SecurityFocus Microsoft Newsletter #359 ----------------------------------------
This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. VoIP Hopping: A Method of Testing VoIP security or Voice VLANs 2. Mod Your iPhone - For Fun or Profit? II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities 2. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability 3. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability 4. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities 5. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability 6. Microsoft SQL Server sqldmo.dll ActiveX Buffer Overflow Vulnerability 7. EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability 8. Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities 9. Total Commander Client Side Directory Traversal Vulnerability 10. Microsoft September 2007 Advance Notification Multiple Vulnerabilities 11. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability 12. Apple iTunes Malformed Music File Heap Buffer Overflow Vulnerability 13. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability 14. AtomixMP3 Malformed PLS Playlist File Buffer Overflow Vulnerability 15. Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities 16. MailMarshal Tar Archive Remote Directory Traversal Vulnerability 17. Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability 18. Virtual DJ M3U File Buffer Overflow Vulnerability 19. Virtual DJ M3U Local Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. AAA that Acquire from Lotus Domino 7.02 2. SecurityFocus Microsoft Newsletter #358 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs By Jason Ostrom and John Kindervag Testing Protection Controls on a VoIP Network - A Case Study and Method http://www.securityfocus.com/infocus/1892 2. Mod Your iPhone - For Fun or Profit? By Mark Rasch I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn't wait in line for hours; I just walked into the local Apple store, plunked down my life's savings, and voila, another AT&T customer! http://www.securityfocus.com/columnists/453 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Visual Studio PDWizard.ocx ActiveX Control Multiple Remote Vulnerabilities BugTraq ID: 25638 Remote: Yes Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25638 Summary: Microsoft Visual Studio is prone to multiple remote vulnerabilities, including two remote command-execution issues and four unspecified vulnerabilities. An attacker can exploit the remote command-execution vulnerabilities to execute arbitrary commands with the privileges of the currently logged-in user. Very little information is known about the four unspecified issues. We will update this BID as more information emerges. These issues affect Microsoft Visual Studio 6.0.0; other versions may also be affected. 2. Microsoft Visual Studio VB To VSI Support Library ActiveX Arbitrary File Overwrite Vulnerability BugTraq ID: 25635 Remote: Yes Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25635 Summary: Microsoft Visual Studio VB To VSI Support Library ActiveX Control is prone to a vulnerability that lets attackers overwrite arbitrary files. An attacker can exploit this issue to overwrite arbitrary files with local data. This will likely result in denial-of-service conditions; other attacks may also be possible. 3. Microsoft Visual Basic 6.0 VBP_Open Project File Handling Buffer Overflow Vulnerability BugTraq ID: 25629 Remote: Yes Date Published: 2007-09-04 Relevant URL: http://www.securityfocus.com/bid/25629 Summary: Microsoft Visual Basic 6.0 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. 4. CellFactor Revolution Multiple Remote Code Execution Vulnerabilities BugTraq ID: 25625 Remote: Yes Date Published: 2007-09-10 Relevant URL: http://www.securityfocus.com/bid/25625 Summary: CellFactor: Revolution is prone to multiple remote code-execution vulnerabilities, including a buffer-overflow issue and a format-string issue. Successfully exploiting these issues will allow an attacker to execute arbitrary code within the context of the affected application or to crash the application. CellFactor: Revolution 1.03 is vulnerable; other versions may also be affected. 5. Microsoft Windows Services for UNIX Local Privilege Escalation Vulnerability BugTraq ID: 25620 Remote: No Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25620 Summary: Microsoft Windows Services for UNIX is prone to a local privilege-escalation vulnerability. Attackers may exploit this issue to gain elevated privileges on affected computers. This facilitates the complete compromise of vulnerable computers. Microsoft Windows Services for UNIX 3.0 and 3.5 and Microsoft Subsystem for UNIX-based Applications are vulnerable to this issue. 6. Microsoft SQL Server sqldmo.dll ActiveX Buffer Overflow Vulnerability BugTraq ID: 25594 Remote: Yes Date Published: 2007-09-07 Relevant URL: http://www.securityfocus.com/bid/25594 Summary: Microsoft SQL Server 'sqldmo.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. 7. EDraw Office Viewer Component HttpDownloadFileToTempDir ActiveX Buffer Overflow Vulnerability BugTraq ID: 25593 Remote: Yes Date Published: 2007-09-07 Relevant URL: http://www.securityfocus.com/bid/25593 Summary: EDraw Office Viewer Component ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to cause a denial-of-service condition and possibly to execute arbitrary code, but has not been confirmed. This issue affects EDraw Office Viewer Component 5.2; other versions may also be affected. 8. Unreal Commander Directory Traversal And Denial Of Service Vulnerabilities BugTraq ID: 25583 Remote: Yes Date Published: 2007-09-06 Relevant URL: http://www.securityfocus.com/bid/25583 Summary: Unreal Commander is prone to multiple remote vulnerabilities, including a directory-traversal issue and a denial-of-service issue. An attacker can exploit these issues to compromise the affected computer, write files to arbitrary locations, and crash the affected application. Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected. 9. Total Commander Client Side Directory Traversal Vulnerability BugTraq ID: 25581 Remote: Yes Date Published: 2007-09-06 Relevant URL: http://www.securityfocus.com/bid/25581 Summary: Total Commander is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this issue to upload a malicious file to an arbitrary location on the victim's computer. This issue affects Total Commander 7.01; other versions may also be vulnerable. 10. Microsoft September 2007 Advance Notification Multiple Vulnerabilities BugTraq ID: 25573 Remote: Yes Date Published: 2007-09-06 Relevant URL: http://www.securityfocus.com/bid/25573 Summary: Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 11, 2007. The highest severity rating for these issues is 'Critical'. Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released. 11. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability BugTraq ID: 25571 Remote: Yes Date Published: 2007-09-06 Relevant URL: http://www.securityfocus.com/bid/25571 Summary: Microsoft Visual FoxPro ActiveX control is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected. 12. Apple iTunes Malformed Music File Heap Buffer Overflow Vulnerability BugTraq ID: 25567 Remote: Yes Date Published: 2007-09-05 Relevant URL: http://www.securityfocus.com/bid/25567 Summary: Apple iTunes is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This issue affects versions prior to iTunes 7.4. 13. Microsoft Agent agentdpv.dll ActiveX Control Malformed URL Stack Buffer Overflow Vulnerability BugTraq ID: 25566 Remote: Yes Date Published: 2007-09-11 Relevant URL: http://www.securityfocus.com/bid/25566 Summary: Microsoft Agent (agentsvr.exe) is prone to a stack-based buffer-overflow vulnerability because the application fails to adequately bounds-check user-supplied data. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 14. AtomixMP3 Malformed PLS Playlist File Buffer Overflow Vulnerability BugTraq ID: 25546 Remote: Yes Date Published: 2007-09-05 Relevant URL: http://www.securityfocus.com/bid/25546 Summary: AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker could exploit this issue by enticing a victim to load a malicious MP3 file. If successful, the attacker can execute arbitrary code in the context of the affected application. 15. Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities BugTraq ID: 25544 Remote: Yes Date Published: 2007-09-05 Relevant URL: http://www.securityfocus.com/bid/25544 Summary: Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple vulnerabilities, including multiple stack-based buffer-overflow issues and an access-validation issue. Attackers can exploit these issues to execute arbitrary code in the context of an application using the controls (typically Internet Explorer) or to upload and download files in arbitrary locations on the affected computer. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. Versions prior to QuickBooks Online Edition 10 are vulnerable. 16. MailMarshal Tar Archive Remote Directory Traversal Vulnerability BugTraq ID: 25523 Remote: Yes Date Published: 2007-09-04 Relevant URL: http://www.securityfocus.com/bid/25523 Summary: MailMarshal is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data. Remote attackers an overwrite files in arbitrary locations on a vulnerable computer in the context of the user running the affected application. 17. Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability BugTraq ID: 25514 Remote: No Date Published: 2007-09-03 Relevant URL: http://www.securityfocus.com/bid/25514 Summary: Ots Labs OtsTurntables is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OtsTurntables 1.00 is vulnerable; other versions may also be affected. 18. Virtual DJ M3U File Buffer Overflow Vulnerability BugTraq ID: 25513 Remote: Yes Date Published: 2007-09-02 Relevant URL: http://www.securityfocus.com/bid/25513 Summary: Virtual DJ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data. Attackers may attempt to exploit this issue by coercing users to access malicious M3U playlist files. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers. Virtual DJ 5.0 is vulnerable; other versions may also be affected. 19. Virtual DJ M3U Local Buffer Overflow Vulnerability BugTraq ID: 25512 Remote: No Date Published: 2007-09-03 Relevant URL: http://www.securityfocus.com/bid/25512 Summary: Virtual DJ is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Virtual DJ 5.0 is vulnerable; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. AAA that Acquire from Lotus Domino 7.02 http://www.securityfocus.com/archive/88/478975 2. SecurityFocus Microsoft Newsletter #358 http://www.securityfocus.com/archive/88/478651 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This Issue is Sponsored by: SPI Dynamics ALERT: "How A Hacker Launches A Blind SQL Injection Attack Step-by-Step"!" - White Paper Blind SQL Injection can deliver total control of your server to a hacker giving them the ability to read, write and manipulate all data stored in your backend systems! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! https://download.spidynamics.com/1/ad/bsq.asp?Campaign_ID=70160000000D2bp
