SecurityFocus Microsoft Newsletter #382
----------------------------------------
This issue is Sponsored by: HP
HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web
Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with requirement 6 of
the PCI DSS, "Ensure that all web facing applications are protected against known
attacks." Join HP Software and the former SPI Dynamics for this free webinar to
learn how you can easily satisfy this requirement and build a powerful web application
security program at the same time. During this event, you will receive the tools and
knowledge to ensure your web applications comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs
------------------------------------------------------------------
I. FRONT AND CENTER
1. Tweaking Social Security to Combat Fraud
2. Skills for the Future
II. MICROSOFT VULNERABILITY SUMMARY
1. EMC RepliStor Multiple Remote Heap Based Buffer Overflow
Vulnerabilities
2. SmarterTools SmarterMail Subject Field HTML Injection Vulnerability
3. webcamXP Multiple Information Disclosure and Denial of Service
Vulnerabilities
4. Foxit WAC Remote Access Server Heap Buffer Overflow Vulnerability
5. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
6. Kerio MailServer Multiple Unspecified Vulnerabilities
7. DESLock+ IOCTL Request Local Code Execution and Denial of Service
Vulnerabilities
8. Sami FTP Server Multiple Commands Remote Denial Of Service
Vulnerabilities
9. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote
Denial Of Service Vulnerabilities
10. Fortinet FortiClient 'fortimon.sys' Local Privilege Escalation
Vulnerability
11. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer
Overflow Vulnerabilities
12. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
13. Microsoft Publisher Memory Index Code Execution Vulnerability
14. Microsoft Publisher Invalid Memory Reference Remote Code Execution
Vulnerability
15. Microsoft Office Execution Jump Memory Corruption Vulnerability
16. ITN News Gadget 'short_title' Parameter Remote Code Execution
Vulnerability
17. Microsoft Internet Explorer Argument Handling Memory Corruption
Vulnerability
18. Microsoft Internet Information Services ASP Remote Code Execution
Vulnerability
19. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
20. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption
Vulnerability
21. Microsoft Internet Explorer Property Method Remote Memory Corruption
Vulnerability
22. Microsoft Object Linking and Embedding (OLE) Automation Heap Based
Buffer Overflow Vulnerability
23. Microsoft Works File Converter Field Length Remote Code Execution
Vulnerability
24. Microsoft Works File Converter Section Header Index Table Remote Code
Execution Vulnerability
25. Microsoft Works File Converter Section Length Header Remote Heap
Overflow Vulnerability
26. Microsoft Word Unspecified Memory Corruption Remote Code Execution
Vulnerability
27. Microsoft Windows Active Directory LDAP Request Validation Remote
Denial Of Service Vulnerability
28. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
29. Microsoft IIS File Change Notification Local Privilege Escalation
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Tweaking Social Security to Combat Fraud
By Tim Mullen
Americans lost over 45 billion dollars in identity-related fraud in 2007. Reports are so commonplace that we've actually become de-sensitized to them. "200,000 victims reported..." "500,000 victims reported..." Even figures into the millions don't seem to faze us anymore. And that is a Bad Thing.
http://www.securityfocus.com/columnists/465
2.Skills for the Future
By Don Parker
A lot of the emails sent to me ask a basic question: Just how does one break into computer security or what skills should you learn to get that first security job. Lately though, I have been receiving many more queries on specifically how one can leverage an existing skill set to become an information-technology security analyst.
http://www.securityfocus.com/columnists/464
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. EMC RepliStor Multiple Remote Heap Based Buffer Overflow Vulnerabilities
BugTraq ID: 27915
Remote: Yes
Date Published: 2008-02-20
Relevant URL: http://www.securityfocus.com/bid/27915
Summary:
EMC RepliStor is prone to multiple remote heap-based buffer-overflow
vulnerabilities because it fails to perform adequate boundary checks on
user-supplied input.
A remote attacker may be able to exploit these issues to execute arbitrary code
with SYSTEM-level privileges. Successfully exploiting this issue will result in
the complete compromise of affected computers. Failed exploit attempts will
result in a denial-of-service condition.
These issues affect EMC RepliStor 6.2 SP2; other versions may also be affected.
2. SmarterTools SmarterMail Subject Field HTML Injection Vulnerability
BugTraq ID: 27878
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27878
Summary:
SmarterMail is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the
affected site, potentially allowing theft of cookie-based authentication
credentials or control of how the site is rendered to the user; other attacks
are also possible.
SmarterMail Enterprise 4.3 is vulnerable; other versions may also be affected.
3. webcamXP Multiple Information Disclosure and Denial of Service
Vulnerabilities
BugTraq ID: 27875
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27875
Summary:
webcamXP is prone to multiple information-disclosure and denial-of-service
vulnerabilities because it fails to check user-supplied input data.
Attackers can exploit these issues to access potentially sensitive information
or crash the application. Successful exploits could aid in further attacks or
deny service to legitimate users.
These issues affect webcamXP versions 3.72.440 and 4.05.280 beta and prior.
4. Foxit WAC Remote Access Server Heap Buffer Overflow Vulnerability
BugTraq ID: 27873
Remote: Yes
Date Published: 2008-02-16
Relevant URL: http://www.securityfocus.com/bid/27873
Summary:
Foxit WAC Remote Access Server is prone to a heap-based buffer-overflow
vulnerability.
Successfully exploiting this issue may allow remote attackers to execute
arbitrary code in the context of the application. Failed exploit attempts will
likely cause denial-of-service conditions.
This issue affects versions 2.0 Build 3503 and prior.
5. IBM DB2 Universal Database 9.1 Multiple Vulnerabilities
BugTraq ID: 27870
Remote: Yes
Date Published: 2008-02-15
Relevant URL: http://www.securityfocus.com/bid/27870
Summary:
IBM DB2 Universal Database is prone to multiple vulnerabilities, including
denial-of-service issues and multiple issues with unspecified impact.
Successfully exploiting these issues may allow attackers to cause
denial-of-service conditions and carry out other attacks.
Very few details are currently available regarding these issues. We will update
this BID as more information emerges.
These issues affect IBM DB2 Universal Database 9.1 versions prior to Fixpak 4a.
6. Kerio MailServer Multiple Unspecified Vulnerabilities
BugTraq ID: 27868
Remote: Yes
Date Published: 2008-02-19
Relevant URL: http://www.securityfocus.com/bid/27868
Summary:
Kerio MailServer is prone to multiple unspecified vulnerabilities.
Attackers can exploit these issues to cause denial-of-service conditions or
potentially execute arbitrary code in the context of the application; other
attacks are also possible.
Very few details are currently available regarding these issues. We will update
this BID as more information emerges.
Versions prior to Kerio MailServer 6.5.0 are vulnerable.
7. DESLock+ IOCTL Request Local Code Execution and Denial of Service
Vulnerabilities
BugTraq ID: 27862
Remote: No
Date Published: 2008-02-18
Relevant URL: http://www.securityfocus.com/bid/27862
Summary:
DESlock+ is prone to multiple vulnerabilities that allow arbitrary code to run
with SYSTEM-level privileges or cause denial-of-service conditions.
Local attackers can exploit these issues to execute arbitrary code with
SYSTEM-level privileges. Successful attacks will completely compromise the
computer or cause a denial-of-service.
DESlock+ version 3.2.6 and prior are vulnerable.
8. Sami FTP Server Multiple Commands Remote Denial Of Service Vulnerabilities
BugTraq ID: 27817
Remote: Yes
Date Published: 2008-02-15
Relevant URL: http://www.securityfocus.com/bid/27817
Summary:
Sami FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.
An attacker can exploit these issues to crash the affected application, denying service to legitimate users.
Versions in the Sami FTP Server 2.0 series are vulnerable; other versions may
also be affected.
9. Teamtek Universal FTP Server CWD, LIST, and PORT Commands Remote Denial Of
Service Vulnerabilities
BugTraq ID: 27804
Remote: Yes
Date Published: 2008-02-14
Relevant URL: http://www.securityfocus.com/bid/27804
Summary:
Universal FTP Server is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle exceptional conditions.
An attacker can exploit these issues to crash the affected application, denying service to legitimate users.
Universal FTP Server 1.0.44 is vulnerable; other versions may also be affected.
10. Fortinet FortiClient 'fortimon.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 27776
Remote: No
Date Published: 2008-02-13
Relevant URL: http://www.securityfocus.com/bid/27776
Summary:
Fortinet FortiClient is prone to a local privilege-escalation vulnerability
because it fails to perform adequate device filtering.
Attackers can exploit this issue to execute arbitrary code with SYSTEM-level
privileges. Successful attacks will completely compromise affected computers.
Versions prior to FortiClient 3.0 MR5 Patch 4 are vulnerable.
11. Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 27769
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27769
Summary:
Apple QuickTime 'QTPlugin.ocx' ActiveX control is prone to multiple
buffer-overflow vulnerabilities because it fails to properly bounds-check
user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker may exploit these issues to execute arbitrary code within the
context of application that invoked the ActiveX control (typically Internet
Explorer). Failed exploit attempts will result in a denial-of-service condition.
These issues affect QuickTime 7.4.1 and prior versions.
12. ClamAV Heap Corruption and Integer Overflow Vulnerabilities
BugTraq ID: 27751
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27751
Summary:
ClamAV is prone to a heap-corruption vulnerability and an integer-overflow
vulnerability.
Successfully exploiting these issues allows remote attackers to execute
arbitrary machine code in the context of the affected application. This
facilitates the remote compromise of affected computers. Failed exploit
attempts likely result in application crashes.
Versions prior to ClamAV 0.92.1 are affected by these issues.
13. Microsoft Publisher Memory Index Code Execution Vulnerability
BugTraq ID: 27740
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27740
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
14. Microsoft Publisher Invalid Memory Reference Remote Code Execution
Vulnerability
BugTraq ID: 27739
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27739
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Publisher file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
15. Microsoft Office Execution Jump Memory Corruption Vulnerability
BugTraq ID: 27738
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27738
Summary:
Microsoft Office is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Office file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
16. ITN News Gadget 'short_title' Parameter Remote Code Execution Vulnerability
BugTraq ID: 27725
Remote: Yes
Date Published: 2008-02-11
Relevant URL: http://www.securityfocus.com/bid/27725
Summary:
ITN News Gadget is prone to a vulnerability that lets remote attackers execute
arbitrary code because the application fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary code on an affected
computer with the privileges of the webserver process. This may facilitate
unauthorized access.
ITN News Gadget 1.06 is vulnerable; other versions may also be affected.
17. Microsoft Internet Explorer Argument Handling Memory Corruption
Vulnerability
BugTraq ID: 27689
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27689
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption
vulnerability.
Remote attackers can exploit this issue to execute arbitrary code in the
context of the user running the application. Successful exploits will
compromise the application and possibly the underlying computer. Failed attacks
will cause denial-of-service conditions.
18. Microsoft Internet Information Services ASP Remote Code Execution
Vulnerability
BugTraq ID: 27676
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27676
Summary:
Microsoft Internet Information Services (IIS) is prone to a remote
code-execution vulnerability that can be exploited through malicious input to
vulnerable ASP pages.
A successful exploit of this vulnerability could let remote attackers execute
arbitrary code in the context of the Worker Process Identity, which by default
has Network Service privileges.
19. Microsoft Windows WebDAV Mini-Redirector Heap Overflow Vulnerability
BugTraq ID: 27670
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27670
Summary:
Microsoft Windows is prone to a heap-overflow vulnerability in the WebDAV Mini-Redirector component (also known as the Web Client service). This vulnerability may be triggered by a malicious WebDAV response. A successful exploit could let a remote attacker execute arbitrary code with SYSTEM privileges, completely compromising an affected computer.
To be affected, the Web Client service must be enabled on the computer. The Web
Client service is disabled by default on Microsoft Windows Server 2003.
20. Microsoft Internet Explorer HTML Rendering Remote Memory Corruption
Vulnerability
BugTraq ID: 27668
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27668
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption
vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of
the user running the application. Successful exploits will compromise the
application and possibly the underlying computer. Failed attacks will cause
denial-of-service conditions.
21. Microsoft Internet Explorer Property Method Remote Memory Corruption
Vulnerability
BugTraq ID: 27666
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27666
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption
vulnerability.
Remote attackers can exploit this issue to execute arbitrary code in the
context of the user running the application. Successful exploits will
compromise the application and possibly the underlying computer. Failed attacks
will cause denial-of-service conditions.
22. Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer
Overflow Vulnerability
BugTraq ID: 27661
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27661
Summary:
Microsoft Object Linking and Embedding (OLE) Automation is prone to a
heap-based buffer-overflow vulnerability because it fails to perform adequate
boundary checks on user-supplied input before copying it to an insufficiently
sized buffer.
An attacker could exploit this issue by enticing a victim to open a malicious web document.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
23. Microsoft Works File Converter Field Length Remote Code Execution
Vulnerability
BugTraq ID: 27659
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27659
Summary:
Microsoft Works File Converter is prone to a remote code-execution
vulnerability because it fails to adequately validate user-supplied input.
An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
24. Microsoft Works File Converter Section Header Index Table Remote Code
Execution Vulnerability
BugTraq ID: 27658
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27658
Summary:
Microsoft Works File Converter is prone to a remote code-execution
vulnerability because it fails to adequately validate user-supplied input.
An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
25. Microsoft Works File Converter Section Length Header Remote Heap Overflow
Vulnerability
BugTraq ID: 27657
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27657
Summary:
Microsoft Works File Converter is prone to a remote heap-overflow vulnerability
because it fails to adequately validate user-supplied input.
An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
26. Microsoft Word Unspecified Memory Corruption Remote Code Execution
Vulnerability
BugTraq ID: 27656
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27656
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file.
Successfully exploiting this issue would allow the attacker to execute
arbitrary code in the context of the currently logged-in user.
27. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of
Service Vulnerability
BugTraq ID: 27638
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27638
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory and ADAM (Active Directory Application Mode) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.
An attacker can exploit this issue to cause the affected application to stop
responding, denying further service to legitimate users.
Note that an attacker requires valid logon credentials to exploit this issue on
Windows Server 2003 and Windows XP.
This issue affects Active Directory on Microsoft Windows 2000 and Windows
Server 2003. The issue affects ADAM when installed on Windows XP and Windows
Server 2003.
28. Microsoft Windows Vista DHCP Remote Denial Of Service Vulnerability
BugTraq ID: 27634
Remote: Yes
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27634
Summary:
Microsoft Windows Vista is prone to a remote denial-of-service vulnerability
because it fails to adequately handle specially crafted TCP/IP traffic.
Attackers can exploit this issue to cause affected computers to stop responding
and to automatically restart. Successful attacks will deny service to
legitimate users.
29. Microsoft IIS File Change Notification Local Privilege Escalation
Vulnerability
BugTraq ID: 27101
Remote: No
Date Published: 2008-02-12
Relevant URL: http://www.securityfocus.com/bid/27101
Summary:
Microsoft Internet Information Service (IIS) is prone to a local privilege-escalation vulnerability that occurs when handling file change notifications.
A local attacker can exploit this issue to execute arbitrary code with
SYSTEM-level privileges. Successfully exploiting this issue will result in the
complete compromise of affected computers.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: HP
HP Application Security Webinar: Achieving PCI 6.6 Compliance - Are Your Web
Applications Secure Enough?
In June 2008, the major credit card vendors will require compliance with requirement 6 of
the PCI DSS, "Ensure that all web facing applications are protected against known
attacks." Join HP Software and the former SPI Dynamics for this free webinar to
learn how you can easily satisfy this requirement and build a powerful web application
security program at the same time. During this event, you will receive the tools and
knowledge to ensure your web applications comply with PCI requirements and block hackers.
https://h30406.www3.hp.com/campaigns/2008/events/sw-02-26-08/index.php?mcc=DAYA
