vulnerability because it fails to perform adequate checks on user-supplied data. Successfully exploiting this issue allows remote attackers to crash applications using the affected ActiveX control (typically Internet Explorer). Given the nature of this issue, remote code execution may be possible, but this has not been confirmed. 22. Avira Antivir Antivirus Multiple Remote Vulnerabilities BugTraq ID: 24187 Remote: Yes Date Published: 2007-05-28 Relevant URL: http://www.securityfocus.com/bid/24187 Summary: Avira Antivir Antivirus is prone to multiple remote vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with elevated privileges, facilitating the complete compromise of affected computers. Attackers may also trigger denial-of-service conditions by crashing the application or causing infinite loops. These issues affect: Avira Antivir AVPack versions prior to 7.03.00.09 Engine versions prior to 7.04.00.24 III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #344 http://www.securityfocus.com/archive/88/470135 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: Norwich University Norwich University's Master of Science in Information Assurance Program compliments the skills of information security professionals while preparing them to take on management roles in an organization-wide information security program, such as Chief Security Officers, Security Administrators and Chief Information Security Officers. This 18 month program is conveniently delivered online and is accredited by The National Security Agency and Department of Homeland Security as a "Center for Academic Excellence in Information Assurance Education" For more information, visit http://www.msia.norwich.edu/msec
