Focus on Microsoft
SecurityFocus Microsoft Newsletter #377 Jan 17 2008 03:52PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #377
----------------------------------------

This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Finding a Cure for Data Loss
2.Real Flaws in Virtual Worlds
II. MICROSOFT VULNERABILITY SUMMARY
1. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability
2. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
3. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability
4. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability
5. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
6. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability
7. Cisco VPN Client for Windows Local Denial of Service Vulnerability
8. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
9. Moodle 'install.php' Cross Site Scripting Vulnerability
10. Microsoft Visual Interdev SLN File Buffer Overflow Vulnerability
11. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
12. IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability
13. Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability
14. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability
15. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability
16. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability
17. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability
18. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability
19. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
20. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
21. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
22. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SQL scalar function to convert big int to dot notation
2. Country by Country Computer Sets now available for ISA 2004
3. Country by Country ISA Computer Sets
4. At long last - Extra Outlooks!
5. SecurityFocus Microsoft Newsletter #376
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Finding a Cure for Data Loss
By Jamie Reid
Despite missteps in protecting customer information, companies have largely escaped the wrath of consumers.
http://www.securityfocus.com/columnists/462

2.Real Flaws in Virtual Worlds
By Federico Biancuzzi
Massively multiplayer online role playing games (MMORPGs), such as World of Warcraft, have millions of subscribers interacting online, which makes security tricky business.
http://www.securityfocus.com/columnists/461

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. BitTorrent and uTorrent Peers Window Remote Denial Of Service Vulnerability
BugTraq ID: 27321
Remote: Yes
Date Published: 2008-01-16
Relevant URL: http://www.securityfocus.com/bid/27321
Summary:
BitTorrent and uTorrent are to a remote denial-of-service vulnerability. This issue occurs because the applications fail to perform adequate boundary-checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects the following versions of the affected applications:

- BitTorrent versions prior to 6.0
- uTorrent versions prior to 1.7.5
- uTorrent versions prior to 1.8-alpha-7834

2. Microsoft Excel Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 27305
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27305
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Reportedly, the issue affects the following versions:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac.

The following versions are not affected:

Microsoft Office Excel 2007
Microsoft Office Excel 2007 Service Pack 1
Microsoft Excel 2008 for Mac
Microsoft Office Excel 2003 Service Pack 3.

Few details regarding this vulnerability are available. The vendor is investigating the issue and will be releasing updates. We will update this BID when more information emerges.

3. Apple QuickTime 'Macintosh Resource' Records Remote Memory Corruption Vulnerability
BugTraq ID: 27301
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27301
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

4. Apple QuickTime Compressed PICT Remote Buffer Overflow Vulnerability
BugTraq ID: 27300
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27300
Summary:
Apple QuickTime is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted PICT file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

5. Apple QuickTime Image Descriptor (IDSC) Atom Remote Memory Corruption Vulnerability
BugTraq ID: 27299
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27299
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects versions prior to Apple QuickTime 7.4 running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

6. Apple QuickTime Sorenson 3 Video Files Remote Code Execution Vulnerability
BugTraq ID: 27298
Remote: Yes
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27298
Summary:
Apple QuickTime is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely crash the application.

This issue affects versions prior to QuickTime 7.4 running on the following operating systems:

Mac OS X 10.3.9
Mac OS X 10.4.9 or later
Mac OS X 10.5 or later
Microsoft Windows XP
Microsoft Windows Vista

7. Cisco VPN Client for Windows Local Denial of Service Vulnerability
BugTraq ID: 27289
Remote: No
Date Published: 2008-01-15
Relevant URL: http://www.securityfocus.com/bid/27289
Summary:
Cisco VPN Client for Windows is prone to a local denial-of-service vulnerability because the software's IPsec driver fails to handle certain IOCTLs.

Successfully exploiting this issue allows local attackers to crash affected computers, denying further service to legitimate users.

This issue affects 'cvpndrva.sys' 5.0.02.0090; other versions of the driver may also be affected.

8. BugTracker.NET New Bug Report Multiple HTML Injection Vulnerabilities
BugTraq ID: 27275
Remote: Yes
Date Published: 2008-01-14
Relevant URL: http://www.securityfocus.com/bid/27275
Summary:
BugTracker.NET is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code could execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

These issues affect versions prior to BugTracker.NET 2.7.2.

9. Moodle 'install.php' Cross Site Scripting Vulnerability
BugTraq ID: 27259
Remote: Yes
Date Published: 2008-01-12
Relevant URL: http://www.securityfocus.com/bid/27259
Summary:
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Moodle 1.8.4.

10. Microsoft Visual Interdev SLN File Buffer Overflow Vulnerability
BugTraq ID: 27250
Remote: Yes
Date Published: 2008-01-11
Relevant URL: http://www.securityfocus.com/bid/27250
Summary:
Microsoft Visual Interdev is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Microsoft Visual InterDev 6.0; other versions may also be affected.

11. Drupal Prior To 4.7.11 and 5.6 Multiple Remote Vulnerabilities
BugTraq ID: 27238
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27238
Summary:
Drupal is prone to multiple remote vulnerabilities, including multiple cross-site scripting issues and a cross-site request-forgery issue.

Attackers can exploit these issues to execute arbitrary script code in the browser of a user in the context of the affected site, steal cookie-based authentication credentials, and perform certain actions using users' active sessions; other attacks are also possible.

These issues affect versions prior to Drupal 4.7.11 and 5.6.

12. IBM Tivoli Storage Manager Express Remote Heap Overflow Vulnerability
BugTraq ID: 27235
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27235
Summary:
IBM Tivoli Storage Manager Express is prone to a remote heap-overflow vulnerability because the software fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.

Exploiting this issue allows attackers to execute arbitrary machine code with SYSTEM privileges. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects IBM Tivoli Storage Manager Express 5.3 for Microsoft Windows 2003 server platforms; other versions may also be vulnerable.

13. Apple QuickTime RTSP Response Reason-Phrase Remote Buffer Overflow Vulnerability
BugTraq ID: 27225
Remote: Yes
Date Published: 2008-01-10
Relevant URL: http://www.securityfocus.com/bid/27225
Summary:
Apple QuickTime is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized buffer.

Attackers can leverage this issue to execute arbitrary machine code in the context of the user running the affected application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

QuickTime 7.3.1.70 is vulnerable to this issue; other versions may also be affected.

NOTE: Additional information from the reporter indicates this issue affects QuickTime running on the following platforms: Microsoft Windows XP, Windows Vista, and Apple Mac OS X.

14. Microsoft Visual FoxPro 'vfp6r.dll' ActiveX Control Arbitrary Command Execution Vulnerability
BugTraq ID: 27205
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27205
Summary:
Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Microsoft Visual FoxPro 6.0 is vulnerable to this issue; other versions may also be affected.

15. Mircrosoft Rich TextBox Control 'richtx32.ocx' ActiveX Insecure Method Vulnerability
BugTraq ID: 27201
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27201
Summary:
Mircrosoft Rich TextBox Control is prone to a vulnerability that allows attackers to create or overwrite arbitrary data with the privileges of the application using the control (typically Internet Explorer).

Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible.

This issue affects 'richtx32.ocx' 6.1.97.82; other versions may also be affected.

16. Microsoft VFP_OLE_Server ActiveX Control Remote Command Execution Vulnerability
BugTraq ID: 27199
Remote: Yes
Date Published: 2008-01-09
Relevant URL: http://www.securityfocus.com/bid/27199
Summary:
Microsoft VFP_OLE_Server ActiveX control is prone to a remote command-execution vulnerability.

An attacker can exploit this issue to execute arbitrary commands with the privileges of the currently logged-in user.

17. SSH Tectia Client and Server ssh-signer Local Privilege Escalation Vulnerability
BugTraq ID: 27191
Remote: No
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27191
Summary:
SSH Tectia Client and Server software running on UNIX operating systems is prone to a local privilege-escalation vulnerability.

Successful exploits allow local attackers to gain superuser-level access to affected computers. This facilitates the complete compromise of affected computers.

This issue affects these versions:

SSH Tectia Client/Server 5.0 through 5.2.3
SSH Tectia Client/Server 5.3 through 5.3.5.

This issue affects only UNIX-based platforms.

18. Creative Ensoniq PCI ES1371 WDM Driver Local Privilege Escalation Vulnerability
BugTraq ID: 27179
Remote: No
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27179
Summary:
Creative Ensoniq PCI ES1371 WDM drivers are prone to a local privilege-escalation vulnerability.

Successful exploits allow local users to execute arbitrary machine code with kernel-level privileges, facilitating the complete compromise of affected computers.

This issue occurs when the vulnerable driver is running in a Microsoft Windows Vista environment. This occurs in VMware Server and Workstation environments when running Microsoft Vista guest operating systems with sound enabled.

This issue affects 'es1371mp.sys' 5.1.3612.0. Given the nature of the issue, other device drivers and versions may also be vulnerable, but this has not been confirmed.

19. SynCE 'vdccm' Daemon Remote Command Injection Vulnerability
BugTraq ID: 27178
Remote: Yes
Date Published: 2008-01-07
Relevant URL: http://www.securityfocus.com/bid/27178
Summary:
SynCE is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands in the context of the application, facilitating the remote compromise of affected computers.

SynCE 0.92 is vulnerable; other versions may also be affected.

20. Microsoft Windows TCP/IP ICMP Remote Denial Of Service Vulnerability
BugTraq ID: 27139
Remote: Yes
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27139
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to cause affected computers to stop responding and to automatically restart. Successful attacks will deny service to legitimate users. The discoverer of this issue reports that code execution may also be possible, but this has not been confirmed.

NOTE: ICMP RDP (Router Discovery Protocol) must be enabled for this issue to occur. Router Discovery Processing is disabled by default on Microsoft Windows Server 2000. The option is also disabled by default on Microsoft Windows XP and Windows Server 2003, unless the host receives the 'perform router discovery' option from a DHCP server.

21. Microsoft Windows TCP/IP IGMP MLD Remote Buffer Overflow Vulnerability
BugTraq ID: 27100
Remote: Yes
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27100
Summary:
Microsoft Windows is prone to a remote buffer-overflow vulnerability because it fails to adequately handle specially crafted TCP/IP traffic.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

NOTE: A server is vulnerable if an application or a service on the server uses IP multicast. By default, no services use multicast on Microsoft Windows Server 2003.

22. Microsoft Windows LSASS LPC Request Local Privilege Escalation Vulnerability
BugTraq ID: 27099
Remote: No
Date Published: 2008-01-08
Relevant URL: http://www.securityfocus.com/bid/27099
Summary:
Microsoft Windows Local Security Authority Subsystem Service (LSASS) is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will facilitate in the complete compromise of affected computers.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SQL scalar function to convert big int to dot notation
http://www.securityfocus.com/archive/88/486430

2. Country by Country Computer Sets now available for ISA 2004
http://www.securityfocus.com/archive/88/486429

3. Country by Country ISA Computer Sets
http://www.securityfocus.com/archive/88/486307

4. At long last - Extra Outlooks!
http://www.securityfocus.com/archive/88/486181

5. SecurityFocus Microsoft Newsletter #376
http://www.securityfocus.com/archive/88/486115

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat Europe

Attend Black Hat Europe, March 25-28, Amsterdam, Europe's premier technical event for ICT security experts. Featuring hands-on training courses and Briefings presentations with lots of new content. Network with 400+ delegates from 30 nations and review products by leading vendors in a relaxed setting. Black Hat Europe is supported by most leading European infosec associations.
www.blackhat.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus