Focus on Microsoft
SecurityFocus Microsoft Newsletter #413 Sep 25 2008 10:12PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #413
----------------------------------------

Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now: https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStar
t&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/We
bInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN
6MIF

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Boston Trio and the MBTA
2.From Physics to Security
II. MICROSOFT VULNERABILITY SUMMARY
1. K-Lite Mega Codec Pack 'vsfilter.dll' Denial Of Service Vulnerability
2. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
3. phpMyAdmin Cross Site Scripting Vulnerability
4. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
5. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
6. DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities
7. Kantan WEB Server Unspecified Directory Traversal Vulnerability
8. Kantan WEB Server Unspecified Cross Site Scripting Vulnerability
9. Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities
10. Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities
11. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
12. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
13. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
14. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Boston Trio and the MBTA
By Mark Rasch
The annual DEFCON conference in Las Vegas in early August got a bit more interesting than usual when three graduate students from the Massachusetts Institute of Technology were enjoined from giving a presentation by a Court in Boston.
http://www.securityfocus.com/columnists/480

2.From Physics to Security
By Federico Biancuzzi
Wietse Venema started out as a physicist, but became interested in the security of the programs he wrote to control his physics experiments. He went on to create several well-known network and security tools, including the Security Administrator's Tool for Analyzing Networks (SATAN) and The Coroner's Toolkit with Dan Farmer. He is also the creator of the popular MTA Postfix and TCP Wrapper.
http://www.securityfocus.com/columnists/479

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. K-Lite Mega Codec Pack 'vsfilter.dll' Denial Of Service Vulnerability
BugTraq ID: 31400
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31400
Summary:
K-Lite Mega Codec pack is prone to a denial-of-service vulnerability. The problem occurs when the 'vsfilter.dll' library is installed on the affected computer.

Attackers can exploit this issue to cause Windows Explorer to crash, denying service to legitimate users.

2. Microsoft WordPad '.doc' File Remote Denial of Service Vulnerability
BugTraq ID: 31399
Remote: Yes
Date Published: 2008-09-25
Relevant URL: http://www.securityfocus.com/bid/31399
Summary:
WordPad is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to open a specially crafted .doc file.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users. Arbitrary code execution may also be possible; this has not been confirmed.

3. phpMyAdmin Cross Site Scripting Vulnerability
BugTraq ID: 31327
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31327
Summary:
phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Versions prior to phpMyAdmin 2.11.9.2 are vulnerable.

4. DataSpade 'index.asp' Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 31317
Remote: Yes
Date Published: 2008-09-23
Relevant URL: http://www.securityfocus.com/bid/31317
Summary:
DataSpade is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

DataSpade 1.0 is vulnerable; other versions may also be affected.

5. Foxmail Email Client 'mailto' Buffer Overflow Vulnerability
BugTraq ID: 31294
Remote: Yes
Date Published: 2008-09-22
Relevant URL: http://www.securityfocus.com/bid/31294
Summary:
Foxmail Email Client is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue will allow an attacker to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Foxmail Email Client 6.5 is vulnerable; other versions may also be affected.

6. DESlock+ Local Buffer Overflow and Multiple Denial of Service Vulnerabilities
BugTraq ID: 31273
Remote: No
Date Published: 2008-09-20
Relevant URL: http://www.securityfocus.com/bid/31273
Summary:
DESlock+ is prone to multiple local vulnerabilities, including a buffer-overflow issue and multiple denial-of-service issues.

Local attackers can exploit these issues to execute arbitrary code with SYSTEM-level privileges or cause denial-of-service conditions.

These issues affect DESlock+ 3.2.7 and prior versions.

7. Kantan WEB Server Unspecified Directory Traversal Vulnerability
BugTraq ID: 31245
Remote: Yes
Date Published: 2008-09-18
Relevant URL: http://www.securityfocus.com/bid/31245
Summary:
Kantan WEB Server is prone to an unspecified directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Versions prior to Kantan WEB Server 1.9 are vulnerable.

8. Kantan WEB Server Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 31244
Remote: Yes
Date Published: 2008-09-18
Relevant URL: http://www.securityfocus.com/bid/31244
Summary:
Kantan WEB Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to Kantan WEB Server 1.9 are vulnerable.

9. Data Dynamics ActiveReports ARViewer2 ActiveX Control Multiple Insecure Method Vulnerabilities
BugTraq ID: 31227
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31227
Summary:
Data Dynamics ActiveReports ActiveX control is prone to multiple insecure-method vulnerabilities caused by design errors.

An attacker can exploit these issues to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.

These issues affect Data Dynamics ActiveReports Professional Edition Build 2.5.0.1314 ('ARView2.ocx' version 2.5.0.1314); other versions may also be affected.

10. Acritum Femitter Server Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 31226
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31226
Summary:
Acritum Femitter Server is prone to an information-disclosure vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues may allow an attacker to obtain sensitive information or cause the affected application to crash, denying service to legitimate users.

Femitter Server 1.03 is vulnerable; other versions may also be affected.

11. Microsoft Internet Explorer Malfromed PNG File Remote Denial of Service Vulnerability
BugTraq ID: 31215
Remote: Yes
Date Published: 2008-09-17
Relevant URL: http://www.securityfocus.com/bid/31215
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to view a web page embedded with a malicious PNG file.

Successfully exploiting this issue will cause the application to stop responding, denying service to legitimate users.

Microsoft Internet Explorer 7 and 8 Beta 1 are vulnerable; other versions may also be affected.

12. Adobe Illustrator Malformed AI File Remote Code Execution Vulnerability
BugTraq ID: 31208
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31208
Summary:
Adobe Illustrator is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious AI file.

Successfully exploiting this issue will allow attackers to execute arbitrary code with the privileges of the user running the affected application.

This issue affects only Adobe Illustrator CS2 for Macintosh.

13. Acresso FLEXnet Connect 'GetRules.asp' Remote Code Execution Vulnerability
BugTraq ID: 31204
Remote: Yes
Date Published: 2008-09-16
Relevant URL: http://www.securityfocus.com/bid/31204
Summary:
Acresso FLEXnet Connect is prone to a remote code-execution vulnerability because it fails to adequately verify the authenticity of files obtained from update servers. The product has been formerly available as Macrovision FLEXnet Connect and as InstallShield Update Service.

Attackers can exploit this issue by performing man-in-the-middle attacks to have the client download and execute a malicious file hosted on an attacker-controlled computer. Other attacks may also be possible.

Acresso FLEXnet Connect is vulnerable. Additional products that use the FLEXnet functionality may also be vulnerable.

14. Microsoft Windows WRITE_ANDX SMB Processing Remote Denial Of Service Vulnerability
BugTraq ID: 31179
Remote: Yes
Date Published: 2008-09-15
Relevant URL: http://www.securityfocus.com/bid/31179
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability because it fails to adequately handle specially crafted SMB packets.

Attackers can exploit this issue to cause an affected computer to stop responding, denying service to legitimate users. Given the nature of this issue, attackers may also be able to run arbitrary code with SYSTEM-level privileges, but this has not been confirmed.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Download a FREE trial of HP WebInspect

Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now: https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStar
t&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/We
bInspect_Eval_Security_Focus/3-1QN6MIF_3-UTM2ZJ/20080920&origin_id=3-1QN
6MIF

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus