Focus on Microsoft
SecurityFocus Microsoft Newsletter #430 Feb 05 2009 08:49PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #430
----------------------------------------

Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.

http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a
7c

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Take the Theoretical Seriously
2.The Drew Verdict Makes Us All Hackers
II. MICROSOFT VULNERABILITY SUMMARY
1. Moodle Log Table HTML Injection Vulnerability
2. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability
3. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
4. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability
5. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability
6. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
7. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability
8. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
9. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
10. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
11. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability
12. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability
13. Spider Player Multiple Playlist Files Buffer Overflow Vulnerability
14. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
15. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
16. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
17. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
18. Zinf Multiple Playlist Files Buffer Overflow Vulnerability
19. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability
20. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
21. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability
22. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability
23. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
24. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability
25. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #429
2. customer user accounts and internal user accounts on same domain
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Time to Take the Theoretical Seriously
By Chris Wysopal
Software developers response to "theoretical" research is fundamentally broken. By now, everyone in the security industry knows about the Rogue CA presentation that Alex Sotirov and Jacob Appelbaum gave at 25th Chaos Communications Congress. It was one of the most interesting I saw all last year, and it's a good example of why software companies continue to be vulnerable to attackers
http://www.securityfocus.com/columnists/490

2.The Drew Verdict Makes Us All Hackers
By Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Moodle Log Table HTML Injection Vulnerability
BugTraq ID: 33610
Remote: Yes
Date Published: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33610
Summary:
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

The following Moodle branches and corresponding versions are affected:

1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9

2. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability
BugTraq ID: 33609
Remote: Yes
Date Published: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33609
Summary:
QIP 2005 is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users.

This issue may occur in a third party component used by QIP 2005; however this has not been confirmed.

This issue affects QIP 2005 build 8082; other versions may also be vulnerable.

3. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
BugTraq ID: 33595
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33595
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

We don't know which versions of Simple Machines Forum are affected. We will update this BID when more information is available.

4. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability
BugTraq ID: 33588
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33588
Summary:
BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected.

5. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability
BugTraq ID: 33586
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33586
Summary:
Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected.

6. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
BugTraq ID: 33585
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33585
Summary:
NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input.

Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Additionally, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks.

NaviCOPA Web Server 3.01 is vulnerable; other versions may also be affected.

7. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability
BugTraq ID: 33584
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33584
Summary:
Hex Workshop is prone to a memory-corruption vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Hex Workshop 6 is vulnerable; other versions may also be affected.

8. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
BugTraq ID: 33581
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33581
Summary:
Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl.

An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible.

This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl.

9. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
BugTraq ID: 33580
Remote: Yes
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33580
Summary:
Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.

10. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
BugTraq ID: 33579
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33579
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

This BID is being retired as an attacker requires administrative access to an affected application to exploit this issue. An attacker with that access would not need to exploit any issue in order to compromise the application in this manner.

11. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 33561
Remote: No
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33561
Summary:
Multiple Kaspersky products are prone to a local privilege-escalation vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions in the following product groups:

Kaspersky AV 2008
Kaspersky AV for WorkStations 6.0

12. Novell GroupWise Internet Agent SMTP RCPT Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33560
Remote: Yes
Date Published: 2009-01-30
Relevant URL: http://www.securityfocus.com/bid/33560
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a denial-of-service condition.

13. Spider Player Multiple Playlist Files Buffer Overflow Vulnerability
BugTraq ID: 33548
Remote: Yes
Date Published: 2009-01-30
Relevant URL: http://www.securityfocus.com/bid/33548
Summary:
Spider Player is prone to an off-by-one buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash the application.

Spider Player 2.3.9.5 is vulnerable; other versions may also be affected.

14. Web on Windows ActiveX 'WriteIniFileString/ShellExecute' Arbitrary File Overwrite Vulnerability
BugTraq ID: 33515
Remote: Yes
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33515
Summary:
Web on Windows (WOW) ActiveX control is prone to a vulnerability that lets attackers overwrite files with arbitrary, attacker-controlled content.

Successfully exploiting this issue will allow an attacker to overwrite arbitrary files and execute arbitrary code on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

WOW 2 is vulnerable; other versions may also be affected.

15. Thomson Demo mp3PRO Player/Encoder '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33513
Remote: Yes
Date Published: 2009-01-29
Relevant URL: http://www.securityfocus.com/bid/33513
Summary:
Thomson Demo mp3PRO Player/Encoder is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Thomson Demo mp3PRO Player/Encoder 1.1.0 is vulnerable; other versions may also be affected.

16. Microsoft Internet Explorer HTML Form Value Denial of Service Vulnerability
BugTraq ID: 33494
Remote: Yes
Date Published: 2009-01-28
Relevant URL: http://www.securityfocus.com/bid/33494
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue may allow an attacker to crash the browser, which will result in a denial-of-service condition.

Internet Explorer 7 on Windows XP SP3 is vulnerable; other versions running on different platforms may also be affected.

NOTE: This issue was originally published as a buffer-overflow vulnerability that could result in remote code execution. Further analysis and vendor reports, however, suggest that exploiting this issue may cause only a denial-of-service condition from stack exhaustion. This vulnerability cannot be exploited to execute arbitrary code.

17. Horde IMP Webmail Client Cross Site Scripting And HTML Injection Vulnerabilities
BugTraq ID: 33492
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33492
Summary:
Horde IMP Webmail Client is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Versions prior to IMP 4.2.2 and 4.3.3 are affected.

18. Zinf Multiple Playlist Files Buffer Overflow Vulnerability
BugTraq ID: 33482
Remote: Yes
Date Published: 2009-01-27
Relevant URL: http://www.securityfocus.com/bid/33482
Summary:
Zinf is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts will likely crash the application.

Zinf 2.2.1 is vulnerable; other versions may also be affected.

19. Win FTP Server 'LIST' FTP Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33454
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33454
Summary:
Win FTP Server is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Win FTP Server 2.3.0 is vulnerable; other versions may also be affected.

20. Simple Machines Forum Package Upload Multiple HTML Injection Vulnerabilities
BugTraq ID: 33450
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33450
Summary:
Simple Machines Forum is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

21. Microsoft Windows 'RunAs' Password Length Local Information Disclosure Vulnerability
BugTraq ID: 33440
Remote: No
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33440
Summary:
The 'RunAs' application included with Microsoft Windows is prone to a local information-disclosure vulnerability that may reveal information about password lengths.

A local attacker may exploit this issue to gain information about user passwords. This may aid in further attacks, such as brute-force or dictionary attacks against passwords.

22. Nokia Multimedia Player AVI File Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 33432
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33432
Summary:
Nokia Multimedia Player is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected application, denying service to legitimate users.

Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected.

23. WFTPD Pro Multiple Command Remote Denial of Service Vulnerabilities
BugTraq ID: 33426
Remote: Yes
Date Published: 2009-01-26
Relevant URL: http://www.securityfocus.com/bid/33426
Summary:
WFTPD Pro is prone to multiple remote denial-of-service vulnerabilities because the application fails to handle specially crafted FTP commands in a proper manner.

Attackers can exploit these issues to crash the affected application, denying service to legitimate users.

WFTPD Pro 3.30.0.1 is vulnerable; other versions may also be affected.

UPDATE (January 29, 2009): This issue is reported to affect only servers that have the 'Enable Security' configuration option disabled.

24. MediaMonkey '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33420
Remote: Yes
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33420
Summary:
MediaMonkey is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

MediaMonkey 3.0.6 is vulnerable; other versions may also be affected.

25. Merak Media Player '.m3u' File Remote Buffer Overflow Vulnerability
BugTraq ID: 33419
Remote: Yes
Date Published: 2009-01-25
Relevant URL: http://www.securityfocus.com/bid/33419
Summary:
Merak Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Merak Media Player 3.2 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #429
http://www.securityfocus.com/archive/88/500589

2. customer user accounts and internal user accounts on same domain
http://www.securityfocus.com/archive/88/500442

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
Symantec NetBackup Design Best Practices with Data Domain
This white paper walks you through how Data Domain integrates with NBU, including planning and sizing considerations, operational considerations, offsite replication, and other integration basics so you can get the most out of this powerful solution.

http://dinclinx.com/Redirect.aspx?36;2173;45;189;0;10;259;46b98cc7718e4a
7c

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus