SecurityFocus Microsoft Newsletter #412 ----------------------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/forenterprise2 SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.SATAN'S Helper 2.Get Off My Cloud II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability 2. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability 3. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability 4. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability 5. Personal FTP Server 'RETR' Command Remote Denial of Service Vulnerability 6. Baidu Hi 'CSTransfer.dll' Remote Stack Buffer Overflow Vulnerability 7. Avant Browser JavaScript Engine Integer Overflow Vulnerability 8. RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability 9. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability 10. Maxthon Browser Remote Denial of Service Vulnerability 11. Apple iTunes Misleading Firewall Warning Weakness 12. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability 13. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities 14. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability 15. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability 16. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability 17. Microsoft Organization Chart Remote Code Execution Vulnerability 18. Microsoft GDI+ BMP Integer Overflow Vulnerability 19. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability 20. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability 21. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability 22. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability 23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #411 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.SATAN's Helper By Federico Biancuzzi SecurityFocus contributor Federico Biancuzzi chatted up Venema to talk about software security, how to improve the code quality, what solutions we might have to fight spam successfully, the principle of least privilege, and the philosophy behind the design of Postfix. Venema is currently a researcher at IBM's T.J. Watson Research Center http://www.securityfocus.com/columnists/479 2.Get Off My Cloud By Mark Rasch One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple. More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing." http://www.securityfocus.com/columnists/478 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability BugTraq ID: 31215 Remote: Yes Date Published: 2008-09-17 Relevant URL: http://www.securityfocus.com/bid/31215 Summary: Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to view a web page embedded with a malicious PNG file. Successfully exploiting this issue will cause the application to stop responding, denying service to legitimate users. Microsoft Internet Explorer 7 and 8 Beta 1 are vulnerable; other versions may also be affected. 2. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability BugTraq ID: 31208 Remote: Yes Date Published: 2008-09-16 Relevant URL: http://www.securityfocus.com/bid/31208 Summary: Adobe Illustrator is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. This issue affects only Adobe Illustrator CS2 for Macintosh. 3. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability BugTraq ID: 31204 Remote: Yes Date Published: 2008-09-16 Relevant URL: http://www.securityfocus.com/bid/31204 Summary: Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service. Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible. Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable. 4. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability BugTraq ID: 31179 Remote: Yes Date Published: 2008-09-15 Relevant URL: http://www.securityfocus.com/bid/31179 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets. Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed. 5. Personal FTP Server 'RETR' Command Remote Denial of Service Vulnerability BugTraq ID: 31173 Remote: Yes Date Published: 2008-09-14 Relevant URL: http://www.securityfocus.com/bid/31173 Summary: Personal FTP Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions. Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users. Personal FTP Server 6.0f is vulnerable; other versions may also be affected. 6. Baidu Hi 'CSTransfer.dll' Remote Stack Buffer Overflow Vulnerability BugTraq ID: 31162 Remote: Yes Date Published: 2008-09-13 Relevant URL: http://www.securityfocus.com/bid/31162 Summary: Baidu Hi is prone to a remote stack-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service. 7. Avant Browser JavaScript Engine Integer Overflow Vulnerability BugTraq ID: 31155 Remote: Yes Date Published: 2008-09-12 Relevant URL: http://www.securityfocus.com/bid/31155 Summary: Avant Browser is prone to an integer-overflow vulnerability that occurs in the JavaScript engine. An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious site. Successfully exploiting this issue may allow attackers to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Avant Browser 11.7 Build 9 is vulnerable; other versions may also be affected. NOTE: This vulnerability may be related to the issue described in BID 14917 (Mozilla Browser/Firefox JavaScript Engine Integer Overflow Vulnerability). 8. RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability BugTraq ID: 31129 Remote: Yes Date Published: 2008-09-11 Relevant URL: http://www.securityfocus.com/bid/31129 Summary: Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions. This control is included with Microsoft SQL Server 2000; other versions may also be affected. NOTE: This BID is being retired because the issue is not exploitable. The ActiveX control is not marked 'Safe for Scripting'. 9. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability BugTraq ID: 31124 Remote: Yes Date Published: 2008-09-11 Relevant URL: http://www.securityfocus.com/bid/31124 Summary: ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths. Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions. This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected. 10. Maxthon Browser Remote Denial of Service Vulnerability BugTraq ID: 31098 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31098 Summary: Maxthon Browser is prone to a denial-of-service vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage. Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users. This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected. 11. Apple iTunes Misleading Firewall Warning Weakness BugTraq ID: 31090 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31090 Summary: Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users. This issue may lead to a false sense of security, potentially aiding in network-based attacks. Versions prior to Apple iTunes 8.0 are vulnerable to this issue. 12. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability BugTraq ID: 31089 Remote: No Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31089 Summary: Apple iTunes is prone to a local privilege-escalation vulnerability due to an integer-overflow issue. Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition. This issue affects versions prior to iTunes 8.0 for Microsoft Windows XP and Microsoft Windows Vista. 13. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities BugTraq ID: 31086 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31086 Summary: Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks. These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition. Versions prior to QuickTime 7.5.5 are affected. 14. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability BugTraq ID: 31069 Remote: Yes Date Published: 2008-09-08 Relevant URL: http://www.securityfocus.com/bid/31069 Summary: Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input. An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks. 15. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability BugTraq ID: 31067 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31067 Summary: Microsoft Office OneNote is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 16. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability BugTraq ID: 31065 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31065 Summary: The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions. 17. Microsoft Organization Chart Remote Code Execution Vulnerability BugTraq ID: 31059 Remote: Yes Date Published: 2008-09-08 Relevant URL: http://www.securityfocus.com/bid/31059 Summary: Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation. Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted Organization Chart document. Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service. Microsoft Organization Chart 2.00,19 is vulnerable; other versions may also be affected. 18. Microsoft GDI+ BMP Integer Overflow Vulnerability BugTraq ID: 31022 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31022 Summary: Microsoft GDI+ is prone to an integer-overflow vulnerability. An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file. Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. 19. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability BugTraq ID: 31021 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31021 Summary: Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files. Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user. 20. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability BugTraq ID: 31020 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31020 Summary: Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library. 21. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability BugTraq ID: 31019 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31019 Summary: Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file. Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user. 22. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability BugTraq ID: 31018 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/31018 Summary: Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes. Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user. 23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability BugTraq ID: 30550 Remote: Yes Date Published: 2008-09-09 Relevant URL: http://www.securityfocus.com/bid/30550 Summary: Microsoft Windows Media Player is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #411 http://www.securityfocus.com/archive/88/496270 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/forenterprise2
