SecurityFocus Microsoft Newsletter #411 ----------------------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.iroky.com/forenterprise2 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Get Off My Cloud 2.An Astonishing Collaboration II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability 2. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability 3. Maxthon Browser Remote Denial of Service Vulnerability 4. Apple iTunes Misleading Firewall Warning Weakness 5. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability 6. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities 7. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability 8. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability 9. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability 10. Microsoft Organization Chart Remote Code Execution Vulnerability 11. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities 12. Microsoft GDI+ BMP Integer Overflow Vulnerability 13. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability 14. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability 15. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability 16. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability 17. Microsoft September 2008 Advance Notification Multiple Vulnerabilities 18. Wireshark 1.0.2 Multiple Vulnerabilities 19. RETIRED: Moodle Multiple Remote File Include Vulnerabilities 20. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities 21. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities 22. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability 23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Get Off My Cloud By Mark Rasch One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple. More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing." http://www.securityfocus.com/columnists/478 2.An Astonishing Collaboration By Dan Kaminsky Wow. It's out. It's finally, finally out. Sweet! http://www.securityfocus.com/columnists/477 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability BugTraq ID: 31129 Remote: Yes Date Published: 2008-09-11 Relevant URL: http://www.securityfocus.com/bid/31129 Summary: Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. This control is included with Microsoft SQL Server 2000; other versions may also be affected. 2. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability BugTraq ID: 31124 Remote: Yes Date Published: 2008-09-11 Relevant URL: http://www.securityfocus.com/bid/31124 Summary: ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and allow the attacker to gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions. This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected. 3. Maxthon Browser Remote Denial of Service Vulnerability BugTraq ID: 31098 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31098 Summary: Maxthon Browser is prone to a denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage. Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users. This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected. 4. Apple iTunes Misleading Firewall Warning Weakness BugTraq ID: 31090 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31090 Summary: Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users. This issue may lead to a false sense of security, potentially aiding in network-based attacks. Versions prior to Apple iTunes 8.0 are vulnerable to this issue. 5. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability BugTraq ID: 31089 Remote: No Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31089 Summary: Apple iTunes is prone to a local privilege-escalation vulnerability due to an integer-overflow issue. Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This issue affects versions prior to iTunes 8.0 for Microsoft Windows XP and Microsoft Windows Vista. 6. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities BugTraq ID: 31086 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31086 Summary: Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks. These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. Versions prior to QuickTime 7.5.5 are affected. 7. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 31069 Remote: Yes Date Published: 2008-09-08 Relevant URL: http://www.securityfocus.com/bid/31069 Summary: Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input. An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks. 8. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability BugTraq ID: 31067 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31067 Summary: Microsoft Office OneNote is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 9. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 31065 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31065 Summary: The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. 10. Microsoft Organization Chart Remote Code Execution Vulnerability BugTraq ID: 31059 Remote: Yes Date Published: 2008-09-08 Relevant URL: http://www.securityfocus.com/bid/31059 Summary: Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation. Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted Organization Chart document. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. Microsoft Organization Chart 2.00,19 is vulnerable; other versions may also be affected. 11. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities BugTraq ID: 31058 Remote: Yes Date Published: 2008-09-01 Relevant URL: http://www.securityfocus.com/bid/31058 Summary: IBM DB2 Universal Database Server is prone to multiple vulnerabilities: - A remote denial-of-service issue related to CONNECT / ATTACH processing. - An unspecified vulnerability in the DB2FMP process. - A remote denial-of-service issue in DB2JDS. - The DB2FMP process executes with system privileges under Windows. An attacker may exploit these issues to deny service to legitimate users. Other attacks may also be possible. The CONNECT / ATTACH issue may be related to the issue discussed in BID 27870 (IBM DB2 Universal Database Multiple Vulnerabilities). Very few details are available regarding these issues. We will update this BID as more information emerges. These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 17. 12. Microsoft GDI+ BMP Integer Overflow Vulnerability BugTraq ID: 31022 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31022 Summary: Microsoft GDI+ is prone to an integer-overflow vulnerability. An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file. Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 13. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability BugTraq ID: 31021 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31021 Summary: Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. 14. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability BugTraq ID: 31020 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31020 Summary: Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library. 15. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability BugTraq ID: 31019 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31019 Summary: Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user. 16. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability BugTraq ID: 31018 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31018 Summary: Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user. 17. Microsoft September 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 31014 Remote: Yes Date Published: 2008-09-04 Relevant URL: http://www.securityfocus.com/bid/31014 Summary: Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created to document the issues when the bulletins are released. 18. Wireshark 1.0.2 Multiple Vulnerabilities BugTraq ID: 31009 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/31009 Summary: Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues. Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed. These issues affect Wireshark 0.9.7 up to and including 1.0.2. 19. RETIRED: Moodle Multiple Remote File Include Vulnerabilities BugTraq ID: 30995 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/30995 Summary: Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible. These issues affect Moodle 1.8.4; other versions may also be affected. NOTE: Further analysis indicates that these issues were previously documented in BID 28599 (kses Multiple Input Validation Vulnerabilities), so this BID is being retired. 20. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities BugTraq ID: 30993 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/30993 Summary: Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed. Open-FTPD 1.2 is vulnerable; other versions may also be affected. 21. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 30992 Remote: Yes Date Published: 2008-09-03 Relevant URL: http://www.securityfocus.com/bid/30992 Summary: @Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. These issues affect the following versions: @Mail WebMail 5.05 running on Microsoft Windows @Mail 5.42 running on CentOS Other versions running on different platforms may also be affected. 22. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability BugTraq ID: 30970 Remote: Yes Date Published: 2008-09-02 Relevant URL: http://www.securityfocus.com/bid/30970 Summary: Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected. 23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability BugTraq ID: 30550 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/30550 Summary: Microsoft Windows Media Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.iroky.com/forenterprise2
