SecurityFocus Microsoft Newsletter #427 ----------------------------------------
This issue is sponsored by the Purewire NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers" Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks. SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.The Drew Verdict Makes Us All Hackers 2.MD5 Hack Interesting, But Not Threatening II. MICROSOFT VULNERABILITY SUMMARY 1. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability 2. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability 3. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability 4. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability 5. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability 6. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities 7. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability 8. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability 9. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability 10. VUPlayer '.asx' Playlist File Buffer Overflow Vulnerability 11. MP3 TrackMaker '.mp3' File Remote Heap Buffer Overflow Vulnerability 12. Microsoft January 2009 Advance Notification Multiple Vulnerabilities 13. Perception LiteServe 'USER' FTP Command Remote Buffer Overflow Vulnerability 14. Microsoft Internet Explorer 'screen[""]' Remote Denial of Service Vulnerability 15. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability 16. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.The Drew Verdict Makes Us All Hackers Mark Rasch Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers. http://www.securityfocus.com/columnists/489 2.MD5 Hack Interesting, But Not Threatening By Tim Callan A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem. http://www.securityfocus.com/columnists/488 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability BugTraq ID: 33276 Remote: Yes Date Published: 2009-01-14 Relevant URL: http://www.securityfocus.com/bid/33276 Summary: Multiple web browsers are prone to a cross-domain information-disclosure vulnerability because the applications fail to properly enforce the same-origin policy. An attacker can exploit this issue to determine which sites a user is currently logged in to. Successfully exploiting this issue may lead to other attacks. The following browsers are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Google Chrome Other browsers may also be affected. 2. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability BugTraq ID: 33257 Remote: Yes Date Published: 2009-01-14 Relevant URL: http://www.securityfocus.com/bid/33257 Summary: Ots Labs OtsTurntables is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OtsTurntables 1.00.027 is vulnerable; other versions may also be affected. 3. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability BugTraq ID: 33245 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33245 Summary: Office OCX Office Viewer OCX ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Office Viewer OCX 3.0.1 is vulnerable; other versions may also be affected. 4. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability BugTraq ID: 33243 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33243 Summary: Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1 Excel Viewer OCX 3.2 5. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability BugTraq ID: 33238 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33238 Summary: Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers overwrite arbitrary files. Successful exploits may result in denial-of-service conditions. Other attacks are also possible. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1 6. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities BugTraq ID: 33222 Remote: Yes Date Published: 2009-01-12 Relevant URL: http://www.securityfocus.com/bid/33222 Summary: Excel Viewer OCX ActiveX control is prone to multiple remote vulnerabilities: - An arbitrary-file-overwrite vulnerability - An arbitrary-file-download vulnerability Successfully exploiting these issues will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Excel Viewer OCX 3.2 is vulnerable; other versions may also be affected. 7. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability BugTraq ID: 33221 Remote: Yes Date Published: 2009-01-12 Relevant URL: http://www.securityfocus.com/bid/33221 Summary: Triologic Media Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Triologic Media Player 7 is vulnerable; other versions may also be affected. 8. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability BugTraq ID: 33204 Remote: Yes Date Published: 2009-01-11 Relevant URL: http://www.securityfocus.com/bid/33204 Summary: Microsoft Windows is prone to a buffer-overflow vulnerability because of an issue when processing CHM files. Successfully exploiting this issue would allow attackers to corrupt memory and crash the application associated with these files. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Windows XP Service Pack 3 is vulnerable; other versions may also be affected. 9. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability BugTraq ID: 33189 Remote: Yes Date Published: 2009-01-12 Relevant URL: http://www.securityfocus.com/bid/33189 Summary: Microsoft HTML Help Workshop is prone to a remote buffer-overflow vulnerability. The vulnerability occurs when the application handles a malformed HTML Help Workshop Project ('.hhp') file. An attacker may exploit the issue to execute arbitrary code in the context of the application. This vulnerability affects HTML Help Workshop 4.74 and prior versions. 10. VUPlayer '.asx' Playlist File Buffer Overflow Vulnerability BugTraq ID: 33185 Remote: Yes Date Published: 2009-01-09 Relevant URL: http://www.securityfocus.com/bid/33185 Summary: VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. VUPlayer 2.49 is vulnerable; other versions may also be affected. 11. MP3 TrackMaker '.mp3' File Remote Heap Buffer Overflow Vulnerability BugTraq ID: 33183 Remote: Yes Date Published: 2009-01-09 Relevant URL: http://www.securityfocus.com/bid/33183 Summary: Heathco Software MP3 TrackMaker is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. TrackMaker 1.5 is vulnerable; other versions may also be affected. 12. Microsoft January 2009 Advance Notification Multiple Vulnerabilities BugTraq ID: 33170 Remote: Yes Date Published: 2009-01-08 Relevant URL: http://www.securityfocus.com/bid/33170 Summary: Microsoft has released advance notification that the vendor will be releasing security bulletins on January 13, 2009. The highest severity rating for these issues is 'Critical'. These issues affect Microsoft Windows. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. Individual records will be created for the issues when the bulletins are released. 13. Perception LiteServe 'USER' FTP Command Remote Buffer Overflow Vulnerability BugTraq ID: 33158 Remote: Yes Date Published: 2009-01-07 Relevant URL: http://www.securityfocus.com/bid/33158 Summary: Perception LiteServe is prone to a remote buffer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. LiteServe 2.81 is vulnerable; other versions may also be affected. 14. Microsoft Internet Explorer 'screen[""]' Remote Denial of Service Vulnerability BugTraq ID: 33149 Remote: Yes Date Published: 2009-01-07 Relevant URL: http://www.securityfocus.com/bid/33149 Summary: Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue by enticing an unsuspecting victim to view a malicious web page. Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Microsoft Internet Explorer 6, 7, and 8 Beta are vulnerable; other versions may also be affected. 15. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability BugTraq ID: 33122 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33122 Summary: Microsoft Windows is prone to a remote code-execution vulnerability that occurs in the SMB (Server Message Block) protocol implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 16. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability BugTraq ID: 33121 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33121 Summary: Microsoft Windows is prone to a buffer-overflow vulnerability that occurs in the SMB (Server Message Block) protocol implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by the Purewire NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers" Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.
