SecurityFocus Microsoft Newsletter #364 ----------------------------------------
This issue is Sponsored by: CSI CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. http://www.csiannual.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Starting up with Aspect-Oriented Programming 2.Of Hackers and Ego II. MICROSOFT VULNERABILITY SUMMARY 1. WWWISIS IsisScript Local File Disclosure Vulnerability 2. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability 3. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability 4. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability 5. Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Download Vulnerability 6. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities 7. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability 8. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities 9. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness 10. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability 11. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability 12. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability 13. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability 14. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability 15. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability 16. Microsoft Internet Explorer Address Bar Spoofing Vulnerability 17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability 18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability 19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #363 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Starting up with Aspect-Oriented Programming By Rohit Sethi Aspect-oriented programming (AOP) is a paradigm that is quickly gaining traction in the development world. At least partially spurred by the popularity of the Java Spring framework [1], people are beginning to understand the substantial benefits that AOP brings to development. http://www.securityfocus.com/infocus/1895 2.Of Hackers and Egos By Don Parker The world of computer security can often be a strange and compelling one. Many outsiders, or those with little knowledge of computers, just don't understand the whole uproar over various issues, such as whether Microsoft Vista is more secure then Linux or Mac. It's all moot as far as the general population is concerned. But, for those of use who work in the industry, it is just more grist for the mill. http://www.securityfocus.com/columnists/454 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. WWWISIS IsisScript Local File Disclosure Vulnerability BugTraq ID: 26079 Remote: Yes Date Published: 2007-10-15 Relevant URL: http://www.securityfocus.com/bid/26079 Summary: WWWISIS is prone to a vulnerability that allows remote attackers to display the contents of arbitrary local files in the context of the webserver process. An attacker may be able to exploit this issue to retrieve potentially sensitive information that may aid in further attacks. This issue affects WWWISIS 7.1; other versions may also be vulnerable. 2. Novell SUSE ISC BIND Named LibGSSAPI Denial Of Service Vulnerability BugTraq ID: 26076 Remote: Yes Date Published: 2007-10-15 Relevant URL: http://www.securityfocus.com/bid/26076 Summary: Novell SUSE Linux Enterprise Server is prone to a denial-of-service vulnerability becuase it fails to adequately handle certain GSS-TSIG requests that require the 'libgssapi' library. Attackers can exploit this issue to cause denial-of-service conditions. Versions prior to 'libgssapi' 0.6-13.17 as found in Enterprise Server 10 SP1 are vulnerable. 3. COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability BugTraq ID: 26069 Remote: Yes Date Published: 2007-10-14 Relevant URL: http://www.securityfocus.com/bid/26069 Summary: jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing M3U files. Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application. jetAudio 7.0.3 is reported vulnerable; prior versions may also be affected. 4. WWWISIS Lang Parameter Cross-Site Scripting Vulnerability BugTraq ID: 26067 Remote: Yes Date Published: 2007-10-13 Relevant URL: http://www.securityfocus.com/bid/26067 Summary: WWWISIS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 5. Microsoft Internet Explorer Extension Filter Bypass Arbitrary File Download Vulnerability BugTraq ID: 26062 Remote: Yes Date Published: 2007-10-13 Relevant URL: http://www.securityfocus.com/bid/26062 Summary: Internet Explorer is prone to an arbitrary-file-download vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this vulnerability to download arbitrary 'exe' files to an unsuspecting victim's computer. This may facilitate a remote compromise of an affected computer. NOTE: Further investigation suggests that this issue cannot be exploited to cause the malicious file to run. Since the file has an alternate extension, it will be processed only by the application specified for that extension. When the file is processed, an error will likely occur because of an invalid format. 6. Computer Associates BrightStor ARCserve Backup Multiple Remote Vulnerabilities BugTraq ID: 26015 Remote: Yes Date Published: 2007-10-11 Relevant URL: http://www.securityfocus.com/bid/26015 Summary: Computer Associates BrightStor ARCserve is prone to multiple remote vulnerabilities, including buffer-overflow issues, memory-corruption issues, and privilege-escalation issues. Successful exploits allow remote attackers to cause denial-of-service conditions, execute arbitrary machine code in the context of the affected application, or perform actions with elevated privileges. This may result in a complete compromise of affected computers. The following applications are affected: BrightStor ARCserve Backup v9.01, r11.1, r11.5, r11 for Windows BrightStor Enterprise Backup r10.5 CA Server Protection Suite r2, CA Business Protection Suite r2 CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2 CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2 7. EMC RepliStor Server Service recv() Buffer Overflow Vulnerability BugTraq ID: 26014 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/26014 Summary: EMC RepliStor is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. A remote attacker may be able to exploit this issue to execute arbitrary code with SYSTEM-level privileges. This issue affects RepliStor 6.1.3; earlier versions may also be vulnerable. 8. IBM DB2 Universal Database Multiple Denial of Service Vulnerabilities BugTraq ID: 26010 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/26010 Summary: IBM DB2 Universal Database is prone to two denial-of-service vulnerabilities. Successfully exploiting these issues allows attackers to cause server crashes, denying service to legitimate users. IBM DB2 Universal Database 8.1 and 8.2 are vulnerable to these issues. NOTE: Information regarding the buffer-overflow vulnerability previously documented in this BID has been removed. That vulnerability is documented in a separate record: BID 23890 (IBM DB2 Universal Database JDBC Applet Server Unspecified Code Execution Vulnerability). 9. G DATA Antivirus 2007 ScanObjectBrowser.DLL ActiveX Control Buffer Overflow Weakness BugTraq ID: 26008 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/26008 Summary: G DATA Antivirus 2007 is prone to a buffer-overflow weakness because it fails to perform adequate boundary checks. Successful exploits will allow attackers to execute arbitrary code in the context of an application using the control (typically Internet Explorer). Since the affected control is not marked 'safe for scripting', attackers must exploit this issue in conjunction with zone-escalation or cross-zone scripting attacks. G DATA Antivirus 2007 is vulnerable to this issue; other versions may also be affected. 10. RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability BugTraq ID: 25991 Remote: Yes Date Published: 2007-10-10 Relevant URL: http://www.securityfocus.com/bid/25991 Summary: Microsoft Office 2000 and Office XP are prone to an unspecified denial-of-service vulnerability. Microsoft Word is confirmed vulnerable to an unspecified denial-of-service issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed. The following versions of Microsoft Office are confirmed vulnerable to this issue: Microsoft Office 2000 English Microsoft Office 2000 Japanese Microsoft Office 2000 Chinese Microsoft Office XP English Microsoft Office XP Japanese Microsoft Office XP Chinese 11. World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability BugTraq ID: 25985 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25985 Summary: World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. An attacker could exploit this issue to crash the affected application, denying service to legitimate users. This issue affects World in Conflict 1.000; other versions may also be affected. 12. Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 25977 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25977 Summary: Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected. 13. Microsoft ActiveSync Weak Password Obfuscation Information Disclosure Vulnerability BugTraq ID: 25976 Remote: No Date Published: 2007-10-15 Relevant URL: http://www.securityfocus.com/bid/25976 Summary: Microsoft ActiveSync is prone to an information-disclosure vulnerability because it fails to adequately obfuscate sensitive information. Attackers can exploit this issue to gain PIN or password data for devices docked via USB. Software that uses ActiveSync 4.1 is vulnerable; other versions may also be affected. 14. Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability BugTraq ID: 25974 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25974 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted RPC packets. Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users. 15. Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability BugTraq ID: 25916 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25916 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into viewing maliciously crafted HTML content. Successfully exploiting this issue allows arbitrary machine code to execute in the context of the affected application. This facilitates the remote compromise of affected computers. 16. Microsoft Internet Explorer Address Bar Spoofing Vulnerability BugTraq ID: 25915 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25915 Summary: Microsoft Internet Explorer is prone to a vulnerability that lets attackers spoof the address bar of a trusted site. Attackers may exploit this vulnerability via a malicious webpage to spoof the contents and origin of a page that the victim may trust. Attackers may find this issue useful in phishing or other attacks that rely on content spoofing. 17. Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability BugTraq ID: 25909 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25909 Summary: Microsoft Windows Kodak Image Viewer is prone to a remote code-execution vulnerability because it fails to properly bounds-check user-supplied data. Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. NOTE: Affected versions of Windows XP are vulnerable only if they have been upgraded from Windows 2000. 18. Microsoft Outlook Express And Windows Mail NNTP Protocol Heap Buffer Overflow Vulnerability BugTraq ID: 25908 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25908 Summary: Microsoft Outlook Express and Windows Mail are prone to a remote heap-based buffer-overflow vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the currently logged-in user. 19. Microsoft Word Workspace Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 25906 Remote: Yes Date Published: 2007-10-09 Relevant URL: http://www.securityfocus.com/bid/25906 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. NOTE: Successful exploits of this issue may be hampered because Microsoft Office 2007 and Office 2003 SP3 will not open some older Office file formats, including Office for Macintosh documents. Exploits of this issue involve the Macintosh file format. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #363 http://www.securityfocus.com/archive/88/482193 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: CSI CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. http://www.csiannual.com
