Focus on Microsoft
SecurityFocus Microsoft Newsletter #374 Dec 31 2007 03:55PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #374
----------------------------------------

This issue is Sponsored by: Insight24

Improve Security Through Proactive Network Assessment & Risk Analysis

In this Forrester Research webcast, Dr. Chenxi Wang, Principal Analyst
for Security and Risk Management, discusses how proactive network
assessment and risk analysis can decrease the number and intensity of
security threats. She will also outline key metrics you can use to
measure the effectiveness of your vulnerability management programs.

Click on the link below to view this on-demand webcast today!

http://showcase.insight24.com/?ForresterSecurityFocus

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Real Flaws in Virtual Worlds
2.Copyrights and Wrongs
II. MICROSOFT VULNERABILITY SUMMARY
1. Total Player M3U File Denial of Service Vulnerability
2. Winace UUE File Handling Buffer Overflow Vulnerability
3. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
4. Microsoft Office Publisher Multiple Denial Of Service Vulnerabilities
5. Microsoft Word Wordart Doc Denial Of Service Vulnerability
6. Adobe Flash Player HTTP Response Splitting Vulnerability
7. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
8. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
9. Ingres Flawed In User Authentication Unauthorized Access Vulnerability
10. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
11. WFTPD Explorer Remote Buffer Overflow Vulnerability
12. Adobe Flash Player DNS Rebinding Vulnerability
13. Retired: Adobe Flash Player Multiple Security Vulnerabilities
14. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
15. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.
http://www.securityfocus.com/columnists/461

2.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.
http://www.securityfocus.com/columnists/460

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Total Player M3U File Denial of Service Vulnerability
BugTraq ID: 27021
Remote: Yes
Date Published: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27021
Summary:
Total Player is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the application. Given the nature of this issue, the attacker may be able to execute arbitrary code, but this has not been confirmed.

This issue is reported to affect Total Player 3.0; other versions may also be vulnerable.

2. Winace UUE File Handling Buffer Overflow Vulnerability
BugTraq ID: 27017
Remote: Yes
Date Published: 2007-12-25
Relevant URL: http://www.securityfocus.com/bid/27017
Summary:
Winace is prone to a buffer-overflow vulnerability when handling malicious UUE files.

A successful attack can allow a remote attacker to corrupt process memory by triggering a heap-overflow condition when the application handles excessive data in the archive.

This vulnerability affects Winace versions prior to 2.69.

3. Zoom Player Malformed ZPL File Buffer Overflow Vulnerability
BugTraq ID: 27007
Remote: Yes
Date Published: 2007-12-24
Relevant URL: http://www.securityfocus.com/bid/27007
Summary:
Zoom Player is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application or to crash the application, denying further service to legitimate users.

This issue affects Zoom Player version 6.00 beta 2 and all releases contained in the Zoom Player version 5 branch.

4. Microsoft Office Publisher Multiple Denial Of Service Vulnerabilities
BugTraq ID: 26982
Remote: Yes
Date Published: 2007-12-22
Relevant URL: http://www.securityfocus.com/bid/26982
Summary:
Microsoft Office Publisher is prone to multiple denial-of-service vulnerabilities.

An attacker can exploit these issues to cause the affected application to crash. Arbitrary code execution in the context of the user running the affected application may also be possible; this has not been confirmed.

5. Microsoft Word Wordart Doc Denial Of Service Vulnerability
BugTraq ID: 26981
Remote: Yes
Date Published: 2007-12-22
Relevant URL: http://www.securityfocus.com/bid/26981
Summary:
Microsoft Word is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the affected application to crash. Arbitrary code execution in the context of the user running the affected application may also be possible; this has not been confirmed.

This issue affects Word 2003; other versions may also be vulnerable.

6. Adobe Flash Player HTTP Response Splitting Vulnerability
BugTraq ID: 26969
Remote: Yes
Date Published: 2007-12-20
Relevant URL: http://www.securityfocus.com/bid/26969
Summary:
Adobe Flash Player is prone to an HTTP response-splitting vulnerability because it fails to adequately sanitize user-supplied input.

A remote attacker can exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and 7.0.70.0 and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities).

7. Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability
BugTraq ID: 26966
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26966
Summary:
The Adobe Flash Player is prone to a cross-domain security-bypass vulnerability.

An attacker can exploit this issue to connect to arbitrary hosts on affected computers. This may allow the application to perform generic TCP requests to determine what services are running on the affected computer.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0. 7.0.70.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned to this BID because of new technical details.

8. Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
BugTraq ID: 26960
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26960
Summary:
The Adobe Flash Player ActiveX control is prone to a cross-domain scripting vulnerability.

An attacker may leverage this issue to execute arbitrary JavaScript in the context of another domain.

This issue affects Adobe Flash Player 9.0.48.0, 8.0.35.0, and prior versions.

NOTE: This issue was previously disclosed in BID 26929 (Adobe Flash Player Multiple Security Vulnerabilities) but has been assigned its own BID because new technical details are available.

9. Ingres Flawed In User Authentication Unauthorized Access Vulnerability
BugTraq ID: 26959
Remote: Yes
Date Published: 2007-12-20
Relevant URL: http://www.securityfocus.com/bid/26959
Summary:
Ingres is prone to an unauthorized-access security vulnerability because of a flaw in user authentication.

Attackers can exploit this issue to gain unauthorized access to the affected database. Successful exploits can allow attackers to access, create, or modify data; other attacks are possible.

This issue affects Ingres 2.5 and 2.6 when running on Windows.

NOTE: This issue does not affect the Ingres .NET data provider.

10. Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
BugTraq ID: 26949
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26949
Summary:
Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

11. WFTPD Explorer Remote Buffer Overflow Vulnerability
BugTraq ID: 26935
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26935
Summary:
WFTPD Explorer is prone to a remote heap-based buffer-overflow vulnerability.

The issue arises when the client handles excessive string data. By exploiting this issue, a remote attacker may gain unauthorized access in the context of the user running the application.

WFTPD Explorer 1.0 is reported vulnerable; other versions may be affected as well.

12. Adobe Flash Player DNS Rebinding Vulnerability
BugTraq ID: 26930
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26930
Summary:
Adobe Flash Player is prone to a DNS rebinding vulnerability that allows remote attackers to establish arbitrary TCP sessions.

An attacker can exploit this issue by enticing an unsuspecting victim to view a malicious SWF file.

Successfully exploiting this issue allows the attacker to bypass the application's same-origin policy and set up connections to services on arbitrary computers. This may lead to other attacks.

13. Retired: Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 26929
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26929
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

The following individual records have been created to document these vulnerabilities:

26960 Adobe Flash Player ActiveX Control 'navigateToURL' API Cross Domain Scripting Vulnerability
26951 Adobe Flash Player JPG Header Remote Heap Based Buffer Overflow Vulnerability
26949 Adobe Flash Player 'asfunction' Cross Site Scripting Vulnerability
26965 Adobe Flash Player Unspecified Privilege-Escalation Vulnerability
26969 Adobe Flash Player HTTP Response Splitting Vulnerability
26966 Adobe Flash Player Policy File Cross Domain Security Bypass Vulnerability

These issues affect Adobe Flash Player 9.0.48.0, 8.0.35.0, 7.0.70.0 and prior versions.

14. ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability
BugTraq ID: 26927
Remote: Yes
Date Published: 2007-12-18
Relevant URL: http://www.securityfocus.com/bid/26927
Summary:
ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.

15. Perforce P4Web Content-Length Header Remote Denial Of Service Vulnerability
BugTraq ID: 26806
Remote: Yes
Date Published: 2007-12-19
Relevant URL: http://www.securityfocus.com/bid/26806
Summary:
Perforce P4Web is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted HTTP requests.

An attacker can exploit this issue to cause the application to consume excessive CPU and memory resources. Successful attacks will deny service to legitimate users.

P4Web 2006.2 and prior versions running on Windows are affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Insight24

Improve Security Through Proactive Network Assessment & Risk Analysis

In this Forrester Research webcast, Dr. Chenxi Wang, Principal Analyst
for Security and Risk Management, discusses how proactive network
assessment and risk analysis can decrease the number and intensity of
security threats. She will also outline key metrics you can use to
measure the effectiveness of your vulnerability management programs.

Click on the link below to view this on-demand webcast today!

http://showcase.insight24.com/?ForresterSecurityFocus

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus