SecurityFocus Microsoft Newsletter #330
----------------------------------------
This Issue is Sponsored by: Black Hat
Black Hat Europe, March 27-30 in Amsterdam, is Europe's premier technical event for ICT security experts.
Featuring 10 hands-on training courses and 30 Briefings presentations with lots of new content-the best of Black Hat focused on Europe's infosec challenges.
Network with 400 delegates from 25 nations, and see solutions from major sponsors.
http://www.blackhat.com
SecurityFocus is proud to introduce the new *Focus On: Vista* section.
Offering Vista related news, columns and vulnerabilities, SecurityFocus is your source for Vista-related security.
*Visit http://www.securityfocus.com/vista to see for yourself.*
------------------------------------------------------------------
I. FRONT AND CENTER
1. Laptop Losses and Phishing Fruit Salad
2. Vista Review: Bugs and Confusion
II. MICROSOFT VULNERABILITY SUMMARY
1. FTP Voyager CWD Parameter Stack Buffer Overflow Vulnerability
2. Microsoft Internet Explorer Local File Access Weakness
3. Multiple Newsreader Applications .NZB File Remote Heap Overflow Vulnerability
4. Grabit Field Handling Denial of Service Vulnerability
5. News Rover Subject Line Stack Buffer Overflow Vulnerability
6. News File Grabber Subject Line Stack Buffer Overflow Vulnerability
7. Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
8. Apple iTunes XML Parsing Remote Memory Corruption Vulnerability
9. VicFTPS Remote Buffer Overflow Vulnerability
10. Microsoft Word 2000/2002 Remote Code Execution Vulnerability
11. MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
12. Microsoft Excel Remote Denial Of Service Vulnerability
13. MailEnable Web Mail Client Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
14. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
15. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
16. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
17. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
18. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
19. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
20. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
21. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
22. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
23. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
24. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
25. Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
26. Microsoft Antivirus Engine Integer Overflow Vulnerability
27. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
28. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
29. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #329
2. Time Zone change and Kerberos Auth
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Laptop Losses and Phishing Fruit Salad
By Dr. Neal Krawetz
Dr. Neal Krawetz takes a look at the numbers behind reports of laptop thefts and phishing attacks, showing inconsistent metrics and the difficulty in using numbers to determine the real level of threat.
http://www.securityfocus.com/columnists/435
2. Vista Review: Bugs and Confusion
By Thomas C. Greene
The Register's Thomas C. Greene offers an entertaining review of Windows Vista, noting price differences in Europe, driver compatibility issues, and security and user interface issues that affect the Vista experience.
http://www.securityfocus.com/columnists/436
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. FTP Voyager CWD Parameter Stack Buffer Overflow Vulnerability
BugTraq ID: 22637
Remote: Yes
Date Published: 2007-02-20
Relevant URL: http://www.securityfocus.com/bid/22637
Summary:
FTP Voyager is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects version 14.0.0.3.; other versions may also be affected.
2. Microsoft Internet Explorer Local File Access Weakness
BugTraq ID: 22621
Remote: Yes
Date Published: 2007-02-20
Relevant URL: http://www.securityfocus.com/bid/22621
Summary:
Microsoft Internet Explorer is reportedly prone to multiple local file access weaknesses because the application fails to properly handle HTML tags.
These issues are triggered when an attacker entices a victim user to visit a malicious website.
It was initially reported that remote attackers may exploit these issues to gain access to local system files via Internet Explorer. This would aid attackers in the theft of confidential information and in launching further attacks. This attack would occur in the context of the user visiting the malicious site.
New conflicting reports indicate that these issues only result in verifying the existence of files on a vulnerable system.
These issues affect Internet Explorer version 6 on a fully patched Windows XP SP2 system; previous versions and operating systems may also be vulnerable.
3. Multiple Newsreader Applications .NZB File Remote Heap Overflow Vulnerability
BugTraq ID: 22620
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22620
Summary:
NewsReactor and NewsBin Pro are prone to a remote heap-based buffer-overflow because they fail to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
4. Grabit Field Handling Denial of Service Vulnerability
BugTraq ID: 22619
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22619
Summary:
Grabit is prone to denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects version 4.1.0.1; other versions may also be affected.
5. News Rover Subject Line Stack Buffer Overflow Vulnerability
BugTraq ID: 22618
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22618
Summary:
News Rover is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
6. News File Grabber Subject Line Stack Buffer Overflow Vulnerability
BugTraq ID: 22617
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22617
Summary:
News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
7. Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
BugTraq ID: 22616
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22616
Summary:
Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets.
An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash.
8. Apple iTunes XML Parsing Remote Memory Corruption Vulnerability
BugTraq ID: 22615
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22615
Summary:
Apple iTunes is prone to a remote memory-corruption vulnerability because the application fails to handle malformed XML playlist files.
An attacker can exploit this issue to corrupt memory and may be able to execute arbitrary code within the context of the application. Failed exploit attempts will likely trigger a denial-of-service condition.
Apple iTunes version 7.0.2 for Intel and PowerPC are vulnerable to this issue; other versions may also be affected.
9. VicFTPS Remote Buffer Overflow Vulnerability
BugTraq ID: 22608
Remote: Yes
Date Published: 2007-02-18
Relevant URL: http://www.securityfocus.com/bid/22608
Summary:
A remote buffer-overflow vulnerability is reported in VicFTPS. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite-sized process buffers.
An attacker can exploit this issue to cause the affected server to crash and may be able to execute arbitrary code in the context of the server process.
VicFTPS versions prior to 5.0 are vulnerable to this issue.
10. Microsoft Word 2000/2002 Remote Code Execution Vulnerability
BugTraq ID: 22567
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22567
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
Note that this issue is distinct from previous issues described in Word. This issue has been assigned CVE ID CVE-2007-0870.
11. MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
BugTraq ID: 22565
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22565
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.
This issue arises in the SMTP server during NTLM authentication and may result in a crash of the affected service. Arbitrary code execution may also be possible; this has not been confirmed.
This issue was originally discussed in BID 20290 (MailEnable SMTP NTLM Authentication Multiple Vulnerabilities), but further reports and analysis show it is a separate vulnerability and has been assigned its own BID.
12. Microsoft Excel Remote Denial Of Service Vulnerability
BugTraq ID: 22555
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22555
Summary:
Microsoft Excel is reportedly prone to a denial-of-service vulnerability. This issue occurs when the application handles a specially crafted file. This issue stems from a NULL-pointer dereference.
Exploitation could cause the application to crash, resulting in a denial of service.
13. MailEnable Web Mail Client Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 22554
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22554
Summary:
MailEnable Web Mail Client is prone to multiple HTML-njection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials. The attacker could also exploit the HTML-injection issues to control how the site is rendered to the user; other attacks are also possible.
These issues affect MailEnable Professional version 2.351; other versions may also be vulnerable.
14. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
BugTraq ID: 22553
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22553
Summary:
Total Video Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects version 1.03; other versions may also be vulnerable.
15. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
BugTraq ID: 22547
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22547
Summary:
Adobe JRun is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
16. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
BugTraq ID: 22531
Remote: Yes
Date Published: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22531
Summary:
Microsoft Internet Explorer is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
This issue is similar to the one described in BID 22524 (Mozilla Firefox JavaScript Key Filtering Variant Vulnerability), and is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
17. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 22530
Remote: Yes
Date Published: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
18. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
BugTraq ID: 22504
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22504
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This issue is similar to the ones described in previous COM object instantiation records, but it affects a different set of COM objects.
19. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
BugTraq ID: 22499
Remote: No
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22499
Summary:
Microsoft Windows Image Acquisition (WIA) service is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.
NOTE: The affected service is available only on Windows XP.
20. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
BugTraq ID: 22489
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22489
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
21. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
BugTraq ID: 22486
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22486
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects.
22. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BugTraq ID: 22484
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22484
Summary:
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
23. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
BugTraq ID: 22483
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22483
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
24. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
BugTraq ID: 22482
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22482
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
25. Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
BugTraq ID: 22481
Remote: No
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22481
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability due to a lack of proper input validation.
A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.
26. Microsoft Antivirus Engine Integer Overflow Vulnerability
BugTraq ID: 22479
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22479
Summary:
Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files.
This issue is currently being exploited via Portable Document Files (PDF), but other Microsoft applications are also reported vulnerable.
An attacker could exploit this issue by enticing a victim into receiving or opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
27. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 22478
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22478
Summary:
The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
28. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
BugTraq ID: 22477
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22477
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
29. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
BugTraq ID: 22476
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22476
Summary:
The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #329
http://www.securityfocus.com/archive/88/460056
2. Time Zone change and Kerberos Auth
http://www.securityfocus.com/archive/88/459446
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat
Black Hat Europe, March 27-30 in Amsterdam, is Europe's premier technical event for ICT security experts.
Featuring 10 hands-on training courses and 30 Briefings presentations with lots of new content-the best of Black Hat focused on Europe's infosec challenges.
Network with 400 delegates from 25 nations, and see solutions from major sponsors.
----------------------------------------
This Issue is Sponsored by: Black Hat
Black Hat Europe, March 27-30 in Amsterdam, is Europe's premier technical event for ICT security experts.
Featuring 10 hands-on training courses and 30 Briefings presentations with lots of new content-the best of Black Hat focused on Europe's infosec challenges.
Network with 400 delegates from 25 nations, and see solutions from major sponsors.
http://www.blackhat.com
SecurityFocus is proud to introduce the new *Focus On: Vista* section.
Offering Vista related news, columns and vulnerabilities, SecurityFocus is your source for Vista-related security.
*Visit http://www.securityfocus.com/vista to see for yourself.*
------------------------------------------------------------------
I. FRONT AND CENTER
1. Laptop Losses and Phishing Fruit Salad
2. Vista Review: Bugs and Confusion
II. MICROSOFT VULNERABILITY SUMMARY
1. FTP Voyager CWD Parameter Stack Buffer Overflow Vulnerability
2. Microsoft Internet Explorer Local File Access Weakness
3. Multiple Newsreader Applications .NZB File Remote Heap Overflow Vulnerability
4. Grabit Field Handling Denial of Service Vulnerability
5. News Rover Subject Line Stack Buffer Overflow Vulnerability
6. News File Grabber Subject Line Stack Buffer Overflow Vulnerability
7. Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
8. Apple iTunes XML Parsing Remote Memory Corruption Vulnerability
9. VicFTPS Remote Buffer Overflow Vulnerability
10. Microsoft Word 2000/2002 Remote Code Execution Vulnerability
11. MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
12. Microsoft Excel Remote Denial Of Service Vulnerability
13. MailEnable Web Mail Client Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
14. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
15. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
16. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
17. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
18. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
19. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
20. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
21. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
22. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
23. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
24. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
25. Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
26. Microsoft Antivirus Engine Integer Overflow Vulnerability
27. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
28. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
29. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #329
2. Time Zone change and Kerberos Auth
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Laptop Losses and Phishing Fruit Salad
By Dr. Neal Krawetz
Dr. Neal Krawetz takes a look at the numbers behind reports of laptop thefts and phishing attacks, showing inconsistent metrics and the difficulty in using numbers to determine the real level of threat.
http://www.securityfocus.com/columnists/435
2. Vista Review: Bugs and Confusion
By Thomas C. Greene
The Register's Thomas C. Greene offers an entertaining review of Windows Vista, noting price differences in Europe, driver compatibility issues, and security and user interface issues that affect the Vista experience.
http://www.securityfocus.com/columnists/436
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. FTP Voyager CWD Parameter Stack Buffer Overflow Vulnerability
BugTraq ID: 22637
Remote: Yes
Date Published: 2007-02-20
Relevant URL: http://www.securityfocus.com/bid/22637
Summary:
FTP Voyager is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue may allow attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in a denial-of-service condition.
This issue affects version 14.0.0.3.; other versions may also be affected.
2. Microsoft Internet Explorer Local File Access Weakness
BugTraq ID: 22621
Remote: Yes
Date Published: 2007-02-20
Relevant URL: http://www.securityfocus.com/bid/22621
Summary:
Microsoft Internet Explorer is reportedly prone to multiple local file access weaknesses because the application fails to properly handle HTML tags.
These issues are triggered when an attacker entices a victim user to visit a malicious website.
It was initially reported that remote attackers may exploit these issues to gain access to local system files via Internet Explorer. This would aid attackers in the theft of confidential information and in launching further attacks. This attack would occur in the context of the user visiting the malicious site.
New conflicting reports indicate that these issues only result in verifying the existence of files on a vulnerable system.
These issues affect Internet Explorer version 6 on a fully patched Windows XP SP2 system; previous versions and operating systems may also be vulnerable.
3. Multiple Newsreader Applications .NZB File Remote Heap Overflow Vulnerability
BugTraq ID: 22620
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22620
Summary:
NewsReactor and NewsBin Pro are prone to a remote heap-based buffer-overflow because they fail to perform sufficient boundary checks on user-supplied data before copying it to a buffer.
An attacker could leverage this issue to have arbitrary code execute with administrative privileges. A successful exploit could result in the complete compromise of the affected system.
4. Grabit Field Handling Denial of Service Vulnerability
BugTraq ID: 22619
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22619
Summary:
Grabit is prone to denial-of-service vulnerability. This issue occurs because the application fails to handle exceptional conditions.
An attacker can exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects version 4.1.0.1; other versions may also be affected.
5. News Rover Subject Line Stack Buffer Overflow Vulnerability
BugTraq ID: 22618
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22618
Summary:
News Rover is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
6. News File Grabber Subject Line Stack Buffer Overflow Vulnerability
BugTraq ID: 22617
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22617
Summary:
News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.
This issue affects version 4.1.0.1; other versions may also be affected.
7. Snort/Sourcefire DCE/RPC Packet Reassembly Stack Buffer Overflow Vulnerability
BugTraq ID: 22616
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22616
Summary:
Snort IDS and Sourcefire Intrusion Sensor are prone to a stack-based buffer overflow vulnerability because the network intrusion detection (NID) systems fail to handle specially crafted 'DCE' and 'RPC' network packets.
An attacker can exploit this issue to execute malicious code in the context of the user running the affected application. Failed attempts will likely cause these applications to crash.
8. Apple iTunes XML Parsing Remote Memory Corruption Vulnerability
BugTraq ID: 22615
Remote: Yes
Date Published: 2007-02-19
Relevant URL: http://www.securityfocus.com/bid/22615
Summary:
Apple iTunes is prone to a remote memory-corruption vulnerability because the application fails to handle malformed XML playlist files.
An attacker can exploit this issue to corrupt memory and may be able to execute arbitrary code within the context of the application. Failed exploit attempts will likely trigger a denial-of-service condition.
Apple iTunes version 7.0.2 for Intel and PowerPC are vulnerable to this issue; other versions may also be affected.
9. VicFTPS Remote Buffer Overflow Vulnerability
BugTraq ID: 22608
Remote: Yes
Date Published: 2007-02-18
Relevant URL: http://www.securityfocus.com/bid/22608
Summary:
A remote buffer-overflow vulnerability is reported in VicFTPS. This issue occurs because the application fails to properly validate the length of user-supplied strings prior to copying them into finite-sized process buffers.
An attacker can exploit this issue to cause the affected server to crash and may be able to execute arbitrary code in the context of the server process.
VicFTPS versions prior to 5.0 are vulnerable to this issue.
10. Microsoft Word 2000/2002 Remote Code Execution Vulnerability
BugTraq ID: 22567
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22567
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the attack is successful, the attacker may be able to execute arbitrary code in the context of the currently logged-in user.
Note that this issue is distinct from previous issues described in Word. This issue has been assigned CVE ID CVE-2007-0870.
11. MailEnable SMTP NTLM Authentication Unspecified Denial of Service Vulnerability
BugTraq ID: 22565
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22565
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.
This issue arises in the SMTP server during NTLM authentication and may result in a crash of the affected service. Arbitrary code execution may also be possible; this has not been confirmed.
This issue was originally discussed in BID 20290 (MailEnable SMTP NTLM Authentication Multiple Vulnerabilities), but further reports and analysis show it is a separate vulnerability and has been assigned its own BID.
12. Microsoft Excel Remote Denial Of Service Vulnerability
BugTraq ID: 22555
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22555
Summary:
Microsoft Excel is reportedly prone to a denial-of-service vulnerability. This issue occurs when the application handles a specially crafted file. This issue stems from a NULL-pointer dereference.
Exploitation could cause the application to crash, resulting in a denial of service.
13. MailEnable Web Mail Client Multiple HTML Injection and Cross-Site Scripting Vulnerabilities
BugTraq ID: 22554
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22554
Summary:
MailEnable Web Mail Client is prone to multiple HTML-njection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials. The attacker could also exploit the HTML-injection issues to control how the site is rendered to the user; other attacks are also possible.
These issues affect MailEnable Professional version 2.351; other versions may also be vulnerable.
14. iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
BugTraq ID: 22553
Remote: Yes
Date Published: 2007-02-14
Relevant URL: http://www.securityfocus.com/bid/22553
Summary:
Total Video Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects version 1.03; other versions may also be vulnerable.
15. Adobe JRun Administrator Console Cross-Site Scripting Vulnerability
BugTraq ID: 22547
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22547
Summary:
Adobe JRun is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
16. Microsoft Internet Explorer JavaScript Key Filtering Variant Vulnerability
BugTraq ID: 22531
Remote: Yes
Date Published: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22531
Summary:
Microsoft Internet Explorer is prone to a JavaScript key-filtering vulnerability because the browser fails to securely handle keystroke input from users.
Exploiting this issue requires that users manually type the full path of files that attackers wish to download. This may require substantial typing from targeted users, so attackers will likely use keyboard-based games, blogs, or other similar pages to entice users to enter the required keyboard input to exploit this issue.
This issue is similar to the one described in BID 22524 (Mozilla Firefox JavaScript Key Filtering Variant Vulnerability), and is a variant of the one described in BID 18308 (Multiple Vendor Web Browser JavaScript Key Filtering Vulnerability).
17. uTorrent Torrent File Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 22530
Remote: Yes
Date Published: 2007-02-12
Relevant URL: http://www.securityfocus.com/bid/22530
Summary:
uTorrent is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Exploiting this issue allows attackers to execute arbitrary machine code in the context of the application.
This issue affects version 1.6; other versions may also be affected.
18. Microsoft Internet Explorer COM Object Instantiation Variant Memory Corruption Vulnerability
BugTraq ID: 22504
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22504
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This issue is similar to the ones described in previous COM object instantiation records, but it affects a different set of COM objects.
19. Microsoft Windows Image Acquisition Service Privilege Escalation Vulnerability
BugTraq ID: 22499
Remote: No
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22499
Summary:
Microsoft Windows Image Acquisition (WIA) service is prone to a local privilege-escalation vulnerability.
A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.
NOTE: The affected service is available only on Windows XP.
20. Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
BugTraq ID: 22489
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22489
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when parsing certain FTP server responses.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
21. Microsoft Internet Explorer IMJPCKSI COM Object Instantiation Memory Corruption Vulnerability
BugTraq ID: 22486
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22486
Summary:
Microsoft Internet Explorer is prone to a memory-corruption vulnerability when instantiating certain COM objects.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers.
Internet Explorer 7 on Microsoft Vista is not affected by this issue; Internet Explorer 7 on other Windows versions is affected only if COM objects have been enabled by the ActiveX opt-in feature.
This BID is similar to the one described in BID 15827 (Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability), but it affects a different set of COM objects.
22. Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
BugTraq ID: 22484
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22484
Summary:
Microsoft Step-by-Step Interactive Training is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a bookmark link file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
23. Microsoft Windows OLE Dialog Remote Code Execution Vulnerability
BugTraq ID: 22483
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22483
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs when the application attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
24. Microsoft Word Malformed Drawing Object Arbitrary Code Execution Vulnerability
BugTraq ID: 22482
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22482
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
25. Microsoft Windows Shell Hardware Detection Service Privilege Escalation Vulnerability
BugTraq ID: 22481
Remote: No
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22481
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability due to a lack of proper input validation.
A local attacker can exploit this issue to elevate user privileges. Successful exploits will result in the complete compromise of vulnerable computers.
26. Microsoft Antivirus Engine Integer Overflow Vulnerability
BugTraq ID: 22479
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22479
Summary:
Microsoft Antivirus Engine is prone to an integer-overflow vulnerability when the application processes maliciously crafted files.
This issue is currently being exploited via Portable Document Files (PDF), but other Microsoft applications are also reported vulnerable.
An attacker could exploit this issue by enticing a victim into receiving or opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
27. Microsoft HTML Help ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 22478
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22478
Summary:
The Microsoft HTML Help ActiveX control is prone to a remote code-execution vulnerability.
An attacker could exploit this issue to execute code in the context of the user visiting a malicious web page.
28. Microsoft Word Macro Permissions Bypass Arbitrary Code Execution Vulnerability
BugTraq ID: 22477
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22477
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.
An attacker could exploit this issue by enticing a victim to open a malicious Word file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
29. Microsoft MFC Embedded OLE Object Remote Code Execution Vulnerability
BugTraq ID: 22476
Remote: Yes
Date Published: 2007-02-13
Relevant URL: http://www.securityfocus.com/bid/22476
Summary:
The Microsoft MFC component for Microsoft Windows and Microsoft Visual Studio .NET is prone to a remote code-execution vulnerability. This issue occurs when the application using the component attempts to parse malformed Rich Text Files (RTF).
An attacker could exploit this issue by enticing a victim to load a malicious RTF file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #329
http://www.securityfocus.com/archive/88/460056
2. Time Zone change and Kerberos Auth
http://www.securityfocus.com/archive/88/459446
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Black Hat
Black Hat Europe, March 27-30 in Amsterdam, is Europe's premier technical event for ICT security experts.
Featuring 10 hands-on training courses and 30 Briefings presentations with lots of new content-the best of Black Hat focused on Europe's infosec challenges.
Network with 400 delegates from 25 nations, and see solutions from major sponsors.
http://www.blackhat.com
[ reply ]