Focus on Microsoft
SecurityFocus Microsoft Newsletter #373 Dec 20 2007 08:59PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #373
----------------------------------------

This issue is Sponsored by: The Computer Forensics Show

Imangine the ability to view anything that ever appeared on almost any computer. The Computer Forensics Show is the "DON"T MISS" event of the year for IT professionals

The Computer Forensics Show
February 4-6, 2008
Washington Convention Center
Washington D.C.
www.computerforensicshow.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Copyrights and Wrongs
2.The Man in the Machine
II. MICROSOFT VULNERABILITY SUMMARY
1. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
2. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
3. WFTPD Explorer Remote Buffer Overflow Vulnerability
4. Adobe Flash Player DNS Rebinding Vulnerability
5. Adobe Flash Player Multiple Security Vulnerabilities
6. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
7. iMesh 'IMWebControl' ActiveX Control Code Execution Vulnerability
8. Apple Safari Subframe Same Origin Policy Violation Vulnerability
9. RaidenHTTPD 'workspace.php' Directory Traversal Vulnerability
10. SurgeMail Malformed Host Header Denial of Service Vulnerability
11. Apple QuickTime QTL File Handling Remote Heap Buffer Overflow Vulnerability
12. Apple QuickTime Flash Media Player Multiple Unspecified Vulnerabilities
13. Microsoft Office Hyperlink Signing Weakness
14. QK SMTP Server Malformed Commands Multiple Remote Denial of Service Vulnerabilities
15. JustSystems Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability
16. Symantec Backup Exec for Windows Unspecified Remote Vulnerability
17. Microsoft Office Insecure Document Signing Weakness
18. BitDefender Antivirus 2008 bdelev.dll ActiveX Control Double Free Vulnerability
19. BitDefender Antivirus bdevel.dll ActiveX Control Multiple Arbitrary Code Execution Vulnerabilities
20. Intuit QuickBooks Online Edition ActiveX Controls Multiple Unspecified Vulnerabilities
21. Microsoft Internet Explorer Element Tags Remote Memory Corruption Vulnerability
22. Microsoft Internet Explorer cloneNode() and nodeValue() Remote Memory Corruption Vulnerability
23. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
24. Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability
25. Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability
26. Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability
27. Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability
28. Microsoft Windows Media Format Runtime ASF File Remote Code Execution Vulnerability
29. Microsoft Windows Vista Kernel ALPC Local Privilege Escalation Vulnerability
30. Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability
31. Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.
http://www.securityfocus.com/columnists/460

2.The Man in the Machine
By Federico Biancuzzi
In April 2007, when two security researchers demonstrated a flaw in the next-generation IPv6 routing scheme that would allow attackers to significantly amplify any denial-of-service attack by a factor of at least 80, networking expert Jun-ichiro "Itojun" Hagino worked to get Internet engineers to take the threat seriously.
http://www.securityfocus.com/columnists/459

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
BugTraq ID: 26960
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0 and prior.

Note: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities). However new technical details are available, therefore the issue has been assigned to this BID.

2. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

3. WFTPD Explorer Remote Buffer Overflow Vulnerability
BugTraq ID: 26935
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26935
Summary:
WFTPD Explorer is prone to a remote heap-based buffer-overflow vulnerability.

The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may gain unauthorized access in the context of the user running the application.

WFTPD Explorer 1.0 is reported vulnerable; other versions may be affected as well.

4. Adobe Flash Player DNS Rebinding Vulnerability
BugTraq ID: 26930
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.

Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.

5. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 26929
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26929
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities, including:

- A privilege-escalation issue
- A cross-domain security-bypass issue
- An HTTP request-splitting issue

Attackers can exploit these vulnerabilities to compromise affected computers, execute arbitrary code and misrepresent how web content is served, cached, or interpreted. Other attacks are also possible.

These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior.

Notes:

- The issues described in CVE-2007-6244 have been reassigned to BID 26949 and BID 26960.
- The issue described in CVE-2007-6242 has been reassigned to BID 26951.

6. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
BugTraq ID: 26927
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

7. iMesh 'IMWebControl' ActiveX Control Code Execution Vulnerability
BugTraq ID: 26916
Remote: Yes
Date Published: 2007-12-17
Relevant URL: http://www.securityfocus.com/bid/26916
Summary:
iMesh is prone to a code-execution vulnerability because the application fails to sanitize user-supplied data, which can lead to memory corruption.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using an affected ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

iMesh 7.1.0.37263 and prior versions are reported affected by this issue.

8. Apple Safari Subframe Same Origin Policy Violation Vulnerability
BugTraq ID: 26911
Remote: Yes
Date Published: 2007-12-17
Relevant URL: http://www.securityfocus.com/bid/26911
Summary:
Apple Safari is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy for subframe access.

An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.

Safari 3 for both Microsoft Windows and Apple Mac OS X platforms is vulnerable to this issue.

9. RaidenHTTPD 'workspace.php' Directory Traversal Vulnerability
BugTraq ID: 26903
Remote: Yes
Date Published: 2007-12-17
Relevant URL: http://www.securityfocus.com/bid/26903
Summary:
RaidenHTTPD is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.

Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.

RaidenHTTPD 2.0.19 is vulnerable; other versions may also be affected.

10. SurgeMail Malformed Host Header Denial of Service Vulnerability
BugTraq ID: 26901
Remote: Yes
Date Published: 2007-12-17
Relevant URL: http://www.securityfocus.com/bid/26901
Summary:
SurgeMail is prone to a remote denial-of-service vulnerability because the application fails to handle specially crafted HTTP POST requests

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

SurgeMail 38k4 for Microsoft Windows is vulnerable; other versions running on different platforms may also be affected.

11. Apple QuickTime QTL File Handling Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26868
Remote: Yes
Date Published: 2007-12-13
Relevant URL: http://www.securityfocus.com/bid/26868
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted QTL file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

12. Apple QuickTime Flash Media Player Multiple Unspecified Vulnerabilities
BugTraq ID: 26866
Remote: Yes
Date Published: 2007-12-13
Relevant URL: http://www.securityfocus.com/bid/26866
Summary:
Apple QuickTime is prone to multiple unspecified vulnerabilities. The most serious issue will allow remote attackers to execute code.

The remote-code execution issues involve processing '.swf' files. The 'Quicktime.qts' module uses the 'BitMapFormat' attribute of the 'Parser' object without validating its contents.

An attacker can exploit some of these issues to execute arbitrary code with the privileges of the user running the affected application. The impact of the other issues has not been specified.

These issues affect versions prior to QuickTime 7.3.1 for these platforms:

Mac OS X v10.3.9
Mac OS X v10.4.9 or later
Mac OS X v10.5 or later
Microsoft Windows Vista
Microsoft Windows XP SP2

13. Microsoft Office Hyperlink Signing Weakness
BugTraq ID: 26857
Remote: Yes
Date Published: 2007-12-13
Relevant URL: http://www.securityfocus.com/bid/26857
Summary:
Microsoft Office fails to securely sign Office documents properly.

Attackers can leverage this weakness to manipulate signed documents in a manner such that the signature remains intact.

The weakness will result in a false sense of security and could help attackers exploit other latent vulnerabilities.

Microsoft Office 2007 is vulnerable; other versions may also be affected.

14. QK SMTP Server Malformed Commands Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 26856
Remote: Yes
Date Published: 2007-12-13
Relevant URL: http://www.securityfocus.com/bid/26856
Summary:
QK SMTP Server is prone to multiple remote denial-of-service vulnerabilities that occur when handling malformed SMTP commands.

An attacker can exploit these issues to crash the affected application, denying service to legitimate users.

These issues affects QK SMTP Server 3; other versions may also be affected.

15. JustSystems Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability
BugTraq ID: 26846
Remote: Yes
Date Published: 2007-12-13
Relevant URL: http://www.securityfocus.com/bid/26846
Summary:
Ichitaro is prone to an unspecified stack-based buffer-overflow vulnerability.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the vulnerable application. Failed attempts will likely cause denial-of-service conditions.

The issue affects Ichitaro 2005, 2006 and 2007; other versions may also be vulnerable.

This issue is being exploited in the wild by Trojan.Tarodrop.F.

Few details are available regarding this issue. We will update this BID as more information emerges.

16. Symantec Backup Exec for Windows Unspecified Remote Vulnerability
BugTraq ID: 26837
Remote: Yes
Date Published: 2007-12-12
Relevant URL: http://www.securityfocus.com/bid/26837
Summary:
Symantec Backup Exec for Windows is prone to an unspecified remote vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

This issue affects Backup Exec 11d for Windows Servers.

17. Microsoft Office Insecure Document Signing Weakness
BugTraq ID: 26833
Remote: Yes
Date Published: 2007-12-12
Relevant URL: http://www.securityfocus.com/bid/26833
Summary:
Microsoft Office fails to securely sign XML-based documents. Attackers can leverage this weakness to manipulate signed documents to contain malicious data in a manner such that the signature remains intact.

This weakness results in a false sense of security and could help the attacker exploit latent vulnerabilities.

Microsoft Office 2007 is vulnerable; other versions may also be affected.

18. BitDefender Antivirus 2008 bdelev.dll ActiveX Control Double Free Vulnerability
BugTraq ID: 26824
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26824
Summary:
A BitDefender Antivirus 2008 ActiveX control is prone a double-free vulnerability because of a flaw in the way that the 'bdelev.dll' library handles certain object data prior to returning it.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

19. BitDefender Antivirus bdevel.dll ActiveX Control Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 26820
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26820
Summary:
A BitDefender Antivirus 2008 ActiveX control is prone to multiple vulnerabilities that allow remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

20. Intuit QuickBooks Online Edition ActiveX Controls Multiple Unspecified Vulnerabilities
BugTraq ID: 26819
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26819
Summary:
Multiple Intuit QuickBooks Online Edition ActiveX controls are prone to multiple unspecified vulnerabilities.

Very few technical details are currently available. We will update this BID as more information emerges.

Versions prior to QuickBooks Online Edition 10 are vulnerable.

21. Microsoft Internet Explorer Element Tags Remote Memory Corruption Vulnerability
BugTraq ID: 26817
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26817
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

22. Microsoft Internet Explorer cloneNode() and nodeValue() Remote Memory Corruption Vulnerability
BugTraq ID: 26816
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26816
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

23. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
BugTraq ID: 26806
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26806
Summary:
Perforce P4Web is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTTP requests.

An attacker can exploit this issue to cause the application to consume excessive CPU and memory resources. Successful attacks will deny service to legitimate users.

P4Web 2006.2 and prior versions running on Windows are affected.

24. Microsoft DirectX WAV and AVI File Parsing Remote Code Execution Vulnerability
BugTraq ID: 26804
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26804
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash the application.

25. Microsoft Message Queuing Service Stack Buffer Overflow Vulnerability
BugTraq ID: 26797
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26797
Summary:
Microsoft Message Queuing (MSMQ) is prone to a stack-based buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

This issue is remotely exploitable on all Windows 2000 systems, and locally exploitable on Windows XP, provided the affected component installed.

26. Microsoft DirectX SAMI File Parsing Stack Buffer Overflow Vulnerability
BugTraq ID: 26789
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26789
Summary:
DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data

An attacker could exploit this issue to execute arbitrary code within the privileges of the currently logged-in user. Failed exploit attempts may crash the application.

Note: Windows Media Player 6.4 on Windows 2000 was previously stated as not being an attack vector. The vendor has updated this information to state it is a possible attack vector.

27. Microsoft Windows SMBv2 Code Signing Remote Code Execution Vulnerability
BugTraq ID: 26777
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26777
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because it fails to properly validate digital signatures.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of logged-in users. This facilitates the remote compromise of affected computers.

28. Microsoft Windows Media Format Runtime ASF File Remote Code Execution Vulnerability
BugTraq ID: 26776
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26776
Summary:
Windows Media Player is prone to a remote code-execution vulnerability because it fails to properly handle malformed media files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

29. Microsoft Windows Vista Kernel ALPC Local Privilege Escalation Vulnerability
BugTraq ID: 26757
Remote: No
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26757
Summary:
Microsoft Windows Vista is prone to a local privilege-escalation vulnerability.

The vulnerability resides in the Windows Kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.

30. Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability
BugTraq ID: 26506
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26506
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the user's account and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

31. Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
BugTraq ID: 26427
Remote: Yes
Date Published: 2007-12-11
Relevant URL: http://www.securityfocus.com/bid/26427
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because it fails to adequately handle user-supplied input to certain DHTML object methods.

Attackers can exploit this issue to execute arbitrary code in the context of a user running the application. Successful attacks would compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: The Computer Forensics Show

Imangine the ability to view anything that ever appeared on almost any computer. The Computer Forensics Show is the "DON"T MISS" event of the year for IT professionals

The Computer Forensics Show
February 4-6, 2008
Washington Convention Center
Washington D.C.
www.computerforensicshow.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus