SecurityFocus Microsoft Newsletter #379 ----------------------------------------
This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1. Mother May I? 2. Finding a Cure for Data Loss II. MICROSOFT VULNERABILITY SUMMARY 1. ELOG 'logbook' HTML Injection Vulnerability 2. IBM Informix Storage Manager Multiple Buffer Overflow Vulnerabilities 3. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability 4. HFS HTTP File Server Multiple Security Vulnerabilities III. MICROSOFT FOCUS LIST SUMMARY 1. Fwd: Centralizing Event Viewer Logs 2. Centralizing Event Viewer Logs 3. Under the hood question about Remote Desktop Connection 4. FTP on IIS IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Mother May I? By Mark Rasch "Sure, you can have a cookie, but you may not."We all have had that discussion before -- either with our parents or our kids. A recent case from North Dakota reveals that the difference between those two concepts may lead not only to civil liability, but could land you in jail. http://www.securityfocus.com/columnists/463 2.Finding a Cure for Data Loss By Jamie Reid Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers. http://www.securityfocus.com/columnists/462 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. ELOG 'logbook' HTML Injection Vulnerability BugTraq ID: 27526 Remote: Yes Date Published: 2008-01-30 Relevant URL: http://www.securityfocus.com/bid/27526 Summary: ELOG is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible. This issue affects versions prior to ELOG 2.7.2. 2. IBM Informix Storage Manager Multiple Buffer Overflow Vulnerabilities BugTraq ID: 27485 Remote: Yes Date Published: 2008-01-28 Relevant URL: http://www.securityfocus.com/bid/27485 Summary: IBM Informix Storage Manager is prone to multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data. Successful exploits may allow attackers to execute arbitrary code and can lead to a complete compromise of vulnerable computers. Failed exploit attempts will likely result in denial-of-service conditions. These issues affect IBM Informix Dynamic Server 10.00.xC8, 11.10.xC2, and prior versions on Microsoft Windows platforms. 3. Comodo AntiVirus 'ExecuteStr()' ActiveX Control Arbitrary Command Execution Vulnerability BugTraq ID: 27424 Remote: Yes Date Published: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27424 Summary: An ActiveX control in Comodo AntiVirus is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Comodo AntiVirus 2.0 is vulnerable to this issue; other versions may also be affected. 4. HFS HTTP File Server Multiple Security Vulnerabilities BugTraq ID: 27423 Remote: Yes Date Published: 2008-01-23 Relevant URL: http://www.securityfocus.com/bid/27423 Summary: HFS (HTTP File Server) is prone to multiple security vulnerabilities, including cross-site scripting issues, an information-disclosure issue, an arbitrary file-creation issue, a denial-of-service issue, a username-spoofing issue, and a logfile-forging issue. A successful exploit could allow an attacker to deny service to legitimate users, create and execute arbitrary files in the context of the webserver process, falsify log information, or execute arbitrary script code in the browser of an unsuspecting user. Other attacks are also possible. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Fwd: Centralizing Event Viewer Logs http://www.securityfocus.com/archive/88/487366 2. Centralizing Event Viewer Logs http://www.securityfocus.com/archive/88/487262 3. Under the hood question about Remote Desktop Connection http://www.securityfocus.com/archive/88/487023 4. FTP on IIS http://www.securityfocus.com/archive/88/486644 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is Sponsored by: Black Hat Europe Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations. www.blackhat.com
