Focus on Microsoft
SecurityFocus Microsoft Newsletter #392 Apr 29 2008 09:29PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #392

----------------------------------------

This issue is sponsored by HP

Industry analysts estimate that more than 70 percent of today's security breaches occur with applications. Many are due to exploiting security defects within the code. Download this white paper from HP, 'Top six security mistakes .NET developers make' and learn about the top six mistakes developers should avoid to create more secure applications.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=
bto&cp=54_4012_100__&caid=14139&jumpid=ex_r11374_us/en/large/tsg//Top6_S
ecurity_Mistakes_WP_Newsletter/3-1A4COJO_3-ULASZJ/20080429&origin_id=3-1
A4COJO

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Just Who's Being Exploited?
2.On the Border
II. MICROSOFT VULNERABILITY SUMMARY
1. Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
2. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
3. Apple QuickTime Unspecified Remote Code Execution Vulnerability
4. E-Post MailServer Remote Information Disclosure Vulnerability
5. Microsoft Excel JavaScript Code Remote Denial Of Service Vulnerability
6. Kantaris SSA Subtitle File Remote Buffer Overflow Vulnerability
7. National Rail Enquiries Live Departure Boards Gadget Remote Script Code Execution Vulnerability
8. Trillian Overly Long Nickname Remote Denial Of Service Vulnerability
9. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
10. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
11. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
12. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
13. Rising Antivirus SSDT 'NtOpenProcess()' Hook Local Denial of Service Vulnerability
14. Comodo Firewall Pro SSDT Hooks Multiple Local Vulnerabilities
15. BitDefender Antivirus 2008 Hooked SSDT Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Cross-Site scripting
2. SecurityFocus Microsoft Newsletter #391
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Just Who's Being Exploited?
By Jamie Reid
Last month's revelation that Tipping Point paid out a prize of $10,000 and a new laptop (MSRP: about $2000) at the CanSecWest conference, for the privilege of being the exclusive licensor of a heretofore unpublished vulnerability in Apple's Safari web browser to researcher, Charles Miller of Independent Security Evaluators, may lend some credence to this adage.
http://www.securityfocus.com/columnists/470

2.On the Border
By Mark Rasch
Recently, I was going through an airport with my shoes, coat, jacket, and belt off as well as with my carry-on bag, briefcase, and laptop all separated for easy inspection. I was heading through security at the Washington D.C., Ronald Reagan National Airport in Arlington, Virginia, or "National" as we locals call it. As I passed through the new magnetometer which gently puffed air all over my body -- which to me seems to be a cross between a glaucoma test and Marilyn Monroe in Gentlemen Prefer Blondes -- a TSA employee absent-mindedly asked if he could "inspect" my laptop computer. While the inspection was cursory, the situation immediately gave me pause: What was in my laptop anyway?
http://www.securityfocus.com/columnists/469

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Acritum Femitter Server 'RETR' Command Remote Denial of Service Vulnerability
BugTraq ID: 28973
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28973
Summary:
Acritum Femitter Server is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

Femitter Server 1.03 is vulnerable; other versions may also be affected.

2. VicFTPS 'LIST' Command Remote Denial of Service Vulnerability
BugTraq ID: 28967
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28967
Summary:
VicFTPS is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

Successfully exploiting this issue would cause the affected application to crash, denying service to legitimate users.

3. Apple QuickTime Unspecified Remote Code Execution Vulnerability
BugTraq ID: 28959
Remote: Yes
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28959
Summary:
Apple QuickTime is prone to an unspecified remote code-execution vulnerability.

Very few technical details are currently available. We will update this BID as more information emerges.

Successful exploits can allow remote attackers to execute arbitrary code in the context of the user running the application. This may facilitate a compromise of affected computers.

This issue affects QuickTime 7.4 for Microsoft Windows XP and Vista; other versions may also be affected.

4. E-Post MailServer Remote Information Disclosure Vulnerability
BugTraq ID: 28951
Remote: Yes
Date Published: 2008-04-27
Relevant URL: http://www.securityfocus.com/bid/28951
Summary:
E-Post MailServer is prone to a remote information-disclosure vulnerability.

Exploiting this issue can allow remote attackers to obtain the POP3 password of any known user from the POP3 service without having to log on. For an exploit to succeed, the attacker must know the POP3 account name (email address) of the victim.

The issue affects E-Post Mail Server 4.10 with EPSTPOP3S.EXE 4.22; other versions may also be affected.

5. Microsoft Excel JavaScript Code Remote Denial Of Service Vulnerability
BugTraq ID: 28946
Remote: Yes
Date Published: 2008-04-26
Relevant URL: http://www.securityfocus.com/bid/28946
Summary:
Microsoft Excel is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to deny access to legitimate users. Given the nature of this vulnerability, attackers may also be able to execute arbitrary code, but this has not been confirmed.

Microsoft Excel 2007 is vulnerable; other versions may also be affected.

6. Kantaris SSA Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28939
Remote: Yes
Date Published: 2008-04-26
Relevant URL: http://www.securityfocus.com/bid/28939
Summary:
Kantaris is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Kantaris 0.3.4 is vulnerable; other versions may also be affected.

7. National Rail Enquiries Live Departure Boards Gadget Remote Script Code Execution Vulnerability
BugTraq ID: 28933
Remote: Yes
Date Published: 2008-04-25
Relevant URL: http://www.securityfocus.com/bid/28933
Summary:
National Rail Enquiries Live Departure Board Gadget is prone to a vulnerability that lets remote attackers execute arbitrary script code because the application fails to properly sanitize user-supplied input.

To exploit this issue, attackers must be able to perform a man-in-the-middle attack against the website that the gadget accesses for departure information.

An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of the affected process. This may facilitate unauthorized access.

Versions prior to National Rail Enquiries Live Departure Board Gadget 1.1 are vulnerable.

8. Trillian Overly Long Nickname Remote Denial Of Service Vulnerability
BugTraq ID: 28925
Remote: Yes
Date Published: 2008-04-24
Relevant URL: http://www.securityfocus.com/bid/28925
Summary:
Trillian is prone to a remote denial-of-service vulnerability because it fails to sufficiently bounds-check user-supplied data.

Few details regarding this vulnerability are available; we will update this BID when more information emerges.

Exploiting this issue allows remote attackers to trigger denial-of-service conditions, denying further service to legitimate users.

Trillian 3.1 is vulnerable; other versions may also be affected.

9. Apple Safari 3.1.1 For Windows Multiple Denial of Service and Spoofing Vulnerabilities
BugTraq ID: 28891
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28891
Summary:
Apple Safari is prone to multiple remote vulnerabilities, including:

- A denial-of-service vulnerability caused by a write-access violation.
- A denial-of-service vulnerability caused by a read-access violation.
- A vulnerability that allows attackers to spoof the content contained in the address bar.

An attacker can exploit these issues to crash the affected application or cause the victim to interact with the attacker's malicious site.

This issue affects Apple Safari 3.1.1 for Windows; other versions may also be affected.

10. Foxit Reader Multiple Remote Memory Corruption Vulnerabilities
BugTraq ID: 28890
Remote: Yes
Date Published: 2008-04-22
Relevant URL: http://www.securityfocus.com/bid/28890
Summary:
Foxit Reader is prone to two remote memory-corruption vulnerabilities because it fails to handle specially crafted PDF files.

Remote attackers may be able to execute code, but this has not been confirmed. Failed exploit attempts will crash the application, denying service to legitimate users.

Foxit Reader 2.2 is vulnerable; other versions may also be affected.

11. Microsoft 'HeartbeatCtl' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 28882
Remote: Yes
Date Published: 2008-04-21
Relevant URL: http://www.securityfocus.com/bid/28882
Summary:
Microsoft 'HeartbeatCtl' ActiveX control is prone to a remote buffer-overflow vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

12. SubEdit Player Subtitle File Remote Buffer Overflow Vulnerability
BugTraq ID: 28858
Remote: Yes
Date Published: 2008-04-19
Relevant URL: http://www.securityfocus.com/bid/28858
Summary:
SubEdit Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

The issue affects SubEdit Player Build 4066; other versions may also be affected.

13. Rising Antivirus SSDT 'NtOpenProcess()' Hook Local Denial of Service Vulnerability
BugTraq ID: 28744
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28744
Summary:
Rising Antivirus is prone to a local denial-of-service vulnerability.

Exploiting this vulnerability allows local attackers to crash affected computers, denying service to legitimate users.

Rising Antivirus 19.60.0.0 and 19.66.0.0 are vulnerable; other versions may also be affected.

14. Comodo Firewall Pro SSDT Hooks Multiple Local Vulnerabilities
BugTraq ID: 28742
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28742
Summary:
Comodo Firewall Pro is prone to multiple local vulnerabilities.

Exploiting these vulnerabilities allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

Comodo Firewall Pro 2.4.18.184 is vulnerable; other versions may also be affected.

15. BitDefender Antivirus 2008 Hooked SSDT Denial of Service Vulnerability
BugTraq ID: 28741
Remote: No
Date Published: 2008-04-28
Relevant URL: http://www.securityfocus.com/bid/28741
Summary:
BitDefender Antivirus 2008 is prone to a local denial-of-service vulnerability because they fail to adequately bounds-check user-supplied data.

Exploiting this vulnerability allows local attackers to crash affected computers, denying service to legitimate users. Attackers might also be able to gain elevated privileges by executing arbitrary machine code in the context of the kernel, but this has not been confirmed.

BitDefender Antivirus 2008 Build 11.0.11 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Cross-Site scripting
http://www.securityfocus.com/archive/88/491393

2. SecurityFocus Microsoft Newsletter #391
http://www.securityfocus.com/archive/88/491252

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP

Industry analysts estimate that more than 70 percent of today's security breaches occur with applications. Many are due to exploiting security defects within the code. Download this white paper from HP, 'Top six security mistakes .NET developers make' and learn about the top six mistakes developers should avoid to create more secure applications.
https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadPDF&zn=
bto&cp=54_4012_100__&caid=14139&jumpid=ex_r11374_us/en/large/tsg//Top6_S
ecurity_Mistakes_WP_Newsletter/3-1A4COJO_3-ULASZJ/20080429&origin_id=3-1
A4COJO

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus