Focus on Microsoft
SecurityFocus Microsoft Newsletter #389 Apr 08 2008 08:32PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #389

----------------------------------------

This issue is sponsored by Solidcore Systems

PCI DSS Compliance for $25/node
Learn how companies like Restoration Hardware, Convergys, and others have achieved PCI compliance.
Download the Solidcore S3 Control PCI Starter Edition now!
http://www.solidcore.com/landing_pages/pci_starter_sf.html

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.On the Border
2.Catch Them if You can
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
2. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability
3. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
4. SmarterTools SmarterMail HTTP Request Handling Denial Of Service Vulnerability
5. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
6. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
7. iMatix Xitami Multiple Format String Vulnerabilities
8. Borland StarTeam Multicast Service 'GMWebHandler::parse_request()' Buffer Overflow Vulnerability
9. Microsoft April 2008 Advance Notification Multiple Vulnerabilities
10. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability
11. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability
12. Microsoft Windows GDI Heap Overflow Vulnerability
13. Microsoft Windows GDI Stack Overflow Vulnerability
14. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability
15. IBM DB2 Content Manager Unspecified Security Vulnerability
16. NoticeWare Corporation NoticeWare Email Server Denial Of Service Vulnerability
17. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
18. Microsoft Visio Object Header Remote Code Execution Vulnerability
19. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
20. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
21. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
22. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
23. Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability
24. PowerDNS Remote Cache Poisoning Vulnerability
25. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities
26. avast! Home/Professional Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #388
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

2.Catch Them if You Can
By Don Parker
High-profile network security breaches have proliferated over the past few years. While many "breaches" consist of lost data or a stolen laptop, true breaches -- where a online attacker compromises a network and removes data -- have become very common
http://www.securityfocus.com/columnists/468

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer Header Handling 'res://' Information Disclosure Vulnerability
BugTraq ID: 28667
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28667
Summary:
Microsoft Internet Explorer is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to obtain potentially sensitive information from the local computer. Information obtained may aid in further attacks.

This issue affects Internet Explorer 7. Reportedly, Internet Explorer 8 is not vulnerable, but this has not been confirmed.

This issue may be related to the vulnerability discussed in BID 28581 (Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability).

2. Tumbleweed SecureTransport 'vcst_eu.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28662
Remote: Yes
Date Published: 2008-04-07
Relevant URL: http://www.securityfocus.com/bid/28662
Summary:
Tumbleweed SecureTransport is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

3. Computer Associates ARCserve Backup for Laptops and Desktops Multiple Remote Vulnerabilities
BugTraq ID: 28616
Remote: Yes
Date Published: 2008-04-04
Relevant URL: http://www.securityfocus.com/bid/28616
Summary:
Computer Associates ARCserve Backup for Laptops and Desktops is prone to multiple remote issues, including a buffer-overflow vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges. This will result in a complete compromise of affected computers. Attackers may also trigger application crashes, denying service to legitimate users.

These issues are related to the ones documented in BID 24348 (Computer Associates ARCserve Backup Multiple Remote Buffer Overflow Vulnerabilities). The fixes for CVE-2007-3216 and CVE-2007-5005 did not completely resolve the previous issues.

4. SmarterTools SmarterMail HTTP Request Handling Denial Of Service Vulnerability
BugTraq ID: 28610
Remote: Yes
Date Published: 2008-04-04
Relevant URL: http://www.securityfocus.com/bid/28610
Summary:
SmarterTools SmarterMail is prone to a denial-of-service vulnerability when handling specially crafted HTTP GET, HEAD, PUT, POST, and TRACE requests. When the server eventually resets the request connection, it will crash.

Remote attackers can exploit this issue to deny service to legitimate users.

SmarterMail 5.0 is vulnerable; other versions may also be affected.

5. Microsoft Project Resource Memory Allocation Remote Code Execution Vulnerability
BugTraq ID: 28607
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28607
Summary:
Microsoft Project is prone to a remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

6. Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 28606
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28606
Summary:
Microsoft 'hxvz.dll' ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

7. iMatix Xitami Multiple Format String Vulnerabilities
BugTraq ID: 28603
Remote: Yes
Date Published: 2008-04-03
Relevant URL: http://www.securityfocus.com/bid/28603
Summary:
Xitami is prone to multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

A remote attacker may potentially execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in a denial of service.

These issues affect Xitami 2.5c2; other versions may be affected as well.

8. Borland StarTeam Multicast Service 'GMWebHandler::parse_request()' Buffer Overflow Vulnerability
BugTraq ID: 28602
Remote: Yes
Date Published: 2008-04-03
Relevant URL: http://www.securityfocus.com/bid/28602
Summary:
Borland StarTeam Multicast Service is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

This issue affects Borland StarTeam Multicast Service 6.4 included in Borland CaliberRM 2006, 2007, and 2008. Other Borland products may also be affected.

9. Microsoft April 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 28598
Remote: Yes
Date Published: 2008-04-03
Relevant URL: http://www.securityfocus.com/bid/28598
Summary:
Microsoft has released advance notification that the vendor will be releasing eight security bulletins on April 8, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

10. Microsoft Internet Explorer 'ieframe.dll' Script Injection Vulnerability
BugTraq ID: 28581
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28581
Summary:
Microsoft Internet Explorer is prone to a script-injection vulnerability when handling specially crafted requests to 'acr_error.htm' via the 'res://' protocol. The file resides in the 'ieframe.dll' dynamic-link library.

An attacker may leverage this issue to execute arbitrary code in the context of a user's browser. Successful exploits can allow the attacker to steal cookie-based authentication credentials, obtain potentially sensitive information stored on the victim's computer, and launch other attacks.

Internet Explorer 8 is vulnerable. Internet Explorer 7 is likely vulnerable as well, but this has not been confirmed.

11. Microsoft Internet Explorer XDR Prototype Hijacking Denial of Service Vulnerability
BugTraq ID: 28580
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28580
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to crash the application, denying service to legitimate users.

This issue affects Microsoft Internet Explorer 8 Beta 1.

12. Microsoft Windows GDI Heap Overflow Vulnerability
BugTraq ID: 28571
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28571
Summary:
Microsoft Windows is prone to a heap-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF or WMF image file.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

13. Microsoft Windows GDI Stack Overflow Vulnerability
BugTraq ID: 28570
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28570
Summary:
Microsoft Windows is prone to a stack-based overflow vulnerability that resides in the GDI graphics library and can be triggered by a malformed EMF image file.

A successful exploit of this vulnerability can allow a remote attacker to completely compromise the affected computer.

14. HP OpenView Network Node Manager 'OVAS.EXE' Buffer Overflow Vulnerability
BugTraq ID: 28569
Remote: Yes
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28569
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager process. This facilitates the remote compromise of affected computers.

Network Node Manager 7.51 running on Microsoft Windows is affected by this issue; other versions and platforms may also be vulnerable.

15. IBM DB2 Content Manager Unspecified Security Vulnerability
BugTraq ID: 28567
Remote: No
Date Published: 2008-04-02
Relevant URL: http://www.securityfocus.com/bid/28567
Summary:
IBM DB2 Content Manager is prone to an unspecified security vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

Versions prior to 8.3 Fix Pack 8 are vulnerable.

16. NoticeWare Corporation NoticeWare Email Server Denial Of Service Vulnerability
BugTraq ID: 28559
Remote: Yes
Date Published: 2008-04-01
Relevant URL: http://www.securityfocus.com/bid/28559
Summary:
NoticeWare Email Server is prone to a denial-of-service vulnerability due to an unspecified error.

Remote attackers can exploit this issue to deny service to legitimate users.

The issue affects NoticeWare Email Server 4.6.1.0; other versions may also be vulnerable.

17. Microsoft Visio Memory Validation Remote Code Execution Vulnerability
BugTraq ID: 28556
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28556
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

18. Microsoft Visio Object Header Remote Code Execution Vulnerability
BugTraq ID: 28555
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28555
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

19. Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability
BugTraq ID: 28554
Remote: No
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28554
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

The vulnerability resides in the Windows Kernel. A locally logged-in user can exploit this issue to gain kernel-level access to the operating system.

20. Microsoft Windows DNS Client Service Response Spoofing Vulnerability
BugTraq ID: 28553
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28553
Summary:
Microsoft Windows operating systems are prone to a vulnerability that lets attackers spoof DNS clients. This issue occurs because the software fails to employ properly secure random numbers when creating DNS transaction IDs.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to redirect network traffic and to launch man-in-the-middle attacks.

21. Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulnerability
BugTraq ID: 28552
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28552
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to adequately handle certain user-supplied data.

Attackers can leverage this issue to execute arbitrary code with the privileges of the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.

22. Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
BugTraq ID: 28551
Remote: Yes
Date Published: 2008-04-08
Relevant URL: http://www.securityfocus.com/bid/28551
Summary:
Microsoft VBScript and JScript are prone to a remote code-execution vulnerability because they fail to adequately handle user-supplied input.

Attackers can leverage this issue by enticing an unsuspecting user to view a malicious web document. Successful exploits would allow arbitrary code to run with the privileges of the victim.

These versions are affected:

VBScript 5.6 and earlier
JScript 5.6 and earlier

23. Microsoft Crypto API X.509 Certificate Validation Remote Information Disclosure Vulnerability
BugTraq ID: 28548
Remote: Yes
Date Published: 2008-04-01
Relevant URL: http://www.securityfocus.com/bid/28548
Summary:
Microsoft's Crypto API library is prone to an information-disclosure vulnerability because HTTP requests to arbitrary hosts and ports may be automatically triggered when validating X.509 certificates.

Successful exploits allow attackers to trigger HTTP requests to arbitrary hosts and ports without confirmation or notification to unsuspecting users. Attackers may use this for determining when email and documents are read, for port scanning, or for aiding in other attacks.

The following products are known to exhibit this issue:

Microsoft Outlook 2007
Microsoft Windows Live Mail 2008
Microsoft Office 2007

Other products that use the Crypto API provided by Windows may also be affected.

24. PowerDNS Remote Cache Poisoning Vulnerability
BugTraq ID: 28517
Remote: Yes
Date Published: 2008-03-31
Relevant URL: http://www.securityfocus.com/bid/28517
Summary:
PowerDNS is prone to a remote cache-poisoning vulnerability because of a weakness in the use of random number generators.

An attacker may leverage this issue to manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.

Versions prior to PowerDNS 3.1.5 are vulnerable to this issue.

25. SLMail Pro Multiple Remote Denial Of Service and Memory Corruption Vulnerabilities
BugTraq ID: 28505
Remote: Yes
Date Published: 2008-03-31
Relevant URL: http://www.securityfocus.com/bid/28505
Summary:
SLMail Pro is prone to multiple remote denial-of-service vulnerabilities and memory-corruption vulnerabilities.

Attackers can exploit these issues to crash the application, resulting in denial-of-service conditions. Given the nature of some of these issues, attackers may also be able to execute arbitrary code, but this has not been confirmed.

SLMail Pro 6.3.1.0 is vulnerable; other versions may also be affected.

26. avast! Home/Professional Local Privilege Escalation Vulnerability
BugTraq ID: 28502
Remote: No
Date Published: 2008-03-30
Relevant URL: http://www.securityfocus.com/bid/28502
Summary:
avast! is prone to a local privilege-escalation vulnerability because it fails adequately sanitize user-supplied data.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful attacks will completely compromise affected computers.

Versions prior to avast! Home/Professional 4.8.1169 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #388
http://www.securityfocus.com/archive/88/490435

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Solidcore Systems

PCI DSS Compliance for $25/node
Learn how companies like Restoration Hardware, Convergys, and others have achieved PCI compliance.
Download the Solidcore S3 Control PCI Starter Edition now!
http://www.solidcore.com/landing_pages/pci_starter_sf.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus