SecurityFocus Microsoft Newsletter #237
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network based Intrusion Detection Systems, giving you a comprehensive
view of your computer or general network. Sign up today!
I. FRONT AND CENTER
1. Privacy From the Trenches
2. Introduction to Spyware Keyloggers
3. Watching the Watchers
II. MICROSOFT VULNERABILITY SUMMARY
1. Citrix MetaFrame Web Client Access Restriction Bypass Vulner...
2. Sun J2SE Software Development Kit Java Archive Tool Director...
3. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
4. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
5. IrfanView Multiple Unspecified Image Handling Heap-Based Mem...
6. ImageMagick Multiple Unspecified Image Handling Heap-Based M...
7. JPortal Banner.PHP SQL Injection Vulnerability
8. Multiple Debugger Vendor Malicious Code Execution Vulnerabil...
9. Light Speed Technologies DeluxeFTP Local Authentication Cred...
10. Windows Kernel Font Buffer Overflow Vulnerability
11. Microsoft Windows Kernel Object Management Denial Of Service...
12. Microsoft Windows Message Queuing Remote Buffer Overflow Vul...
13. Microsoft MSN Messenger GIF Image Processing Remote Buffer O...
14. Microsoft Windows Kernel CSRSS Local Privilege Escalation Vu...
15. Microsoft Windows Internet Protocol Validation Remote Code E...
16. Microsoft Internet Explorer Content Advisor File Handling Bu...
17. Microsoft Exchange Server SMTP Extended Verb Buffer Overflow...
18. Microsoft Word Unspecified Document File Buffer Overflow Vul...
19. Microsoft Internet Explorer DHTML Object Race Condition Memo...
20. Microsoft Windows Kernel Access Validation Request Buffer Ov...
21. Microsoft Word Malformed Document Buffer Overflow Vulnerabil...
22. Microsoft Internet Explorer Malformed URI Buffer Overflow Vu...
23. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
24. Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting ...
25. IBM Lotus Domino Server Malformed POST Request Remote Buffer...
26. Microsoft Windows Shell Remote Code Execution Vulnerability
27. WIDCOMM Bluetooth Communication Software Directory Traversal...
28. Centra 7 User Information Multiple HTML Injection Vulnerabil...
29. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
30. Musicmatch Jukebox Unspecified Remote Buffer Overflow Vulner...
31. IlohaMail Email Message Remote HTML Injection Vulnerability
32. Opera SSL Security Feature Design Error Vulnerability
33. Yager Development Yager Game Data Block Buffer Overflow Vuln...
34. Yager Development Yager Game Nickname Buffer Overflow Vulner...
35. Yager Development Yager Game Data Block Denial Of Service Vu...
36. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
37. PHP-Nuke Surveys Module HTTP Response Splitting Vulnerabilit...
III. MICROSOFT FOCUS LIST SUMMARY
1. Re: using certificates in Outlook for encryption (Thread)
2. using certificates in Outlook for encryption (Thread)
3. Windows Server 2003 Service Pack 1 (Thread)
4. Fw: using certificates in Outlook for encryption (Thread)
5. Windows XP SP2 update (Thread)
6. _Minimizing Windows Server 2003 network services_ pa... (Thread)
7. SecurityFocus Microsoft Newsletter #236 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Enig3 1.0.0
2. .NET Security Tool Kit 1.0
3. SecureUML 1.0
4. Validator.NET 1.0
5. ldaupenum 0.02alpha
6. TextKeeper 5.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Privacy From the Trenches
By Scott Granneman
The recent string of high profile security breaches doesn't even hit the
radar of the average user worried about the privacy of his personal
information.
http://www.securityfocus.com/columnists/317
2. Introduction to Spyware Keyloggers
By Sachin Shetty
The purpose of this article is to discuss keyloggers found in spyware
applications, including their detection, features, and removal.
http://www.securityfocus.com/infocus/1829
3. Watching the Watchers
By Matthew Tanase
Misuse of database information by insiders happens everyday, and there's
little we can do about it.
http://www.securityfocus.com/columnists/318
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Citrix MetaFrame Web Client Access Restriction Bypass Vulner...
BugTraq ID: 13081
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13081
Summary:
A vulnerability affecting the application may allow an attacker to bypass restrictions and potentially launch restricted applications.
Apparently, an attacker with access to Microsoft Word can bypass restrictions by creating Word macros to launch arbitrary restricted applications.
All versions of Citrix MetaFrame Web Client are considered vulnerable at the moment.
Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.
2. Sun J2SE Software Development Kit Java Archive Tool Director...
BugTraq ID: 13083
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13083
Summary:
The Java Archive Tool is reported vulnerable to a directory traversal vulnerability.
An attacker can supply a malicious archive containing files named with '../' directory traversal sequences, which can potentially overwrite existing data during extraction.
Sun Java 2 Standard Edition versions 1.5.0 and 1.4.2 for both Linux and Microsoft Windows platforms are reported vulnerable. Other vendors using the technology may be affected as well.
3. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
BugTraq ID: 13092
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13092
Summary:
OpenOffice is reported prone to a remote heap overflow vulnerability.
An attacker may exploit this issue by crafting a malformed .doc file and enticing a user to open this file with the affected application. If a vulnerable user opens this file in OpenOffice, the application may crash due to memory corruption. This issue may also be leveraged to execute arbitrary code in the context of the user running OpenOffice.
OpenOffice 1.1.4 and 2.0 Beta are reported vulnerable to this issue.
4. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
BugTraq ID: 13097
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13097
Summary:
Invision Power Board is reported prone to an SQL injection vulnerability. Due to improper filtering of user-supplied data, attackers may pass SQL statements to the underlying database through the 'st' parameter.
Invision Power Board 1.3.1 and prior versions are affected by this issue.
5. IrfanView Multiple Unspecified Image Handling Heap-Based Mem...
BugTraq ID: 13099
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13099
Summary:
IrfanView is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.
It is reported that a malicious image may be used to trigger these issues.
A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.
This BID will be updated and split into unique BIDs as soon as further information is available.
6. ImageMagick Multiple Unspecified Image Handling Heap-Based M...
BugTraq ID: 13100
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13100
Summary:
ImageMagick is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.
It is reported that a malicious image may be used to trigger these issues.
A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.
This BID will be updated and split into unique BIDs as soon as further information is available.
7. JPortal Banner.PHP SQL Injection Vulnerability
BugTraq ID: 13103
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13103
Summary:
JPortal is reportedly affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue is reported to affect JPortal version 2.3.1; earlier versions may also be vulnerable.
8. Multiple Debugger Vendor Malicious Code Execution Vulnerabil...
BugTraq ID: 13104
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13104
Summary:
Multiple debugger vendors are reported prone to a malicious code execution vulnerability. This vulnerability is due to a failure of the affected applications to properly ensure that the examined code is run in a contained environment.
When an unsuspecting user attempts to debug the attacker-supplied executable, the malicious code from the included library will be run in the context of the debugger prior to the intended time, and in an uncontrolled manner.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of an affected debugger application. Due to the expected safe nature of debugging applications, potentially very cautious users may fall victim to this vulnerability.
OllyDbg, WinDbg, and Microsoft Visual C++ Debuggers are all reported susceptible to this vulnerability. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability.
9. Light Speed Technologies DeluxeFTP Local Authentication Cred...
BugTraq ID: 13105
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13105
Summary:
A local authentication credentials disclosure vulnerability affects Light Speed Technologies DeluxeFTP. This issue is due to a failure of the application to properly secure authentication credentials by default.
An attacker may leverage this issue to gain access to authentication credentials for all FTP accounts stored in the offending file.
10. Windows Kernel Font Buffer Overflow Vulnerability
BugTraq ID: 13109
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13109
Summary:
The Microsoft Windows Kernel is prone to a locally exploitable privilege escalation vulnerability. This issue is due to an unchecked buffer when handling malicious fonts, potentially allowing a local attacker to completely compromise a vulnerable computer.
Exploitation attempts could also result in a denial of service. Microsoft has reported that the vulnerability will most likely cause a denial of service on Windows XP SP2 platforms. The vendor has also stated that this vulnerability is not critical on Windows 98/98SE/ME, possibly because of lack of multi-user support on the operating system.
11. Microsoft Windows Kernel Object Management Denial Of Service...
BugTraq ID: 13110
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13110
Summary:
The Microsoft Windows kernel is prone to a locally exploitable denial of service vulnerability. The issue is reportedly related to object management in the Windows kernel.
12. Microsoft Windows Message Queuing Remote Buffer Overflow Vul...
BugTraq ID: 13112
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13112
Summary:
A remote buffer overflow vulnerability affects Microsoft Windows. This issue is due to a failure of the affected functionality to properly validate the length of user-supplied strings prior to copying them into static process buffers. This vulnerability may be exploited over RPC.
An attacker may exploit this issue to execute arbitrary code with SYSTEM privileges, facilitating unauthorized access or privilege escalation.
It should be noted that MSMQ is not installed by default on affected platforms and must be manually installed for a computer to be vulnerable. The vulnerability is reportedly not present on computers that only enable MSMQ HTTP Message Delivery.
13. Microsoft MSN Messenger GIF Image Processing Remote Buffer O...
BugTraq ID: 13114
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13114
Summary:
Microsoft MSN Messenger is reported prone to a remote buffer overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack.
Other attack vectors may exists as well.
MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable to this issue.
14. Microsoft Windows Kernel CSRSS Local Privilege Escalation Vu...
BugTraq ID: 13115
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13115
Summary:
A local privilege escalation vulnerability affects Microsoft Windows. This issue is due to a failure of the Kernel to properly handle user-supplied messages.
A local attacker may leverage this issue to completely compromise the computer.
15. Microsoft Windows Internet Protocol Validation Remote Code E...
BugTraq ID: 13116
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13116
Summary:
Microsoft Windows is reported prone to a remote code execution vulnerability. It is reported that the vulnerability manifests when an affected Microsoft platform receives and processes an especially malformed TCP/IP packet.
Reports indicate that the immediate consequences of exploitation of this issue are a denial of service.
16. Microsoft Internet Explorer Content Advisor File Handling Bu...
BugTraq ID: 13117
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13117
Summary:
Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability when handling malformed Content Advisor files. An attacker can exploit this issue by crafting a Content Advisor file with excessive data and arbitrary machine code to be processed by the browser.
A typical attack would involve the attacker creating a Web site that includes the malicious file. A similar attack can also be carried out through HTML email using Microsoft Outlook and Microsoft Outlook Express applications.
It should be noted that successful exploitation requires the user to follow various steps to install a malicious file.
17. Microsoft Exchange Server SMTP Extended Verb Buffer Overflow...
BugTraq ID: 13118
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13118
Summary:
Microsoft Exchange Server is prone to a buffer overflow in SMTP extended verbs. Successful exploitation could result in arbitrary code execution.
18. Microsoft Word Unspecified Document File Buffer Overflow Vul...
BugTraq ID: 13119
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13119
Summary:
Microsoft Word is affected by a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data. Microsoft has not specified exactly where the error may occur. This could result in execution of arbitrary code in the context of a user who opens the malicious document.
Internet Explorer is a likely attack vector as Word may be opened to handle the document when the user clicks a link.
19. Microsoft Internet Explorer DHTML Object Race Condition Memo...
BugTraq ID: 13120
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13120
Summary:
A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites.
This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the execution of attacker-supplied code.
20. Microsoft Windows Kernel Access Validation Request Buffer Ov...
BugTraq ID: 13121
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13121
Summary:
The Microsoft Windows kernel is prone to a buffer overflow in the system that validates access requests. Successful exploitation could allow arbitrary code execution in the context of the kernel. Only local users could exploit this vulnerability.
21. Microsoft Word Malformed Document Buffer Overflow Vulnerabil...
BugTraq ID: 13122
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13122
Summary:
Microsoft Word is prone to a buffer overflow vulnerability. This issue presents itself when Microsoft Word attempts to parse a malformed document. This could result in execution of arbitrary code in the context of a user who opens the malicious document.
Internet Explorer is a likely attack vector as Word may be opened to handle the document when the user clicks a link.
This issue was originally described as part of BID 11350.
22. Microsoft Internet Explorer Malformed URI Buffer Overflow Vu...
BugTraq ID: 13123
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13123
Summary:
A buffer overflow vulnerability is reported in Microsoft Internet Explorer. This issue is due to insufficient boundary verification of user-supplied input data causing a fixed-sized memory buffer to be overrun when attempting to copy data into it.
This vulnerability allows attacker-supplied machine code to be executed in the context of the affected application.
23. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
BugTraq ID: 13124
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial of service attacks.
ICMP is employed by network nodes to determine certain automatic actions to take based on network failures reported by an ICMP message.
It is reported that for ICMP error messages, no security checks are recommended by the RFC. As long as an ICMP message contains a valid source and destination IP address and port pair, it will be accepted for an associated connection.
The following individual attacks are reported:
A blind connection-reset attack is reported to affect multiple vendors. This attack takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.
A remote attacker may exploit this issue to terminate target TCP connections and deny service for legitimate users.
An ICMP Source Quench attack is reported to affect multiple vendors. This attack takes advantage of the specification that a host must react to receive ICMP Source Quench messages by slowing transmission on the associated connection. The Mitre ID CAN-2004-0791 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
An attack against ICMP PMTUD is reported to affect multiple vendors when they are configured to employ PMTUD. By sending a suitable forged ICMP message to a target host an attacker may reduce the MTU for a given connection. The Mitre ID CAN-2004-1060 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
**Update: It is reported that Microsoft platforms are also prone to these issues.
24. Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting ...
BugTraq ID: 13125
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13125
Summary:
Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
25. IBM Lotus Domino Server Malformed POST Request Remote Buffer...
BugTraq ID: 13130
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13130
Summary:
Lotus Domino Server is reported prone to a remote buffer overflow vulnerability.
The issue presents itself when the server handles a malformed HTTP POST request.
A successful attack may result in a denial of service condition, however, arbitrary code execution may occur as well. This issue may be leveraged to gain unauthorized access to a server.
IBM Lotus Domino Server versions 6.5.x and 6.0.x are reported vulnerable. The researcher responsible for discovering this issue has reported that this vulnerability affects versions 6.0.5 and 6.5.4. IBM Lotus Domino Server versions 6.0.5 and 6.5.4 were recently released, therefore it is likely that they are not affected and this issue only manifests in the versions prior to these. IBM also recommends that users should upgrade to these versions. Please see the referenced IBM advisory for more information.
This BID will be updated when more details are available.
26. Microsoft Windows Shell Remote Code Execution Vulnerability
BugTraq ID: 13132
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13132
Summary:
Microsoft Windows is prone to a vulnerability that may allow remote attackers to execute code through the Windows Shell. The cause of the vulnerability is related to how the operating system handles unregistered file types. The specific issue is that files with an unknown extension may be opened with the application specified in the embedded CLSID.
The victim of the attack would be required to open a malicious file, possibly hosted on a Web site or sent through email. Social engineering would generally be required to entice the victim into opening the file.
27. WIDCOMM Bluetooth Communication Software Directory Traversal...
BugTraq ID: 13135
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13135
Summary:
The WIDCOMM Bluetooth communications software is prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to utilizing it.
Attackers may exploit this vulnerability to gain access to potentially sensitive files, as well as corrupt or destroy data. Other attacks may also be possible.
WIDCOMM BTStackServer for Microsoft Windows version 1.4.2 is reported to be affected by this vulnerability. Other versions are also likely affected.
28. Centra 7 User Information Multiple HTML Injection Vulnerabil...
BugTraq ID: 13136
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13136
Summary:
Centra 7 is affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
29. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
BugTraq ID: 13137
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13137
Summary:
An information disclosure vulnerability affects eGroupWare. This issue is due to a failure of the application to properly handle access to email attachments.
This issue may result in a disclosure of email attachments; attachments may be sent to individuals that the sender did not intend to grant access to.
30. Musicmatch Jukebox Unspecified Remote Buffer Overflow Vulner...
BugTraq ID: 13174
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13174
Summary:
An unspecified remote buffer overflow vulnerability affects Musicmatch Jukebox. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
31. IlohaMail Email Message Remote HTML Injection Vulnerability
BugTraq ID: 13175
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13175
Summary:
IlohaMail is affected by an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
32. Opera SSL Security Feature Design Error Vulnerability
BugTraq ID: 13176
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13176
Summary:
Opera is prone to a design error that can result in a false sense of security. The issue exists in a security feature that is available in Opera version 8 Beta 3. The new security feature displays the Organization name derived from an SSL certificate in the Opera tab of an SSL secured site.
Because the Organization name of an SSL certificate is not intended to be unique, this issue may be exploited and result in a false sense of security for users.
33. Yager Development Yager Game Data Block Buffer Overflow Vuln...
BugTraq ID: 13177
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13177
Summary:
A remote buffer overflow vulnerability affects Yager Development Yager Game. This issue is due to a failure of the application to properly validate the length of user-supplied, network derived strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
34. Yager Development Yager Game Nickname Buffer Overflow Vulner...
BugTraq ID: 13178
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13178
Summary:
A remote buffer overflow vulnerability affects Yager Development Yager Game. This issue is due to a failure of the application to properly validate the length of user-supplied, network derived strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
35. Yager Development Yager Game Data Block Denial Of Service Vu...
BugTraq ID: 13179
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13179
Summary:
A remote denial of service vulnerability affects the Yager Development Yager Game. This issue is due to a failure of the application to properly handle exceptional network data.
An attacker may leverage this issue to freeze a multiplayer game that is currently in progress; players will be forced to end their game to return to normal functionality.
36. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
BugTraq ID: 13180
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13180
Summary:
Kerio MailServer is prone to a remote resource exhaustion vulnerability in the WebMail service. This issue is due to a failure of the application to properly handle exceptional conditions.
A remote attacker may leverage this issue to cause the affected application to hang, possibly denying service to legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9; earlier versions are reported vulnerable.
37. PHP-Nuke Surveys Module HTTP Response Splitting Vulnerabilit...
BugTraq ID: 13201
Remote: Yes
Date Published: Apr 15 2005
Relevant URL: http://www.securityfocus.com/bid/13201
Summary:
PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
This issue is reported to affect PHP-Nuke version 7.6; earlier versions may also be vulnerable.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Re: using certificates in Outlook for encryption (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396145
2. using certificates in Outlook for encryption (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396139
3. Windows Server 2003 Service Pack 1 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396138
4. Fw: using certificates in Outlook for encryption (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396137
5. Windows XP SP2 update (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396010
6. _Minimizing Windows Server 2003 network services_ pa... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/395821
7. SecurityFocus Microsoft Newsletter #236 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/395616
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Enig3 1.0.0
By: CCC Morocco Team
Relevant URL: http://www.ccc.ma/sw/enig3/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Enig3 is a free cryptography tool that can encrypt/decrypt content/data using your own private generated 128 Bits Enig3-Key, was developed on CCC-Morocco Labs, using the most complex cryptographic methodologies. It uses a Flow-Encoding technique which is done in 3 phases...
2. .NET Security Tool Kit 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The Foundstone S3i .NET Security Toolkit includes tools to help design, develop, and test secure .NET software applications. The toolkit includes Validator.NET, .NETMon, and the SecureUML Template.
3. SecureUML 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).
4. Validator.NET 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.
5. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. The script has been tested on windows and linux.
6. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Encrypts text using numeric combinations and two algorithms, One of the algorithms uses 5 different numeric combinations.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network based Intrusion Detection Systems, giving you a comprehensive
view of your computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network based Intrusion Detection Systems, giving you a comprehensive
view of your computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Privacy From the Trenches
2. Introduction to Spyware Keyloggers
3. Watching the Watchers
II. MICROSOFT VULNERABILITY SUMMARY
1. Citrix MetaFrame Web Client Access Restriction Bypass Vulner...
2. Sun J2SE Software Development Kit Java Archive Tool Director...
3. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
4. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
5. IrfanView Multiple Unspecified Image Handling Heap-Based Mem...
6. ImageMagick Multiple Unspecified Image Handling Heap-Based M...
7. JPortal Banner.PHP SQL Injection Vulnerability
8. Multiple Debugger Vendor Malicious Code Execution Vulnerabil...
9. Light Speed Technologies DeluxeFTP Local Authentication Cred...
10. Windows Kernel Font Buffer Overflow Vulnerability
11. Microsoft Windows Kernel Object Management Denial Of Service...
12. Microsoft Windows Message Queuing Remote Buffer Overflow Vul...
13. Microsoft MSN Messenger GIF Image Processing Remote Buffer O...
14. Microsoft Windows Kernel CSRSS Local Privilege Escalation Vu...
15. Microsoft Windows Internet Protocol Validation Remote Code E...
16. Microsoft Internet Explorer Content Advisor File Handling Bu...
17. Microsoft Exchange Server SMTP Extended Verb Buffer Overflow...
18. Microsoft Word Unspecified Document File Buffer Overflow Vul...
19. Microsoft Internet Explorer DHTML Object Race Condition Memo...
20. Microsoft Windows Kernel Access Validation Request Buffer Ov...
21. Microsoft Word Malformed Document Buffer Overflow Vulnerabil...
22. Microsoft Internet Explorer Malformed URI Buffer Overflow Vu...
23. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
24. Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting ...
25. IBM Lotus Domino Server Malformed POST Request Remote Buffer...
26. Microsoft Windows Shell Remote Code Execution Vulnerability
27. WIDCOMM Bluetooth Communication Software Directory Traversal...
28. Centra 7 User Information Multiple HTML Injection Vulnerabil...
29. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
30. Musicmatch Jukebox Unspecified Remote Buffer Overflow Vulner...
31. IlohaMail Email Message Remote HTML Injection Vulnerability
32. Opera SSL Security Feature Design Error Vulnerability
33. Yager Development Yager Game Data Block Buffer Overflow Vuln...
34. Yager Development Yager Game Nickname Buffer Overflow Vulner...
35. Yager Development Yager Game Data Block Denial Of Service Vu...
36. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
37. PHP-Nuke Surveys Module HTTP Response Splitting Vulnerabilit...
III. MICROSOFT FOCUS LIST SUMMARY
1. Re: using certificates in Outlook for encryption (Thread)
2. using certificates in Outlook for encryption (Thread)
3. Windows Server 2003 Service Pack 1 (Thread)
4. Fw: using certificates in Outlook for encryption (Thread)
5. Windows XP SP2 update (Thread)
6. _Minimizing Windows Server 2003 network services_ pa... (Thread)
7. SecurityFocus Microsoft Newsletter #236 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CoreGuard Core Security System
2. KeyCaptor Keylogger
3. SpyBuster
4. FreezeX
5. NeoExec for Active Directory
6. Secrets Protector v2.03
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Enig3 1.0.0
2. .NET Security Tool Kit 1.0
3. SecureUML 1.0
4. Validator.NET 1.0
5. ldaupenum 0.02alpha
6. TextKeeper 5.0
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Privacy From the Trenches
By Scott Granneman
The recent string of high profile security breaches doesn't even hit the
radar of the average user worried about the privacy of his personal
information.
http://www.securityfocus.com/columnists/317
2. Introduction to Spyware Keyloggers
By Sachin Shetty
The purpose of this article is to discuss keyloggers found in spyware
applications, including their detection, features, and removal.
http://www.securityfocus.com/infocus/1829
3. Watching the Watchers
By Matthew Tanase
Misuse of database information by insiders happens everyday, and there's
little we can do about it.
http://www.securityfocus.com/columnists/318
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Citrix MetaFrame Web Client Access Restriction Bypass Vulner...
BugTraq ID: 13081
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13081
Summary:
A vulnerability affecting the application may allow an attacker to bypass restrictions and potentially launch restricted applications.
Apparently, an attacker with access to Microsoft Word can bypass restrictions by creating Word macros to launch arbitrary restricted applications.
All versions of Citrix MetaFrame Web Client are considered vulnerable at the moment.
Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.
2. Sun J2SE Software Development Kit Java Archive Tool Director...
BugTraq ID: 13083
Remote: Yes
Date Published: Apr 09 2005
Relevant URL: http://www.securityfocus.com/bid/13083
Summary:
The Java Archive Tool is reported vulnerable to a directory traversal vulnerability.
An attacker can supply a malicious archive containing files named with '../' directory traversal sequences, which can potentially overwrite existing data during extraction.
Sun Java 2 Standard Edition versions 1.5.0 and 1.4.2 for both Linux and Microsoft Windows platforms are reported vulnerable. Other vendors using the technology may be affected as well.
3. OpenOffice Malformed Document Remote Heap Overflow Vulnerabi...
BugTraq ID: 13092
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13092
Summary:
OpenOffice is reported prone to a remote heap overflow vulnerability.
An attacker may exploit this issue by crafting a malformed .doc file and enticing a user to open this file with the affected application. If a vulnerable user opens this file in OpenOffice, the application may crash due to memory corruption. This issue may also be leveraged to execute arbitrary code in the context of the user running OpenOffice.
OpenOffice 1.1.4 and 2.0 Beta are reported vulnerable to this issue.
4. Invision Power Board ST Parameter SQL Injection Vulnerabilit...
BugTraq ID: 13097
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13097
Summary:
Invision Power Board is reported prone to an SQL injection vulnerability. Due to improper filtering of user-supplied data, attackers may pass SQL statements to the underlying database through the 'st' parameter.
Invision Power Board 1.3.1 and prior versions are affected by this issue.
5. IrfanView Multiple Unspecified Image Handling Heap-Based Mem...
BugTraq ID: 13099
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13099
Summary:
IrfanView is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.
It is reported that a malicious image may be used to trigger these issues.
A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.
This BID will be updated and split into unique BIDs as soon as further information is available.
6. ImageMagick Multiple Unspecified Image Handling Heap-Based M...
BugTraq ID: 13100
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13100
Summary:
ImageMagick is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.
It is reported that a malicious image may be used to trigger these issues.
A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.
This BID will be updated and split into unique BIDs as soon as further information is available.
7. JPortal Banner.PHP SQL Injection Vulnerability
BugTraq ID: 13103
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13103
Summary:
JPortal is reportedly affected by an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
This issue is reported to affect JPortal version 2.3.1; earlier versions may also be vulnerable.
8. Multiple Debugger Vendor Malicious Code Execution Vulnerabil...
BugTraq ID: 13104
Remote: Yes
Date Published: Apr 11 2005
Relevant URL: http://www.securityfocus.com/bid/13104
Summary:
Multiple debugger vendors are reported prone to a malicious code execution vulnerability. This vulnerability is due to a failure of the affected applications to properly ensure that the examined code is run in a contained environment.
When an unsuspecting user attempts to debug the attacker-supplied executable, the malicious code from the included library will be run in the context of the debugger prior to the intended time, and in an uncontrolled manner.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of an affected debugger application. Due to the expected safe nature of debugging applications, potentially very cautious users may fall victim to this vulnerability.
OllyDbg, WinDbg, and Microsoft Visual C++ Debuggers are all reported susceptible to this vulnerability. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability.
9. Light Speed Technologies DeluxeFTP Local Authentication Cred...
BugTraq ID: 13105
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13105
Summary:
A local authentication credentials disclosure vulnerability affects Light Speed Technologies DeluxeFTP. This issue is due to a failure of the application to properly secure authentication credentials by default.
An attacker may leverage this issue to gain access to authentication credentials for all FTP accounts stored in the offending file.
10. Windows Kernel Font Buffer Overflow Vulnerability
BugTraq ID: 13109
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13109
Summary:
The Microsoft Windows Kernel is prone to a locally exploitable privilege escalation vulnerability. This issue is due to an unchecked buffer when handling malicious fonts, potentially allowing a local attacker to completely compromise a vulnerable computer.
Exploitation attempts could also result in a denial of service. Microsoft has reported that the vulnerability will most likely cause a denial of service on Windows XP SP2 platforms. The vendor has also stated that this vulnerability is not critical on Windows 98/98SE/ME, possibly because of lack of multi-user support on the operating system.
11. Microsoft Windows Kernel Object Management Denial Of Service...
BugTraq ID: 13110
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13110
Summary:
The Microsoft Windows kernel is prone to a locally exploitable denial of service vulnerability. The issue is reportedly related to object management in the Windows kernel.
12. Microsoft Windows Message Queuing Remote Buffer Overflow Vul...
BugTraq ID: 13112
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13112
Summary:
A remote buffer overflow vulnerability affects Microsoft Windows. This issue is due to a failure of the affected functionality to properly validate the length of user-supplied strings prior to copying them into static process buffers. This vulnerability may be exploited over RPC.
An attacker may exploit this issue to execute arbitrary code with SYSTEM privileges, facilitating unauthorized access or privilege escalation.
It should be noted that MSMQ is not installed by default on affected platforms and must be manually installed for a computer to be vulnerable. The vulnerability is reportedly not present on computers that only enable MSMQ HTTP Message Delivery.
13. Microsoft MSN Messenger GIF Image Processing Remote Buffer O...
BugTraq ID: 13114
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13114
Summary:
Microsoft MSN Messenger is reported prone to a remote buffer overflow vulnerability when handling malformed Graphic Interchange Format (GIF) images. This may allow an attacker to gain unauthorized access to an affected computer by executing arbitrary code, reportedly resulting in system level compromise. Specially crafted emoticons or display pictures are likely to be used in a client-to-client attack.
Other attack vectors may exists as well.
MSN Messenger 6.2 and MSN Messenger 7.0 beta are vulnerable to this issue.
14. Microsoft Windows Kernel CSRSS Local Privilege Escalation Vu...
BugTraq ID: 13115
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13115
Summary:
A local privilege escalation vulnerability affects Microsoft Windows. This issue is due to a failure of the Kernel to properly handle user-supplied messages.
A local attacker may leverage this issue to completely compromise the computer.
15. Microsoft Windows Internet Protocol Validation Remote Code E...
BugTraq ID: 13116
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13116
Summary:
Microsoft Windows is reported prone to a remote code execution vulnerability. It is reported that the vulnerability manifests when an affected Microsoft platform receives and processes an especially malformed TCP/IP packet.
Reports indicate that the immediate consequences of exploitation of this issue are a denial of service.
16. Microsoft Internet Explorer Content Advisor File Handling Bu...
BugTraq ID: 13117
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13117
Summary:
Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability when handling malformed Content Advisor files. An attacker can exploit this issue by crafting a Content Advisor file with excessive data and arbitrary machine code to be processed by the browser.
A typical attack would involve the attacker creating a Web site that includes the malicious file. A similar attack can also be carried out through HTML email using Microsoft Outlook and Microsoft Outlook Express applications.
It should be noted that successful exploitation requires the user to follow various steps to install a malicious file.
17. Microsoft Exchange Server SMTP Extended Verb Buffer Overflow...
BugTraq ID: 13118
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13118
Summary:
Microsoft Exchange Server is prone to a buffer overflow in SMTP extended verbs. Successful exploitation could result in arbitrary code execution.
18. Microsoft Word Unspecified Document File Buffer Overflow Vul...
BugTraq ID: 13119
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13119
Summary:
Microsoft Word is affected by a buffer overflow vulnerability. This issue is due to a failure in the application to do proper bounds checking on user-supplied data. Microsoft has not specified exactly where the error may occur. This could result in execution of arbitrary code in the context of a user who opens the malicious document.
Internet Explorer is a likely attack vector as Word may be opened to handle the document when the user clicks a link.
19. Microsoft Internet Explorer DHTML Object Race Condition Memo...
BugTraq ID: 13120
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13120
Summary:
A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites.
This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the execution of attacker-supplied code.
20. Microsoft Windows Kernel Access Validation Request Buffer Ov...
BugTraq ID: 13121
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13121
Summary:
The Microsoft Windows kernel is prone to a buffer overflow in the system that validates access requests. Successful exploitation could allow arbitrary code execution in the context of the kernel. Only local users could exploit this vulnerability.
21. Microsoft Word Malformed Document Buffer Overflow Vulnerabil...
BugTraq ID: 13122
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13122
Summary:
Microsoft Word is prone to a buffer overflow vulnerability. This issue presents itself when Microsoft Word attempts to parse a malformed document. This could result in execution of arbitrary code in the context of a user who opens the malicious document.
Internet Explorer is a likely attack vector as Word may be opened to handle the document when the user clicks a link.
This issue was originally described as part of BID 11350.
22. Microsoft Internet Explorer Malformed URI Buffer Overflow Vu...
BugTraq ID: 13123
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13123
Summary:
A buffer overflow vulnerability is reported in Microsoft Internet Explorer. This issue is due to insufficient boundary verification of user-supplied input data causing a fixed-sized memory buffer to be overrun when attempting to copy data into it.
This vulnerability allows attacker-supplied machine code to be executed in the context of the affected application.
23. Multiple Vendor TCP/IP Implementation ICMP Remote Denial Of ...
BugTraq ID: 13124
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13124
Summary:
Multiple vendor implementations of TCP/IP Internet Control Message Protocol (ICMP) are reported prone to several denial of service attacks.
ICMP is employed by network nodes to determine certain automatic actions to take based on network failures reported by an ICMP message.
It is reported that for ICMP error messages, no security checks are recommended by the RFC. As long as an ICMP message contains a valid source and destination IP address and port pair, it will be accepted for an associated connection.
The following individual attacks are reported:
A blind connection-reset attack is reported to affect multiple vendors. This attack takes advantage of the specification that describes that on receiving a 'hard' ICMP error, the corresponding connection should be aborted. The Mitre ID CAN-2004-0790 is assigned to this issue.
A remote attacker may exploit this issue to terminate target TCP connections and deny service for legitimate users.
An ICMP Source Quench attack is reported to affect multiple vendors. This attack takes advantage of the specification that a host must react to receive ICMP Source Quench messages by slowing transmission on the associated connection. The Mitre ID CAN-2004-0791 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
An attack against ICMP PMTUD is reported to affect multiple vendors when they are configured to employ PMTUD. By sending a suitable forged ICMP message to a target host an attacker may reduce the MTU for a given connection. The Mitre ID CAN-2004-1060 is assigned to this issue.
A remote attacker may exploit this issue to degrade the performance of TCP connections and partially deny service for legitimate users.
**Update: It is reported that Microsoft platforms are also prone to these issues.
24. Comersus Cart Comersus_Search_Item.ASP Cross-Site Scripting ...
BugTraq ID: 13125
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13125
Summary:
Comersus Cart is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly validate user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
25. IBM Lotus Domino Server Malformed POST Request Remote Buffer...
BugTraq ID: 13130
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13130
Summary:
Lotus Domino Server is reported prone to a remote buffer overflow vulnerability.
The issue presents itself when the server handles a malformed HTTP POST request.
A successful attack may result in a denial of service condition, however, arbitrary code execution may occur as well. This issue may be leveraged to gain unauthorized access to a server.
IBM Lotus Domino Server versions 6.5.x and 6.0.x are reported vulnerable. The researcher responsible for discovering this issue has reported that this vulnerability affects versions 6.0.5 and 6.5.4. IBM Lotus Domino Server versions 6.0.5 and 6.5.4 were recently released, therefore it is likely that they are not affected and this issue only manifests in the versions prior to these. IBM also recommends that users should upgrade to these versions. Please see the referenced IBM advisory for more information.
This BID will be updated when more details are available.
26. Microsoft Windows Shell Remote Code Execution Vulnerability
BugTraq ID: 13132
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13132
Summary:
Microsoft Windows is prone to a vulnerability that may allow remote attackers to execute code through the Windows Shell. The cause of the vulnerability is related to how the operating system handles unregistered file types. The specific issue is that files with an unknown extension may be opened with the application specified in the embedded CLSID.
The victim of the attack would be required to open a malicious file, possibly hosted on a Web site or sent through email. Social engineering would generally be required to entice the victim into opening the file.
27. WIDCOMM Bluetooth Communication Software Directory Traversal...
BugTraq ID: 13135
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13135
Summary:
The WIDCOMM Bluetooth communications software is prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied input data prior to utilizing it.
Attackers may exploit this vulnerability to gain access to potentially sensitive files, as well as corrupt or destroy data. Other attacks may also be possible.
WIDCOMM BTStackServer for Microsoft Windows version 1.4.2 is reported to be affected by this vulnerability. Other versions are also likely affected.
28. Centra 7 User Information Multiple HTML Injection Vulnerabil...
BugTraq ID: 13136
Remote: Yes
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13136
Summary:
Centra 7 is affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
29. EGroupWare EMail Attachment Information Disclosure Vulnerabi...
BugTraq ID: 13137
Remote: No
Date Published: Apr 12 2005
Relevant URL: http://www.securityfocus.com/bid/13137
Summary:
An information disclosure vulnerability affects eGroupWare. This issue is due to a failure of the application to properly handle access to email attachments.
This issue may result in a disclosure of email attachments; attachments may be sent to individuals that the sender did not intend to grant access to.
30. Musicmatch Jukebox Unspecified Remote Buffer Overflow Vulner...
BugTraq ID: 13174
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13174
Summary:
An unspecified remote buffer overflow vulnerability affects Musicmatch Jukebox. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
31. IlohaMail Email Message Remote HTML Injection Vulnerability
BugTraq ID: 13175
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13175
Summary:
IlohaMail is affected by an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.
32. Opera SSL Security Feature Design Error Vulnerability
BugTraq ID: 13176
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13176
Summary:
Opera is prone to a design error that can result in a false sense of security. The issue exists in a security feature that is available in Opera version 8 Beta 3. The new security feature displays the Organization name derived from an SSL certificate in the Opera tab of an SSL secured site.
Because the Organization name of an SSL certificate is not intended to be unique, this issue may be exploited and result in a false sense of security for users.
33. Yager Development Yager Game Data Block Buffer Overflow Vuln...
BugTraq ID: 13177
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13177
Summary:
A remote buffer overflow vulnerability affects Yager Development Yager Game. This issue is due to a failure of the application to properly validate the length of user-supplied, network derived strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
34. Yager Development Yager Game Nickname Buffer Overflow Vulner...
BugTraq ID: 13178
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13178
Summary:
A remote buffer overflow vulnerability affects Yager Development Yager Game. This issue is due to a failure of the application to properly validate the length of user-supplied, network derived strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
35. Yager Development Yager Game Data Block Denial Of Service Vu...
BugTraq ID: 13179
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13179
Summary:
A remote denial of service vulnerability affects the Yager Development Yager Game. This issue is due to a failure of the application to properly handle exceptional network data.
An attacker may leverage this issue to freeze a multiplayer game that is currently in progress; players will be forced to end their game to return to normal functionality.
36. Kerio MailServer WebMail Remote Resource Exhaustion Vulnerab...
BugTraq ID: 13180
Remote: Yes
Date Published: Apr 14 2005
Relevant URL: http://www.securityfocus.com/bid/13180
Summary:
Kerio MailServer is prone to a remote resource exhaustion vulnerability in the WebMail service. This issue is due to a failure of the application to properly handle exceptional conditions.
A remote attacker may leverage this issue to cause the affected application to hang, possibly denying service to legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9; earlier versions are reported vulnerable.
37. PHP-Nuke Surveys Module HTTP Response Splitting Vulnerabilit...
BugTraq ID: 13201
Remote: Yes
Date Published: Apr 15 2005
Relevant URL: http://www.securityfocus.com/bid/13201
Summary:
PHP-Nuke is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
A remote attacker may exploit this vulnerability to influence or misrepresent how Web content is served, cached or interpreted. This could aid in various attacks that attempt to entice client users into a false sense of trust.
This issue is reported to affect PHP-Nuke version 7.6; earlier versions may also be vulnerable.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Re: using certificates in Outlook for encryption (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396145
2. using certificates in Outlook for encryption (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396139
3. Windows Server 2003 Service Pack 1 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396138
4. Fw: using certificates in Outlook for encryption (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396137
5. Windows XP SP2 update (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/396010
6. _Minimizing Windows Server 2003 network services_ pa... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/395821
7. SecurityFocus Microsoft Newsletter #236 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/395616
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CoreGuard Core Security System
By: Vormetric
Platforms: AIX, Linux, Solaris, Windows 2000, Windows XP
Relevant URL: http://www.vormetric.com/products/#overview
Summary:
CoreGuard System profile
The CoreGuard System is the industry's first solution that enforces
acceptable use policy for sensitive digital information assets and
protects personal data privacy across an enterprise IT environment.
CoreGuard's innovative architecture and completeness of technology
provide a comprehensive, extensible solution that tightly integrates all
the elements required to protect information across a widespread,
heterogeneous enterprise network, while enforcing separation of duties
between security and IT administration. At the same time, CoreGuard is
transparent to users, applications and storage infrastructures for ease
of deployment and system management.
CoreGuard enables customers to:
* Protect customer personal data privacy and digital information assets
* Protect data at rest from unauthorized viewing by external attackers
and unauthorized insiders
* Enforce segregation of duties between IT administrators and security
administration
* Ensure host & application integrity * Block malicious code, including
zero-day exploits
2. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!
3. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.
4. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install
5. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.
NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.
6. Secrets Protector v2.03
By: E-CRONIS
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.e-cronis.com/download/sp.exe
Summary:
It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".
Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Enig3 1.0.0
By: CCC Morocco Team
Relevant URL: http://www.ccc.ma/sw/enig3/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Enig3 is a free cryptography tool that can encrypt/decrypt content/data using your own private generated 128 Bits Enig3-Key, was developed on CCC-Morocco Labs, using the most complex cryptographic methodologies. It uses a Flow-Encoding technique which is done in 3 phases...
2. .NET Security Tool Kit 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The Foundstone S3i .NET Security Toolkit includes tools to help design, develop, and test secure .NET software applications. The toolkit includes Validator.NET, .NETMon, and the SecureUML Template.
3. SecureUML 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
The SecureUML Visio template defines a custom Unified Modeling Language (UML) dialect to help system architects build roles based access control systems (RBAC).
4. Validator.NET 1.0
By: Foundstone Professional Services
Relevant URL: http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subco
ntent=/services/overview_s3i
Platforms: Windows XP
Summary:
Validator.NET enables developers to programmatically determine user input locations that could be potentially exploited by hackers and provides proactive steps to build data validation routines which are loaded into a protection module. The tool helps eliminate common vulnerabilities such as SQL Injection and Cross-Site Scripting.
5. ldaupenum 0.02alpha
By: Roni Bachar & Sol Zehnwirth
Relevant URL: https://sourceforge.net/projects/ldapenum
Platforms: Linux, Perl (any system supporting perl), Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
ldapenum is a perl script designed to enumerate system and password information from domain controllers using the LDAP service when IPC$ is locked. The script has been tested on windows and linux.
6. TextKeeper 5.0
By: HardwareCrasher
Relevant URL: http://members.lycos.co.uk/textkeeper/tkup.zip
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Encrypts text using numeric combinations and two algorithms, One of the algorithms uses 5 different numeric combinations.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer
is a free service that gives you the ability to track and manage attacks.
Analyzer automatically correlates attacks from various Firewall and
network based Intrusion Detection Systems, giving you a comprehensive
view of your computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]