SecurityFocus Microsoft Newsletter #395 ----------------------------------------
This issue is sponsored by Sphinx-Soft VistaFirewallControl - controls Vista 32/64-bit applications outbound/inbound activity by a single click. Based on Vista security core; provides unbeatable stability and filtering quality of Microsoft; Synchronizes external uPnP hardware with applications network permissions; Download here http://sphinx-soft.com/Vista/order.html?SF SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Thinking Beyond the Ivory Towers 2.Click Crime II. MICROSOFT VULNERABILITY SUMMARY 1. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability 2. Computer Associates ARCserve Backup 'caloggerd' and 'xdr' Functions Multiple Remote Vulnerabilities 3. Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation Vulnerability 4. Microsoft Internet Explorer 'Print Table of Links' Cross Zone Script Injection Vulnerability 5. IDAutomation Barcode ActiveX Controls Multiple Arbitrary File Overwrite Vulnerabilities 6. Symantec Altiris Deployment Solution Domain Credential Unauthorized Access Vulnerability 7. Symantec Altiris Deployment Solution 'axengine.exe' SQL Injection Vulnerability 8. Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation Vulnerability 9. Symantec Altiris Deployment Solution Registry Keys Local Unauthorized Access Vulnerability 10. Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation Vulnerability 11. Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities 12. Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities 13. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities 14. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability 15. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability 16. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability 17. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability 18. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Binding Windows Services to Specific Addresses Only IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Thinking Beyond the Ivory Towers By Dave Aitel In the information-security industry, there are clear and vast gaps in the way academia interacts with professional researchers. While these gaps will be filled in due time, their existence means that security professionals outside the hallowed halls of colleges and universities need to be aware of the differences in how researchers and professionals think. http://www.securityfocus.com/columnists/472 2. Click Crime By Mark Rasch It has long been a crime not only to commit an illegal act, but also to attempt -- or conspire with others -- to commit one. http://www.securityfocus.com/columnists/471 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Foxit Reader 'util.printf()' Remote Buffer Overflow Vulnerability BugTraq ID: 29288 Remote: Yes Date Published: 2008-05-20 Relevant URL: http://www.securityfocus.com/bid/29288 Summary: Foxit Reader is prone to a remote buffer-overflow vulnerability when handling PDF files with specially crafted JavaScript code. Exploiting this issue may allow attackers to corrupt memory and execute arbitrary machine code in the context of users running the affected application. Failed exploit will likely cause denial-of-service conditions. This issue affects Foxit Reader 2.3 build 2825; other versions may also be affected. 2. Computer Associates ARCserve Backup 'caloggerd' and 'xdr' Functions Multiple Remote Vulnerabilities BugTraq ID: 29283 Remote: Yes Date Published: 2008-05-19 Relevant URL: http://www.securityfocus.com/bid/29283 Summary: Computer Associates ARCserve Backup is prone to multiple remote vulnerabilities: - An arbitrary-file-overwrite vulnerability - A stack-based buffer-overflow vulnerability. An attacker can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting these issues will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 3. Symantec Altiris Deployment Solution Tooltip Local Privilege Escalation Vulnerability BugTraq ID: 29218 Remote: No Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29218 Summary: Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain access to a privileged command prompt. Successfully exploiting this issue will result in the complete compromise of affected computers. 4. Microsoft Internet Explorer 'Print Table of Links' Cross Zone Script Injection Vulnerability BugTraq ID: 29217 Remote: Yes Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29217 Summary: Microsoft Internet Explorer is prone to a script-injection vulnerability because it fails to adequately sanitize user-supplied input when printing a table of links. Attackers can exploit this issue by enticing an unsuspecting user to initiate the printing procedure while viewing a specially crafted page. Successful exploits will cause malicious script code to run in the 'Local Machine Zone' of a victim's computer. Internet Explorer 7.0 and 8.0b are vulnerable; other versions may also be affected. Reports indicate that successful exploits on Windows Vista platforms running UAC can cause only information disclosure. 5. IDAutomation Barcode ActiveX Controls Multiple Arbitrary File Overwrite Vulnerabilities BugTraq ID: 29204 Remote: Yes Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29204 Summary: IDAutomation Barcode ActiveX controls are prone to multiple vulnerabilities that allow attackers to overwrite arbitrary files. An attacker can exploit these issues by enticing an unsuspecting victim to view a malicious HTML page. Successfully exploiting these issues will allow the attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). The following applications are vulnerable: Linear Barcode ActiveX Control 1.6.0.6 Data Matrix Barcode Font & Encoder 1.6.0.6 PDF417 Barcode Font and Encoder 1.6.0.6 Aztec Barcode Font & Encoder 1.7.1.0 Other versions may also be affected. 