Focus on Microsoft
SecurityFocus Microsoft Newsletter #411 Sep 12 2008 03:09PM
rkeith securityfocus com

SecurityFocus Microsoft Newsletter #411
----------------------------------------

This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.iroky.com/forenterprise2

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Get Off My Cloud
2.An Astonishing Collaboration
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
2. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
3. Maxthon Browser Remote Denial of Service Vulnerability
4. Apple iTunes Misleading Firewall Warning Weakness
5. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
6. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
7. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
8. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
9. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
10. Microsoft Organization Chart Remote Code Execution Vulnerability
11. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
12. Microsoft GDI+ BMP Integer Overflow Vulnerability
13. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
14. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
15. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
16. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
17. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
18. Wireshark 1.0.2 Multiple Vulnerabilities
19. RETIRED: Moodle Multiple Remote File Include Vulnerabilities
20. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
21. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
22. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Get Off My Cloud
By Mark Rasch
One of the features of Apple's device that appeals to me is the new MobileMe service, where you can "access and manage your email, contacts, calendar, photos, and files at me.com," according to Apple.
More companies, among them Microsoft and Google, already allow people to store information and use common services online -- or "in the cloud" -- leading analysts to refer to the entire trend as "cloud computing."
http://www.securityfocus.com/columnists/478

2.An Astonishing Collaboration
By Dan Kaminsky
Wow. It's out. It's finally, finally out. Sweet!
http://www.securityfocus.com/columnists/477

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
BugTraq ID: 31129
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31129
Summary:
Microsoft SQL Server 'sqlvdir.dll' ActiveX Control is prone to a buffer-overflow vulnerability because it fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely result in denial-of-service conditions.

This control is included with Microsoft SQL Server 2000; other versions may also be affected.

2. ZoneAlarm Security Suite AntiVirus Directory Path Buffer Overflow Vulnerability
BugTraq ID: 31124
Remote: Yes
Date Published: 2008-09-11
Relevant URL: http://www.securityfocus.com/bid/31124
Summary:
ZoneAlarm Security Suite is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input when performing virus scans on long directory paths.

Remote attackers may leverage this issue to execute arbitrary code with SYSTEM-level privileges and allow the attacker to gain complete access to the vulnerable computer. Failed attacks will cause denial-of-service conditions.

This issue affects ZoneAlarm Security Suite 7.0.483.000; other versions may also be affected.

3. Maxthon Browser Remote Denial of Service Vulnerability
BugTraq ID: 31098
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31098
Summary:
Maxthon Browser is prone to a denial-of-service vulnerability.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue will allow the attacker to crash the application, denying service to legitimate users.

This issue affects Maxthon Browser 2.1.4.443; other versions may also be affected.

4. Apple iTunes Misleading Firewall Warning Weakness
BugTraq ID: 31090
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31090
Summary:
Apple iTunes is prone to a weakness caused by a misleading firewall warning that conveys erroneous information to users.

This issue may lead to a false sense of security, potentially aiding in network-based attacks.

Versions prior to Apple iTunes 8.0 are vulnerable to this issue.

5. Apple iTunes Third Party Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31089
Remote: No
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31089
Summary:
Apple iTunes is prone to a local privilege-escalation vulnerability due to an integer-overflow issue.

Local attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will cause a denial-of-service condition.

This issue affects versions prior to iTunes 8.0 for Microsoft Windows XP and Microsoft Windows Vista.

6. Apple QuickTime Movie/PICT/QTVR Multiple Remote Vulnerabilities
BugTraq ID: 31086
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31086
Summary:
Apple QuickTime is prone to multiple remote vulnerabilities that may allow remote attackers to execute arbitrary code and carry out denial-of-service attacks.

These issues arise when the application handles specially crafted PICT image files, movies, and QTVR movies. Successful exploits may allow attackers to gain remote unauthorized access in the context of a vulnerable user and to trigger a denial-of-service condition.

Versions prior to QuickTime 7.5.5 are affected.

7. Microsoft Windows Image Acquisition Logger ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 31069
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31069
Summary:
Microsoft Windows Image Acquisition Logger ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content. The issue occurs because the control fails to sanitize user-supplied input.

An attacker can exploit this issue to overwrite files with attacker-supplied data, which will aid in further attacks.

8. Microsoft Office OneNote URL Handler Remote Code Execution Vulnerability
BugTraq ID: 31067
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31067
Summary:
Microsoft Office OneNote is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to follow maliciously crafted URIs.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

9. Microsoft Windows Media Encoder 9 'wmex.dll' ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 31065
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31065
Summary:
The Microsoft Windows Media Encoder 9 ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

10. Microsoft Organization Chart Remote Code Execution Vulnerability
BugTraq ID: 31059
Remote: Yes
Date Published: 2008-09-08
Relevant URL: http://www.securityfocus.com/bid/31059
Summary:
Microsoft Organization Chart is prone to a remote code-execution vulnerability because of a memory-access violation.

Remote attackers can exploit this issue by enticing victims into opening a maliciously crafted Organization Chart document.

Successful exploits may allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Microsoft Organization Chart 2.00,19 is vulnerable; other versions may also be affected.

11. IBM DB2 Universal Database Server 8.2 Prior To Fixpak 17 Multiple Vulnerabilities
BugTraq ID: 31058
Remote: Yes
Date Published: 2008-09-01
Relevant URL: http://www.securityfocus.com/bid/31058
Summary:
IBM DB2 Universal Database Server is prone to multiple vulnerabilities:

- A remote denial-of-service issue related to CONNECT / ATTACH processing.
- An unspecified vulnerability in the DB2FMP process.
- A remote denial-of-service issue in DB2JDS.
- The DB2FMP process executes with system privileges under Windows.

An attacker may exploit these issues to deny service to legitimate users. Other attacks may also be possible.

The CONNECT / ATTACH issue may be related to the issue discussed in BID 27870 (IBM DB2 Universal Database Multiple Vulnerabilities).

Very few details are available regarding these issues. We will update this BID as more information emerges.

These issues affect versions prior to IBM DB2 Universal Database Server 8.2 Fixpak 17.

12. Microsoft GDI+ BMP Integer Overflow Vulnerability
BugTraq ID: 31022
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31022
Summary:
Microsoft GDI+ is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by enticing unsuspecting users to view a malicious BMP file.

Successfully exploiting this issue allows remote attackers to corrupt memory and execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

13. Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
BugTraq ID: 31021
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31021
Summary:
Microsoft GDI+ is prone to a buffer-overflow vulnerability because the vector graphics linked library improperly allocates memory when parsing WMF image files.

Successfully exploiting this issue would allow an attacker to corrupt memory and execute arbitrary code in the context of the currently logged-in user.

14. Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
BugTraq ID: 31020
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31020
Summary:
Microsoft GDI+ is prone to a remote code-execution vulnerability because the vector graphics link library improperly parses GIF image files.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may crash applications that use the library.

15. Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
BugTraq ID: 31019
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31019
Summary:
Microsoft GDI+ is prone to a remote memory-corruption vulnerability that occurs when an application that uses the library tries to process a specially crafted EMF (Enhanced Metafile) image file.

Successfully exploiting this issue would allow an attacker to execute arbitrary code in the context of the currently logged-in user.

16. Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 31018
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/31018
Summary:
Microsoft GDI+ is prone to a heap-based buffer-overflow vulnerability because the vector graphics link library improperly processes gradient sizes.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute arbitrary code in the context of the currently logged-in user.

17. Microsoft September 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31014
Remote: Yes
Date Published: 2008-09-04
Relevant URL: http://www.securityfocus.com/bid/31014
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on September 9, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to document the issues when the bulletins are released.

18. Wireshark 1.0.2 Multiple Vulnerabilities
BugTraq ID: 31009
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/31009
Summary:
Wireshark is prone to multiple vulnerabilities, including buffer-overflow and denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.9.7 up to and including 1.0.2.

19. RETIRED: Moodle Multiple Remote File Include Vulnerabilities
BugTraq ID: 30995
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30995
Summary:
Moodle is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible.

These issues affect Moodle 1.8.4; other versions may also be affected.

NOTE: Further analysis indicates that these issues were previously documented in BID 28599 (kses Multiple Input Validation Vulnerabilities), so this BID is being retired.

20. Open-FTPD Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 30993
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30993
Summary:
Open-FTPD is prone to multiple remote denial-of-service vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users. Given the nature of these issues, attackers may also be able to run arbitrary code, but this has not been confirmed.

Open-FTPD 1.2 is vulnerable; other versions may also be affected.

21. @Mail and @Mail WebMail Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 30992
Remote: Yes
Date Published: 2008-09-03
Relevant URL: http://www.securityfocus.com/bid/30992
Summary:
@Mail and @Mail WebMail are prone to multiple cross-site scripting vulnerabilities because the applications fail to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

These issues affect the following versions:

@Mail WebMail 5.05 running on Microsoft Windows
@Mail 5.42 running on CentOS

Other versions running on different platforms may also be affected.

22. Softalk Mail Server 'APPEND' Command Remote Denial of Service Vulnerability
BugTraq ID: 30970
Remote: Yes
Date Published: 2008-09-02
Relevant URL: http://www.securityfocus.com/bid/30970
Summary:
Softalk Mail Server is prone to a remote denial-of-service vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to crash the affected application, denying service to legitimate users.
Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Softalk Mail Server 8.5.1 is vulnerable; other versions may also be affected.

23. Microsoft Windows Media Player SSPL File Sample Rate Remote Code-Execution Vulnerability
BugTraq ID: 30550
Remote: Yes
Date Published: 2008-09-09
Relevant URL: http://www.securityfocus.com/bid/30550
Summary:
Microsoft Windows Media Player is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.iroky.com/forenterprise2

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus