Focus on Microsoft
SecurityFocus Microsoft Newsletter #428 Jan 20 2009 11:24PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #428
----------------------------------------

This issue is sponsored by The Computer Forensics Show

THE COMPUTER FORENSICS SHOW IS THE "DON'T MISS" EVENT OF THE YEAR FOR ALL LITIGATION, ACCOUNTING AND IT PROFESSIONALS
www.computerforensicshow.com

April 27-29, 2009
Washington DC Convention Center
Washington, DC

August 3-5, 2009
San Jose Convention Center
San Jose, CA

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. MICROSOFT VULNERABILITY SUMMARY
1. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
2. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability
3. Excel Viewer OCX ActiveX 'open()' Buffer Overflow Vulnerability
4. TimeTools NTP Time Server Syslog Monitor Remote Denial of Service Vulnerability
5. TFTPUtil GUI Malformed Packet Remote Denial of Service Vulnerability
6. TFTPUtil GUI TFTP GET Request Directory Traversal Vulnerability
7. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability
8. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
9. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability
10. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability
11. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability
12. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities
13. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability
14. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability
15. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability
16. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
17. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #427
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. easyHDR Pro 1.60.2 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 33363
Remote: Yes
Date Published: 2009-01-20
Relevant URL: http://www.securityfocus.com/bid/33363
Summary:
easyHDR Pro is prone to multiple buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage these issues to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

easyHDR Pro 1.60.2 is vulnerable; prior versions may also be affected.

2. Microsoft Windows Mobile OBEX FTP Service Directory Traversal Vulnerability
BugTraq ID: 33359
Remote: Yes
Date Published: 2009-01-20
Relevant URL: http://www.securityfocus.com/bid/33359
Summary:
Microsoft Windows Mobile is prone to a directory-traversal vulnerability in the OBEX FTP service.

Exploiting this issue allows an attacker to write arbitrary files to locations outside the application's current directory, download arbitrary files, and obtain sensitive information. Other attacks may also be possible.

Windows Mobile 5.0 and 6.0 are vulnerable; other versions may also be affected.

3. Excel Viewer OCX ActiveX 'open()' Buffer Overflow Vulnerability
BugTraq ID: 33322
Remote: Yes
Date Published: 2009-01-16
Relevant URL: http://www.securityfocus.com/bid/33322
Summary:
Excel Viewer OCX is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

Excel Viewer OCX 3.1 and 3.2 are vulnerable; other versions may also be affected.

4. TimeTools NTP Time Server Syslog Monitor Remote Denial of Service Vulnerability
BugTraq ID: 33290
Remote: Yes
Date Published: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33290
Summary:
TimeTools NTP Time Server Syslog Monitor is prone to a denial-of-service vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

5. TFTPUtil GUI Malformed Packet Remote Denial of Service Vulnerability
BugTraq ID: 33289
Remote: Yes
Date Published: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33289
Summary:
TFTPUtil GUI is prone to a remote denial-of-service vulnerability because it fails to handle user-supplied input.

Successfully exploiting this issue allows remote attackers to crash the affected application, denying service to legitimate users.

TFTPUtil GUI 1.2.0 and 1.3.0 are vulnerable; other versions may also be affected.

6. TFTPUtil GUI TFTP GET Request Directory Traversal Vulnerability
BugTraq ID: 33287
Remote: Yes
Date Published: 2009-01-15
Relevant URL: http://www.securityfocus.com/bid/33287
Summary:
TFTPUtil GUI is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to access arbitrary files outside of the TFTP server root directory. This can expose sensitive information that could help the attacker launch further attacks.

TFTPUtil GUI 1.2.0 and 1.3.0 are vulnerable; other versions may also be affected.

7. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability
BugTraq ID: 33276
Remote: Yes
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33276
Summary:
Multiple web browsers are prone to a cross-domain information-disclosure vulnerability because the applications fail to properly enforce the same-origin policy.

An attacker can exploit this issue to determine which sites a user is currently logged in to. Successfully exploiting this issue may lead to other attacks.

The following browsers are vulnerable:

Microsoft Internet Explorer
Mozilla Firefox
Apple Safari
Google Chrome

Other browsers may also be affected.

8. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
BugTraq ID: 33257
Remote: Yes
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33257
Summary:
Ots Labs OtsTurntables is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OtsTurntables 1.00.027 is vulnerable; other versions may also be affected.

9. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability
BugTraq ID: 33245
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33245
Summary:
Office OCX Office Viewer OCX ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Office Viewer OCX 3.0.1 is vulnerable; other versions may also be affected.

10. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability
BugTraq ID: 33243
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33243
Summary:
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks.

The following ActiveX controls are vulnerable:

Office Viewer OCX 3.0.1
Word Viewer OCX 3.2
PowerPoint Viewer OCX 3.1
Excel Viewer OCX 3.2

11. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability
BugTraq ID: 33238
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33238
Summary:
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers overwrite arbitrary files.

Successful exploits may result in denial-of-service conditions. Other attacks are also possible.

The following ActiveX controls are vulnerable:

Office Viewer OCX 3.0.1
Word Viewer OCX 3.2
PowerPoint Viewer OCX 3.1

12. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities
BugTraq ID: 33222
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33222
Summary:
Excel Viewer OCX ActiveX control is prone to multiple remote vulnerabilities:

- An arbitrary-file-overwrite vulnerability
- An arbitrary-file-download vulnerability

Successfully exploiting these issues will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Excel Viewer OCX 3.2 is vulnerable; other versions may also be affected.

13. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability
BugTraq ID: 33221
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33221
Summary:
Triologic Media Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Triologic Media Player 7 is vulnerable; other versions may also be affected.

14. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability
BugTraq ID: 33204
Remote: Yes
Date Published: 2009-01-11
Relevant URL: http://www.securityfocus.com/bid/33204
Summary:
Microsoft Windows is prone to a buffer-overflow vulnerability because of an issue when processing CHM files.

Successfully exploiting this issue would allow attackers to corrupt memory and crash the application associated with these files. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Windows XP Service Pack 3 is vulnerable; other versions may also be affected.

15. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability
BugTraq ID: 33189
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33189
Summary:
Microsoft HTML Help Workshop is prone to a remote buffer-overflow vulnerability.

The vulnerability occurs when the application handles a malformed HTML Help Workshop Project ('.hhp') file.

An attacker may exploit the issue to execute arbitrary code in the context of the application.

This vulnerability affects HTML Help Workshop 4.74 and prior versions.

16. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
BugTraq ID: 33122
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33122
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs in the SMB (Server Message Block) protocol implementation.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

17. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability
BugTraq ID: 33121
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33121
Summary:
Microsoft Windows is prone to a buffer-overflow vulnerability that occurs in the SMB (Server Message Block) protocol implementation.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #427
http://www.securityfocus.com/archive/88/500135

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by The Computer Forensics Show

THE COMPUTER FORENSICS SHOW IS THE "DON'T MISS" EVENT OF THE YEAR FOR ALL LITIGATION, ACCOUNTING AND IT PROFESSIONALS
www.computerforensicshow.com

April 27-29, 2009
Washington DC Convention Center
Washington, DC

August 3-5, 2009
San Jose Convention Center
San Jose, CA

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus