Focus on Microsoft
SecurityFocus Microsoft Newsletter #385 Mar 13 2008 03:04PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #385

----------------------------------------

This issue is sponsored by bMighty:

Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
www.bMighty.com
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Integrating More Intelligence into Your IDS, Part 1
2.Let's Go Crazy
II. MICROSOFT VULNERABILITY SUMMARY
1. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
2. Microsoft Internet Explorer FTP Cross-Site Command Injection Vulnerability
3. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
4. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
5. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
6. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
7. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
8. Microsoft Excel Conditional Formatting Values Remote Code Execution Vulnerability
9. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
10. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
11. Microsoft Excel Style Record Remote Code Execution Vulnerability
12. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
13. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
14. Microsoft Office File Memory Corruption Vulnerability
15. MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
16. Microsoft Internet Explorer Combined JavaScript and XML Remote Information Disclosure Vulnerability
17. SynCE 'vdccm' Daemon Remote Unspecified Denial Of Service Vulnerability
18. Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability
19. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability
20. Microsoft March 2008 Advance Notification Multiple Vulnerabilities
21. Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities
22. ICQ Toolbar 'toolbaru.dll' ActiveX Control 'GetPropertyById' Remote Denial of Service Vulnerability
23. Microsoft Excel Import Remote Code Execution Vulnerability
24. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
25. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote Vulnerability
26. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service Vulnerability
27. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
28. Borland StarTeam Multiple Remote Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Temp directory is odd
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Integrating More Intelligence into Your IDS, Part 1
By Don Parker and Ryan Wegner
The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1898

2.Let's Go Crazy
By Mark Rasch
On February 7, 2007 Stephanie Lenz of Gallatzin, Pennsylvania posted an innocuous video of her 18-month-old son Holden pushing a baby toy while dancing to a barely recognizable song in the background.
http://www.securityfocus.com/columnists/467

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
BugTraq ID: 28222
Remote: Yes
Date Published: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28222
Summary:
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities. The issues present include multiple cross-site scripting and buffer-overflow vulnerabilities.

Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities results in remote code-execution in the context of the affected application, facilitating the remote compromise of affected computers.

These issues affect UCP versions prior to 4.2 when running on the Microsoft Windows platform.

The buffer-overflow vulnerabilities are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.

2. Microsoft Internet Explorer FTP Cross-Site Command Injection Vulnerability
BugTraq ID: 28208
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28208
Summary:
Microsoft Internet Explorer is prone to a vulnerability that occurs because the application fails to adequately sanitize user-supplied data in FTP URI requests.

An attacker can leverage this issue by enticing an unsuspecting user to follow a maliciously crafted URI. Successful exploits will allow attackers to submit arbitrary commands to arbitrary FTP servers on behalf of unsuspecting users.

This issue affects Internet Explorer 5 and 6; prior versions may also be affected.

NOTE: Access to some FTP servers may require valid authentication credentials.

3. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
BugTraq ID: 28191
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is vulnerable; other versions may be affected as well.

4. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:

- A heap-based buffer-overflow vulnerability
- A stack-based buffer-overflow vulnerability
- A denial-of-service vulnerability
- An arbitrary-file-deletion vulnerability

An attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, consume all CPU resources, and delete data contained in arbitrary files. Other attacks are possible.

These issues affect ASG-Sentry 7.0.0; other versions may also be affected.

5. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues will allow attackers to crash the affected application, denying further service to legitimate users.

6. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 28185
Remote: No
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer.

This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue.

7. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a denial-of-service vulnerability.

Exploiting these issues will allow attackers to obtain sensitive information or crash the affected application, denying further service to legitimate users.

8. Microsoft Excel Conditional Formatting Values Remote Code Execution Vulnerability
BugTraq ID: 28170
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28170
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

9. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
BugTraq ID: 28168
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28168
Summary:
Microsoft Excel is prone to a heap-based buffer-overflow vulnerability. This issue occurs because the application fails to perform adequate boundary-checks on user-supplied data.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

10. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 28167
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28167
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

11. Microsoft Excel Style Record Remote Code Execution Vulnerability
BugTraq ID: 28166
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28166
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

12. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
BugTraq ID: 28154
Remote: Yes
Date Published: 2008-03-09
Relevant URL: http://www.securityfocus.com/bid/28154
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.

This issue arises in the SMTP server and may result in a crash of the affected service.

This issue affects all versions of MailEnable Standard Edition, Professional Edition, and Enterprise Edition.

13. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to adequately validate user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the currently logged-in user. This will facilitate the remote compromise of affected computers.

14. Microsoft Office File Memory Corruption Vulnerability
BugTraq ID: 28146
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28146
Summary:
Microsoft Office is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Office file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

15. MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities
BugTraq ID: 28145
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28145
Summary:
MailEnable is prone to multiple remote vulnerabilities in the IMAP service, including:

- Multiple buffer-overflow vulnerabilities.
- Multiple denial-of-service vulnerabilities due to a NULL-pointer exception.

An attacker may leverage these issues to execute arbitrary code in the context of the running application or to crash the application, causing a denial of service.

These issues affect MailEnable 3.13; other versions may also be vulnerable.

16. Microsoft Internet Explorer Combined JavaScript and XML Remote Information Disclosure Vulnerability
BugTraq ID: 28143
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28143
Summary:
Microsoft Internet Explorer is prone to a remote information-disclosure vulnerability because of a flaw in the interaction between JavaScript and XML processing in Internet Explorer.

To exploit this issue, an attacker must entice an unsuspecting user to visit a malicious website.

Successfully exploiting this issue allows remote attackers to gain access to the first line of arbitrary files located on computers running the vulnerable application.

17. SynCE 'vdccm' Daemon Remote Unspecified Denial Of Service Vulnerability
BugTraq ID: 28141
Remote: Yes
Date Published: 2008-03-07
Relevant URL: http://www.securityfocus.com/bid/28141
Summary:
SynCE 'vdccm' Daemon is prone to a denial-of-service vulnerability.

Remote attackers can exploit this issue to deny service to legitimate users.

This issue affects versions prior to SynCE 'vdccm' Daemon 0.10.1.

18. Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability
BugTraq ID: 28136
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28136
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

19. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

20. Microsoft March 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 28124
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28124
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on March 11, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records for these issues will be created when the bulletins are released.

21. Ruby WEBrick Remote Directory Traversal and Information Disclosure Vulnerabilities
BugTraq ID: 28123
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28123
Summary:
Ruby's WEBrick server is prone to remote directory-traversal and information-disclosure vulnerabilities.

Successfully exploiting these issues allows remote attackers to access the contents of arbitrary files. Information harvested may aid in further attacks.

These issues affect only operating systems that allow backslash (\) characters as path separators and operating systems that use case-insensitive filenames. This exposes Microsoft Windows and Apple Mac OS X operating systems to attack.

22. ICQ Toolbar 'toolbaru.dll' ActiveX Control 'GetPropertyById' Remote Denial of Service Vulnerability
BugTraq ID: 28118
Remote: Yes
Date Published: 2008-03-06
Relevant URL: http://www.securityfocus.com/bid/28118
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

This issue affects ICQ Toolbar 2.3; other versions may also be affected.

23. Microsoft Excel Import Remote Code Execution Vulnerability
BugTraq ID: 28095
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28095
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

24. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

25. Microsoft Jet Database Engine MDB File Parsing Unspecified Remote Vulnerability
BugTraq ID: 28087
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28087
Summary:
Microsoft Jet Database Engine is prone to an unspecifed security vulnerability.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of a user running the application. Successful exploits will compromise the affected application and possibly the underlying computer. Failed attacks will likely cause denial-of-service conditions.

26. ICQ Toolbar 'toolbaru.dll' ActiveX Control Remote Denial of Service Vulnerability
BugTraq ID: 28086
Remote: Yes
Date Published: 2008-03-04
Relevant URL: http://www.securityfocus.com/bid/28086
Summary:
ICQ Toolbar 'toolbaru.dll' ActiveX control is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to trigger denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control.

This issue affects ICQ Toolbar 2.3 Beta; other versions may also be affected.

27. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
BugTraq ID: 28081
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28081
Summary:
Timbuktu Pro is prone to an arbitrary-file-upload vulnerability and a vulnerability that allows attackers to disrupt the logging of events.

An attacker can exploit these issues to upload arbitrary files and prevent the logging of events. This may lead to other attacks.

Timbuktu Pro 8.6.5 for Windows is vulnerable; other versions running on different platforms may also be affected.

The file-upload vulnerability may be related to BID 25453 (Motorola Timbuktu Pro Directory Traversal Vulnerability).

28. Borland StarTeam Multiple Remote Vulnerabilities
BugTraq ID: 28080
Remote: Yes
Date Published: 2008-03-03
Relevant URL: http://www.securityfocus.com/bid/28080
Summary:
Borland StarTeam is prone to multiple issues, including multiple integer-overflow vulnerabilities, a heap-overflow vulnerability, and a denial-of-service vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of vulnerable server processes. These issues may facilitate the remote compromise of affected computers. Attackers may also trigger denial-of-service conditions.

NOTE: The StarTeam MPX vulnerabilities may actually be related to a TIBCO SmartSocket DLL, but this has not been confirmed. We may update this BID as more information emerges.

Borland StarTeam Server 2008 and MPX products are vulnerable to these issues; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Temp directory is odd
http://www.securityfocus.com/archive/88/489429

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by bMighty:

Is Vista Meeting Expectations?
New research from InformationWeek reveals what 600 business-technology professionals have to say about Vista's costs, enhancements & adoption challenges. A $199 value for FREE.
www.bMighty.com
http://www.bmighty.com/drivers/vista.jhtml?cid=LSM-sfV

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus