SecurityFocus Microsoft Newsletter #376 ----------------------------------------
This issue is Sponsored by: Black Hat DC Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Real Flaws in Virtual Worlds 2.Copyrights and Wrongs II. MICROSOFT VULNERABILITY SUMMARY 1. Apple QuickTime RTSP Connection Status Display Remote Buffer Overflow Vulnerability 2. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability 3. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability 4. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability 5. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability 6. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability 7. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability 8. Novell ZENworks ESM Security Client 'STEngine.exe' Local Privilege Escalation Vulnerability 9. Pragma TelnetServer NULL-Pointer Dereference Denial of Service Vulnerability 10. Foxit WAC Server Denial of Service Vulnerability 11. Pragma Systems FortressSSH 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability 12. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability 13. Microsoft January 2008 Advance Notification Multiple Vulnerabilities 14. Camtasia Studio 'csPreloader' Remote Code Execution Vulnerability 15. Georgia SoftWorks Secure Shell Server Multiple Remote Code Execution Vulnerabilities 16. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability 17. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Real Flaws in Virtual Worlds By Federico Biancuzzi Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business. http://www.securityfocus.com/columnists/461 2.Copyrights and Wrongs By Mark Rasch On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000. http://www.securityfocus.com/columnists/460 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Apple QuickTime RTSP Connection Status Display Remote Buffer Overflow Vulnerability BugTraq ID: 27225 Remote: Yes Date Published: 2008-01-10 Relevant URL: http://www.securityfocus.com/bid/27225 Summary: Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer. Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions. QuickTime 7.3.1.70 is vulnerable to this issue; other versions may also be affected. 2. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 27205 Remote: Yes Date Published: 2008-01-09 Relevant URL: http://www.securityfocus.com/bid/27205 Summary: Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected. 3. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability BugTraq ID: 27201 Remote: Yes Date Published: 2008-01-09 Relevant URL: http://www.securityfocus.com/bid/27201 Summary: Mircrosoft Rich TextBox Control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer). Successful exploits will compromise affected computers or cause denial of service conditions; other attacks are possible. richtx32.ocx version 6.1.97.82 is vulnerable; other versions may also be affected. 4. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability BugTraq ID: 27199 Remote: Yes Date Published: 2008-01-09 Relevant URL: http://www.securityfocus.com/bid/27199 Summary: Microsoft VFP_OLE_Server ActiveX control is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with the privileges of the currently logged-in user. 5. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability BugTraq ID: 27191 Remote: No Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27191 Summary: SSH Tectia Client and Server software running on UNIX operating systems is prone to a local privilege-escalation vulnerability. Successful exploits allow local attackers to gain superuser-level access to affected computers. This facilitates the complete compromise of affected computers. This issue affects these versions: SSH Tectia Client/Server 5.0 through 5.2.3 SSH Tectia Client/Server 5.3 through 5.3.5. This issue affects only UNIX-based platforms. 6. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability BugTraq ID: 27179 Remote: No Date Published: 2008-01-07 Relevant URL: http://www.securityfocus.com/bid/27179 Summary: Creative Ensoniq PCI ES1371 WDM drivers are prone to a local privilege-escalation vulnerability. Successful exploits allow local users to execute arbitrary machine code with kernel-level privileges, facilitating the complete compromise of affected computers. This issue occurs when the vulnerable driver is running in a Microsoft Windows Vista environment. This occurs in VMware Server and Workstation environments when running Microsoft Vista guest operating systems with sound enabled. This issue affects 'es1371mp.sys' 5.1.3612.0. Given the nature of the issue, other device drivers and versions may also be vulnerable, but this has not been confirmed. 7. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability BugTraq ID: 27178 Remote: Yes Date Published: 2008-01-07 Relevant URL: http://www.securityfocus.com/bid/27178 Summary: SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers. SynCE 0.92 is vulnerable; other versions may also be affected. 8. Novell ZENworks ESM Security Client 'STEngine.exe' Local Privilege Escalation Vulnerability BugTraq ID: 27146 Remote: No Date Published: 2008-01-04 Relevant URL: http://www.securityfocus.com/bid/27146 Summary: Novell ZENworks ESM (Endpoint Security Management) Security Client is prone to a local privilege-escalation vulnerability. Exploiting this vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. This issue affects ZENworks Endpoint Security Management 3.5.0.20; other versions may also be affected. 9. Pragma TelnetServer NULL-Pointer Dereference Denial of Service Vulnerability BugTraq ID: 27143 Remote: Yes Date Published: 2008-01-04 Relevant URL: http://www.securityfocus.com/bid/27143 Summary: Pragma TelnetServer is prone to a denial-of-service vulnerability because it fails to adequately handle certain telnet options. Attackers can leverage this issue to terminate the server and cause denial-of-service conditions. This issue affects Pragma TelnetServer 7.0 Build 4 Revision 589; other versions may also be vulnerable. 10. Foxit WAC Server Denial of Service Vulnerability BugTraq ID: 27142 Remote: Yes Date Published: 2008-01-04 Relevant URL: http://www.securityfocus.com/bid/27142 Summary: Foxit WAC Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects Foxit WAC Server 2.1.0.910; other versions may also be affected. 11. Pragma Systems FortressSSH 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability BugTraq ID: 27141 Remote: Yes Date Published: 2008-01-04 Relevant URL: http://www.securityfocus.com/bid/27141 Summary: Pragma Systems FortressSSH is prone to a remote denial-of-service vulnerability because it fails to adequately handle certain exceptions when processing overly long user-supplied input. Attackers can exploit this issue to exhaust the maximum number of connections alotted for servers. Successful attacks will deny access to legitimate users. FortressSSH 5.0 is vulnerable; other versions may also be affected. 12. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability BugTraq ID: 27139 Remote: Yes Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27139 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed. NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server. 13. Microsoft January 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 27119 Remote: Yes Date Published: 2008-01-03 Relevant URL: http://www.securityfocus.com/bid/27119 Summary: Microsoft has released advance notification that the vendor will be releasing two security bulletins on January 8, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created for each issue when the bulletins are released. 14. Camtasia Studio 'csPreloader' Remote Code Execution Vulnerability BugTraq ID: 27107 Remote: Yes Date Published: 2008-01-02 Relevant URL: http://www.securityfocus.com/bid/27107 Summary: Camtasia Studio is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible. NOTE: This vulnerability was initially considered a cross-site scripting issue, but further analysis reveals that this is a remote code-execution vulnerability. 15. Georgia SoftWorks Secure Shell Server Multiple Remote Code Execution Vulnerabilities BugTraq ID: 27103 Remote: Yes Date Published: 2008-01-02 Relevant URL: http://www.securityfocus.com/bid/27103 Summary: Georgia SoftWorks Secure Shell Server is prone to multiple remote code-execution vulnerabilities: - A format-string vulnerability - Two buffer-overflow vulnerabilities. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Georgia SoftWorks Secure Shell Server 7.01.0003 is vulnerable to these issues; other versions may also be affected. 16. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability BugTraq ID: 27100 Remote: Yes Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27100 Summary: Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic. Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003. 17. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability BugTraq ID: 27099 Remote: No Date Published: 2008-01-08 Relevant URL: http://www.securityfocus.com/bid/27099 Summary: Microsoft Windows Local Security Authority Subsystem Service (LSASS) is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Black Hat DC Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft. www.blackhat.com
