Microsoft Security News
SecurityFocus Microsoft Newsletter #438 Apr 06 2009 03:51PM
sfa securityfocus com
SecurityFocus Microsoft Newsletter #438
----------------------------------------

This issue is sponsored by Tripwire

Configuration and Change Management for IT Compliance and Risk Management

Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these organizations are applying the resulting processes to enhance security and improve operational efficiency in order to increase their level of service delivery.

http://dinclinx.com/Redirect.aspx?36;1864;32;189;0;4;259;4d333dbf312ae38
9

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Act Locally, Pwn Globally
2. Time to Shield Researchers
II. MICROSOFT VULNERABILITY SUMMARY
1. UltraISO CCD and IMG File Buffer Overflow Vulnerability
2. Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
3. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
4. SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability
5. OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
6. IBM DB2 Content Manager eClient Unspecified Security Vulnerability
7. Apple Safari XML Parser Nested XML Tag Remote Denial of Service Vulnerability
8. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
9. Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation Vulnerability
10. Wireshark PN-DCP Data Format String Vulnerability
11. AtomixMP3 Malformed 'm3u' Playlist File Buffer Overflow Vulnerability
12. Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
13. Abee CHM Maker and CHM eBook Creator 'FileName' Stack Buffer Overflow Vulnerability
14. Moodle TeX Filter Remote File Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Act Locally, Pwn Globally
By Jeffrey Carr
On December 24, 2008, the Pakistani Whackerz Cr3w defaced a part of India's critical infrastructure, the Eastern Railway system Web site. The defacement appeared on a scroll feed which read: .Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008)..
http://www.securityfocus.com/columnists/496

2. Time to Shield Researchers
By Oliver Day
Research is the backbone of the security industry but the legal climate has become so adverse that researchers have had to worry about injunctions, FBI visits, and even arrest.
http://www.securityfocus.com/columnists/495

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. UltraISO CCD and IMG File Buffer Overflow Vulnerability
BugTraq ID: 34363
Remote: Yes
Date Published: 2009-04-03
Relevant URL: http://www.securityfocus.com/bid/34363
Summary:
UltraISO is prone to a remote buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits may allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

UltraISO 9.3.3.2685 is vulnerable; other versions may also be affected.

2. Microsoft PowerPoint File Parsing Remote Code Execution Vulnerability
BugTraq ID: 34351
Remote: Yes
Date Published: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34351
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious PowerPoint file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

3. Fortinet FortiClient VPN Connection Name Local Format String Vulnerability
BugTraq ID: 34343
Remote: No
Date Published: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34343
Summary:
Fortinet FortiClient is prone to a local format-string vulnerability because it fails to adequately sanitize user-supplied input before passing it to a formatted-printing function.

Successfully exploiting this issue will allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the computer. Failed exploit attempts will likely result in a denial of service.

FortiClient 3.0.614 is vulnerable; other versions may also be affected.

4. SAP Business Objects Crystal Reports 'viewreport.asp' Cross Site Scripting Vulnerability
BugTraq ID: 34341
Remote: Yes
Date Published: 2009-04-02
Relevant URL: http://www.securityfocus.com/bid/34341
Summary:
SAP Business Objects Crystal Reports is prone to a cross-site scripting vulnerability.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and to steal cookie-based authentication credentials.

NOTE: This issue may be related to the one described in BID 12107 (Business Objects Crystal Enterprise Report File Cross-Site Scripting Vulnerability). We will update or retire this BID when more information emerges.

5. OpenX Prior to 2.8 Multiple Input Validation Vulnerabilities
BugTraq ID: 34336
Remote: Yes
Date Published: 2009-04-01
Relevant URL: http://www.securityfocus.com/bid/34336
Summary:
OpenX is prone to multiple input-validation vulnerabilities:

- Multiple SQL-Injection vulnerabilities
- A cross-site-scripting vulnerability
- An arbitrary-file-deletion vulnerability
- A HTTP-header-injection vulnerability

Attackers can exploit these issues to steal cookie-based authentication credentials from legitimate users of the site, modify the way the site is rendered, access or modify data, exploit latent vulnerabilities in the underlying database, or delete arbitrary files on the affected computer. Other attacks are also possible.

Versions prior to OpenX 2.8 are vulnerable.

6. IBM DB2 Content Manager eClient Unspecified Security Vulnerability
BugTraq ID: 34326
Remote: Yes
Date Published: 2009-03-31
Relevant URL: http://www.securityfocus.com/bid/34326
Summary:
IBM DB2 Content Manager is prone to an unspecified vulnerability.

Very few details are available regarding this issue. We will update this BID as more information emerges.

IBM DB2 Content Manager 8.4.1 is vulnerable; other versions may be affected as well.

7. Apple Safari XML Parser Nested XML Tag Remote Denial of Service Vulnerability
BugTraq ID: 34318
Remote: Yes
Date Published: 2009-03-31
Relevant URL: http://www.securityfocus.com/bid/34318
Summary:
Apple Safari is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Apple Safari 3.2.2 and 4 Beta are vulnerable; other versions may also be affected.

8. Bugzilla 'attachment.cgi' Cross Site Request Forgery Vulnerability
BugTraq ID: 34308
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34308
Summary:
Bugzilla is prone to a cross-site request-forgery vulnerability.

An attacker can exploit this issue to submit attachments in the context of the logged-in user.

This issue affects versions prior to Bugzilla 3.2.3 and 3.3.4.

9. Trend Micro Internet Security 2008/9 IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 34304
Remote: No
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34304
Summary:
Trend Micro Internet Security 2008 and 2009 are prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges, which may allow a complete compromise of the affected computer.

This issue affects Internet Security and Internet Security Pro 2008 and 2009.

10. Wireshark PN-DCP Data Format String Vulnerability
BugTraq ID: 34291
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34291
Summary:
Wireshark is prone to a format-string vulnerability.

Attackers can leverage this issue to execute arbitrary code within the context of the vulnerable application. Failed attacks will likely cause denial-of-service conditions.

Wireshark 1.0.6 is vulnerable; other versions may also be affected.

11. AtomixMP3 Malformed 'm3u' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 34290
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34290
Summary:
AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

AtomixMP3 2.3 is vulnerable; other versions may also be affected.

12. Check Point FireWall-1 PKI Web Service Remote Buffer Overflow Vulnerabilities
BugTraq ID: 34286
Remote: Yes
Date Published: 2009-03-30
Relevant URL: http://www.securityfocus.com/bid/34286
Summary:
Check Point FireWall-1 PKI web service is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

13. Abee CHM Maker and CHM eBook Creator 'FileName' Stack Buffer Overflow Vulnerability
BugTraq ID: 34279
Remote: Yes
Date Published: 2009-03-27
Relevant URL: http://www.securityfocus.com/bid/34279
Summary:
Abee CHM Maker and CHM eBook Creator are prone to a stack-based buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

The following are vulnerable:

Abee CHM Maker 1.9.5
Abee CHM eBook Creator 2.11

14. Moodle TeX Filter Remote File Disclosure Vulnerability
BugTraq ID: 34278
Remote: Yes
Date Published: 2009-03-27
Relevant URL: http://www.securityfocus.com/bid/34278
Summary:
Moodle is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to view local files in the context of the webserver process. This may aid in further attacks.

Versions prior to the following are vulnerable:

Moodle 1.6.9+
Moodle 1.7.7+
Moodle 1.8.9
Moodle 1.9.5

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Tripwire

Configuration and Change Management for IT Compliance and Risk Management

Learn from industry analysts how IT organizations are using configuration management to meet compliance requirements and instill best practices. Find out how these organizations are applying the resulting processes to enhance security and improve operational efficiency in order to increase their level of service delivery.

http://dinclinx.com/Redirect.aspx?36;1864;32;189;0;4;259;4d333dbf312ae38
9

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus