Focus on Microsoft
SecurityFocus Microsoft Newsletter #358 Sep 05 2007 08:57PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #358
----------------------------------------

This Issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Mod Your iPhone- For Fun or Profit?
2. Virtualized rootkits - Part 2
II. MICROSOFT VULNERABILITY SUMMARY
1. Atomix MP3 Malformed PLS Playlist File Buffer Overflow Vulnerability
2. Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
3. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
4. MailMarshal Tar Archive Remote Directory Traversal Vulnerability
5. Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
6. Virtual DJ M3U File Buffer Overflow Vulnerability
7. Virtual DJ M3U Local Buffer Overflow Vulnerability
8. Norman Virus Control NVCOAFT51.SYS Driver Multiple Vulnerabilities
9. Hexamail POP3 Server Remote Buffer Overflow Vulnerability
10. Multiple MicroWorld eScan Products Local Privilege Escalation Vulnerability
11. Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
12. Entrust ESP Certificate Path Verification Vulnerability
13. Subversion for Windows Remote Directory Traversal Vulnerability
14. Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
15. Motorola Timbuktu Pro for Windows Multiple Remote Buffer Overflow Vulnerabilities
16. Motorola Timbuktu Pro Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #357
2. Active Directory
3. Software smart-card emulation
4. NTFS default special permissions
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Mod Your iPhone- For Fun or Profit?
By Mark Rasch
I admit it: I own an iPhone. Indeed, I bought one the day they came out. No, I didn't wait in line for hours; I just walked into the local Apple store, plunked down my life's savings, and voila, another AT&T customer!
http://www.securityfocus.com/columnists/453

2. Virtualized rootkits - Part 2
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized rootkits. Joanna Rutkowska has been working on a new version of Blue-Pill, her proof of concept invisible rootkit, while a team made by three prominent security experts (Thomas Ptacek, Nate Lawson, Peter Ferrie) challenged her that there is not an "invisible" rootkit, and that they were going to present at BlackHat conference various techniques to detect Blue-Pill. Federico Biancuzzi interviewed both sides to learn more. Part 2 of 2
http://www.securityfocus.com/columnists/452

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Atomix MP3 Malformed PLS Playlist File Buffer Overflow Vulnerability
BugTraq ID: 25546
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.securityfocus.com/bid/25546
Summary:
Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker could exploit this issue by enticing a victim to load a malicious MP3 file. If successful, the attacker can execute arbitrary code in the context of the affected application.

2. Intuit QuickBooks Online Edition ActiveX Controls Multiple Vulnerabilities
BugTraq ID: 25544
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.securityfocus.com/bid/25544
Summary:
Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple vulnerabilities including multiple stack-based buffer-overflow issues and an access-validation issue.

Attackers can exploit these issues to execute arbitrary code in the context of an application using the controls (typically Internet Explorer) or to upload and download files in arbitrary locations on the affected computer.

Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickBooks Online Edition versions prior to 10 are vulnerable.

3. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling Command Injection Vulnerability
BugTraq ID: 25543
Remote: Yes
Date Published: 2007-09-01
Relevant URL: http://www.securityfocus.com/bid/25543
Summary:
Mozilla Firefox is prone to an unspecified vulnerability that lets attackers inject commands through the 'mailto', 'nntp', 'news', and 'snews' protocol handlers.

Exploiting this issue allows remote attackers to pass and execute arbitrary commands and arguments by employing the 'mailto', 'nntp', 'news', and 'snews' protocol handlers.

Utilizing this issue would permit remote attackers to influence command options that can be called through the various handlers and therefore execute commands and script code with the privileges of a user running the applications. Successful attacks may result in a variety of consequences, including remote unauthorized access.

4. MailMarshal Tar Archive Remote Directory Traversal Vulnerability
BugTraq ID: 25523
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.securityfocus.com/bid/25523
Summary:
MailMarshal is prone to a directory-traversal vulnerability because the application fails to validate user-supplied data.

Remote attackers an overwrite files in arbitrary locations on a vulnerable computer in the context of the user running the affected application.

5. Ots Labs OtsTurntables M3U Local Buffer Overflow Vulnerability
BugTraq ID: 25514
Remote: No
Date Published: 2007-09-03
Relevant URL: http://www.securityfocus.com/bid/25514
Summary:
Ots Labs OtsTurntables is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OtsTurntables 1.00 is vulnerable; other versions may also be affected.

6. Virtual DJ M3U File Buffer Overflow Vulnerability
BugTraq ID: 25513
Remote: Yes
Date Published: 2007-09-02
Relevant URL: http://www.securityfocus.com/bid/25513
Summary:
Virtual DJ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.

Attackers may attempt to exploit this issue by coercing users to access malicious M3U playlist files.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.

Virtual DJ 5.0 is vulnerable; other versions may also be affected.

7. Virtual DJ M3U Local Buffer Overflow Vulnerability
BugTraq ID: 25512
Remote: No
Date Published: 2007-09-03
Relevant URL: http://www.securityfocus.com/bid/25512
Summary:
Virtual DJ is prone to a local buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Virtual DJ 5.0 is vulnerable; other versions may also be affected.

8. Norman Virus Control NVCOAFT51.SYS Driver Multiple Vulnerabilities
BugTraq ID: 25499
Remote: No
Date Published: 2007-08-31
Relevant URL: http://www.securityfocus.com/bid/25499
Summary:
Norman Virus Control is prone to multiple vulnerabilities including a heap-based kernel memory buffer-overflow issue and multiple input-validation vulnerabilities.

These issues reside in the 'nvcoaft51.sys' driver.

Attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

Norman Virus Control 5.82 is vulnerable; other versions may also be affected.

NOTE: Other Norman products may also use the affected driver.

9. Hexamail POP3 Server Remote Buffer Overflow Vulnerability
BugTraq ID: 25496
Remote: Yes
Date Published: 2007-08-30
Relevant URL: http://www.securityfocus.com/bid/25496
Summary:
Hexamail Server is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the affected application, likely with SYSTEM-level privileges because the server must listen on TCP ports lower than 1024.

Hexamail Server 3.0.0.001 is vulnerable to this issue; other versions may also be affected.

10. Multiple MicroWorld eScan Products Local Privilege Escalation Vulnerability
BugTraq ID: 25493
Remote: No
Date Published: 2007-08-30
Relevant URL: http://www.securityfocus.com/bid/25493
Summary:
Multiple MicroWorld eScan products are vulnerable to a local privilege-escalation vulnerability because of insecure default file permissions.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

The following are vulnerable:

eScan Internet Security 9.0.722.1
eScan Virus Control 9.0.722.1
eScan AntiVirus 9.0.722.1

Other versions and software packages may also be affected.

11. Oracle JInitiator ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 25473
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25473
Summary:
Oracle JInitiator is prone to multiple remote buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting these issues allows remote attackers to execute arbitrary code in the context of applications using the affected ActiveX control and to compromise affected computers. Failed attempts will likely result in denial-of-service conditions.

These issues affect Oracle JInitiator 1.1.8.16; other versions may also be affected.

12. Entrust ESP Certificate Path Verification Vulnerability
BugTraq ID: 25471
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25471
Summary:
Entrust ESP fails to properly validate certificate chains.

Successfully exploiting this issue may allow attackers to use invalid security certificates, possibly aiding them in further attacks.

Entrust Entelligence Security Provider 8 is vulnerable to this issue; other versions may also be affected.

13. Subversion for Windows Remote Directory Traversal Vulnerability
BugTraq ID: 25468
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25468
Summary:
Subversion is prone to a remote directory-traversal vulnerability because the application fails to properly sanitize user-supplied input.

Successfully exploiting this issue allows attackers to write arbitrary data to arbitrary locations on unsuspecting users' computers.

This issue affects Subversion running on Microsoft Windows and on any other platform where directory-separator characters are '\' or characters other than '/'.

Versions prior to Subversion 1.4.5 are vulnerable.

14. Microsoft MSN Messenger Video Conversation Buffer Overflow Vulnerability
BugTraq ID: 25461
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.securityfocus.com/bid/25461
Summary:
Microsoft MSN Messenger is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will likely result in denial-of-service conditions.

Microsoft MSN Messenger 7 is considered vulnerable; other versions may also be prone to this issue.

15. Motorola Timbuktu Pro for Windows Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 25454
Remote: Yes
Date Published: 2007-08-27
Relevant URL: http://www.securityfocus.com/bid/25454
Summary:
Motorola Timbuktu Pro is prone to multiple remote buffer-overflow vulnerabilities because the software fails to properly bounds-check user-supplied input.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, which may lead to a complete compromise of affected computers. Failed exploit attempts likely result in denial-of-service conditions.

Timbuktu Pro 8.6.3.1367 for Windows is vulnerable to these issues; other versions and platforms may also be affected.

16. Motorola Timbuktu Pro Directory Traversal Vulnerability
BugTraq ID: 25453
Remote: Yes
Date Published: 2007-08-27
Relevant URL: http://www.securityfocus.com/bid/25453
Summary:
Motorola Timbuktu Pro is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to delete or create arbitrary files with SYSTEM-level privileges. This could completely compromise affected computers.

Timbuktu Pro 8.6.3.1367 for Windows is vulnerable; other versions and platforms may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #357
http://www.securityfocus.com/archive/88/478141

2. Active Directory
http://www.securityfocus.com/archive/88/478140

3. Software smart-card emulation
http://www.securityfocus.com/archive/88/478049

4. NTFS default special permissions
http://www.securityfocus.com/archive/88/477517

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: CSI

CSI 2007, November 3-9 in Washington, DC, is the only conference that delivers a business-focused overview of enterprise security. It will convene 2,000+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission.

http://www.csiannual.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus