SecurityFocus Microsoft Newsletter #416

Rob Keith Thu, 16 Oct 2008 16:19:40 -0700

SecurityFocus Microsoft Newsletter #416
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news
each day. Now it's time for you to assess your applications and start detecting
and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started
today with a complimentary trial download that uses an HP test application.
Thoroughly analyze today's complex web applications in a runtime environment
with fast scanning capabilities, broad assessment coverage and accurate web
application scanning results.
Download WebInspect now:

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStart&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/WebInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6MII

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying
topics of interest for our community. We are proud to offer content from
Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Vice of Vice Presidential E-Mail
2.Blaming the Good Samaritan
II. MICROSOFT VULNERABILITY SUMMARY
1. Hummingbird HostExplorer ActiveX Control 'PlainTextPassword()' Buffer
Overflow Vulnerability
2. Adobe Flash CS3 Professional SWF File Heap Buffer Overflow
Vulnerability
3. Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI
Redirection Vulnerability
4. Titan FTP Server 'SITE WHO' Command Remote Denial of Service
Vulnerability
5. Etype Eserv FTP 'ABOR' Command Remote Stack Based Buffer Overflow
Vulnerability
6. Husdawg System Requirements Lab Multiple Remote Code Execution
Vulnerabilities
7. RaidenFTPD 'MLST' Command Remote Stack Based Buffer Overflow
Vulnerability
8. XM Easy Personal FTP Server 'NSLT' Command Remote Denial of Service
Vulnerability
9. Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability
10. Apple OS X QuickLook Excel File Integer Overflow Vulnerability
11. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
12. Microsoft Excel BIFF File Format Parsing Remote Code Execution
Vulnerability
13. Microsoft Excel Calendar Object Validation Remote Code Execution
Vulnerability
14. NoticeWare Email Server NG 'PASS' Command Remote Denial of Service
Vulnerability
15. Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
16. Win FTP Server 'NLIST' Command Remote Denial of Service Vulnerability
17. Computer Associates ARCserve Backup Multiple Remote Vulnerabilities
18. Microsoft Windows Internet Printing Service Integer Overflow
Vulnerability
19. RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
20. Microsoft Windows VAD Local Privilege Escalation Vulnerability
21. Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
22. Microsoft October 2008 Advance Notification Multiple Vulnerabilities
23. Drupal Multiple Modules Security Bypass Vulnerabilities
24. Microsoft Internet Explorer Cross Domain Information Disclosure
Vulnerability
25. Microsoft Windows Kernel Unhandled System Call Local Privilege
Escalation Vulnerability
26. Microsoft Windows Kernel Memory Corruption Local Privilege
Escalation Vulnerability
27. Microsoft Windows Kernel Window Creation Local Privilege Escalation
Vulnerability
28. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
29. Cisco Unity 7.0 Multiple Remote Vulnerabilities
30. Cisco Unity Remote Administration Authentication Bypass Vulnerability
31. Microsoft Message Queuing Service RPC Query Heap Corruption
Vulnerability
32. Avaya one-X Desktop Edition SIP Remote Denial Of Service
Vulnerability
33. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary
File Download Vulnerability
34. Microsoft Host Integration Server RPC Remote Command Execution
Vulnerability
35. Microsoft Internet Explorer HTML Objects Uninitialized Memory
Corruption Vulnerability
36. Microsoft Internet Explorer Uninitialized Object Remote Memory
Corruption Vulnerability
37. Microsoft Internet Explorer Event Handling Cross Domain Security
Bypass Vulnerability
38. Microsoft Internet Explorer HTML Element Cross Domain Security
Bypass Vulnerability
39. Mozilla Firefox Internet Shortcut Same Origin Policy Violation
Vulnerability
40. Microsoft Windows Active Directory LDAP Request Handling Remote Code
Execution Vulnerability
41. Internet Download Manager File Parsing Buffer Overflow Vulnerability
42. MetaGauge Web Server Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #415
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Vice of Vice Presidential E-Mail
By Mark Rasch
Seems like a simple question, but the law is not so clear. In mid-September
2008, a hacker using the handle "Rubico" claim credit for breaking into the
Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential
candidate. In a post online, Rubico wrote that he had been following news
reports that claimed Palin had been using her personal Yahoo e-mail account for
official government business.
http://www.securityfocus.com/columnists/482

2.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one
presentation, a colleague from the University of California at Berkeley whom
I'll refer to as "the supervisor," told a story of young hackers, who he
referred to as the Urchins
http://www.securityfocus.com/columnists/481

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Hummingbird HostExplorer ActiveX Control 'PlainTextPassword()' Buffer
Overflow Vulnerability
BugTraq ID: 31783
Remote: Yes
Date Published: 2008-10-16
Relevant URL: http://www.securityfocus.com/bid/31783
Summary:
Hummingbird HostExplorer ActiveX control is prone to a buffer-overflow
vulnerability because the application fails to adequately check boundaries on
user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of
the application using the ActiveX control (typically Internet Explorer).
Failed attacks will likely cause denial-of-service conditions.

2. Adobe Flash CS3 Professional SWF File Heap Buffer Overflow Vulnerability
BugTraq ID: 31769
Remote: Yes
Date Published: 2008-10-15
Relevant URL: http://www.securityfocus.com/bid/31769
Summary:
Adobe Flash CS3 Professional is prone to a heap-buffer overflow vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of
the affected application. Failed exploit attempts will likely result in
denial-of-service conditions.

Flash CS3 Professional for Microsoft Windows is vulnerable.

3. Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection
Vulnerability
BugTraq ID: 31765
Remote: Yes
Date Published: 2008-10-15
Relevant URL: http://www.securityfocus.com/bid/31765
Summary:
Outlook Web Access is prone to a remote URI-redirection vulnerability because
the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks.

OWA 6.5 SP 2 is vulnerable; other versions may also be affected.

4. Titan FTP Server 'SITE WHO' Command Remote Denial of Service Vulnerability
BugTraq ID: 31757
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31757
Summary:
Titan FTP Server is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash affected FTP servers, denying
service to legitimate users.

Titan FTP Server 6.26 build 630 is vulnerable; other versions may also be
affected.

5. Etype Eserv FTP 'ABOR' Command Remote Stack Based Buffer Overflow
Vulnerability
BugTraq ID: 31753
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31753
Summary:
Etype Eserv is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. Failed exploit attempts will result in a
denial-of-service condition.

Eserv 3.26 is vulnerable; other versions may also be affected.

6. Husdawg System Requirements Lab Multiple Remote Code Execution
Vulnerabilities
BugTraq ID: 31752
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31752
Summary:
Husdawg System Requirements Lab ActiveX controls and Java applets are prone to
multiple remote code-execution vulnerabilities.

Successful exploit will allow attackers to download and execute arbitrary files
on the affected computer in the context of the application that uses the
plugins.

7. RaidenFTPD 'MLST' Command Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31741
Remote: Yes
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31741
Summary:
RaidenFTPD is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context
of the affected application. Failed exploit attempts will result in a
denial-of-service condition.

RaidenFTPD 2.4 build 3620 is vulnerable; other versions may also be affected.

8. XM Easy Personal FTP Server 'NSLT' Command Remote Denial of Service
Vulnerability
BugTraq ID: 31739
Remote: Yes
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31739
Summary:
XM Easy Personal FTP Server is prone to a remote denial-of-service
vulnerability.

This issue allows remote attackers to crash affected FTP servers, denying
service to legitimate users.

XM Easy Personal FTP Server 5.6.0 is vulnerable; other versions may also be
affected.

9. Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability
BugTraq ID: 31737
Remote: No
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31737
Summary:
Lenovo Rescue and Recovery is prone to a heap-based overflow vulnerability.

A successful exploit of this vulnerability can allow a local attacker to
completely compromise the affected computer.

Lenovo Rescue and Recover 4.20 is vulnerable.

10. Apple OS X QuickLook Excel File Integer Overflow Vulnerability
BugTraq ID: 31707
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31707
Summary:
Apple OS X QuickLook is prone to an integer-overflow vulnerability because it
fails to perform adequate boundary checks on user-supplied input. Specifically,
this issue is related to the handling of Microsoft Excel spreadsheet files.

Successfully exploiting this issue may allow remote attackers to execute
arbitrary code in the context of the application. Failed exploit attempts will
cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 31681 (Apple Mac OS X 2008-007
Multiple Security Vulnerabilities) but has been given its own record to better
document this vulnerability.

11. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 31706
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31706
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application.

12. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
BugTraq ID: 31705
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31705
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application.

13. Microsoft Excel Calendar Object Validation Remote Code Execution
Vulnerability
BugTraq ID: 31702
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31702
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously
crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the
privileges of the user running the application.

14. NoticeWare Email Server NG 'PASS' Command Remote Denial of Service
Vulnerability
BugTraq ID: 31697
Remote: Yes
Date Published: 2008-10-10
Relevant URL: http://www.securityfocus.com/bid/31697
Summary:
NoticeWare Email Server NG is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying
service to legitimate users.

This issue affects NoticeWare Email Server NG 5.1.2.2; other versions may also
be vulnerable.

15. Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
BugTraq ID: 31693
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31693
Summary:
Microsoft Office is prone to a cross-site scripting vulnerability that arises
because the software fails to handle specially crafted CDO protocol URIs in a
proper manner.

Successfully exploiting this issue may allow an attacker to execute arbitrary
script code in the browser of an unsuspecting user in the context of the
affected site. This may allow the attacker to steal cookie-based authentication
credentials and to launch other attacks.

Office XP Service Pack 3 is vulnerable.

16. Win FTP Server 'NLIST' Command Remote Denial of Service Vulnerability
BugTraq ID: 31686
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31686
Summary:
Win FTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying
service to legitimate users.

This issue affects Win FTP 2.0.2; other versions may also be vulnerable.

17. Computer Associates ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 31684
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31684
Summary:
Computer Associates ARCserve Backup is prone to multiple remote vulnerabilities.

Successful exploits allow remote attackers to cause denial-of-service
conditions or to execute arbitrary commands in the context of the affected
application. This may result in a complete compromise of affected computers.

The following applications are affected:

CA BrightStor ARCserve Backup r11.1, r11.5, r12.0 for Windows
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard
Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium
Edition r2

18. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
BugTraq ID: 31682
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31682
Summary:
Microsoft Internet Printing Service is prone to an integer-overflow
vulnerability.

Exploiting this vulnerability allows attackers to execute arbitrary code with
the privileges of the user running the affected service.

19. RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
BugTraq ID: 31681
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31681
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been
addressed in Security Update 2008-007.

The security update addresses a total of 11 new vulnerabilities that affect the
ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin,
Script Editor, and Weblog components of Mac OS X. The advisory also contains
security updates for 30 previously reported issues.

NOTE: This BID is being retired; the following individual records have been
created to better document these issues:

31716 Apple Script Editor Unspecified Insecure Temporary File Creation
Vulnerability
31718 Apple Mac OS X Server Weblog Access Control List Security Bypass
Vulnerability
31708 Apple Mac OS X 'hosts.equiv' Security Bypass Vulnerability
31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability
31711 Apple Mac OS X 'configd' EAPOLController Plugin Local Heap Based Buffer
Overflow Vulnerability
31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability
31720 Apple Finder Denial of Service Vulnerability
31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability
31688 CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
31722 Apple Mac OS X 10.5 'launchd' Unspecified Security Bypass Vulnerability

20. Microsoft Windows VAD Local Privilege Escalation Vulnerability
BugTraq ID: 31675
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31675
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability
because of an error in how the system memory manager handles memory allocation
in relation to Virtual Address Descriptors (VAD).

A successful exploit will let a local attacker completely compromise an
affected computer.

21. Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31673
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31673
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability in the
Ancillary Function Driver ('afd.sys').

A successful exploit of this vulnerability will let a local attacker completely
compromise an affected computer.

22. Microsoft October 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31667
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31667
Summary:
Microsoft has released advance notification that the vendor will be releasing
eleven security bulletins on October 14, 2008. The highest severity rating for
these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to
compromise affected computers.

Individual records will be created to better document these issues when the
bulletins are released.

23. Drupal Multiple Modules Security Bypass Vulnerabilities
BugTraq ID: 31660
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31660
Summary:
Multiple Drupal Modules are prone to security-bypass vulnerabilities that may
allow attackers to gain access to administrative or sensitive areas of the
application without the appropriate privileges.

These issues affect versions prior to the following:

Live module 6.x-1.0
AJAX Picture Preview module 6.x-1.2
Admin:hover module 6.x-1.x-dev before 2008-Oct-08
Banner Rotor Module 6.x-1.3
Creative Commons Lite 6.x-1.1
Keyboard shortcut utilty 6.x-1.1
LiveJournal CrossPoster 6.x-1.4
Taxonomy import/export via XML 6.x-1.2
User Referral 6.x-1.x-dev before 2008-Oct-08

24. Microsoft Internet Explorer Cross Domain Information Disclosure
Vulnerability
BugTraq ID: 31654
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31654
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure
vulnerability because the application fails to properly enforce the same-origin
policy.

An attacker can exploit this issue to execute arbitrary script code in another
browser window's security zone. This may allow the attacker to steal
cookie-based authentication credentials and launch other attacks.

25. Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation
Vulnerability
BugTraq ID: 31653
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31653
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that
occurs in the Windows kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level
privileges. Successfully exploiting this issue will result in the complete
compromise of affected computers.

26. Microsoft Windows Kernel Memory Corruption Local Privilege Escalation
Vulnerability
BugTraq ID: 31652
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31652
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that
occurs in the Windows kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level
privileges. Successfully exploiting this issue will result in the complete
compromise of affected computers.

27. Microsoft Windows Kernel Window Creation Local Privilege Escalation
Vulnerability
BugTraq ID: 31651
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31651
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with kernel-level
privileges. Successfully exploiting this issue will result in the complete
compromise of affected computers.

28. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
BugTraq ID: 31647
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31647
Summary:
Microsoft Windows is prone to a remote code execution vulnerability. This is
due to a buffer underflow condition in the SMB (Server Message Block) protocol
implementation.

To exploit the issue, the attacker must first successfully authenticate as a
legitimate user or a Guest user on the affected computer. A successful exploit
will completely compromise the affected computer.

29. Cisco Unity 7.0 Multiple Remote Vulnerabilities
BugTraq ID: 31642
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31642
Summary:
Cisco Unity is prone to multiple remote vulnerabilities, including:

- An information-disclosure vulnerability in the web interface
- A denial-of-service vulnerability in the administration interface
- A script-injection vulnerability in the web interface
- Multiple denial-of-service vulnerabilities in unspecified services

These issues are reported in Cisco Unity 7.0; other versions may also be
affected.

30. Cisco Unity Remote Administration Authentication Bypass Vulnerability
BugTraq ID: 31638
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31638
Summary:
Cisco Unity is prone to an authentication-bypass vulnerability.

Exploiting this issue can allow remote attackers to gain unauthorized
administrative privileges. This issue is being tracked by Cisco Bug ID
CSCsr86943.

Versions prior to the following are vulnerable:

Cisco Unity 4.0 ES161 for the 4.x release
Cisco Unity 5.0 ES53 for the 5.x release
Cisco Unity 7.0 ES8 for the 7.x release

31. Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability
BugTraq ID: 31637
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31637
Summary:
The Microsoft Message Queuing service (MSMQ) is prone to a remote
heap-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges, facilitating the complete compromise of an affected computer.
Failed exploit attempts will result in a denial-of-service condition.

This issue is exploitable remotely on Windows 2000 systems only. The MSMQ
service is not installed or enabled by default. For a computer to be
exploited, an administrator must have explicitly installed and enabled the
service.

32. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
BugTraq ID: 31636
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31636
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service
vulnerability.

An attacker can exploit this issue to crash the affected application, denying
service to legitimate users.

Avaya one-X Desktop Edition 2.1 is vulnerable; other versions may also be
affected.

33. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File
Download Vulnerability
BugTraq ID: 31632
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31632
Summary:
Microsoft PicturePusher ActiveX control in 'PipPPush.dll' is prone to a
vulnerability that lets attackers download arbitrary files.

Attackers may exploit this issue by enticing victims into visiting a
maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from
arbitrary locations to the affected computer.

The affected ActiveX control may be a component of Microsoft Digital Image 2006
Starter Edition.

'PipPPush.dll' 7.00.0709 is vulnerable; other versions may also be affected.

34. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
BugTraq ID: 31620
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31620
Summary:
Microsoft Windows is prone to a remote command-execution vulnerability in the
SNA service through a remote procedure call (RPC).

Successfully exploiting this issue would allow an attacker to execute arbitrary
commands on an affected computer in the context of the affected service.

35. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption
Vulnerability
BugTraq ID: 31618
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31618
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption
vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of
the user running the application. Successful exploits will compromise the
application and possibly the underlying computer. Failed attacks will cause
denial-of-service conditions.

36. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption
Vulnerability
BugTraq ID: 31617
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31617
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption
vulnerability.

37. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass
Vulnerability
BugTraq ID: 31616
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31616
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass
vulnerability because the application fails to properly enforce the same-origin
policy.

An attacker can exploit this issue to execute arbitrary script code in another
browser window's security zone. This may allow attackers to steal cookie-based
authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on
Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other
vulnerable versions of the browser are prone only to information disclosure.

38. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass
Vulnerability
BugTraq ID: 31615
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31615
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass
vulnerability because the application fails to properly enforce the same-origin
policy.

39. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
BugTraq ID: 31611
Remote: Yes
Date Published: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31611
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to violate
the same-origin policy. This issue occurs because the application fails to
properly enforce the same-origin policy when handling internet shortcut files.

An attacker may create a malicious webpage that can access the properties of
another domain. This may allow the attacker to obtain sensitive information or
launch other attacks against a user of the browser.

Firefox 3.0.1 through 3.0.3 for Microsoft Windows are vulnerable; other
versions may also be affected.

40. Microsoft Windows Active Directory LDAP Request Handling Remote Code
Execution Vulnerability
BugTraq ID: 31609
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31609
Summary:
Microsoft Windows Active Directory is prone to a remote code-execution
vulnerability that arises because the application fails to handle specially
crafted LDAP or LDAP over SSL (LDAPS) requests in a proper manner.

Successfully exploiting this issue would allow an attacker to execute arbitrary
code and gain complete access to a vulnerable computer. The attacker may also
be able to cause the affected system to stop responding to further requests and
restart.

This issue affects only Windows 2000 servers configured as Active Directory
domain controllers.

41. Internet Download Manager File Parsing Buffer Overflow Vulnerability
BugTraq ID: 31603
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31603
Summary:
Internet Download Manager (IDM) is prone to a remote buffer-overflow
vulnerability because the application fails to bounds-check user-supplied data
before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context
of the affected application. Failed exploit attempts will result in a
denial-of-service condition.

NOTE: This vulnerability may be related to the issue described in BID 14159
(Internet Download Manager Buffer Overflow Vulnerability), but this has not
been confirmed.

We don't know which versions of IDM are affected. We will update this BID when
more information emerges.

42. MetaGauge Web Server Directory Traversal Vulnerability
BugTraq ID: 31596
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31596
Summary:
MetaGauge is prone to a directory-traversal vulnerability because the
application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files
within the context of the webserver. Information harvested may aid in launching
further attacks.

Versions prior to MetaGauge 1.0.3.38 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #415
http://www.securityfocus.com/archive/88/497234

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.

If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

SecurityFocus Microsoft Newsletter #416

Reply via email to