Focus on Microsoft
SecurityFocus Microsoft Newsletter #419 Nov 13 2008 08:58PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #419
----------------------------------------

This issue is sponsored by IronKey:

IronKey flash drives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Clicking to the Past
2. The Vice of Vice Presidential E-Mail
II. MICROSOFT VULNERABILITY SUMMARY
1. pi3Web ISAPI Directory Remote Denial Of Service Vulnerability
2. Microsoft Windows 'UnhookWindowsHookEx' Local Denial Of Service Vulnerability
3. Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability
4. Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
5. VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability
6. Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability
7. Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
8. Adobe Flash Player Multiple Security Vulnerabilities
9. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
10. Network-Client FTP Now Heap Buffer Overflow Vulnerability
11. Microsoft Windows Media Player MIDI File MThd Header Parsing Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Clicking to the Past
By Chris Wysopal
When the first details trickled out about a new attack, dubbed .clickjacking. by the researchers who found it, the descriptions made me think of the tricks I used to pull during penetration tests ten years ago to get administrator privileges: Tricking the user into issuing a command on an attacker.s behalf is one of the oldest attack vectors in the book.
http://www.securityfocus.com/columnists/483

2a .The Vice of Vice Presidential E-Mail
By Mark Rasch
Is it a crime to read someone else's e-mail without their consent? Seems like a simple question, but the law is not so clear. In mid-September 2008, a hacker using the handle "Rubico" claim credit for breaking into the Yahoo! e-mail account of Governor Sarah Palin, the Republican Vice Presidential candidate. In a post online, Rubico wrote that he had been following news reports that claimed Palin had been using her personal Yahoo e-mail account for official government business.
In the early 90's, I attended an academic conference in Hawaii. At one presentation, a colleague from the University of California at Berkeley whom I'll refer to as "the supervisor," told a story of young hackers, who he referred to as the Urchins
http://www.securityfocus.com/columnists/482

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. pi3Web ISAPI Directory Remote Denial Of Service Vulnerability
BugTraq ID: 32287
Remote: Yes
Date Published: 2008-11-13
Relevant URL: http://www.securityfocus.com/bid/32287
Summary:
pi3Web is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

pi3Web 2.0.13 is vulnerable; other versions may also be affected.

2. Microsoft Windows 'UnhookWindowsHookEx' Local Denial Of Service Vulnerability
BugTraq ID: 32206
Remote: No
Date Published: 2008-11-09
Relevant URL: http://www.securityfocus.com/bid/32206
Summary:
Microsoft Windows is prone to a local denial-of-service vulnerability.

Attackers may exploit this issue to deny further service to legitimate users.

This issue affects Windows 2003 and Windows Vista; other versions may also be affected.

3. Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability
BugTraq ID: 32204
Remote: Yes
Date Published: 2008-11-11
Relevant URL: http://www.securityfocus.com/bid/32204
Summary:
Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks.

4. Multiple ISecSoft Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
BugTraq ID: 32202
Remote: No
Date Published: 2008-11-07
Relevant URL: http://www.securityfocus.com/bid/32202
Summary:
ISecSoft Anti-Trojan Elite and Anti-Keylogger Elite are prone to multiple local privilege-escalation vulnerabilities.

An attacker can exploit these issues to execute arbitrary code with elevated privileges, which may facilitate a complete compromise of the affected computer.

The following applications are vulnerable:

Anti-Trojan Elite 4.2.1 and earlier
Anti-Keylogger Elite 3.3.0 and earlier

5. VMware Products Trap Flag In-Guest Privilege Escalation Vulnerability
BugTraq ID: 32168
Remote: No
Date Published: 2008-11-06
Relevant URL: http://www.securityfocus.com/bid/32168
Summary:
VMware products are prone to a privilege-escalation vulnerability caused by an unspecified flaw in the CPU hardware emulation.

Successful exploits may allow local attackers to elevate privileges in a guest operating system.

These issues affect versions prior to:

Workstation 6.5.0 build 118166
Workstation 5.5.9 build 126128
Player 2.5.0 build 118166
Player 1.0.9 build 126128
ACE Windows 2.5.0 build 118166
ACE Windows 1.0.8 build 125922
Server 1.0.8 build 126538
ESXi 3.5 ESXe350-200810401-O-UG
ESX 3.5 ESX350-200810201-UG
ESX 3.0.3 ESX303-200810501-BG
ESX 3.0.2 ESX-1006680
ESX 2.5.5 upgrade patch 10
ESX 2.5.4 upgrade patch 21

6. Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability
BugTraq ID: 32155
Remote: Yes
Date Published: 2008-11-11
Relevant URL: http://www.securityfocus.com/bid/32155
Summary:
Microsoft XML Core Services (MSXML) is prone to a cross-domain information-disclosure vulnerability because the application fails to properly handle certain error checks.

An attacker can exploit this issue to harvest potentially sensitive information from a web page in another domain. Information obtained may aid in further attacks.

7. Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 32153
Remote: Yes
Date Published: 2008-11-06
Relevant URL: http://www.securityfocus.com/bid/32153
Summary:
Microsoft has released advance notification that the vendor will be releasing two security bulletins on November 11, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

The following individual records cover these issues:

7385 Microsoft Windows SMB Credential Reflection Vulnerability
21872 Microsoft XML Core Services Race Condition Memory Corruption Vulnerability
32155 Microsoft XML Core Services DTD Cross Domain Information Disclosure Vulnerability
32204 Microsoft XML Core Services Transfer Encoding Cross Domain Information Disclosure Vulnerability

8. Adobe Flash Player Multiple Security Vulnerabilities
BugTraq ID: 32129
Remote: Yes
Date Published: 2008-11-06
Relevant URL: http://www.securityfocus.com/bid/32129
Summary:
Adobe Flash Player is prone to multiple security vulnerabilities.

Attackers can exploit these issues to obtain sensitive information, steal cookie-based authentication credentials, control how webpages are rendered, or execute arbitrary script code in the context of the application. Other attacks may also be possible.

These issues affect Flash Player 9.0.124.0 and prior versions.

9. NOS Microsystems getPlus Download Manager ActiveX Control Buffer Overflow Vulnerability
BugTraq ID: 32105
Remote: Yes
Date Published: 2008-11-04
Relevant URL: http://www.securityfocus.com/bid/32105
Summary:
NOS Microsystems getPlus Download Manager ActiveX control is prone to a buffer-overflow vulnerability because the application fails to adequately check boundaries on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

The following applications use the getPlus Download Manager:

Adobe Acrobat Professional
Adobe Acrobat Reader

getPlus Download Manager 1.2.2.50 is vulnerable; other versions may also be affected.

10. Network-Client FTP Now Heap Buffer Overflow Vulnerability
BugTraq ID: 32080
Remote: Yes
Date Published: 2008-11-03
Relevant URL: http://www.securityfocus.com/bid/32080
Summary:
Network-Client FTP Now is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

Network-Client FTP Now 2.6 is vulnerable; other versions may also be affected.

11. Microsoft Windows Media Player MIDI File MThd Header Parsing Denial of Service Vulnerability
BugTraq ID: 32077
Remote: Yes
Date Published: 2008-11-03
Relevant URL: http://www.securityfocus.com/bid/32077
Summary:
Microsoft Windows Media Player is prone to a denial-of-service vulnerability when processing a malformed MIDI file.

A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IronKey:

IronKey flash drives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus