Focus on Microsoft
SecurityFocus Microsoft Newsletter #386 Mar 19 2008 06:49PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #386
----------------------------------------

This issue is sponsored by GlobalSCAPE

Learn how GlobalSCAPE's Enhanced File Transfer (EFT) Server helped Aon's Human Capital division increase productivity and security by streamlining data transfers and data automation processes while making savings of almost $300,000. By using EFT Server they ensured the security and integrity of their file transfers and made it possible not only for Aon to control their own customizations but also to provide secure automatic data translation in real time which benefited employees and customers.
Download the AON case study - http://www.globalscape.com/files/case_AON.pdf

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Catch Them if You can
2.Integrating More Intelligence into Your IDS, Part 2
II. MICROSOFT VULNERABILITY SUMMARY
1. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
2. Microsoft Internet Explorer CreateTextRange.text Denial of Service Vulnerability
3. Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
4. Home FTP Server Remote Denial of Service Vulnerability
5. Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow Vulnerability
6. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
7. RETIRED: Microsoft Internet Explorer FTP Cross-Site Command Injection Vulnerability
8. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
9. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
10. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
11. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
12. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
13. Microsoft Excel Conditional Formatting Values Remote Code Execution Vulnerability
14. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
15. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
16. Microsoft Excel Style Record Remote Code Execution Vulnerability
17. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
18. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
19. Microsoft Office File Memory Corruption Vulnerability
20. Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability
21. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability
22. Microsoft Excel Import Remote Code Execution Vulnerability
23. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
24. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. More along the lines of malware disinfection
2. Compromised WinXP box prob
3. SecurityFocus Microsoft Newsletter #385
4. Temp directory is odd
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468

2.Integrating More Intelligence into Your IDS, Part 2
By Don Parker and Ryan Wegner
The more an intrusion detection system (IDS) knows about the network it is trying to protect, the better it will be able to protect the network. This is the fundamental principle behind target-based intrusion detection, where an IDS knows about the hosts on the network.
http://www.securityfocus.com/infocus/1899

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Check Point VPN-1 IP Address Collision Denial of Service Vulnerability
BugTraq ID: 28299
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28299
Summary:
Check Point VPN-1 is prone to a denial-of-service vulnerability that can allow attackers to obtain sensitive information. The issue occurs because the application fails to adequately handle IP address collisions.

Attackers can exploit this issue to break site-to-site VPN connectivity between a VPN-1 gateway and a third party, denying access to legitimate users. If SecuRemote back-connections are enabled, the attacker can leverage this issue to re-route site-to-site VPN traffic from the VPN gateway to their SecuRemote client. Under certain conditions, this will cause data that was destined for the third party to be sent to the attacker's client instead. This could contain sensitive information that would aid in further attacks.

2. Microsoft Internet Explorer CreateTextRange.text Denial of Service Vulnerability
BugTraq ID: 28295
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28295
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle certain JavaScript code.

This issue is triggered when a remote attacker entices a victim to visit a malicious site.

Attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

3. Apple Safari Prior to 3.1 Multiple Security Vulnerabilities
BugTraq ID: 28290
Remote: Yes
Date Published: 2008-03-18
Relevant URL: http://www.securityfocus.com/bid/28290
Summary:
Apple Safari is prone to 12 security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code, steal cookie-based authentication credentials, spoof secure websites, obtain sensitive information, and crash the affected application. Other attacks are also possible.

These issues affect versions prior to Apple Safari 3.1 running on Apple Mac OS X 10.4.1 and 10.5.2, Microsoft Windows XP, and Windows Vista.

4. Home FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 28283
Remote: Yes
Date Published: 2008-03-17
Relevant URL: http://www.securityfocus.com/bid/28283
Summary:
Home FTP Server is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

5. Alt-N MDaemon IMAP Server FETCH Command Remote Buffer Overflow Vulnerability
BugTraq ID: 28245
Remote: Yes
Date Published: 2008-03-13
Relevant URL: http://www.securityfocus.com/bid/28245
Summary:
Alt-N MDaemon IMAP Server is affected by a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data before copying it into an insufficiently sized buffer.

Attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

Alt-N MDaemon 9.6.4 is vulnerable; other versions may also be affected.

6. Cisco User-Changeable Password (UCP) 'CSuserCGI.exe' Multiple Remote Vulnerabilities
BugTraq ID: 28222
Remote: Yes
Date Published: 2008-03-12
Relevant URL: http://www.securityfocus.com/bid/28222
Summary:
Cisco User-Changeable Password (UCP) is prone to multiple remote vulnerabilities, including cross-site scripting and buffer-overflow vulnerabilities.

Exploiting the cross-site scripting issues may help the attacker steal cookie-based authentication credentials and launch other attacks. Exploiting the buffer-overflow vulnerabilities allows attackers to execute code in the context of the affected application, facilitating the remote compromise of affected computers.

The buffer-overflow issues are tracked by Cisco Bug ID CSCsl49180. The cross-site scripting issues are tracked by Cisco Bug ID CSCsl49205.

These issues affect versions prior to UCP 4.2 when running on Microsoft Windows.

7. RETIRED: Microsoft Internet Explorer FTP Cross-Site Command Injection Vulnerability
BugTraq ID: 28208
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28208
Summary:
Microsoft Internet Explorer is prone to a vulnerability that occurs because the application fails to adequately sanitize user-supplied data in FTP URI requests.

An attacker can leverage this issue by enticing an unsuspecting user to follow a maliciously crafted URI. Successful exploits will allow attackers to submit arbitrary commands to arbitrary FTP servers on behalf of unsuspecting users.

This issue affects Internet Explorer 5 and 6; prior versions may also be affected.

Note that access to some FTP servers may require valid authentication credentials.

NOTE: This issue is being retired because the issue is already covered in BID 11826 (Microsoft Internet Explorer FTP URI Arbitrary FTP Server Command Execution Vulnerability).

8. ManageEngine ServiceDesk Plus 'SolutionSearch.do' Cross-Site Scripting Vulnerability
BugTraq ID: 28191
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28191
Summary:
ManageEngine ServiceDesk Plus is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

ManageEngine ServiceDesk Plus 7.0.0 Build 7011 for Microsoft Windows is vulnerable; other versions may be affected as well.

9. ASG-Sentry 7.0.0 Multiple Remote Vulnerabilities
BugTraq ID: 28188
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28188
Summary:
ASG-Sentry is prone to multiple remote vulnerabilities:

- A heap-based buffer-overflow vulnerability
- A stack-based buffer-overflow vulnerability
- A denial-of-service vulnerability
- An arbitrary-file-deletion vulnerability

An attacker can exploit these issues to execute arbitrary code within the context of the affected application, crash the affected application, consume all CPU resources, and delete data contained in arbitrary files. Other attacks are possible.

These issues affect ASG-Sentry 7.0.0; other versions may also be affected.

10. Motorola Timbuktu Pro Multiple Denial of Service Vulnerabilities
BugTraq ID: 28186
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28186
Summary:
Motorola Timbuktu Pro is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues will allow attackers to crash the affected application, denying further service to legitimate users.

11. SAP MaxDB sdbstarter Environment Variable Local Privilege Escalation Vulnerability
BugTraq ID: 28185
Remote: No
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28185
Summary:
SAP MaxDB is prone to a local privilege-escalation vulnerability.

Exploiting this issue allows local attackers to execute arbitrary code with superuser privileges. This will lead to the complete compromise of an affected computer.

This issue affects MaxDB 7.6.0.37 on both Linux and Solaris platforms. Other UNIX variants are most likely affected. Microsoft Windows versions are not vulnerable to this issue.

12. Acronis Snap Deploy PXE Server TFTP Directory Traversal and Denial of Service Vulnerabilities
BugTraq ID: 28182
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28182
Summary:
Acronis Snap Deploy is prone to a directory-traversal vulnerability and a denial-of-service vulnerability.

Exploiting these issues will allow attackers to obtain sensitive information or crash the affected application, denying further service to legitimate users.

13. Microsoft Excel Conditional Formatting Values Remote Code Execution Vulnerability
BugTraq ID: 28170
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28170
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

14. Microsoft Excel Rich Text Value Heap Buffer Overflow Vulnerability
BugTraq ID: 28168
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28168
Summary:
Microsoft Excel is prone to a heap-based buffer-overflow vulnerability. This issue occurs because the application fails to perform adequate boundary-checks on user-supplied data.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

15. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 28167
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28167
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

16. Microsoft Excel Style Record Remote Code Execution Vulnerability
BugTraq ID: 28166
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28166
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

17. MailEnable SMTP EXPN/VRFY Commands Denial of Service Vulnerability
BugTraq ID: 28154
Remote: Yes
Date Published: 2008-03-09
Relevant URL: http://www.securityfocus.com/bid/28154
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.

This issue arises in the SMTP server and may result in a crash of the affected service.

This issue affects all versions of MailEnable Standard Edition, Professional Edition, and Enterprise Edition.

18. Microsoft Outlook Mailto URI Remote Code Execution Vulnerability
BugTraq ID: 28147
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28147
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to adequately validate user-supplied data.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the currently logged-in user. This will facilitate the remote compromise of affected computers.

19. Microsoft Office File Memory Corruption Vulnerability
BugTraq ID: 28146
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28146
Summary:
Microsoft Office is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious Office file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

20. Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability
BugTraq ID: 28136
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28136
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

21. Microsoft Office Web Components ActiveX Control URL Parsing Remote Code Execution Vulnerability
BugTraq ID: 28135
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28135
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts will likely result in denial-of-service conditions.

22. Microsoft Excel Import Remote Code Execution Vulnerability
BugTraq ID: 28095
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28095
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

23. Microsoft Excel Data Validation Record Heap Memory Corruption Vulnerability
BugTraq ID: 28094
Remote: Yes
Date Published: 2008-03-11
Relevant URL: http://www.securityfocus.com/bid/28094
Summary:
Microsoft Excel is prone to a heap memory-corruption vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file ('.xls').

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. This may facilitate a compromise of vulnerable computers.

24. Timbuktu Pro File Upload and Log Input Manipulation Vulnerabilities
BugTraq ID: 28081
Remote: Yes
Date Published: 2008-03-10
Relevant URL: http://www.securityfocus.com/bid/28081
Summary:
Timbuktu Pro is prone to an arbitrary-file-upload vulnerability and a vulnerability that allows attackers to disrupt the logging of events.

An attacker can exploit these issues to upload arbitrary files and prevent the logging of events. This may lead to other attacks.

Timbuktu Pro 8.6.5 for Windows is vulnerable; other versions running on different platforms may also be affected.

The file-upload vulnerability may be related to BID 25453 (Motorola Timbuktu Pro Directory Traversal Vulnerability).

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. More along the lines of malware disinfection
http://www.securityfocus.com/archive/88/489751

2. Compromised WinXP box prob
http://www.securityfocus.com/archive/88/489695

3. SecurityFocus Microsoft Newsletter #385
http://www.securityfocus.com/archive/88/489513

4. Temp directory is odd
http://www.securityfocus.com/archive/88/489429

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by GlobalSCAPE

Learn how GlobalSCAPE's Enhanced File Transfer (EFT) Server helped Aon's Human Capital division increase productivity and security by streamlining data transfers and data automation processes while making savings of almost $300,000. By using EFT Server they ensured the security and integrity of their file transfers and made it possible not only for Aon to control their own customizations but also to provide secure automatic data translation in real time which benefited employees and customers.
Download the AON case study - http://www.globalscape.com/files/case_AON.pdf

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus