SecurityFocus Microsoft Newsletter #413 ----------------------------------------
Download a FREE trial of HP WebInspect Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities. HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results. Download WebInspect now: https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.The Boston Trio and the MBTA 2.From Physics to Security II. MICROSOFT VULNERABILITY SUMMARY 1. K-Lite Mega Codec Pack 'vsfilter.dll' Denial Of Service Vulnerability 2. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability 3. phpMyAdmin Cross Site Scripting Vulnerability 4. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities 5. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability 6. DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities 7. Kantan WEB Server Unspecified Directory Traversal Vulnerability 8. Kantan WEB Server Unspecified Cross Site Scripting Vulnerability 9. Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities 10. Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities 11. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability 12. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability 13. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability 14. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.The Boston Trio and the MBTA By Mark Rasch The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a Court in Boston. http://www.securityfocus.com/columnists/480 2.From Physics to Security By Federico Biancuzzi Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper. http://www.securityfocus.com/columnists/479 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. K-Lite Mega Codec Pack 'vsfilter.dll' Denial Of Service Vulnerability BugTraq ID: 31400 Remote: Yes Date Published: 2008-09-25 Relevant URL: http://www.securityfocus.com/bid/31400 Summary: K-Lite Mega Codec pack is prone to a denial-of-service vulnerability. The problem occurs when the 'vsfilter.dll' library is installed on the affected computer. Attackers can exploit this issue to cause Windows Explorer to crash, denying service to legitimate users. 2. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability BugTraq ID: 31399 Remote: Yes Date Published: 2008-09-25 Relevant URL: http://www.securityfocus.com/bid/31399 Summary: WordPad is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted .doc file. Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Arbitrary code execution may also be possible; this has not been confirmed. 3. phpMyAdmin Cross Site Scripting Vulnerability BugTraq ID: 31327 Remote: Yes Date Published: 2008-09-23 Relevant URL: http://www.securityfocus.com/bid/31327 Summary: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Versions prior to phpMyAdmin 2.11.9.2 are vulnerable. 4. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities BugTraq ID: 31317 Remote: Yes Date Published: 2008-09-23 Relevant URL: http://www.securityfocus.com/bid/31317 Summary: DataSpade is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. DataSpade 1.0 is vulnerable; other versions may also be affected. 5. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability BugTraq ID: 31294 Remote: Yes Date Published: 2008-09-22 Relevant URL: http://www.securityfocus.com/bid/31294 Summary: Foxmail Email Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Foxmail Email Client 6.5 is vulnerable; other versions may also be affected. 6. DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities BugTraq ID: 31273 Remote: No Date Published: 2008-09-20 Relevant URL: http://www.securityfocus.com/bid/31273 Summary: DESlock+ is prone to multiple local vulnerabilities, including a buffer-overflow issue and multiple denial-of-service issues. Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges or cause denial-of-service conditions. These issues affect DESlock+ 3.2.7 and prior versions. 7. Kantan WEB Server Unspecified Directory Traversal Vulnerability BugTraq ID: 31245 Remote: Yes Date Published: 2008-09-18 Relevant URL: http://www.securityfocus.com/bid/31245 Summary: Kantan WEB Server is prone to an unspecified directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks. Versions prior to Kantan WEB Server 1.9 are vulnerable. 8. Kantan WEB Server Unspecified Cross Site Scripting Vulnerability BugTraq ID: 31244 Remote: Yes Date Published: 2008-09-18 Relevant URL: http://www.securityfocus.com/bid/31244 Summary: Kantan WEB Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to Kantan WEB Server 1.9 are vulnerable. 9. Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities BugTraq ID: 31227 Remote: Yes Date Published: 2008-09-17 Relevant URL: http://www.securityfocus.com/bid/31227 Summary: Data Dynamics ActiveReports ActiveX control is prone to multiple insecure-method vulnerabilities caused by design errors. An attacker can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible. These issues affect Data Dynamics ActiveReports Professional Edition Build 2.5.0.1314 ('ARView2.ocx' version 2.5.0.1314); other versions may also be affected. 10. Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities BugTraq ID: 31226 Remote: Yes Date Published: 2008-09-17 Relevant URL: http://www.securityfocus.com/bid/31226 Summary: Acritum Femitter Server is prone to an information-disclosure vulnerability and a denial-of-service vulnerability. Successfully exploiting these issues may allow an attacker to obtain sensitive information or cause the affected application to crash, denying service to legitimate users. Femitter Server 1.03 is vulnerable; other versions may also be affected. 11. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability BugTraq ID: 31215 Remote: Yes Date Published: 2008-09-17 Relevant URL: http://www.securityfocus.com/bid/31215 Summary: Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to view a web page embedded with a malicious PNG file. Successfully exploiting this issue will cause the application to stop responding, denying service to legitimate users. Microsoft Internet Explorer 7 and 8 Beta 1 are vulnerable; other versions may also be affected. 12. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability BugTraq ID: 31208 Remote: Yes Date Published: 2008-09-16 Relevant URL: http://www.securityfocus.com/bid/31208 Summary: Adobe Illustrator is prone to a remote code-execution vulnerability. An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file. Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application. This issue affects only Adobe Illustrator CS2 for Macintosh. 13. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability BugTraq ID: 31204 Remote: Yes Date Published: 2008-09-16 Relevant URL: http://www.securityfocus.com/bid/31204 Summary: Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service. Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible. Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable. 14. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability BugTraq ID: 31179 Remote: Yes Date Published: 2008-09-15 Relevant URL: http://www.securityfocus.com/bid/31179 Summary: Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets. Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [EMAIL PROTECTED] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ Download a FREE trial of HP WebInspect Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities. HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results. Download WebInspect now: https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN6MIF
