SecurityFocus Microsoft Newsletter #363 ----------------------------------------
This issue is Sponsored by: SPI Dynamics ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper. https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Of Hackers and Ego 2.Passive Network Analysis II. MICROSOFT VULNERABILITY SUMMARY 1. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities 2. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability 3. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities 4. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness 5. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability 6. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability 7. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability 8. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability 9. Microsoft Windows URI Handler Command Execution Vulnerability 10. ConeXware PowerArchiver BlackHole Archive Handling Buffer Overflow Vulnerability 11. Vba32 Personal Antivirus Insecure File Permissions Local Privilege Escalation Vulnerability 12. RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities 13. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities 14. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability 15. Microsoft Internet Explorer Address Bar Spoofing Vulnerability 16. Apple QuickTime for Windows Remote Code Execution Vulnerability 17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability 18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability 19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability 20. Altnet Download Manager ADM4 ActiveX Buffer Overflow Vulnerability 21. CenterTools DriveLock Remote Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Of Hackers and Egos By Don Parker The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill. http://www.securityfocus.com/columnists/454 2.Passive Network Analysis By Stephen Barish In sports, it's pretty much accepted wisdom that home teams have the advantage; that's why teams with winning records on the road do so well in the playoffs. But for some reason we rarely think about "the home field advantage" when we look at defending our networks. http://www.securityfocus.com/infocus/1894 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities BugTraq ID: 26015 Remote: Yes Date Published: 2007-10-11 Relevant URL: http://www.securityfocus.com/bid/26015 Summary: Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues. Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers. The following applications are affected: BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows BrightStor Enterprise Backup r10.5 CA Server Protection Suite r2, CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 2. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability BugTraq ID: 26014 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/26014 Summary: EMC RepliStor is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. A remote attacker may be able to exploit this issue to execute arbitrary code with SYSTEM-level privileges. This issue affects RepliStor 6.1.3; earlier versions may also be vulnerable. 3. IBM DB2 Universal Database Buffer Overflow and Multiple Denial of Service Vulnerabilities BugTraq ID: 26010 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/26010 Summary: IBM DB2 Universal Database is prone to a buffer-overflow vulnerability and two denial-of-service vulnerabilities. Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the database server, compromising the computer. Exploits may also result in server crashes, denying service to legitimate users. IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues. 4. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness BugTraq ID: 26008 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/26008 Summary: G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks. Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks. G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected. 5. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability BugTraq ID: 25991 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/25991 Summary: Microsoft Office 2000 and Office XP are prone to an unspecified denial-of-service vulnerability. Microsoft Word is confirmed vulnerable to an unspecified denial-of-service issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed. The following versions of Microsoft Office are confirmed vulnerable to this issue: Microsoft Office 2000 English Microsoft Office 2000 Japanese Microsoft Office 2000 Chinese Microsoft Office XP English Microsoft Office XP Japanese Microsoft Office XP Chinese 6. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability BugTraq ID: 25985 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25985 Summary: World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker could exploit this issue to crash the affected application, denying service to legitimate users. This issue affects World in Conflict 1.000; other versions may also be affected. 7. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 25977 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25977 Summary: Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected. 8. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability BugTraq ID: 25974 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25974 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets. Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users. 9. Microsoft Windows URI Handler Command Execution Vulnerability BugTraq ID: 25945 Remote: Yes Date Published: 2007-10-05 Relevant URL: http://www.securityfocus.com/bid/25945 Summary: Microsoft Windows XP and Server 2003 with Internet Explorer 7 is prone to a command-execution vulnerability because it fails to properly sanitize input. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of users that follow malicious URIs. Known attack vectors include following URIs in these applications: - Mozilla Firefox in versions prior to 2.0.0.6 - Skype in versions prior to 3.5.0.239 - Adobe Acrobat Reader 8.1 - Miranda 0.7 - Netscape 7.1 - mIRC. NOTE: BID 25543 (Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability) is an attack vector for this issue. 10. ConeXware PowerArchiver BlackHole Archive Handling Buffer Overflow Vulnerability BugTraq ID: 25938 Remote: Yes Date Published: 2007-10-05 Relevant URL: http://www.securityfocus.com/bid/25938 Summary: PowerArchiver is prone to a buffer-overflow vulnerability when handling malicious BlackHole archives. A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition when the application handles excessive data in the archive. This vulnerability reportedly affects versions prior to PowerArchiver 10.20.21. 11. Vba32 Personal Antivirus Insecure File Permissions Local Privilege Escalation Vulnerability BugTraq ID: 25930 Remote: No Date Published: 2007-10-04 Relevant URL: http://www.securityfocus.com/bid/25930 Summary: Vba32 Personal is prone to a local privilege-escalation vulnerability that stems from a design error. This vulnerability occurs because the application assigns insecure file permissions to certain directories upon installation. An attacker may exploit this vulnerability to overwrite files with arbitrary code in the affected directories. The arbitrary code will then run with SYSTEM-level privileges. This may facilitate a complete compromise of affected computers. Vba32 Personal 3.12.2 is vulnerable to this issue; other versions may also be affected. 12. RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities BugTraq ID: 25922 Remote: Yes Date Published: 2007-10-04 Relevant URL: http://www.securityfocus.com/bid/25922 Summary: Microsoft has released advance notification that the vendor will be releasing six security bulletins on October 9, 2007. The highest severity rating for these issues is 'Critical'. The following individual records have been created to document these vulnerabilities: 25909 Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability 25908 Microsoft Outlook Express And Windows Mail NNTP Remote Code Execution 25915 Microsoft Internet Explorer Address Bar Spoofing Vulnerability 25916 Microsoft Internet Explorer Script Error Handling Memory Corruption 22680 Microsoft Internet Explorer OnUnload Javascript Browser Entrapment 24911 Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment 25974 Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability 23832 Microsoft SharePoint Server Cross-Site Scripting Vulnerability 25906 Microsoft Word Workspace Memory Corruption Remote Code Execution 13. Sun Java WebStart Multiple File Access And Information Disclosure Vulnerabilities BugTraq ID: 25920 Remote: Yes Date Published: 2007-10-04 Relevant URL: http://www.securityfocus.com/bid/25920 Summary: Sun Java Web Start is prone to multiple local file-access vulnerabilities and an information-disclosure vulnerability. An attacker could exploit these issues to obtain sensitive information and to read and write arbitrary files on the affected computer with the privileges of the user running the untrusted Java application. 14. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability BugTraq ID: 25916 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25916 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content. Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affected application. This facilitates the remote compromise of affected computers. 15. Microsoft Internet Explorer Address Bar Spoofing Vulnerability BugTraq ID: 25915 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25915 Summary: Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. 16. Apple QuickTime for Windows Remote Code Execution Vulnerability BugTraq ID: 25913 Remote: Yes Date Published: 2007-10-03 Relevant URL: http://www.securityfocus.com/bid/25913 Summary: QuickTime for Windows is prone to a remote code-execution vulnerability because the application fails to handle URIs securely . Successfully exploiting this issue allows remote attackers to execute arbitrary applications with controlled command-line arguments. This facilitates the remote compromise of affected computers. QuickTime 7.2 running on Microsoft Windows Vista or XP SP2 is vulnerable. 17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability BugTraq ID: 25909 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25909 Summary: Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000. 18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability BugTraq ID: 25908 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25908 Summary: Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. 19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 25906 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25906 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. NOTE: Successful exploits of this issue may be hampered because Microsoft Office 2007 and Office 2003 SP3 will not open some older Office file formats, including Office for Macintosh documents. Exploits of this issue involve the Macintosh file format. 20. Altnet Download Manager ADM4 ActiveX Buffer Overflow Vulnerability BugTraq ID: 25903 Remote: Yes Date Published: 2007-10-03 Relevant URL: http://www.securityfocus.com/bid/25903 Summary: Altnet Download Manager ADM4 ActiveX control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Attackers can exploit this issue to cause a denial-of-service condition or to execute arbitrary code. This issue affects Altnet Download Manager 4.0; other versions may also be affected. KaZaA and Grokster are considered vulnerable as well. 21. CenterTools DriveLock Remote Buffer Overflow Vulnerability BugTraq ID: 25902 Remote: Yes Date Published: 2007-10-03 Relevant URL: http://www.securityfocus.com/bid/25902 Summary: CenterTools DriveLock is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. This issue is reported to affect DriveLock and DriveLock Security Reporting Center 5.0 and prior versions; other versions may also be affected. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: SPI Dynamics ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper. https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl
