SecurityFocus Microsoft Newsletter #428 ----------------------------------------
This issue is sponsored by The Computer Forensics Show THE COMPUTER FORENSICS SHOW IS THE "DON'T MISS" EVENT OF THE YEAR FOR ALL LITIGATION, ACCOUNTING AND IT PROFESSIONALS www.computerforensicshow.com April 27-29, 2009 Washington DC Convention Center Washington, DC August 3-5, 2009 San Jose Convention Center San Jose, CA SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Time to Take the Theoretical Seriously 2.The Drew Verdict Makes Us All Hackers II. MICROSOFT VULNERABILITY SUMMARY 1. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities 2. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability 3. Excel Viewer OCX ActiveX 'open()' Buffer Overflow Vulnerability 4. TimeTools NTP Time Server Syslog Monitor Remote Denial of Service Vulnerability 5. TFTPUtil GUI Malformed Packet Remote Denial of Service Vulnerability 6. TFTPUtil GUI TFTP GET Request Directory Traversal Vulnerability 7. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability 8. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability 9. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability 10. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability 11. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability 12. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities 13. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability 14. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability 15. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability 16. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability 17. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. SecurityFocus Microsoft Newsletter #427 IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1.Time to Take the Theoretical Seriously By Chris Wysopal Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers http://www.securityfocus.com/columnists/490 2.The Drew Verdict Makes Us All Hackers By Mark Rasch Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers. http://www.securityfocus.com/columnists/489 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities BugTraq ID: 33363 Remote: Yes Date Published: 2009-01-20 Relevant URL: http://www.securityfocus.com/bid/33363 Summary: easyHDR Pro is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data. Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. easyHDR Pro 1.60.2 is vulnerable; prior versions may also be affected. 2. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability BugTraq ID: 33359 Remote: Yes Date Published: 2009-01-20 Relevant URL: http://www.securityfocus.com/bid/33359 Summary: Microsoft Windows Mobile is prone to a directory-traversal vulnerability in the OBEX FTP service. Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory, download arbitrary files, and obtain sensitive information. Other attacks may also be possible. Windows Mobile 5.0 and 6.0 are vulnerable; other versions may also be affected. 3. Excel Viewer OCX ActiveX 'open()' Buffer Overflow Vulnerability BugTraq ID: 33322 Remote: Yes Date Published: 2009-01-16 Relevant URL: http://www.securityfocus.com/bid/33322 Summary: Excel Viewer OCX is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions. Excel Viewer OCX 3.1 and 3.2 are vulnerable; other versions may also be affected. 4. TimeTools NTP Time Server Syslog Monitor Remote Denial of Service Vulnerability BugTraq ID: 33290 Remote: Yes Date Published: 2009-01-15 Relevant URL: http://www.securityfocus.com/bid/33290 Summary: TimeTools NTP Time Server Syslog Monitor is prone to a denial-of-service vulnerability because the application fails to adequately sanitize user-supplied input. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. 5. TFTPUtil GUI Malformed Packet Remote Denial of Service Vulnerability BugTraq ID: 33289 Remote: Yes Date Published: 2009-01-15 Relevant URL: http://www.securityfocus.com/bid/33289 Summary: TFTPUtil GUI is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input. Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users. TFTPUtil GUI 1.2.0 and 1.3.0 are vulnerable; other versions may also be affected. 6. TFTPUtil GUI TFTP GET Request Directory Traversal Vulnerability BugTraq ID: 33287 Remote: Yes Date Published: 2009-01-15 Relevant URL: http://www.securityfocus.com/bid/33287 Summary: TFTPUtil GUI is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to access arbitrary files outside of the TFTP server root directory. This can expose sensitive information that could help the attacker launch further attacks. TFTPUtil GUI 1.2.0 and 1.3.0 are vulnerable; other versions may also be affected. 7. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability BugTraq ID: 33276 Remote: Yes Date Published: 2009-01-14 Relevant URL: http://www.securityfocus.com/bid/33276 Summary: Multiple web browsers are prone to a cross-domain information-disclosure vulnerability because the applications fail to properly enforce the same-origin policy. An attacker can exploit this issue to determine which sites a user is currently logged in to. Successfully exploiting this issue may lead to other attacks. The following browsers are vulnerable: Microsoft Internet Explorer Mozilla Firefox Apple Safari Google Chrome Other browsers may also be affected. 8. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability BugTraq ID: 33257 Remote: Yes Date Published: 2009-01-14 Relevant URL: http://www.securityfocus.com/bid/33257 Summary: Ots Labs OtsTurntables is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions. OtsTurntables 1.00.027 is vulnerable; other versions may also be affected. 9. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability BugTraq ID: 33245 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33245 Summary: Office OCX Office Viewer OCX ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands. Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer). Office Viewer OCX 3.0.1 is vulnerable; other versions may also be affected. 10. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability BugTraq ID: 33243 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33243 Summary: Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files. An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1 Excel Viewer OCX 3.2 11. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability BugTraq ID: 33238 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33238 Summary: Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers overwrite arbitrary files. Successful exploits may result in denial-of-service conditions. Other attacks are also possible. The following ActiveX controls are vulnerable: Office Viewer OCX 3.0.1 Word Viewer OCX 3.2 PowerPoint Viewer OCX 3.1 12. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities BugTraq ID: 33222 Remote: Yes Date Published: 2009-01-12 Relevant URL: http://www.securityfocus.com/bid/33222 Summary: Excel Viewer OCX ActiveX control is prone to multiple remote vulnerabilities: - An arbitrary-file-overwrite vulnerability - An arbitrary-file-download vulnerability Successfully exploiting these issues will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Excel Viewer OCX 3.2 is vulnerable; other versions may also be affected. 13. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability BugTraq ID: 33221 Remote: Yes Date Published: 2009-01-12 Relevant URL: http://www.securityfocus.com/bid/33221 Summary: Triologic Media Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions. Triologic Media Player 7 is vulnerable; other versions may also be affected. 14. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability BugTraq ID: 33204 Remote: Yes Date Published: 2009-01-11 Relevant URL: http://www.securityfocus.com/bid/33204 Summary: Microsoft Windows is prone to a buffer-overflow vulnerability because of an issue when processing CHM files. Successfully exploiting this issue would allow attackers to corrupt memory and crash the application associated with these files. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed. Windows XP Service Pack 3 is vulnerable; other versions may also be affected. 15. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability BugTraq ID: 33189 Remote: Yes Date Published: 2009-01-12 Relevant URL: http://www.securityfocus.com/bid/33189 Summary: Microsoft HTML Help Workshop is prone to a remote buffer-overflow vulnerability. The vulnerability occurs when the application handles a malformed HTML Help Workshop Project ('.hhp') file. An attacker may exploit the issue to execute arbitrary code in the context of the application. This vulnerability affects HTML Help Workshop 4.74 and prior versions. 16. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability BugTraq ID: 33122 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33122 Summary: Microsoft Windows is prone to a remote code-execution vulnerability that occurs in the SMB (Server Message Block) protocol implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. 17. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability BugTraq ID: 33121 Remote: Yes Date Published: 2009-01-13 Relevant URL: http://www.securityfocus.com/bid/33121 Summary: Microsoft Windows is prone to a buffer-overflow vulnerability that occurs in the SMB (Server Message Block) protocol implementation. An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. SecurityFocus Microsoft Newsletter #427 http://www.securityfocus.com/archive/88/500135 IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by The Computer Forensics Show THE COMPUTER FORENSICS SHOW IS THE "DON'T MISS" EVENT OF THE YEAR FOR ALL LITIGATION, ACCOUNTING AND IT PROFESSIONALS www.computerforensicshow.com April 27-29, 2009 Washington DC Convention Center Washington, DC August 3-5, 2009 San Jose Convention Center San Jose, CA