6. Symantec Altiris Deployment Solution Domain Credential Unauthorized Access Vulnerability BugTraq ID: 29199 Remote: Yes Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29199 Summary: Symantec Altiris Deployment Solution is prone to a vulnerability that allows an attacker to gain unauthorized access to the affected application. The attacker can exploit this issue to gain administrative access to the application. Successfully exploiting this issue will compromise the affected application. 7. Symantec Altiris Deployment Solution 'axengine.exe' SQL Injection Vulnerability BugTraq ID: 29198 Remote: Yes Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29198 Summary: Symantec Altiris Deployment Solution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers. Versions prior to Symantec Altiris Deployment Solution 6.9.176 are vulnerable. 8. Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation Vulnerability BugTraq ID: 29197 Remote: No Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29197 Summary: Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to execute arbitrary commands with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. 9. Symantec Altiris Deployment Solution Registry Keys Local Unauthorized Access Vulnerability BugTraq ID: 29196 Remote: No Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29196 Summary: Symantec Altiris Deployment Solution is prone to a local unauthorized-access vulnerability. An attacker with local access to the computer may be able to access certain registry keys. A successful attack may allow the attacker to obtain information or to disrupt service. 10. Symantec Altiris Deployment Solution Agent User Interface Local Privilege Escalation Vulnerability BugTraq ID: 29194 Remote: No Date Published: 2008-05-14 Relevant URL: http://www.securityfocus.com/bid/29194 Summary: Symantec Altiris Deployment Solution is prone to a local privilege-escalation vulnerability. An attacker can exploit this issue to gain access to a privileged command prompt. Successfully exploiting this issue will result in the complete compromise of affected computers. 11. Multiple Platform IPv6 Address Publication Denial of Service Vulnerabilities BugTraq ID: 29190 Remote: Yes Date Published: 2008-05-13 Relevant URL: http://www.securityfocus.com/bid/29190 Summary: Multiple operating systems are prone to remote denial-of-service vulnerabilities that occur when affected operating systems are acting as IPv6 routers. Successful exploits allow remote attackers to cause computers to consume excessive CPU resources or to stop responding to advertised routes in a network. This will potentially deny further network services to legitimate users. Microsoft Windows XP, Microsoft Windows Server 2003, and Linux are prone to these issues. Other operating systems may also be affected. 12. Jenkins Software RakNet Autopatcher Multiple Unspecified SQL Injection Vulnerabilities BugTraq ID: 29178 Remote: Yes Date Published: 2008-05-12 Relevant URL: http://www.securityfocus.com/bid/29178 Summary: RakNet Autopatcher is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in SQL queries. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Versions prior to RakNet 3.23 are vulnerable. 13. Microsoft Windows Intelligent Input/Output (I2O) Multiple Local Privilege Escalation Vulnerabilities BugTraq ID: 29171 Remote: No Date Published: 2008-05-12 Relevant URL: http://www.securityfocus.com/bid/29171 Summary: Microsoft Windows is prone to multiple local privilege-escalation vulnerabilities. An attacker can exploit these issues to execute arbitrary code with kernel-level privileges. Successfully exploiting these issues will completely compromise affected computers. These issues affect Windows XP prior to SP3. 14. Microsoft Publisher Memory Object Handler Data Remote Code Execution Vulnerability BugTraq ID: 29158 Remote: Yes Date Published: 2008-05-13 Relevant URL: http://www.securityfocus.com/bid/29158 Summary: Microsoft Publisher is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Publisher file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 15. Microsoft Word CSS Handling Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 29105 Remote: Yes Date Published: 2008-05-13 Relevant URL: http://www.securityfocus.com/bid/29105 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious Word file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 16. Microsoft Word RTF Malformed String Handling Memory Corruption Remote Code Execution Vulnerability BugTraq ID: 29104 Remote: Yes Date Published: 2008-05-13 Relevant URL: http://www.securityfocus.com/bid/29104 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 17. Microsoft Malware Protection Engine Disk Space Exhaustion Remote Denial Of Service Vulnerability BugTraq ID: 29073 Remote: Yes Date Published: 2008-05-13 Relevant URL: http://www.securityfocus.com/bid/29073 Summary: Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate certain data structures when parsing specially crafted files. Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users. 18. Microsoft Malware Protection Engine File Processing Remote Denial Of Service Vulnerability BugTraq ID: 29060 Remote: Yes Date Published: 2008-05-13 Relevant URL: http://www.securityfocus.com/bid/29060 Summary: Microsoft Malware Protection Engine is prone to a remote denial-of-service vulnerability because it fails to properly validate user-supplied input when parsing specially crafted files. Attackers can exploit this issue to cause an affected computer to stop responding or to restart. Successful attacks will deny service to legitimate users. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Binding Windows Services to Specific Addresses Only http://www.securityfocus.com/archive/88/491595 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sphinx-Soft VistaFirewallControl - controls Vista 32/64-bit applications outbound/inbound activity by a single click. Based on Vista security core; provides unbeatable stability and filtering quality of Microsoft; Synchronizes external uPnP hardware with applications network permissions; Download here http://sphinx-soft.com/Vista/order.html?SF
