Focus on Microsoft
SecurityFocus Microsoft Newsletter #416 Oct 16 2008 10:57PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #416
----------------------------------------

This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStar
t&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/We
bInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6
MII

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Vice of Vice Presidential E-Mail
2.Blaming the Good Samaritan
II. MICROSOFT VULNERABILITY SUMMARY
1. Hummingbird HostExplorer ActiveX Control 'PlainTextPassword()' Buffer Overflow Vulnerability
2. Adobe Flash CS3 Professional SWF File Heap Buffer Overflow Vulnerability
3. Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
4. Titan FTP Server 'SITE WHO' Command Remote Denial of Service Vulnerability
5. Etype Eserv FTP 'ABOR' Command Remote Stack Based Buffer Overflow Vulnerability
6. Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities
7. RaidenFTPD 'MLST' Command Remote Stack Based Buffer Overflow Vulnerability
8. XM Easy Personal FTP Server 'NSLT' Command Remote Denial of Service Vulnerability
9. Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability
10. Apple OS X QuickLook Excel File Integer Overflow Vulnerability
11. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
12. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
13. Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability
14. NoticeWare Email Server NG 'PASS' Command Remote Denial of Service Vulnerability
15. Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
16. Win FTP Server 'NLIST' Command Remote Denial of Service Vulnerability
17. Computer Associates ARCserve Backup Multiple Remote Vulnerabilities
18. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
19. RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
20. Microsoft Windows VAD Local Privilege Escalation Vulnerability
21. Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
22. Microsoft October 2008 Advance Notification Multiple Vulnerabilities
23. Drupal Multiple Modules Security Bypass Vulnerabilities
24. Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
25. Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation Vulnerability
26. Microsoft Windows Kernel Memory Corruption Local Privilege Escalation Vulnerability
27. Microsoft Windows Kernel Window Creation Local Privilege Escalation Vulnerability
28. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
29. Cisco Unity 7.0 Multiple Remote Vulnerabilities
30. Cisco Unity Remote Administration Authentication Bypass Vulnerability
31. Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability
32. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
33. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability
34. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
35. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
36. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
37. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
38. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
39. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
40. Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability
41. Internet Download Manager File Parsing Buffer Overflow Vulnerability
42. MetaGauge Web Server Directory Traversal Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #415
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Vice of Vice Presidential E-Mail
By Mark Rasch
Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
http://www.securityfocus.com/columnists/482

2.Blaming the Good Samaritan
By Houston Carr
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/481

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Hummingbird HostExplorer ActiveX Control 'PlainTextPassword()' Buffer Overflow Vulnerability
BugTraq ID: 31783
Remote: Yes
Date Published: 2008-10-16
Relevant URL: http://www.securityfocus.com/bid/31783
Summary:
Hummingbird HostExplorer ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

2. Adobe Flash CS3 Professional SWF File Heap Buffer Overflow Vulnerability
BugTraq ID: 31769
Remote: Yes
Date Published: 2008-10-15
Relevant URL: http://www.securityfocus.com/bid/31769
Summary:
Adobe Flash CS3 Professional is prone to a heap-buffer overflow vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Flash CS3 Professional for Microsoft Windows is vulnerable.

3. Microsoft Outlook Web Access for Exchange Server 'redir.asp' URI Redirection Vulnerability
BugTraq ID: 31765
Remote: Yes
Date Published: 2008-10-15
Relevant URL: http://www.securityfocus.com/bid/31765
Summary:
Outlook Web Access is prone to a remote URI-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks.

OWA 6.5 SP 2 is vulnerable; other versions may also be affected.

4. Titan FTP Server 'SITE WHO' Command Remote Denial of Service Vulnerability
BugTraq ID: 31757
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31757
Summary:
Titan FTP Server is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash affected FTP servers, denying service to legitimate users.

Titan FTP Server 6.26 build 630 is vulnerable; other versions may also be affected.

5. Etype Eserv FTP 'ABOR' Command Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31753
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31753
Summary:
Etype Eserv is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Eserv 3.26 is vulnerable; other versions may also be affected.

6. Husdawg System Requirements Lab Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 31752
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31752
Summary:
Husdawg System Requirements Lab ActiveX controls and Java applets are prone to multiple remote code-execution vulnerabilities.

Successful exploit will allow attackers to download and execute arbitrary files on the affected computer in the context of the application that uses the plugins.

7. RaidenFTPD 'MLST' Command Remote Stack Based Buffer Overflow Vulnerability
BugTraq ID: 31741
Remote: Yes
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31741
Summary:
RaidenFTPD is prone to a remote stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

RaidenFTPD 2.4 build 3620 is vulnerable; other versions may also be affected.

8. XM Easy Personal FTP Server 'NSLT' Command Remote Denial of Service Vulnerability
BugTraq ID: 31739
Remote: Yes
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31739
Summary:
XM Easy Personal FTP Server is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash affected FTP servers, denying service to legitimate users.

XM Easy Personal FTP Server 5.6.0 is vulnerable; other versions may also be affected.

9. Lenovo Rescue and Recovery 'tvtumon.sys' Heap Overflow Vulnerability
BugTraq ID: 31737
Remote: No
Date Published: 2008-10-13
Relevant URL: http://www.securityfocus.com/bid/31737
Summary:
Lenovo Rescue and Recovery is prone to a heap-based overflow vulnerability.

A successful exploit of this vulnerability can allow a local attacker to completely compromise the affected computer.

Lenovo Rescue and Recover 4.20 is vulnerable.

10. Apple OS X QuickLook Excel File Integer Overflow Vulnerability
BugTraq ID: 31707
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31707
Summary:
Apple OS X QuickLook is prone to an integer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Specifically, this issue is related to the handling of Microsoft Excel spreadsheet files.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

NOTE: This issue was previously covered in BID 31681 (Apple Mac OS X 2008-007 Multiple Security Vulnerabilities) but has been given its own record to better document this vulnerability.

11. Microsoft Excel Formula Parsing Remote Code Execution Vulnerability
BugTraq ID: 31706
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31706
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

12. Microsoft Excel BIFF File Format Parsing Remote Code Execution Vulnerability
BugTraq ID: 31705
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31705
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

13. Microsoft Excel Calendar Object Validation Remote Code Execution Vulnerability
BugTraq ID: 31702
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31702
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

14. NoticeWare Email Server NG 'PASS' Command Remote Denial of Service Vulnerability
BugTraq ID: 31697
Remote: Yes
Date Published: 2008-10-10
Relevant URL: http://www.securityfocus.com/bid/31697
Summary:
NoticeWare Email Server NG is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying service to legitimate users.

This issue affects NoticeWare Email Server NG 5.1.2.2; other versions may also be vulnerable.

15. Microsoft Office CDO Protocol Cross Site Scripting Vulnerability
BugTraq ID: 31693
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31693
Summary:
Microsoft Office is prone to a cross-site scripting vulnerability that arises because the software fails to handle specially crafted CDO protocol URIs in a proper manner.

Successfully exploiting this issue may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Office XP Service Pack 3 is vulnerable.

16. Win FTP Server 'NLIST' Command Remote Denial of Service Vulnerability
BugTraq ID: 31686
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31686
Summary:
Win FTP Server is prone to a remote denial-of-service vulnerability.

Exploiting this issue allows remote attackers to crash the application, denying service to legitimate users.

This issue affects Win FTP 2.0.2; other versions may also be vulnerable.

17. Computer Associates ARCserve Backup Multiple Remote Vulnerabilities
BugTraq ID: 31684
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31684
Summary:
Computer Associates ARCserve Backup is prone to multiple remote vulnerabilities.

Successful exploits allow remote attackers to cause denial-of-service conditions or to execute arbitrary commands in the context of the affected application. This may result in a complete compromise of affected computers.

The following applications are affected:

CA BrightStor ARCserve Backup r11.1, r11.5, r12.0 for Windows
CA Server Protection Suite r2
CA Business Protection Suite r2
CA Business Protection Suite for Microsoft Small Business Server Standard Edition r2
CA Business Protection Suite for Microsoft Small Business Server Premium Edition r2

18. Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
BugTraq ID: 31682
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31682
Summary:
Microsoft Internet Printing Service is prone to an integer-overflow vulnerability.

Exploiting this vulnerability allows attackers to execute arbitrary code with the privileges of the user running the affected service.

19. RETIRED: Apple Mac OS X 2008-007 Multiple Security Vulnerabilities
BugTraq ID: 31681
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31681
Summary:
Apple Mac OS X is prone to multiple security vulnerabilities that have been addressed in Security Update 2008-007.

The security update addresses a total of 11 new vulnerabilities that affect the ColorSync, CUPS, Finder, launchd, Networking, Postfix, PSNormalizer, rlogin, Script Editor, and Weblog components of Mac OS X. The advisory also contains security updates for 30 previously reported issues.

NOTE: This BID is being retired; the following individual records have been created to better document these issues:

31716 Apple Script Editor Unspecified Insecure Temporary File Creation Vulnerability
31718 Apple Mac OS X Server Weblog Access Control List Security Bypass Vulnerability
31708 Apple Mac OS X 'hosts.equiv' Security Bypass Vulnerability
31721 Apple Mac OS X 10.5 Postfix Security Bypass Vulnerability
31719 Apple PSNormalizer PostScript Buffer Overflow Vulnerability
31711 Apple Mac OS X 'configd' EAPOLController Plugin Local Heap Based Buffer Overflow Vulnerability
31715 Apple Mac OS X ColorSync ICC Profile Remote Buffer Overflow Vulnerability
31720 Apple Finder Denial of Service Vulnerability
31707 Apple OS X QuickLook Excel File Integer Overflow Vulnerability
31688 CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
31722 Apple Mac OS X 10.5 'launchd' Unspecified Security Bypass Vulnerability

20. Microsoft Windows VAD Local Privilege Escalation Vulnerability
BugTraq ID: 31675
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31675
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability because of an error in how the system memory manager handles memory allocation in relation to Virtual Address Descriptors (VAD).

A successful exploit will let a local attacker completely compromise an affected computer.

21. Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
BugTraq ID: 31673
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31673
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability in the Ancillary Function Driver ('afd.sys').

A successful exploit of this vulnerability will let a local attacker completely compromise an affected computer.

22. Microsoft October 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 31667
Remote: Yes
Date Published: 2008-10-09
Relevant URL: http://www.securityfocus.com/bid/31667
Summary:
Microsoft has released advance notification that the vendor will be releasing eleven security bulletins on October 14, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created to better document these issues when the bulletins are released.

23. Drupal Multiple Modules Security Bypass Vulnerabilities
BugTraq ID: 31660
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31660
Summary:
Multiple Drupal Modules are prone to security-bypass vulnerabilities that may allow attackers to gain access to administrative or sensitive areas of the application without the appropriate privileges.

These issues affect versions prior to the following:

Live module 6.x-1.0
AJAX Picture Preview module 6.x-1.2
Admin:hover module 6.x-1.x-dev before 2008-Oct-08
Banner Rotor Module 6.x-1.3
Creative Commons Lite 6.x-1.1
Keyboard shortcut utilty 6.x-1.1
LiveJournal CrossPoster 6.x-1.4
Taxonomy import/export via XML 6.x-1.2
User Referral 6.x-1.x-dev before 2008-Oct-08

24. Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
BugTraq ID: 31654
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31654
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

25. Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation Vulnerability
BugTraq ID: 31653
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31653
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

26. Microsoft Windows Kernel Memory Corruption Local Privilege Escalation Vulnerability
BugTraq ID: 31652
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31652
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

27. Microsoft Windows Kernel Window Creation Local Privilege Escalation Vulnerability
BugTraq ID: 31651
Remote: No
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31651
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.

28. Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
BugTraq ID: 31647
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31647
Summary:
Microsoft Windows is prone to a remote code execution vulnerability. This is due to a buffer underflow condition in the SMB (Server Message Block) protocol implementation.

To exploit the issue, the attacker must first successfully authenticate as a legitimate user or a Guest user on the affected computer. A successful exploit will completely compromise the affected computer.

29. Cisco Unity 7.0 Multiple Remote Vulnerabilities
BugTraq ID: 31642
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31642
Summary:
Cisco Unity is prone to multiple remote vulnerabilities, including:

- An information-disclosure vulnerability in the web interface
- A denial-of-service vulnerability in the administration interface
- A script-injection vulnerability in the web interface
- Multiple denial-of-service vulnerabilities in unspecified services

These issues are reported in Cisco Unity 7.0; other versions may also be affected.

30. Cisco Unity Remote Administration Authentication Bypass Vulnerability
BugTraq ID: 31638
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31638
Summary:
Cisco Unity is prone to an authentication-bypass vulnerability.

Exploiting this issue can allow remote attackers to gain unauthorized administrative privileges. This issue is being tracked by Cisco Bug ID CSCsr86943.

Versions prior to the following are vulnerable:

Cisco Unity 4.0 ES161 for the 4.x release
Cisco Unity 5.0 ES53 for the 5.x release
Cisco Unity 7.0 ES8 for the 7.x release

31. Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability
BugTraq ID: 31637
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31637
Summary:
The Microsoft Message Queuing service (MSMQ) is prone to a remote heap-corruption vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges, facilitating the complete compromise of an affected computer. Failed exploit attempts will result in a denial-of-service condition.

This issue is exploitable remotely on Windows 2000 systems only. The MSMQ service is not installed or enabled by default. For a computer to be exploited, an administrator must have explicitly installed and enabled the service.

32. Avaya one-X Desktop Edition SIP Remote Denial Of Service Vulnerability
BugTraq ID: 31636
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31636
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Avaya one-X Desktop Edition 2.1 is vulnerable; other versions may also be affected.

33. Microsoft PicturePusher 'PipPPush.dll' ActiveX Control Arbitrary File Download Vulnerability
BugTraq ID: 31632
Remote: Yes
Date Published: 2008-10-08
Relevant URL: http://www.securityfocus.com/bid/31632
Summary:
Microsoft PicturePusher ActiveX control in 'PipPPush.dll' is prone to a vulnerability that lets attackers download arbitrary files.

Attackers may exploit this issue by enticing victims into visiting a maliciously crafted webpage.

Successful exploits will allow remote attackers to download files from arbitrary locations to the affected computer.

The affected ActiveX control may be a component of Microsoft Digital Image 2006 Starter Edition.

'PipPPush.dll' 7.00.0709 is vulnerable; other versions may also be affected.

34. Microsoft Host Integration Server RPC Remote Command Execution Vulnerability
BugTraq ID: 31620
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31620
Summary:
Microsoft Windows is prone to a remote command-execution vulnerability in the SNA service through a remote procedure call (RPC).

Successfully exploiting this issue would allow an attacker to execute arbitrary commands on an affected computer in the context of the affected service.

35. Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
BugTraq ID: 31618
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31618
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

36. Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
BugTraq ID: 31617
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31617
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

37. Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
BugTraq ID: 31616
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31616
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

38. Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
BugTraq ID: 31615
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31615
Summary:
Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow attackers to steal cookie-based authentication credentials and launch other attacks.

NOTE: Attackers exploiting this issue on Internet Explorer 6 SP1 running on Microsoft Windows 2000 SP4 may leverage the issue to execute remote code. Other vulnerable versions of the browser are prone only to information disclosure.

39. Mozilla Firefox Internet Shortcut Same Origin Policy Violation Vulnerability
BugTraq ID: 31611
Remote: Yes
Date Published: 2008-10-07
Relevant URL: http://www.securityfocus.com/bid/31611
Summary:
Mozilla Firefox is prone to a vulnerability that allows attackers to violate the same-origin policy. This issue occurs because the application fails to properly enforce the same-origin policy when handling internet shortcut files.

An attacker may create a malicious webpage that can access the properties of another domain. This may allow the attacker to obtain sensitive information or launch other attacks against a user of the browser.

Firefox 3.0.1 through 3.0.3 for Microsoft Windows are vulnerable; other versions may also be affected.

40. Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability
BugTraq ID: 31609
Remote: Yes
Date Published: 2008-10-14
Relevant URL: http://www.securityfocus.com/bid/31609
Summary:
Microsoft Windows Active Directory is prone to a remote code-execution vulnerability that arises because the application fails to handle specially crafted LDAP or LDAP over SSL (LDAPS) requests in a proper manner.

Successfully exploiting this issue would allow an attacker to execute arbitrary code and gain complete access to a vulnerable computer. The attacker may also be able to cause the affected system to stop responding to further requests and restart.

This issue affects only Windows 2000 servers configured as Active Directory domain controllers.

41. Internet Download Manager File Parsing Buffer Overflow Vulnerability
BugTraq ID: 31603
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31603
Summary:
Internet Download Manager (IDM) is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker may exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

NOTE: This vulnerability may be related to the issue described in BID 14159 (Internet Download Manager Buffer Overflow Vulnerability), but this has not been confirmed.

We don't know which versions of IDM are affected. We will update this BID when more information emerges.

42. MetaGauge Web Server Directory Traversal Vulnerability
BugTraq ID: 31596
Remote: Yes
Date Published: 2008-10-06
Relevant URL: http://www.securityfocus.com/bid/31596
Summary:
MetaGauge is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue will allow an attacker to view arbitrary local files within the context of the webserver. Information harvested may aid in launching further attacks.

Versions prior to MetaGauge 1.0.3.38 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #415
http://www.securityfocus.com/archive/88/497234

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by HP:

Download a FREE trial of HP WebInspect
Application attacks are growing more prevalent. New attacks are in the news each day. Now it's time for you to assess your applications and start detecting and removing vulnerabilities.
HP can help, with a full suite of application security solutions. Get started today with a complimentary trial download that uses an HP test application. Thoroughly analyze today's complex web applications in a runtime environment with fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
Download WebInspect now:

https://h10078.www1.hp.com/cda/hpdc/navigation.do?action=downloadBinStar
t&zn=bto&cp=54_4012_100__&caid=14563&jumpid=ex_r11374_us/en/large/tsg/We
bInspect_Eval_Secutiy_Focus/3-1QN6MII_3-UTM2ZJ/20081015&origin_id=3-1QN6
MII

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus