Focus on Microsoft
SecurityFocus Microsoft Newsletter #399 Jun 21 2008 02:49PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #399
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Racing Against Reversers
2.Anti-Social Networking
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari Automatic File Launch Remote Code Execution Vulnerability
2. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability
3. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
4. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
5. Skulltag Malformed Packet Denial of Service Vulnerability
6. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
7. 3D-FTP 'LIST' and 'MLSD' Directory Traversal Vulnerabilities
8. Glub Tech Secure FTP 'LIST' Command Directory Traversal Vulnerability
9. artegic AG Dana Remote Buffer Overflow Vulnerability
10. muvee autoProducer 'TextOut.dll' ActiveX Control Remote Buffer Overflow Vulnerability
11. RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
12. Microsoft Windows WINS Server Local Privilege Escalation Vulnerability
13. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
14. Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability
15. Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability
16. Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability
17. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
18. Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability
19. Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. default for requiring authentication 2003
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.
http://www.securityfocus.com/columnists/474

2.Anti-Social Networking
By Mark Rasch
On May 15, 2008, a federal grand jury Los Angeles indicted 49-year-old Lori Drew of O.Fallon, Missouri, on charges of unauthorized access to a computer, typically used in hacking cases. Yet, Drew's alleged actions had little to do with computer intrusions.
http://www.securityfocus.com/columnists/473

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari Automatic File Launch Remote Code Execution Vulnerability
BugTraq ID: 29835
Remote: Yes
Date Published: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29835
Summary:
Apple Safari is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious webpage contained in a trusted Internet Explorer 7 zone or contained in an Internet Explorer 6 'local intranet' or 'Trusted site' zone.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects versions prior to Apple Safari 3.1.2 running on Microsoft Windows XP and Windows Vista.

2. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability
BugTraq ID: 29792
Remote: Yes
Date Published: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29792
Summary:
Microsoft Visual Basic Enterprise Edition 6 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate size checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

Microsoft Visual Basic Enterprise Edition 6 SP6 is vulnerable; other versions may also be affected.

3. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29784
Remote: Yes
Date Published: 2008-06-17
Relevant URL: http://www.securityfocus.com/bid/29784
Summary:
UltraEdit is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP/SFTP client.

Exploiting this issue will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

UltraEdit 14.00b is vulnerable; other versions may also be affected.

4. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
BugTraq ID: 29769
Remote: Yes
Date Published: 2008-06-17
Relevant URL: http://www.securityfocus.com/bid/29769
Summary:
Microsoft Word is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.

Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.

5. Skulltag Malformed Packet Denial of Service Vulnerability
BugTraq ID: 29760
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29760
Summary:
Skulltag is prone to a vulnerability that can cause denial-of-service conditions.

A successful attack will deny service to legitimate users.

Skulltag 0.97d2-RC3 is vulnerable; other versions may also be affected.

6. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
BugTraq ID: 29758
Remote: No
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29758
Summary:
The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows.

Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.

7. 3D-FTP 'LIST' and 'MLSD' Directory Traversal Vulnerabilities
BugTraq ID: 29749
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29749
Summary:
3D-FTP is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

3D-FTP 8.01 is vulnerable; other versions may also be affected.

8. Glub Tech Secure FTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29741
Remote: Yes
Date Published: 2008-06-13
Relevant URL: http://www.securityfocus.com/bid/29741
Summary:
Glub Tech Secure FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP client.

Exploiting these issues will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Secure FTP 2.5.15 for Microsoft Windows is vulnerable; other versions may also be affected.

9. artegic AG Dana Remote Buffer Overflow Vulnerability
BugTraq ID: 29724
Remote: Yes
Date Published: 2008-06-14
Relevant URL: http://www.securityfocus.com/bid/29724
Summary:
Dana is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects Dana 1.3 and prior versions.

10. muvee autoProducer 'TextOut.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 29693
Remote: Yes
Date Published: 2008-06-12
Relevant URL: http://www.securityfocus.com/bid/29693
Summary:
The 'muvee autoProducer' program is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

This issue affects muvee autoProducer 6.1; other versions may also be affected.

11. RETIRED: Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities
BugTraq ID: 29619
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29619
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code.

These issues arise when the application handles specially crafted PICT image files, Indeo video content, movie files, 'file:' URIs, and AAC-encoded media. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user; failed exploits will cause denial-of-service conditions.

Versions prior to QuickTime 7.5 are affected.

NOTE: This BID is being retired; the following individual records have been created to better document the issues:

29649 Apple QuickTime 'PICT' Image 'PixData' Structures Handling Heap Overflow Vulnerability
29650 Apple QuickTime 'file:' URI File Execution Vulnerability
29654 Apple QuickTime 'AAC-encoded' Media Memory Corruption Vulnerability
29648 Apple QuickTime 'PICT' Image Buffer Overflow Vulnerability
29652 Apple QuickTime Indo Video Codec Buffer Overflow Vulnerability

12. Microsoft Windows WINS Server Local Privilege Escalation Vulnerability
BugTraq ID: 29588
Remote: No
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29588
Summary:
Microsoft Windows WINS server is prone to a local privilege-escalation vulnerability that may be triggered by malicious WINS network packets.

Successful exploits allow local attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising the affected computer.

13. Microsoft Windows Active Directory LDAP Request Validation Remote Denial Of Service Vulnerability
BugTraq ID: 29584
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29584
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because Microsoft Active Directory, ADAM (Active Directory Application Mode), and AD LDS (Active Directory Lightweight Directory Service) fail to handle specially crafted Lightweight Directory Access Protocol (LDAP) requests.

An attacker can exploit this issue by sending a specially crafted LDAP request to the affected computer. This would cause the affected system to temporarily stop responding to LDAP requests, thus denying further service to legitimate users.

Note that the attacker requires valid logon credentials to exploit this issue on Windows Server 2003 and on any system that has ADAM installed.

This issue affects these components:

- Active Directory on Microsoft Windows 2000, Windows Server 2003, and Windows Server 2008
- ADAM on Windows XP Professional and Windows Server 2003
- AD LDS on Windows Server 2008

Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

14. Microsoft DirectX MJPEG Video Streaming Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29581
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29581
Summary:
Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

15. Microsoft DirectX SAMI File Parsing Stack Based Buffer Overflow Vulnerability
BugTraq ID: 29578
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29578
Summary:
Microsoft DirectX is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling malformed SAMI files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application that uses DirectX. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

16. Microsoft Internet Explorer HTML Objects 'substringData()' Remote Code Execution Vulnerability
BugTraq ID: 29556
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29556
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because it fails to perform adequate boundary checks when handling certain HTML object data.

Attackers can leverage this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise affected computers. Failed attacks may cause denial-of-service conditions.

17. Microsoft Windows Bluetooth Stack Remote Code Execution Vulnerability
BugTraq ID: 29522
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29522
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because its implementation of the Bluetooth stack fails to adequately handle a flood of specially crafted SDP (Service Discovery Protocol) requests.

To exploit this issue, an attacker must be within close physical proximity of the affected computer.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will completely compromise affected computers.

This issue affects only computers with Bluetooth capability.

18. Microsoft Windows PGM Invalid Fragment Remote Denial Of Service Vulnerability
BugTraq ID: 29509
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29509
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM (Pragmatic General Multicast) network traffic.

Attackers can exploit this issue to cause affected computers to stop responding until all the malformed packets have been processed. Successful attacks will deny service to legitimate users.

On computers running Windows XP and Windows Server 2003, PGM is enabled only when Microsoft Message Queuing (MSMQ) 3.0 is installed. The MSMQ service is not installed by default.

On computers running Windows Vista or Windows Server 2008, PGM is enabled only when Microsoft Message Queuing (MSMQ) 4.0 is installed and when PGM is specifically enabled. The MSMQ service is not installed by default. When MSMQ is installed, PGM processing is not enabled by default.

19. Microsoft Windows PGM Invalid Length Remote Denial Of Service Vulnerability
BugTraq ID: 29508
Remote: Yes
Date Published: 2008-06-10
Relevant URL: http://www.securityfocus.com/bid/29508
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted PGM (Pragmatic General Multicast) network traffic.

Attackers can exploit this issue to cause an affected computer to stop responding until it is manually restarted. Successful attacks will deny service to legitimate users.

NOTE: PGM is enabled only when Microsoft Message Queuing (MSMQ) 3.0 is installed on computers running Windows XP and Windows Server 2003. The MSMQ service is not installed by default. Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. default for requiring authentication 2003
http://www.securityfocus.com/archive/88/493298

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus