Focus on Microsoft
SecurityFocus Microsoft Newsletter #376 Jan 10 2008 10:01PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #376
----------------------------------------

This issue is Sponsored by: Black Hat DC

Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Real Flaws in Virtual Worlds
2.Copyrights and Wrongs
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple QuickTime RTSP Connection Status Display Remote Buffer Overflow Vulnerability
2. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability
3. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability
4. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability
5. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability
6. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability
7. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
8. Novell ZENworks ESM Security Client 'STEngine.exe' Local Privilege Escalation Vulnerability
9. Pragma TelnetServer NULL-Pointer Dereference Denial of Service Vulnerability
10. Foxit WAC Server Denial of Service Vulnerability
11. Pragma Systems FortressSSH 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability
12. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
13. Microsoft January 2008 Advance Notification Multiple Vulnerabilities
14. Camtasia Studio 'csPreloader' Remote Code Execution Vulnerability
15. Georgia SoftWorks Secure Shell Server Multiple Remote Code Execution Vulnerabilities
16. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
17. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.
http://www.securityfocus.com/columnists/461

2.Copyrights and Wrongs
By Mark Rasch
On October 1, 2007, Jammie Thomas -- a single mother living in Brainerd, Minnesota -- was sued in civil court for copyright infringement by the Recording Industry Association of America. Three days later, the jury returned the verdict; Ms. Thomas was liable for willfully infringing the copyrights on 24 songs. The fine: $222,000.
http://www.securityfocus.com/columnists/460

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple QuickTime RTSP Connection Status Display Remote Buffer Overflow Vulnerability
BugTraq ID: 27225
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27225
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.3.1.70 is vulnerable to this issue; other versions may also be affected.

2. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 27205
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27205
Summary:
Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

3. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability
BugTraq ID: 27201
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27201
Summary:
Mircrosoft Rich TextBox Control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer).

Successful exploits will compromise affected computers or cause denial of service conditions; other attacks are possible.

richtx32.ocx version 6.1.97.82 is vulnerable; other versions may also be affected.

4. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability
BugTraq ID: 27199
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27199
Summary:
Microsoft VFP_OLE_Server ActiveX control is prone to a remote command-execution vulnerability.

An attacker can exploit this issue to execute arbitrary commands with the privileges of the currently logged-in user.

5. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability
BugTraq ID: 27191
Remote: No
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27191
Summary:
SSH Tectia Client and Server software running on UNIX operating systems is prone to a local privilege-escalation vulnerability.

Successful exploits allow local attackers to gain superuser-level access to affected computers. This facilitates the complete compromise of affected computers.

This issue affects these versions:

SSH Tectia Client/Server 5.0 through 5.2.3
SSH Tectia Client/Server 5.3 through 5.3.5.

This issue affects only UNIX-based platforms.

6. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability
BugTraq ID: 27179
Remote: No
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27179
Summary:
Creative Ensoniq PCI ES1371 WDM drivers are prone to a local privilege-escalation vulnerability.

Successful exploits allow local users to execute arbitrary machine code with kernel-level privileges, facilitating the complete compromise of affected computers.

This issue occurs when the vulnerable driver is running in a Microsoft Windows Vista environment. This occurs in VMware Server and Workstation environments when running Microsoft Vista guest operating systems with sound enabled.

This issue affects 'es1371mp.sys' 5.1.3612.0. Given the nature of the issue, other device drivers and versions may also be vulnerable, but this has not been confirmed.

7. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
BugTraq ID: 27178
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27178
Summary:
SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers.

SynCE 0.92 is vulnerable; other versions may also be affected.

8. Novell ZENworks ESM Security Client 'STEngine.exe' Local Privilege Escalation Vulnerability
BugTraq ID: 27146
Remote: No
Date Published: 2008-01-04
Relevant URL: http://www.securityfocus.com/bid/27146
Summary:
Novell ZENworks ESM (Endpoint Security Management) Security Client is prone to a local privilege-escalation vulnerability.

Exploiting this vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

This issue affects ZENworks Endpoint Security Management 3.5.0.20; other versions may also be affected.

9. Pragma TelnetServer NULL-Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 27143
Remote: Yes
Date Published: 2008-01-04
Relevant URL: http://www.securityfocus.com/bid/27143
Summary:
Pragma TelnetServer is prone to a denial-of-service vulnerability because it fails to adequately handle certain telnet options.

Attackers can leverage this issue to terminate the server and cause denial-of-service conditions.

This issue affects Pragma TelnetServer 7.0 Build 4 Revision 589; other versions may also be vulnerable.

10. Foxit WAC Server Denial of Service Vulnerability
BugTraq ID: 27142
Remote: Yes
Date Published: 2008-01-04
Relevant URL: http://www.securityfocus.com/bid/27142
Summary:
Foxit WAC Server is prone to a denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects Foxit WAC Server 2.1.0.910; other versions may also be affected.

11. Pragma Systems FortressSSH 'msvcrt.dll' Exception Handling Remote Denial Of Service Vulnerability
BugTraq ID: 27141
Remote: Yes
Date Published: 2008-01-04
Relevant URL: http://www.securityfocus.com/bid/27141
Summary:
Pragma Systems FortressSSH is prone to a remote denial-of-service vulnerability because it fails to adequately handle certain exceptions when processing overly long user-supplied input.

Attackers can exploit this issue to exhaust the maximum number of connections alotted for servers. Successful attacks will deny access to legitimate users.

FortressSSH 5.0 is vulnerable; other versions may also be affected.

12. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
BugTraq ID: 27139
Remote: Yes
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27139
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed.

NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server.

13. Microsoft January 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 27119
Remote: Yes
Date Published: 2008-01-03
Relevant URL: http://www.securityfocus.com/bid/27119
Summary:
Microsoft has released advance notification that the vendor will be releasing two security bulletins on January 8, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created for each issue when the bulletins are released.

14. Camtasia Studio 'csPreloader' Remote Code Execution Vulnerability
BugTraq ID: 27107
Remote: Yes
Date Published: 2008-01-02
Relevant URL: http://www.securityfocus.com/bid/27107
Summary:
Camtasia Studio is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit will allow an attacker to compromise the application and the underlying system; other attacks are also possible.

NOTE: This vulnerability was initially considered a cross-site scripting issue, but further analysis reveals that this is a remote code-execution vulnerability.

15. Georgia SoftWorks Secure Shell Server Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 27103
Remote: Yes
Date Published: 2008-01-02
Relevant URL: http://www.securityfocus.com/bid/27103
Summary:
Georgia SoftWorks Secure Shell Server is prone to multiple remote code-execution vulnerabilities:

- A format-string vulnerability
- Two buffer-overflow vulnerabilities.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

Georgia SoftWorks Secure Shell Server 7.01.0003 is vulnerable to these issues; other versions may also be affected.

16. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
BugTraq ID: 27100
Remote: Yes
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27100
Summary:
Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003.

17. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
BugTraq ID: 27099
Remote: No
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27099
Summary:
Microsoft Windows Local Security Authority Subsystem Service (LSASS) is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat DC

Attend Black Hat DC, February 18-21, the Washington, DC version of the world's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content-including a focus on wireless security and offensive attack analysis. Network with 400+ delegates and review products from leading vendors in a relaxed setting, including Diamond sponsor Microsoft.
www.blackhat.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus