SecurityFocus Microsoft Newsletter #248
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks. Analyzer automatically correlates attacks from various Firewall and network based Intrusion Detection Systems, giving you a comprehensive view of your computer or general network. Sign up today!
------------------------------------------------------------------
I. FRONT AND CENTER
1. If it isn't broken...
2. Microsoft and Claria, together at last?
3. Introduction to IPAudit
II. MICROSOFT VULNERABILITY SUMMARY
1. Web Wiz Forums Information Disclosure Vulnerability
2. SoftiaCom WMailserver Local Information Disclosure Vulnerability
3. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
4. Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability
5. Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
6. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
7. Microsoft Outlook Express Multiple Vulnerabilities
8. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
9. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability
10. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability
11. MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
12. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
13. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
14. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability
15. Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
16. DG Remote Control Server Remote Denial of Service Vulnerability
17. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service Vulnerability
18. Macromedia JRun Unauthorized Session Access Vulnerability
19. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
20. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
21. Hosting Controller Multiple Remote Vulnerabilities
22. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
23. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
24. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
25. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
2. R: Changing Windows domain password over Internet
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. If it isn't broken...
By Jason Miller
The recently introduced zlib vulnerability is both widespread and significant, but it also brings to light some of the real advantages of open source software.
http://www.securityfocus.com/columnists/341
2. Microsoft and Claria, together at last?
By Scott Granneman
Microsoft is looking to buy Claria, the nefarious spyware company that created Gator, and it's an absolute slap in the face to all Windows users concerned about security.
http://www.securityfocus.com/columnists/340
3. Introduction to IPAudit
By Paul Asadoorian
This article described the usefulness of IPAudit, a network took similar to Netflow that is used to discover botnets, compromised hosts, and other security issues on larger networks.
http://www.securityfocus.com/infocus/1842
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Web Wiz Forums Information Disclosure Vulnerability
BugTraq ID: 14207
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14207
Summary:
Web Wiz Forums is affected by an information disclosure vulnerability. This issue is due to a failure in the application to properly verify user credentials before displaying message titles. An attacker can retrieve the titles of messages in hidden forums.
This issue is reported to affect Web Wiz Forums version 8.0alpha and 7.9; earlier versions may also be vulnerable.
2. SoftiaCom WMailserver Local Information Disclosure Vulnerability
BugTraq ID: 14212
Remote: No
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14212
Summary:
SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry.
A local attacker may exploit this issue to disclose potentially sensitive information.
3. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
BugTraq ID: 14213
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14213
Summary:
SoftiaCom WMailserver contains a denial of service vulnerability in its connection handling code.
If an attacker is able to connect to the SMTP service, and send an excessive chunk of data, reports indicate that the affected application will terminate unexpectedly.
A remote attacker is able to terminate the application, denying service to legitimate users.
4. Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability
BugTraq ID: 14214
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14214
Summary:
Microsoft Windows is prone to a buffer overflow vulnerability in the Color Management Module. The issue is due to a boundary condition error related to the parsing of ICC (International Color Consortium) Profile tags in various supported image and document formats.
ICC Profile data may possibly be embedded in various file formats, including JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3. Some of these formats may not provide an attack vector, especially if Microsoft does not provide native support or does not call the vulnerable functionality when handling certain formats.
Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user. This vulnerability could be exploited through a Web site that hosts a malicious document, by previewing or opening malicious content in email, or through other means that will allow an attacker to send the victim a malicious document.
There is also a risk that other Microsoft or third-party applications that rely on the affected functionality may be vulnerable. A number of third-party applications may ship with vulnerable libraries, so may remain vulnerable despite having applied the Microsoft patch. Symantec is not aware of any such vendors at the time of writing.
5. Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
BugTraq ID: 14216
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14216
Summary:
Microsoft Word is affected by a remote buffer overflow vulnerability.
This vulnerability presents itself when a .doc file contains specific malformed input. Upon attempting to read the malformed .doc file, the affected application fails to properly validate data within the file. This may result in the attacker being able to control the flow of program execution.
Attackers may exploit this vulnerability to execute arbitrary code in the context of the victim user attempting to access the malformed Word file.
6. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
BugTraq ID: 14217
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14217
Summary:
ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests.
This issue presents itself when an RPC/encoded Web method accepts an array or object derived from 'IList'. By sending a specially crafted XML request, the 'aspnet_wp.exe' executable enters into an infinite loop.
Remote attackers may exploit this vulnerability to consume excessive CPU resources, potentially denying service to legitimate users.
7. Microsoft Outlook Express Multiple Vulnerabilities
BugTraq ID: 14225
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14225
Summary:
Microsoft has released an update to address various issues affecting Outlook Express 6.0 running on Windows XP. These issues may allow remote attackers to cause the client to crash or disclose sensitive information.
Reportedly remote attackers may cause the client to crash by sending specially crafted email messages.
Another issue allows the default news server account to be displayed when a user replies to 'watched' conversation threads from multiple computers.
This BID will be updated when more details become available.
8. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14226
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14226
Summary:
ASPNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability
BugTraq ID: 14236
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14236
Summary:
The Kerberos 5 Key Distribution Center (KDC) implementation is affected by a remote single-byte heap overflow vulnerability.
A remote unauthenticated attacker can exploit this vulnerability by sending malformed data through a request over TCP or UDP to an affected computer. This may result in memory corruption and lead to an overflow condition.
If arbitrary code execution occurs, the attacker may gain complete access to an entire Kerberos realm.
All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. Third party application servers employing Kerberos 5 may be affected as well.
10. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability
BugTraq ID: 14239
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14239
Summary:
MIT Kerberos 5 is prone to a remote double-free vulnerability; the issue can be triggered by remote attackers prior to any authentication whatsoever. The issue exists in the 'revcauth_common()' helper function.
A remote attacker may trigger this issue prior to authentication. Because of the code path taken in the vulnerable function, exploitation may be hindered. However, it is conjectured that this issue may be ultimately leveraged to execute arbitrary code in the context of the affected service.
It should be noted that successful exploitation of this issue on a Kerberos Key Distribution Center (KDC) computer, may result in the compromise of an entire Kerberos realm.
11. MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
BugTraq ID: 14240
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14240
Summary:
The Kerberos 5 Key Distribution Center (KDC) implementation is affected by a remote denial of service vulnerability. This issue arises because the application attempts to free uninitialized memory at a random address when handling a remote request over TCP.
Specifically, the vulnerability arises when the application handles a principle name consisting of zero components.
All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. Third party application servers employing Kerberos 5 may be affected as well.
12. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
BugTraq ID: 14243
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14243
Summary:
MailEnable's IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the affected application. This allows attackers to gain System level privileges, resulting in the complete compromise of the targeted computer.
13. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
BugTraq ID: 14247
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14247
Summary:
A denial of service vulnerability has been reported in Cisco Security Agent (CSA). This issue may be triggered by a maliciously crafted IP packet.
Successful exploitation will crash the Microsoft Windows operating system hosting the Cisco Security Agent software. This vulnerability only affects CSA 4.5 on Windows operating systems other than Windows XP.
14. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability
BugTraq ID: 14259
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14259
Summary:
An unspecified remote denial of service vulnerability has been reported in the kernel for Microsoft Windows. The vendor has confirmed that this vulnerability permits remote attackers to crash affected computers. This issue is due to a failure of the application to properly handle malformed Remote Desktop requests.
This BID will be updated as further information is made available.
15. Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
BugTraq ID: 14260
Remote: No
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14260
Summary:
netman.dll is affected by a local denial of service vulnerability.
A successful attack can cause a denial of service condition in the Network Connections Service.
Various services such as Wuauserv, Browser, CryptSvc, TrkWks, dmserver, seclogon, lanmanserver, ShellHWDetection, AudioSrv, WZCSVC and lanmanworkstation may also become inaccessible to the exploitation of this issue.
16. DG Remote Control Server Remote Denial of Service Vulnerability
BugTraq ID: 14263
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14263
Summary:
DG Remote Control Server is affected by a remote denial of service vulnerability.
An attacker can cause a denial of service condition by sending large amounts of data to the listening ports of the application.
This issue may lead to a buffer overflow condition facilitating remote access, however, this has not been confirmed.
DG Remote Control Server 1.6.2 is affected by this vulnerability.
17. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 14270
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14270
Summary:
Sophos Anti-Virus is prone to a remote denial of service vulnerability when it is configured to 'Scan inside archive files'. This is not a default setting.
The issue exists due to failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users.
Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.
18. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14271
Summary:
Macromedia JRun is affected by a vulnerability that may allow a user's session to be shared with another user.
Under certain circumstances, two users may share the same session facilitating various attacks including a compromise of the user's account.
It should be noted that this issue cannot be triggered by an attacker and occurs rarely.
JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX 6.1 Enterprise with JRun are affected by this vulnerability.
19. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14276
Summary:
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer.
This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.
Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected.
20. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
BugTraq ID: 14282
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14282
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
21. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14283
Summary:
Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker to carry out SQL injection attacks, gain unauthorized access to scripts, gain elevated privileges and carry out potential denial of service attacks.
Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues.
22. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
BugTraq ID: 14284
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14284
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue is reportedly similar to the one described in BID 14282.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation results in crashing the affected Web browser. It may be possible that execution of arbitrary code may also be achieved, but this has not been confirmed.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
23. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 14285
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14285
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation results in crashing the affected Web browser by consuming excessive memory.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
24. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
BugTraq ID: 14286
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14286
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation results in crashing the affected Web browser. This vulnerability also reportedly consumes excessive CPU resources.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
25. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
BugTraq ID: 14288
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14288
Summary:
It has been reported that both Microsoft Internet Explorer and MSN Instant Messenger can be crashed if image data with malformed embedded ICC profile data is processed. The condition is likely due to an integer handling error. The author has stated that the crash observed was due to an access violation on a memory read attempt, possibly due to an out-of-bounds array access. This means that the flaw is not immediately exploitable, though there may yet be a way to write data.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405648
2. R: Changing Windows domain password over Internet
http://www.securityfocus.com/archive/88/405460
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks. Analyzer automatically correlates attacks from various Firewall and network based Intrusion Detection Systems, giving you a comprehensive view of your computer or general network. Sign up today!
----------------------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks. Analyzer automatically correlates attacks from various Firewall and network based Intrusion Detection Systems, giving you a comprehensive view of your computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------
I. FRONT AND CENTER
1. If it isn't broken...
2. Microsoft and Claria, together at last?
3. Introduction to IPAudit
II. MICROSOFT VULNERABILITY SUMMARY
1. Web Wiz Forums Information Disclosure Vulnerability
2. SoftiaCom WMailserver Local Information Disclosure Vulnerability
3. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
4. Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability
5. Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
6. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
7. Microsoft Outlook Express Multiple Vulnerabilities
8. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
9. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability
10. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability
11. MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
12. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
13. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
14. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability
15. Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
16. DG Remote Control Server Remote Denial of Service Vulnerability
17. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service Vulnerability
18. Macromedia JRun Unauthorized Session Access Vulnerability
19. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
20. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
21. Hosting Controller Multiple Remote Vulnerabilities
22. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
23. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
24. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
25. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
2. R: Changing Windows domain password over Internet
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. If it isn't broken...
By Jason Miller
The recently introduced zlib vulnerability is both widespread and significant, but it also brings to light some of the real advantages of open source software.
http://www.securityfocus.com/columnists/341
2. Microsoft and Claria, together at last?
By Scott Granneman
Microsoft is looking to buy Claria, the nefarious spyware company that created Gator, and it's an absolute slap in the face to all Windows users concerned about security.
http://www.securityfocus.com/columnists/340
3. Introduction to IPAudit
By Paul Asadoorian
This article described the usefulness of IPAudit, a network took similar to Netflow that is used to discover botnets, compromised hosts, and other security issues on larger networks.
http://www.securityfocus.com/infocus/1842
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Web Wiz Forums Information Disclosure Vulnerability
BugTraq ID: 14207
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14207
Summary:
Web Wiz Forums is affected by an information disclosure vulnerability. This issue is due to a failure in the application to properly verify user credentials before displaying message titles. An attacker can retrieve the titles of messages in hidden forums.
This issue is reported to affect Web Wiz Forums version 8.0alpha and 7.9; earlier versions may also be vulnerable.
2. SoftiaCom WMailserver Local Information Disclosure Vulnerability
BugTraq ID: 14212
Remote: No
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14212
Summary:
SoftiaCom WMailserver is prone to a local information disclosure vulnerability. The application stores passwords in the windows registry.
A local attacker may exploit this issue to disclose potentially sensitive information.
3. SoftiaCom WMailserver Remote Denial Of Service Vulnerability
BugTraq ID: 14213
Remote: Yes
Date Published: 2005-07-11
Relevant URL: http://www.securityfocus.com/bid/14213
Summary:
SoftiaCom WMailserver contains a denial of service vulnerability in its connection handling code.
If an attacker is able to connect to the SMTP service, and send an excessive chunk of data, reports indicate that the affected application will terminate unexpectedly.
A remote attacker is able to terminate the application, denying service to legitimate users.
4. Microsoft Windows Color Management Module ICC Profile Buffer Overflow Vulnerability
BugTraq ID: 14214
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14214
Summary:
Microsoft Windows is prone to a buffer overflow vulnerability in the Color Management Module. The issue is due to a boundary condition error related to the parsing of ICC (International Color Consortium) Profile tags in various supported image and document formats.
ICC Profile data may possibly be embedded in various file formats, including JPEG, GIF, EXIF, TIFF, PNG, PICT, PDF, PostScript, SVG, JDF, and CSS3. Some of these formats may not provide an attack vector, especially if Microsoft does not provide native support or does not call the vulnerable functionality when handling certain formats.
Successful exploitation may result in execution of arbitrary code in the context of the currently logged in user. This vulnerability could be exploited through a Web site that hosts a malicious document, by previewing or opening malicious content in email, or through other means that will allow an attacker to send the victim a malicious document.
There is also a risk that other Microsoft or third-party applications that rely on the affected functionality may be vulnerable. A number of third-party applications may ship with vulnerable libraries, so may remain vulnerable despite having applied the Microsoft patch. Symantec is not aware of any such vendors at the time of writing.
5. Microsoft Word Malformed Document Font Processing Buffer Overflow Vulnerability
BugTraq ID: 14216
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14216
Summary:
Microsoft Word is affected by a remote buffer overflow vulnerability.
This vulnerability presents itself when a .doc file contains specific malformed input. Upon attempting to read the malformed .doc file, the affected application fails to properly validate data within the file. This may result in the attacker being able to control the flow of program execution.
Attackers may exploit this vulnerability to execute arbitrary code in the context of the victim user attempting to access the malformed Word file.
6. Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability
BugTraq ID: 14217
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14217
Summary:
ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests.
This issue presents itself when an RPC/encoded Web method accepts an array or object derived from 'IList'. By sending a specially crafted XML request, the 'aspnet_wp.exe' executable enters into an infinite loop.
Remote attackers may exploit this vulnerability to consume excessive CPU resources, potentially denying service to legitimate users.
7. Microsoft Outlook Express Multiple Vulnerabilities
BugTraq ID: 14225
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14225
Summary:
Microsoft has released an update to address various issues affecting Outlook Express 6.0 running on Windows XP. These issues may allow remote attackers to cause the client to crash or disclose sensitive information.
Reportedly remote attackers may cause the client to crash by sending specially crafted email messages.
Another issue allows the default news server account to be displayed when a user replies to 'watched' conversation threads from multiple computers.
This BID will be updated when more details become available.
8. ASPNuke Comment_Post.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14226
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14226
Summary:
ASPNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
9. MIT Kerberos 5 Key Distribution Center Remote Single Byte Heap Overflow Vulnerability
BugTraq ID: 14236
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14236
Summary:
The Kerberos 5 Key Distribution Center (KDC) implementation is affected by a remote single-byte heap overflow vulnerability.
A remote unauthenticated attacker can exploit this vulnerability by sending malformed data through a request over TCP or UDP to an affected computer. This may result in memory corruption and lead to an overflow condition.
If arbitrary code execution occurs, the attacker may gain complete access to an entire Kerberos realm.
All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. Third party application servers employing Kerberos 5 may be affected as well.
10. MIT Kerberos 5 KRB5_Recvauth Remote Pre-Authentication Double-Free Vulnerability
BugTraq ID: 14239
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14239
Summary:
MIT Kerberos 5 is prone to a remote double-free vulnerability; the issue can be triggered by remote attackers prior to any authentication whatsoever. The issue exists in the 'revcauth_common()' helper function.
A remote attacker may trigger this issue prior to authentication. Because of the code path taken in the vulnerable function, exploitation may be hindered. However, it is conjectured that this issue may be ultimately leveraged to execute arbitrary code in the context of the affected service.
It should be noted that successful exploitation of this issue on a Kerberos Key Distribution Center (KDC) computer, may result in the compromise of an entire Kerberos realm.
11. MIT Kerberos 5 Key Distribution Center Remote Denial of Service Vulnerability
BugTraq ID: 14240
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14240
Summary:
The Kerberos 5 Key Distribution Center (KDC) implementation is affected by a remote denial of service vulnerability. This issue arises because the application attempts to free uninitialized memory at a random address when handling a remote request over TCP.
Specifically, the vulnerability arises when the application handles a principle name consisting of zero components.
All MIT Kerberos 5 releases up to and including krb5-1.4.1 are vulnerable. Third party application servers employing Kerberos 5 may be affected as well.
12. MailEnable IMAP SELECT Request Buffer Overflow Vulnerability
BugTraq ID: 14243
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14243
Summary:
MailEnable's IMAP server is prone to a remotely exploitable stack-based buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it to a fixed size memory buffer.
Remote attackers may exploit this vulnerability to execute arbitrary machine code in the context of the affected application. This allows attackers to gain System level privileges, resulting in the complete compromise of the targeted computer.
13. Cisco Security Agent Crafted IP Packet Denial Of Service Vulnerability
BugTraq ID: 14247
Remote: Yes
Date Published: 2005-07-13
Relevant URL: http://www.securityfocus.com/bid/14247
Summary:
A denial of service vulnerability has been reported in Cisco Security Agent (CSA). This issue may be triggered by a maliciously crafted IP packet.
Successful exploitation will crash the Microsoft Windows operating system hosting the Cisco Security Agent software. This vulnerability only affects CSA 4.5 on Windows operating systems other than Windows XP.
14. Microsoft Windows Kernel Unspecified Remote Desktop Protocol Denial Of Service Vulnerability
BugTraq ID: 14259
Remote: Yes
Date Published: 2005-07-12
Relevant URL: http://www.securityfocus.com/bid/14259
Summary:
An unspecified remote denial of service vulnerability has been reported in the kernel for Microsoft Windows. The vendor has confirmed that this vulnerability permits remote attackers to crash affected computers. This issue is due to a failure of the application to properly handle malformed Remote Desktop requests.
This BID will be updated as further information is made available.
15. Microsoft Windows Network Connections Manager Library Local Denial of Service Vulnerability
BugTraq ID: 14260
Remote: No
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14260
Summary:
netman.dll is affected by a local denial of service vulnerability.
A successful attack can cause a denial of service condition in the Network Connections Service.
Various services such as Wuauserv, Browser, CryptSvc, TrkWks, dmserver, seclogon, lanmanserver, ShellHWDetection, AudioSrv, WZCSVC and lanmanworkstation may also become inaccessible to the exploitation of this issue.
16. DG Remote Control Server Remote Denial of Service Vulnerability
BugTraq ID: 14263
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14263
Summary:
DG Remote Control Server is affected by a remote denial of service vulnerability.
An attacker can cause a denial of service condition by sending large amounts of data to the listening ports of the application.
This issue may lead to a buffer overflow condition facilitating remote access, however, this has not been confirmed.
DG Remote Control Server 1.6.2 is affected by this vulnerability.
17. Sophos Anti-Virus BZip2 Archive Handling Remote Denial Of Service Vulnerability
BugTraq ID: 14270
Remote: Yes
Date Published: 2005-07-14
Relevant URL: http://www.securityfocus.com/bid/14270
Summary:
Sophos Anti-Virus is prone to a remote denial of service vulnerability when it is configured to 'Scan inside archive files'. This is not a default setting.
The issue exists due to failure of the software to adequately sanitize 'Extra field length' values contained in BZip2 archives. Ultimately this vulnerability may be exploited to conduct a denial of proper service for legitimate users.
Attackers may leverage this issue to prevent the software from completing file scans, for files received subsequent to an attack. This may allow the attacker to bypass Anti-Virus scans.
18. Macromedia JRun Unauthorized Session Access Vulnerability
BugTraq ID: 14271
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14271
Summary:
Macromedia JRun is affected by a vulnerability that may allow a user's session to be shared with another user.
Under certain circumstances, two users may share the same session facilitating various attacks including a compromise of the user's account.
It should be noted that this issue cannot be triggered by an attacker and occurs rarely.
JRun 4.0, ColdFusion MX 7.0 Enterprise Multi-Server Edition, and ColdFusion MX 6.1 Enterprise with JRun are affected by this vulnerability.
19. Nullsoft Winamp Malformed ID3v2 Tag Buffer Overflow Vulnerability
BugTraq ID: 14276
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14276
Summary:
Winamp is susceptible to a buffer overflow vulnerability in its ID3v2 functionality. This issue is due to a failure of the application to properly bounds check input data prior to copying it into a fixed size memory buffer.
This issue will facilitate remote exploitation as an attacker may distribute malicious MP3 files and entice unsuspecting users to process them with the affected application.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application.
Versions 5.03a, 5.09, and 5.091 are reported vulnerable to this issue. Other versions are also likely affected.
20. Microsoft Internet Explorer JPEG Image Rendering Unspecified Buffer Overflow Vulnerability
BugTraq ID: 14282
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14282
Summary:
Microsoft Internet Explorer is prone to a buffer overflow vulnerability in the JPEG image rendering library used by the browser. This issue is due to a failure of the application to properly bounds check input data prior to copying it to a fixed size memory buffer.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation may result in execution of arbitrary code in the context of the user executing the affected browser.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
21. Hosting Controller Multiple Remote Vulnerabilities
BugTraq ID: 14283
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14283
Summary:
Hosting Controller is reported prone to multiple vulnerabilities. These issues can allow an attacker to carry out SQL injection attacks, gain unauthorized access to scripts, gain elevated privileges and carry out potential denial of service attacks.
Hosting Controller version 6.1 hotfix 2.1 is vulnerable to these issues.
22. Microsoft Internet Explorer JPEG Image Rendering CMP Fencepost Denial Of Service Vulnerability
BugTraq ID: 14284
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14284
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser. This issue is reportedly similar to the one described in BID 14282.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation results in crashing the affected Web browser. It may be possible that execution of arbitrary code may also be achieved, but this has not been confirmed.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
23. Microsoft Internet Explorer JPEG Image Rendering Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 14285
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14285
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation results in crashing the affected Web browser by consuming excessive memory.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
24. Microsoft Internet Explorer JPEG Image Rendering Unspecified Denial Of Service Vulnerability
BugTraq ID: 14286
Remote: Yes
Date Published: 2005-07-15
Relevant URL: http://www.securityfocus.com/bid/14286
Summary:
Microsoft Internet Explorer is prone to an unspecified denial of service vulnerability in the JPEG image rendering library used by the browser.
This issue was identified by creating random input for the browser, and has not been researched further at this time. This BID will be updated as further information is disclosed.
Successful exploitation results in crashing the affected Web browser. This vulnerability also reportedly consumes excessive CPU resources.
This issue was reported in Internet Explorer 6 SP2. Previous versions may also be affected.
25. Microsoft MSN Messenger / Internet Explorer Image ICC Profile Processing Vulnerability
BugTraq ID: 14288
Remote: Yes
Date Published: 2005-07-16
Relevant URL: http://www.securityfocus.com/bid/14288
Summary:
It has been reported that both Microsoft Internet Explorer and MSN Instant Messenger can be crashed if image data with malformed embedded ICC profile data is processed. The condition is likely due to an integer handling error. The author has stated that the crash observed was due to an access violation on a memory read attempt, possibly due to an out-of-bounds array access. This means that the flaw is not immediately exploitable, though there may yet be a way to write data.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. R: Should webservers, eg. IIS 6 have anti--virus installed on them?
http://www.securityfocus.com/archive/88/405648
2. R: Changing Windows domain password over Internet
http://www.securityfocus.com/archive/88/405460
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
Need to know what's happening on YOUR network? Symantec DeepSight Analyzer is a free service that gives you the ability to track and manage attacks. Analyzer automatically correlates attacks from various Firewall and network based Intrusion Detection Systems, giving you a comprehensive view of your computer or general network. Sign up today!
http://www.securityfocus.com/sponsor/Symantec_sf-news_041130
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]