Focus on Microsoft
SecurityFocus Microsoft Newsletter #361 Sep 28 2007 05:32PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #361
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D3W
W

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Windows Anti-Debug Reference
2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Explorer PNG Image Local Denial Of Service Vulnerability
2. IBM Rational ClearQuest Data Corruption Denial of Service Vulnerability
3. Microsoft Live Messenger Shared Files Denial of Service Vulnerability
4. Symantec Veritas Backup Exec for Windows Unspecified Vulnerability
5. ebCrypt ActiveX Control AddString Denial of Service Vulnerability
6. Imatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
7. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
8. ImageMagick ReadDIBImage Integer Overflow Vulnerability
9. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
10. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities
11. Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
12. NetSupport Manager Remote Authentication Bypass Vulnerability
13. Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability
14. Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
15. Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
16. Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability
17. COWON America jetAudio JetFlExt.dll ActiveX Control Insecure Method Vulnerability
18. Microsoft RegMon SSDT Hooks Multiple Local Vulnerabilities
19. Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
20. ProSecurity SSDT Hooks Multiple Local Vulnerabilities
21. DiamondCS ProcessGuard SSDT Hooks Multiple Local Vulnerabilities
22. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
23. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
24. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
25. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
26. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
27. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Windows Anti-Debug Reference
By Nicolas Falliere
This paper classifies and presents several anti-debugging techniques used on Windows NT-based operating systems.
http://www.securityfocus.com/infocus/1893

2.VoIP Hopping: A Method of Testing VoIP security or Voice VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study and Method
http://www.securityfocus.com/infocus/1892

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Explorer PNG Image Local Denial Of Service Vulnerability
BugTraq ID: 25816
Remote: Yes
Date Published: 2007-09-26
Relevant URL: http://www.securityfocus.com/bid/25816
Summary:
Microsoft Windows Explorer is prone to a denial-of-service vulnerability because it fails to handle malformed PNG image files.

Attackers can exploit this issue to cause Windows Explorer to exhaust CPU cycles and become unresponsive.

2. IBM Rational ClearQuest Data Corruption Denial of Service Vulnerability
BugTraq ID: 25810
Remote: Yes
Date Published: 2007-09-25
Relevant URL: http://www.securityfocus.com/bid/25810
Summary:
IBM Rational ClearQuest is prone to a denial-of-service vulnerability.

Successfully exploiting this issue allows attackers to corrupt data stored in Microsoft SQL Server- or IBM DB2-based ClearQuest databases. Oracle-based databases are not prone to this issue. A successful attack will deny service to legitimate users.

3. Microsoft Live Messenger Shared Files Denial of Service Vulnerability
BugTraq ID: 25795
Remote: Yes
Date Published: 2007-09-24
Relevant URL: http://www.securityfocus.com/bid/25795
Summary:
Microsoft Live Messenger is prone to a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to crash affected applications, denying service to legitimate users. Given the nature of this issue, remote attackers may also be able to execute code, but this has not been confirmed.

Live Messenger 8.1 is vulnerable to this issue; other versions may also be affected.

4. Symantec Veritas Backup Exec for Windows Unspecified Vulnerability
BugTraq ID: 25793
Remote: Yes
Date Published: 2007-09-24
Relevant URL: http://www.securityfocus.com/bid/25793
Summary:
Symantec Veritas Backup Exec for Windows is prone to an unspecified vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

This issue affects Backup Exec 11d for Windows Servers.

5. ebCrypt ActiveX Control AddString Denial of Service Vulnerability
BugTraq ID: 25789
Remote: Yes
Date Published: 2007-09-24
Relevant URL: http://www.securityfocus.com/bid/25789
Summary:
ebCrypt ActiveX control is prone to a denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash applications that employ the vulnerable control (typically Microsoft Internet Explorer).

ebCrypt 2.0 is vulnerable; other versions may also be affected.

6. Imatix Xitami If-Modified-Since Remote Buffer Overflow Vulnerability
BugTraq ID: 25772
Remote: Yes
Date Published: 2007-09-24
Relevant URL: http://www.securityfocus.com/bid/25772
Summary:
Xitami is prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Xitami 2.5 is vulnerable to this issue; other versions may also be affected.

7. ImageMagick Blob.C Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 25766
Remote: Yes
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25766
Summary:
ImageMagick is prone to an off-by-one buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of a user running the application.

Versions prior to ImageMagick 6.3.5-9 are vulnerable.

8. ImageMagick ReadDIBImage Integer Overflow Vulnerability
BugTraq ID: 25765
Remote: Yes
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25765
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly validate user-supplied data.

An attacker can exploit this issue to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

Versions prior to ImageMagick 6.3.5-9 are vulnerable to this issue.

9. ImageMagick ReadBlob Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 25764
Remote: Yes
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25764
Summary:
ImageMagick is prone to multiple remote denial-of-service vulnerabilities.

An attacker could exploit these issues by enticing an unsuspecting victim to open a malicious image file.

Successfully exploiting these issues will allow the attacker to consume excessive amounts of CPU resources on affected computers, denying service to legitimate users.

These issues affect ImageMagick 6.3.4; prior versions are also affected.

10. ImageMagick DCM, DIB, XBM, XCF, and XWD Image Files Multiple Integer Overflow Vulnerabilities
BugTraq ID: 25763
Remote: Yes
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25763
Summary:
ImageMagick is prone to multiple integer-overflow vulnerabilities because it fails to adequately handle user-supplied data.

An attacker can exploit these issues to execute arbitrary code in the context of the application. Failed exploit attempts will likely cause denial-of-service conditions.

These issues affect versions prior to ImageMagick 6.3.5-9.

11. Ipswitch IMail SMTP Server IASPAM.DLL Remote Buffer Overflow Vulnerability
BugTraq ID: 25762
Remote: Yes
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25762
Summary:
Ipswitch IMail Server is prone to a buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Versions between Ipswitch IMail Server 8.01 and 8.11 are vulnerable to this issue; other versions may also be affected.

NOTE: This issue may be related to previously disclosed vulnerabilities in IMail, but due to a lack of information we cannot confirm this. We will update this BID as more information emerges.

12. NetSupport Manager Remote Authentication Bypass Vulnerability
BugTraq ID: 25761
Remote: Yes
Date Published: 2007-09-21
Relevant URL: http://www.securityfocus.com/bid/25761
Summary:
NetSupport Manager is prone to an authentication-bypass vulnerability because the client application fails to properly require authentication when handling connections.

Attackers can exploit this issue to gain unauthorized access to computers running the affected application.

This issue affects versions prior to NetSupport Manager 10.20.0004 on Microsoft Windows platforms.

13. Microsoft ISA Server SOCKS4 Proxy Connection Remote Information Disclosure Vulnerability
BugTraq ID: 25753
Remote: Yes
Date Published: 2007-09-20
Relevant URL: http://www.securityfocus.com/bid/25753
Summary:
Microsoft ISA Server is prone to an information-disclosure vulnerability that occurs when SOCKS4 handles empty packets.

An attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue affects Microsoft ISA Server 2004 SP1 and SP2.

14. Xunlei Web Thunder ActiveX Control DownURL2 Method Remote Buffer Overflow Vulnerability
BugTraq ID: 25751
Remote: Yes
Date Published: 2007-09-20
Relevant URL: http://www.securityfocus.com/bid/25751
Summary:
Xunlei Web Thunder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to execute arbitrary code within the context of the application using the ActiveX control (typically Microsoft Internet Explorer). Failed exploit attempts will result in a denial-of-service condition.

This issue affects Xunlei Web Thunder 5.6.8.344; other versions may also be affected.

15. Mercury/32 IMAPD SEARCH Command Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 25733
Remote: Yes
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25733
Summary:
Mercury/32 is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

To exploit this issue, attackers must have authenticated access to the affected application.

An attacker can exploit this issue to execute arbitrary machine code within the context of the user running the application. Failed exploit attempts will result in a denial-of-service vulnerability.

This issue affects Mercury/32 4.52; other versions may also be affected.

16. Bugzilla User.PM Unauthorized Account Creation Security Bypass Vulnerability
BugTraq ID: 25725
Remote: Yes
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25725
Summary:
Bugzilla is prone to a security-bypass vulnerability because it fails to adequately validate user-supplied input.

Attackers can exploit this issue to create Bugzilla user accounts on computers that also have the 'SOAP::Lite' Perl module installed.

NOTE: The application is vulnerable even if account creation has been disabled.

Versions prior to Bugzilla 3.0.2 and 3.1.2 are vulnerable.

17. COWON America jetAudio JetFlExt.dll ActiveX Control Insecure Method Vulnerability
BugTraq ID: 25723
Remote: Yes
Date Published: 2007-09-19
Relevant URL: http://www.securityfocus.com/bid/25723
Summary:
jetAudio is prone to a vulnerability that lets attackers overwrite arbitrary files. The problem stems from an insecure method caused by a design error in the affected application.

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

This issue affects jetAudio 7.0.3 Basic; other versions may also be affected.

18. Microsoft RegMon SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25721
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25721
Summary:
RegMon is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

RegMon 7.04 is vulnerable to these issues; other versions may also be affected.

19. Microsoft Process Monitor SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25719
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25719
Summary:
Process Monitor is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Process Monitor 1.22 is vulnerable to these issues; other versions may also be affected.

20. ProSecurity SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25718
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25718
Summary:
ProSecurity is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

ProSecurity 1.40 beta 2 is vulnerable to these issues; other versions may also be affected.

21. DiamondCS ProcessGuard SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25714
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25714
Summary:
ProcessGuard is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

ProcessGuard 3.410 is vulnerable; other versions may also be affected.

22. Privatefirewall SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25712
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25712
Summary:
Privatefirewall is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Privatefirewall 5.0.14.2 is vulnerable; other versions may also be affected.

23. Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25711
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25711
Summary:
Online Armor Personal Firewall is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Online Armor Personal Firewall 2.0.1.125 is vulnerable; other versions may also be affected.

24. Ghost Security Suite SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25709
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25709
Summary:
Ghost Security Suite is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Ghost Security Suite beta 1.110 and alpha 1.200 are vulnerable; other versions may also be affected.

25. G DATA Internet Security SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 25705
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.securityfocus.com/bid/25705
Summary:
G DATA Internet Security is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

G DATA Internet Security 2007 is vulnerable; other versions may also be affected.

26. WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
BugTraq ID: 25687
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25687
Summary:
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.

Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.

WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected.

27. Media Player Classic Remote Malformed Video File Remote Denial of Service Vulnerability
BugTraq ID: 25686
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.securityfocus.com/bid/25686
Summary:
Media Player Classic is prone to a remote denial-of-service vulnerability because the application fails to handle malformed video files.

Remote attackers can exploit this issue to crash the application. Reports indicate that attackers may also be able to execute code, but this has not been confirmed.

Media Player Classic 6.4.9.1 and prior versions are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000D3W
W

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus