SecurityFocus Microsoft Newsletter #378 ----------------------------------------
This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Mother May I? 2. Finding a Cure for Data Loss II. MICROSOFT VULNERABILITY SUMMARY 1. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability 2. HFS HTTP File Server Multiple Security Vulnerabilities 3. Microsoft Visual Basic Enterprise Edition 6 DSR File Handling Buffer Overflow Vulnerabilities 4. Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities 5. CORE FORCE Firewall and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities 6. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability 7. Microsoft Excel Header Parsing Remote Code Execution Vulnerability 8. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability 9. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability 10. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability 11. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability 12. Cisco VPN Client for Windows Local Denial of Service Vulnerability 13. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. FTP on IIS 2. SecurityFocus Microsoft Newsletter #377 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Mother May I? By Mark Rasch "Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail. http://www.securityfocus.com/columnists/463 2.Finding a Cure for Data Loss By Jamie Reid Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers. http://www.securityfocus.com/columnists/462 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 27424 Remote: Yes Date Published: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27424 Summary: A Comodo AntiVirus ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Comodo AntiVirus 2.0 is vulnerable to this issue; other versions may also be affected. 2. HFS HTTP File Server Multiple Security Vulnerabilities BugTraq ID: 27423 Remote: Yes Date Published: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27423 Summary: HFS HTTP File Server is prone to multiple security vulnerabilities. These vulnerabilities include cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username spoofing issue and a log file forging issue. A successful exploit could allow an attacker to deny service to legitimate users, create and execute arbitrary files in the context of the webserver process, falsify log information, or execute arbitrary script code in the browser of an unsuspecting user. Other attacks are also possible. 3. Microsoft Visual Basic Enterprise Edition 6 DSR File Handling Buffer Overflow Vulnerabilities BugTraq ID: 27349 Remote: Yes Date Published: 2008-01-18 Relevant URL: http://www.securityfocus.com/bid/27349 Summary: Microsoft Visual Basic Enterprise Edition 6 is prone to two buffer-overflow vulnerabilities because the application fails to bounds-check user-supplied data before copying it into insufficiently sized buffers. An attacker can exploit these issues to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. Microsoft Visual Basic Enterprise Edition 6 SP6 is vulnerable to these issues; other versions may also be affected. 4. Winamp Ultravox Streaming Metadata Multiple Stack Buffer Overflow Vulnerabilities BugTraq ID: 27344 Remote: Yes Date Published: 2008-01-18 Relevant URL: http://www.securityfocus.com/bid/27344 Summary: Winamp is prone to multiple stack-based buffer-overflow vulnerabilities because the application fails to properly bound-check user-supplied data before copying it to an insufficiently sized memory buffer. Successful exploits allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions. These issues affect Winamp 5.51, 5.5, and 5.21; other versions may also be vulnerable. 5. CORE FORCE Firewall and Registry Modules Multiple Local Kernel Buffer Overflow Vulnerabilities BugTraq ID: 27341 Remote: No Date Published: 2008-01-17 Relevant URL: http://www.securityfocus.com/bid/27341 Summary: CORE FORCE Firewall and Registry modules are prone to multiple local kernel buffer-overflow vulnerabilities because the software fails to adequately verify user-supplied input. Local attackers can exploit these issues to cause denial-of-service conditions. Attackers may also be able to escalate privileges and execute arbitrary code, but this has not been confirmed. These issues affect versions up to and including CORE FORCE 0.95.167. 6. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability BugTraq ID: 27321 Remote: Yes Date Published: 2008-01-16 Relevant URL: http://www.securityfocus.com/bid/27321 Summary: BitTorrent and uTorrent are prone to a remote denial-of-service vulnerability because the applications fail to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. This issue affects the following versions: BitTorrent 6.0 uTorrent 1.7.5 uTorrent 1.8-alpha-7834 Earlier versions may be affected as well. 7. Microsoft Excel Header Parsing Remote Code Execution Vulnerability BugTraq ID: 27305 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27305 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. Reportedly, the issue affects the following versions: Microsoft Office Excel 2003 Service Pack 2 Microsoft Office Excel Viewer 2003 Microsoft Office Excel 2002 Microsoft Office Excel 2000 Microsoft Excel 2004 for Mac. The following versions are not affected: Microsoft Office Excel 2007 Microsoft Office Excel 2007 Service Pack 1 Microsoft Excel 2008 for Mac Microsoft Office Excel 2003 Service Pack 3. Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges. 8. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability BugTraq ID: 27301 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27301 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 9. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability BugTraq ID: 27300 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27300 Summary: Apple QuickTime is prone to a buffer-overflow vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 10. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability BugTraq ID: 27299 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27299 Summary: Apple QuickTime is prone to a memory-corruption vulnerability. An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions. This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X. 11. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability BugTraq ID: 27298 Remote: Yes Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27298 Summary: Apple QuickTime is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application. This issue affects versions prior to QuickTime 7.4 running on the following operating systems: Mac OS X 10.3.9 Mac OS X 10.4.9 or later Mac OS X 10.5 or later Microsoft Windows XP Microsoft Windows Vista 12. Cisco VPN Client for Windows Local Denial of Service Vulnerability BugTraq ID: 27289 Remote: No Date Published: 2008-01-15 Relevant URL: http://www.securityfocus.com/bid/27289 Summary: Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs. Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users. This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected. 13. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities BugTraq ID: 27275 Remote: Yes Date Published: 2008-01-14 Relevant URL: http://www.securityfocus.com/bid/27275 Summary: BugTracker.NET is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. These issues affect versions prior to BugTracker.NET 2.7.2. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. FTP on IIS http://www.securityfocus.com/archive/88/486644 2. SecurityFocus Microsoft Newsletter #377 http://www.securityfocus.com/archive/88/486480 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com
