SecurityFocus Microsoft Newsletter #209
----------------------------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and feature
articles! Sign up today!
I. FRONT AND CENTER
1. Lessons Learned from Virus Infections
2. Strike One!
II. MICROSOFT VULNERABILITY SUMMARY
1. BroadBoard Message Board Multiple SQL Injection Vulnerabilit...
2. Microsoft GDI+ Library Malformed JPEG Handling Unspecified D...
3. Baal Systems Portal Software Authentication Bypass Vulnerabi...
4. MyWebServer Multiple Remote Vulnerabilities
5. YahooPOPS! Multiple Remote Buffer Overflow Vulnerabilities
6. Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
7. Symantec Norton AntiVirus Malformed EMail Denial Of Service ...
8. MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
9. Virtual Projects Chatma Denial Of Service Vulnerability
10. Microsoft SQL Server Remote Denial Of Service Vulnerability
11. Illustrate dBpowerAMP Music Converter and Audio Player Buffe...
12. Icecast Server HTTP Header Buffer Overflow Vulnerability
13. ParaChat Directory Traversal Vulnerability
14. Playlogic Alpha Black Zero Remote Denial Of Service Vulnerab...
15. Samba Remote Arbitrary File Access Vulnerability
16. GNU GZip Unspecified Insecure Temporary File Creation Vulner...
17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation ...
18. MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
19. PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
20. Proxytunnel Local Proxy Credential Disclosure Vulnerability
21. Kerio MailServer Unspecified Vulnerability
22. Online-Bookmarks Authentication Bypass Vulnerability
23. RealNetworks RealOne Player And RealPlayer Unspecified Web P...
24. RealNetworks RealOne Player And RealPlayer Unspecified File ...
25. RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remo...
26. VyPRESS Messenger Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. MS ISA activeX Filtering (Thread)
2. Tool for removing LANMAN hashes from registry (Thread)
3. Items within XP SP2 and Win2003 (Thread)
4. Application sniffer-next step (Thread)
5. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
6. SecurityFocus Microsoft Newsletter #208 (Thread)
7. VBScript to audit shares and share permissions (Thread)
8. Hardening Desktop (Thread)
9. Serious Security Issue in Windows XP SP2's Firewall (Thread)
10. Win2k3 IIS6.0 Port 4531 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. XArp 0.1.5
2. Extreme Editor: 5.2.2
3. ATK Plugin Creator 1.0
4. PlugAPOP 1.00
5. TX 1.0
6. EPX Crypting Software 2.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Lessons Learned from Virus Infections
By Jason Gordon
This article discusses how a virus outbreak will produce a few unique
opportunities to examine the health of an organization's network -- and
learn ways to further harden the network from future automated attacks.
http://www.securityfocus.com/infocus/1804
2. Strike One!
By Mark Rasch
A New York judge did the right thing last week when he threw out a
USA-PATRIOT Act provision that forced ISPs to secretly cooperate with the
FBI, and gave them no obvious avenue for appeal.
http://www.securityfocus.com/columnists/270
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. BroadBoard Message Board Multiple SQL Injection Vulnerabilit...
BugTraq ID: 11250
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11250
Summary:
Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query.
An attacker may exploit these issues to manipulate SQL queries, potentially revealing or corrupting sensitive database data. These issues may also facilitate attacks against the underlying database software.
2. Microsoft GDI+ Library Malformed JPEG Handling Unspecified D...
BugTraq ID: 11251
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11251
Summary:
The Microsoft (Graphics Device Interface) GDI+ library is reported prone to an unspecified denial of service vulnerability when handling malformed JPEG files.
This issue is reported to present itself due to the dereferencing of a NULL pointer.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
3. Baal Systems Portal Software Authentication Bypass Vulnerabi...
BugTraq ID: 11252
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11252
Summary:
Reportedly Baal Systems Portal Software is affected by a remote authentication bypass vulnerability. This issue is due to a failure of the application to properly manage administrator account creation.
This issue will allow an attacker to register a new administrator user, giving the attacker full admin access to the affected application.
4. MyWebServer Multiple Remote Vulnerabilities
BugTraq ID: 11254
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11254
Summary:
MyWebServer is reported prone to multiple remote vulnerabilities. These issues include a remote denial of service condition and administrative access to the server.
MyWebServer 1.0.3 is reported to be affected by these issues. It is possible that other versions are vulnerable as well.
5. YahooPOPS! Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 11256
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11256
Summary:
It is reported that YahooPOPS! contains multiple buffer overflow vulnerabilities. These vulnerabilities are due to a failure of the application to properly bounds check user-supplied input data before copying it into finite sized memory buffers. This allows attackers to overwrite adjacent memory, potentially overwriting critical memory structures and altering the flow of execution. This will likely allow for remote code execution in the context of the affected application.
Versions of YahooPOPS! from 0.4 through to, and including 0.6 are reportedly affected by these vulnerabilities.
6. Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
BugTraq ID: 11258
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone to a remote denial of service vulnerability.
The issue is reported to present itself due to inefficiencies present when handling fragmented TCP packets.
The discoverer of this issue has dubbed the attack style the "New Dawn attack", it is a variation of a previously reported attack that was named the "Rose Attack".
This vulnerability may aid a remote attacker in impacting resources on an affected computer. Specifically, a remote attacker may exploit this vulnerability to deny service to a vulnerable computer.
Microsoft Windows 2000/XP, Linux kernel 2.4 tree and undisclosed Cisco systems are reported prone to this vulnerability other products may also be affected.
7. Symantec Norton AntiVirus Malformed EMail Denial Of Service ...
BugTraq ID: 11259
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11259
Summary:
It is alleged that Symantec Norton AntiVirus is prone to a denial of service vulnerability.
The discoverer of this issue reports that when a malformed email is received through Microsoft Outlook and Norton AntiVirus attempts to process this email, the Norton AntiVirus application will crash.
Symantec is currently investigating this report; this BID will be updated as soon as this investigation is complete. It should also be noted that the discoverer of the issue has not provided any details about which versions may be affected by this issue, version information will be updated appropriately when this issue is investigated further.
8. MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
BugTraq ID: 11261
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11261
Summary:
It is reported that MySQL is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure the size of a buffer is sufficient to handle user-supplied input data before performing operations that may overflow into adjacent memory regions.
This vulnerability reportedly allows for remote attackers to crash affected servers. It is unconfirmed, but there may be a possibility of remote code execution in the context of the affected server. It would likely require a complex exploit, in order to take advantage of overwriting memory contents with NULL bytes. Attackers may be able to take advantage of the structured, predictable nature of the memory operations in order to control the flow of execution of the application.
MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other versions are also likely affected.
9. Virtual Projects Chatma Denial Of Service Vulnerability
BugTraq ID: 11263
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11263
Summary:
Virtual Projects Chatman is affected by a denial of service vulnerability. This issue is due to a failure of the application to handle exceptional conditions.
An attacker can leverage this issue to cause the affected application to crash, denying service to legitimate users.
10. Microsoft SQL Server Remote Denial Of Service Vulnerability
BugTraq ID: 11265
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11265
Summary:
Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications.
An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
11. Illustrate dBpowerAMP Music Converter and Audio Player Buffe...
BugTraq ID: 11266
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11266
Summary:
dBpowerAMP Music Converter and Audio Player reported prone to remote buffer overflow vulnerabilities when processing malformed audio and playlist files. This issues exists due to insufficient boundary checks performed by the applications and may allow an attacker to gain unauthorized access to a vulnerable computer.
Reportedly, these issues affect dBPowerAmp Music Converter 10.0 and Audio Player 2.0. Other versions may be vulnerable as well.
12. Icecast Server HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 11271
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11271
Summary:
It is reported that the Icecast server is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly enforce boundary conditions when dealing with user-supplied input data.
This vulnerability allows for remote code execution in the context of the Icecast server.
It is reported that this vulnerability is only exploitable to execute remote code on Microsoft Windows platforms. This buffer overflow affects all platforms, however it is only exploitable if a sensitive address is located adjacent to the affected buffer. On other platforms, denial of service or code execution may be possible, but this has not been confirmed.
Verions 2.x up to 2.0.1 are reported vulnerable to this issue.
13. ParaChat Directory Traversal Vulnerability
BugTraq ID: 11272
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11272
Summary:
It is reported that ParaChat is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data.
This vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the ParaChat server process.
Version 5.5 is reported susceptible to this vulnerability. Other versions may also be affected.
14. Playlogic Alpha Black Zero Remote Denial Of Service Vulnerab...
BugTraq ID: 11279
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11279
Summary:
It is reported that Alpha Black Zero is susceptible to a remote denial of service venerability. This issue is due to a failure of the game server software to handle many simultaneous connections.
This vulnerability allows remote attackers to crash the affected application, denying service to legitimate users.
Versions of Alpha Black Zero up to, and including version 1.04 are reported to be affected by this vulnerability.
15. Samba Remote Arbitrary File Access Vulnerability
BugTraq ID: 11281
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11281
Summary:
Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names.
An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer.
16. GNU GZip Unspecified Insecure Temporary File Creation Vulner...
BugTraq ID: 11288
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11288
Summary:
GNU gzip is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation ...
BugTraq ID: 11289
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11289
Summary:
MIT Kerberos 5 is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
18. MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 11291
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11291
Summary:
MySQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
19. PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
BugTraq ID: 11295
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11295
Summary:
PostgreSQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
20. Proxytunnel Local Proxy Credential Disclosure Vulnerability
BugTraq ID: 11299
Remote: No
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11299
Summary:
A vulnerability exists in proxytunnel that has the potential to expose proxy credentials to other local users. Reportedly proxyuser/proxypass data is not passed to the program in a secure manner, potentially exposing this data to other users on the computer.
21. Kerio MailServer Unspecified Vulnerability
BugTraq ID: 11300
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11300
Summary:
Kerio MailServer version 6.0.3 has been released. This release addresses a potential security vulnerability in the Kerio MailServer application. The cause and impact of this issue is currently unknown, however this BID will be updated as more information becomes available.
All versions of Kerio MailServer prior to 6.0.3 are considered vulnerable.
22. Online-Bookmarks Authentication Bypass Vulnerability
BugTraq ID: 11305
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11305
Summary:
online-bookmarks is affected by an authentication bypass vulnerability. This issue is due to a failure of the application to properly manage unauthorized access to sensitive scripts.
An attacker may leverage these issues to gain unauthorized access to an unsuspecting user's bookmarks, allowing them to view, edit, and delete arbitrary entries.
23. RealNetworks RealOne Player And RealPlayer Unspecified Web P...
BugTraq ID: 11307
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11307
Summary:
RealOne Player and RealPlayer are affected by an unspecified vulnerability. This issue may reportedly be exploited by a malicious Web page to execute arbitrary code in the context of the software.
This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
24. RealNetworks RealOne Player And RealPlayer Unspecified File ...
BugTraq ID: 11308
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11308
Summary:
RealPlayer and RealOne Player are prone to a vulnerability that may allow an attacker to delete files on the client computer. The attacker must know the path to the file that is targeted.
This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
25. RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remo...
BugTraq ID: 11309
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11309
Summary:
RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files.
The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow.
A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software.
This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
26. VyPRESS Messenger Remote Buffer Overflow Vulnerability
BugTraq ID: 11310
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11310
Summary:
VyPRESS Messenger is affected by a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify the length of user-supplied strings prior to copying them into finite process buffers.
An attacker may leverage this issue to remotely execute arbitrary machine code on an affected computer with the privileges of the user running the affected application. It is possible to exploit all hosts on a local area network by sending a message to a broadcast address.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. MS ISA activeX Filtering (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377560
2. Tool for removing LANMAN hashes from registry (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377524
3. Items within XP SP2 and Win2003 (Thread)
Relevant URL:
5. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377407
6. SecurityFocus Microsoft Newsletter #208 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376839
7. VBScript to audit shares and share permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376778
8. Hardening Desktop (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376763
9. Serious Security Issue in Windows XP SP2's Firewall (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376752
10. Win2k3 IIS6.0 Port 4531 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376706
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. XArp 0.1.5
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
2. Extreme Editor: 5.2.2
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/soft.html
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
multi-tabbed ASCII editor with encryption capabilities. Encryption of edited text and clipboard using Twofish.
3. ATK Plugin Creator 1.0
By: Nico 'Triplex' Spicher
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This freeware for Windows provides a small and handy interface to create and enhance ATK plugins. This first public release is fully compatible with ATK 2.x but can also be used with ATK 1.x (some new fields are not fully supported in the first releases).
4. PlugAPOP 1.00
By: waffle soft
Relevant URL: http://www.wafflesoft.com/PlugAPOP/manual_en.html
Platforms: Windows XP
Summary:
PlugAPOP is software to use APOP feature in Microsoft Outlook/Outlook Express which doesn't have APOP feature.
[Easy]
You can install and setup very easily. You can use APOP access immediately if you change the account name and server name field in your e-mail client. No special settings are needed in PlugAPOP.
[Tiny]
PlugAPOP doesn't waste a lot of CPU resource and memory, it doesn't effect to OS core and other application. PlugAPOP is implemented by using just SD
5. TX 1.0
By: Goldie Rejuven
Relevant URL: http://www.checksum.org/download/RX/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
The Smallest VC++ Coded Universal Windows Reverse Shell for all versions of Windows NT/2K/XP/2003 with any service pack. But not for Windows 98/ME. A Tini app that connects back to the specified IP to a fixedport and uses a fixed source port on the source machine to evade the firewalls.
Default port from which it connects :443
Default port to which it connects is :8080
More on the readme.txt
6. EPX Crypting Software 2.1
By: EdronSoft
Relevant URL: http://www.edronsoft.com/epx_pro.php
Platforms: Windows XP
Summary:
Protect your documents from others by encrypting them with DES and Triple DES strong algorithms. No need to remember passwords because you keep the key used for the decryption in a removable media device such as usb pen-drive (or floppy disk).
Wipe function to destroy data and full Drag'N Drop support.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and feature
articles! Sign up today!
----------------------------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and feature
articles! Sign up today!
http://www.securityfocus.com/htmlnewsletter/subscribe
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Lessons Learned from Virus Infections
2. Strike One!
II. MICROSOFT VULNERABILITY SUMMARY
1. BroadBoard Message Board Multiple SQL Injection Vulnerabilit...
2. Microsoft GDI+ Library Malformed JPEG Handling Unspecified D...
3. Baal Systems Portal Software Authentication Bypass Vulnerabi...
4. MyWebServer Multiple Remote Vulnerabilities
5. YahooPOPS! Multiple Remote Buffer Overflow Vulnerabilities
6. Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
7. Symantec Norton AntiVirus Malformed EMail Denial Of Service ...
8. MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
9. Virtual Projects Chatma Denial Of Service Vulnerability
10. Microsoft SQL Server Remote Denial Of Service Vulnerability
11. Illustrate dBpowerAMP Music Converter and Audio Player Buffe...
12. Icecast Server HTTP Header Buffer Overflow Vulnerability
13. ParaChat Directory Traversal Vulnerability
14. Playlogic Alpha Black Zero Remote Denial Of Service Vulnerab...
15. Samba Remote Arbitrary File Access Vulnerability
16. GNU GZip Unspecified Insecure Temporary File Creation Vulner...
17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation ...
18. MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
19. PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
20. Proxytunnel Local Proxy Credential Disclosure Vulnerability
21. Kerio MailServer Unspecified Vulnerability
22. Online-Bookmarks Authentication Bypass Vulnerability
23. RealNetworks RealOne Player And RealPlayer Unspecified Web P...
24. RealNetworks RealOne Player And RealPlayer Unspecified File ...
25. RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remo...
26. VyPRESS Messenger Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. MS ISA activeX Filtering (Thread)
2. Tool for removing LANMAN hashes from registry (Thread)
3. Items within XP SP2 and Win2003 (Thread)
4. Application sniffer-next step (Thread)
5. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
6. SecurityFocus Microsoft Newsletter #208 (Thread)
7. VBScript to audit shares and share permissions (Thread)
8. Hardening Desktop (Thread)
9. Serious Security Issue in Windows XP SP2's Firewall (Thread)
10. Win2k3 IIS6.0 Port 4531 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. XArp 0.1.5
2. Extreme Editor: 5.2.2
3. ATK Plugin Creator 1.0
4. PlugAPOP 1.00
5. TX 1.0
6. EPX Crypting Software 2.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Lessons Learned from Virus Infections
By Jason Gordon
This article discusses how a virus outbreak will produce a few unique
opportunities to examine the health of an organization's network -- and
learn ways to further harden the network from future automated attacks.
http://www.securityfocus.com/infocus/1804
2. Strike One!
By Mark Rasch
A New York judge did the right thing last week when he threw out a
USA-PATRIOT Act provision that forced ISPs to secretly cooperate with the
FBI, and gave them no obvious avenue for appeal.
http://www.securityfocus.com/columnists/270
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. BroadBoard Message Board Multiple SQL Injection Vulnerabilit...
BugTraq ID: 11250
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11250
Summary:
Reportedly BroadBoard Message Board is affected by multiple SQL injection vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI input prior to using it in an SQL query.
An attacker may exploit these issues to manipulate SQL queries, potentially revealing or corrupting sensitive database data. These issues may also facilitate attacks against the underlying database software.
2. Microsoft GDI+ Library Malformed JPEG Handling Unspecified D...
BugTraq ID: 11251
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11251
Summary:
The Microsoft (Graphics Device Interface) GDI+ library is reported prone to an unspecified denial of service vulnerability when handling malformed JPEG files.
This issue is reported to present itself due to the dereferencing of a NULL pointer.
Due to a lack of details, further information is not available at the moment. This BID will be updated as more information becomes available.
3. Baal Systems Portal Software Authentication Bypass Vulnerabi...
BugTraq ID: 11252
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11252
Summary:
Reportedly Baal Systems Portal Software is affected by a remote authentication bypass vulnerability. This issue is due to a failure of the application to properly manage administrator account creation.
This issue will allow an attacker to register a new administrator user, giving the attacker full admin access to the affected application.
4. MyWebServer Multiple Remote Vulnerabilities
BugTraq ID: 11254
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11254
Summary:
MyWebServer is reported prone to multiple remote vulnerabilities. These issues include a remote denial of service condition and administrative access to the server.
MyWebServer 1.0.3 is reported to be affected by these issues. It is possible that other versions are vulnerable as well.
5. YahooPOPS! Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 11256
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11256
Summary:
It is reported that YahooPOPS! contains multiple buffer overflow vulnerabilities. These vulnerabilities are due to a failure of the application to properly bounds check user-supplied input data before copying it into finite sized memory buffers. This allows attackers to overwrite adjacent memory, potentially overwriting critical memory structures and altering the flow of execution. This will likely allow for remote code execution in the context of the affected application.
Versions of YahooPOPS! from 0.4 through to, and including 0.6 are reportedly affected by these vulnerabilities.
6. Multiple Vendor TCP Packet Fragmentation Handling Denial Of ...
BugTraq ID: 11258
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11258
Summary:
Multiple vendor implementations of the TCP stack are reported prone to a remote denial of service vulnerability.
The issue is reported to present itself due to inefficiencies present when handling fragmented TCP packets.
The discoverer of this issue has dubbed the attack style the "New Dawn attack", it is a variation of a previously reported attack that was named the "Rose Attack".
This vulnerability may aid a remote attacker in impacting resources on an affected computer. Specifically, a remote attacker may exploit this vulnerability to deny service to a vulnerable computer.
Microsoft Windows 2000/XP, Linux kernel 2.4 tree and undisclosed Cisco systems are reported prone to this vulnerability other products may also be affected.
7. Symantec Norton AntiVirus Malformed EMail Denial Of Service ...
BugTraq ID: 11259
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11259
Summary:
It is alleged that Symantec Norton AntiVirus is prone to a denial of service vulnerability.
The discoverer of this issue reports that when a malformed email is received through Microsoft Outlook and Norton AntiVirus attempts to process this email, the Norton AntiVirus application will crash.
Symantec is currently investigating this report; this BID will be updated as soon as this investigation is complete. It should also be noted that the discoverer of the issue has not provided any details about which versions may be affected by this issue, version information will be updated appropriately when this issue is investigated further.
8. MySQL Bounded Parameter Statement Execution Remote Buffer Ov...
BugTraq ID: 11261
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11261
Summary:
It is reported that MySQL is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly ensure the size of a buffer is sufficient to handle user-supplied input data before performing operations that may overflow into adjacent memory regions.
This vulnerability reportedly allows for remote attackers to crash affected servers. It is unconfirmed, but there may be a possibility of remote code execution in the context of the affected server. It would likely require a complex exploit, in order to take advantage of overwriting memory contents with NULL bytes. Attackers may be able to take advantage of the structured, predictable nature of the memory operations in order to control the flow of execution of the application.
MySQL versions 4.1.3-beta and 4.1.4 are reported vulnerable, but other versions are also likely affected.
9. Virtual Projects Chatma Denial Of Service Vulnerability
BugTraq ID: 11263
Remote: Yes
Date Published: Sep 27 2004
Relevant URL: http://www.securityfocus.com/bid/11263
Summary:
Virtual Projects Chatman is affected by a denial of service vulnerability. This issue is due to a failure of the application to handle exceptional conditions.
An attacker can leverage this issue to cause the affected application to crash, denying service to legitimate users.
10. Microsoft SQL Server Remote Denial Of Service Vulnerability
BugTraq ID: 11265
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11265
Summary:
Reportedly Microsoft SQL Server is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle irregular network communications.
An attacker may leverage this issue to cause the affected server to crash, denying service to legitimate users.
11. Illustrate dBpowerAMP Music Converter and Audio Player Buffe...
BugTraq ID: 11266
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11266
Summary:
dBpowerAMP Music Converter and Audio Player reported prone to remote buffer overflow vulnerabilities when processing malformed audio and playlist files. This issues exists due to insufficient boundary checks performed by the applications and may allow an attacker to gain unauthorized access to a vulnerable computer.
Reportedly, these issues affect dBPowerAmp Music Converter 10.0 and Audio Player 2.0. Other versions may be vulnerable as well.
12. Icecast Server HTTP Header Buffer Overflow Vulnerability
BugTraq ID: 11271
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11271
Summary:
It is reported that the Icecast server is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly enforce boundary conditions when dealing with user-supplied input data.
This vulnerability allows for remote code execution in the context of the Icecast server.
It is reported that this vulnerability is only exploitable to execute remote code on Microsoft Windows platforms. This buffer overflow affects all platforms, however it is only exploitable if a sensitive address is located adjacent to the affected buffer. On other platforms, denial of service or code execution may be possible, but this has not been confirmed.
Verions 2.x up to 2.0.1 are reported vulnerable to this issue.
13. ParaChat Directory Traversal Vulnerability
BugTraq ID: 11272
Remote: Yes
Date Published: Sep 28 2004
Relevant URL: http://www.securityfocus.com/bid/11272
Summary:
It is reported that ParaChat is susceptible to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data.
This vulnerability allows remote attackers to retrieve the contents of arbitrary, potentially sensitive files located on the serving computer with the credentials of the ParaChat server process.
Version 5.5 is reported susceptible to this vulnerability. Other versions may also be affected.
14. Playlogic Alpha Black Zero Remote Denial Of Service Vulnerab...
BugTraq ID: 11279
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11279
Summary:
It is reported that Alpha Black Zero is susceptible to a remote denial of service venerability. This issue is due to a failure of the game server software to handle many simultaneous connections.
This vulnerability allows remote attackers to crash the affected application, denying service to legitimate users.
Versions of Alpha Black Zero up to, and including version 1.04 are reported to be affected by this vulnerability.
15. Samba Remote Arbitrary File Access Vulnerability
BugTraq ID: 11281
Remote: Yes
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11281
Summary:
Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names.
An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer.
16. GNU GZip Unspecified Insecure Temporary File Creation Vulner...
BugTraq ID: 11288
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11288
Summary:
GNU gzip is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
17. MIT Kerberos 5 Unspecified Insecure Temporary File Creation ...
BugTraq ID: 11289
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11289
Summary:
MIT Kerberos 5 is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
18. MySQL Unspecified Insecure Temporary File Creation Vulnerabi...
BugTraq ID: 11291
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11291
Summary:
MySQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
19. PostgreSQL Unspecified Insecure Temporary File Creation Vuln...
BugTraq ID: 11295
Remote: No
Date Published: Sep 30 2004
Relevant URL: http://www.securityfocus.com/bid/11295
Summary:
PostgreSQL is affected by an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existance of a file before writing to it.
An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.
20. Proxytunnel Local Proxy Credential Disclosure Vulnerability
BugTraq ID: 11299
Remote: No
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11299
Summary:
A vulnerability exists in proxytunnel that has the potential to expose proxy credentials to other local users. Reportedly proxyuser/proxypass data is not passed to the program in a secure manner, potentially exposing this data to other users on the computer.
21. Kerio MailServer Unspecified Vulnerability
BugTraq ID: 11300
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11300
Summary:
Kerio MailServer version 6.0.3 has been released. This release addresses a potential security vulnerability in the Kerio MailServer application. The cause and impact of this issue is currently unknown, however this BID will be updated as more information becomes available.
All versions of Kerio MailServer prior to 6.0.3 are considered vulnerable.
22. Online-Bookmarks Authentication Bypass Vulnerability
BugTraq ID: 11305
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11305
Summary:
online-bookmarks is affected by an authentication bypass vulnerability. This issue is due to a failure of the application to properly manage unauthorized access to sensitive scripts.
An attacker may leverage these issues to gain unauthorized access to an unsuspecting user's bookmarks, allowing them to view, edit, and delete arbitrary entries.
23. RealNetworks RealOne Player And RealPlayer Unspecified Web P...
BugTraq ID: 11307
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11307
Summary:
RealOne Player and RealPlayer are affected by an unspecified vulnerability. This issue may reportedly be exploited by a malicious Web page to execute arbitrary code in the context of the software.
This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
24. RealNetworks RealOne Player And RealPlayer Unspecified File ...
BugTraq ID: 11308
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11308
Summary:
RealPlayer and RealOne Player are prone to a vulnerability that may allow an attacker to delete files on the client computer. The attacker must know the path to the file that is targeted.
This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
25. RealNetworks RealOne Player And RealPlayer PNen3260.DLL Remo...
BugTraq ID: 11309
Remote: Yes
Date Published: Sep 29 2004
Relevant URL: http://www.securityfocus.com/bid/11309
Summary:
RealPlayer and RealOne Player are prone to a remote integer overflow vulnerability. It is reported that the vulnerability exists in the 'pnen3260.dll' linked library of both RealPlayer and RealOne Player for Microsoft Windows, Linux, and Mac OS platforms. The 'pnen3260.dll' library is responsible for processing real-media '.rm' files.
The overflow will cause the corruption of heap-based memory management structures. Ultimately this may permit an attacker to write to an arbitrary location in the memory of the active process and in doing so control execution flow.
A remote attacker may therefore exploit this vulnerability to execute arbitrary attacker-supplied instructions in the context of a user that is running a vulnerable version of the software.
This issue was originally described in BID 11273 (RealNetworks RealOne Player And RealPlayer Remote Vulnerabilities) and is now being assigned its own BID.
26. VyPRESS Messenger Remote Buffer Overflow Vulnerability
BugTraq ID: 11310
Remote: Yes
Date Published: Oct 01 2004
Relevant URL: http://www.securityfocus.com/bid/11310
Summary:
VyPRESS Messenger is affected by a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify the length of user-supplied strings prior to copying them into finite process buffers.
An attacker may leverage this issue to remotely execute arbitrary machine code on an affected computer with the privileges of the user running the affected application. It is possible to exploit all hosts on a local area network by sending a message to a broadcast address.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. MS ISA activeX Filtering (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377560
2. Tool for removing LANMAN hashes from registry (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377524
3. Items within XP SP2 and Win2003 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377410
4. Application sniffer-next step (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377408
5. Fw: Serious Security Issue in Windows XP SP2's Firew... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/377407
6. SecurityFocus Microsoft Newsletter #208 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376839
7. VBScript to audit shares and share permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376778
8. Hardening Desktop (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376763
9. Serious Security Issue in Windows XP SP2's Firewall (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376752
10. Win2k3 IIS6.0 Port 4531 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/376706
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. XArp 0.1.5
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the local ARP cache and reports changes in the IP to MAC mapping. Thus it can be used to recognize ARP poisoning which is used to prepare 'man in the middle' attacks on switched networks.
2. Extreme Editor: 5.2.2
By: Uri Fridman
Relevant URL: http://www.geocities.com/urifrid/soft.html
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
multi-tabbed ASCII editor with encryption capabilities. Encryption of edited text and clipboard using Twofish.
3. ATK Plugin Creator 1.0
By: Nico 'Triplex' Spicher
Relevant URL: http://www.computec.ch/projekte/atk/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
This freeware for Windows provides a small and handy interface to create and enhance ATK plugins. This first public release is fully compatible with ATK 2.x but can also be used with ATK 1.x (some new fields are not fully supported in the first releases).
4. PlugAPOP 1.00
By: waffle soft
Relevant URL: http://www.wafflesoft.com/PlugAPOP/manual_en.html
Platforms: Windows XP
Summary:
PlugAPOP is software to use APOP feature in Microsoft Outlook/Outlook Express which doesn't have APOP feature.
[Easy]
You can install and setup very easily. You can use APOP access immediately if you change the account name and server name field in your e-mail client. No special settings are needed in PlugAPOP.
[Tiny]
PlugAPOP doesn't waste a lot of CPU resource and memory, it doesn't effect to OS core and other application. PlugAPOP is implemented by using just SD
5. TX 1.0
By: Goldie Rejuven
Relevant URL: http://www.checksum.org/download/RX/
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
The Smallest VC++ Coded Universal Windows Reverse Shell for all versions of Windows NT/2K/XP/2003 with any service pack. But not for Windows 98/ME. A Tini app that connects back to the specified IP to a fixedport and uses a fixed source port on the source machine to evade the firewalls.
Default port from which it connects :443
Default port to which it connects is :8080
More on the readme.txt
6. EPX Crypting Software 2.1
By: EdronSoft
Relevant URL: http://www.edronsoft.com/epx_pro.php
Platforms: Windows XP
Summary:
Protect your documents from others by encrypting them with DES and Triple DES strong algorithms. No need to remember passwords because you keep the key used for the decryption in a removable media device such as usb pen-drive (or floppy disk).
Wipe function to destroy data and full Drag'N Drop support.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Stay up to date. All the latest news, columns, jobs and more in a
convenient html newsletter - Even a glimpse of upcoming columns and feature
articles! Sign up today!
http://www.securityfocus.com/htmlnewsletter/subscribe
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]