Focus on Microsoft
SecurityFocus Microsoft Newsletter #431 Feb 11 2009 10:53PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #431
----------------------------------------

This issue is sponsored by Sophos

Is virtualization a black hole in your security? 5 ways to ensure it isn't...

End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them.

http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883
a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Don't Blame the Browser
2.Resurrecting the Killfile
II. MICROSOFT VULNERABILITY SUMMARY
1. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
2. HP OpenView Network Node Manager 'ovlaunch' Buffer Overflow Vulnerability
3. Microsoft Visio Memory Corruption Remote Code Execution Vulnerability
4. Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
5. Microsoft Visio Object Validation Remote Code Execution Vulnerability
6. Microsoft February 2009 Advance Notification Multiple Vulnerabilities
7. Password Door Local Buffer Overflow Vulnerability
8. FeedDemon 'outline' Tag Buffer Overflow Vulnerability
9. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
10. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
11. Moodle Log Table HTML Injection Vulnerability
12. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability
13. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
14. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability
15. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability
16. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
17. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability
18. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
19. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
20. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
21. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability
22. Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
23. Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #430
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

2. Resurrecting the Killfile
By Oliver Day
In William Gibson's Idoru, one of the book's hackers describes a community of people who all share a file of unwanted things to create the walled city of Hak Nam. "They made something like a killfile of everything, everything they didn't like, and they turned that inside out," he wrote.
http://www.securityfocus.com/columnists/491

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 33690
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33690
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.6 through 1.0.5.

2. HP OpenView Network Node Manager 'ovlaunch' Buffer Overflow Vulnerability
BugTraq ID: 33668
Remote: Yes
Date Published: 2009-02-06
Relevant URL: http://www.securityfocus.com/bid/33668
Summary:
HP OpenView Network Node Manager is prone to a buffer-overflow vulnerability.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the Network Node Manager. Failed exploits can result in a denial-of-service condition.

Network Node Manager 7.53 running on Microsoft Windows is affected; other versions and platforms may also be vulnerable.

3. Microsoft Visio Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33661
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33661
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

4. Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33660
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33660
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

5. Microsoft Visio Object Validation Remote Code Execution Vulnerability
BugTraq ID: 33659
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33659
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

6. Microsoft February 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 33639
Remote: Yes
Date Published: 2009-02-05
Relevant URL: http://www.securityfocus.com/bid/33639
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins on February 10, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect:

- Internet Explorer
- Exchange
- SQL Server
- Office

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created for the issues when the bulletins are released.

7. Password Door Local Buffer Overflow Vulnerability
BugTraq ID: 33634
Remote: No
Date Published: 2009-02-05
Relevant URL: http://www.securityfocus.com/bid/33634
Summary:
Password Door is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Password Door 8.4 is vulnerable; other versions may also be affected.

8. FeedDemon 'outline' Tag Buffer Overflow Vulnerability
BugTraq ID: 33630
Remote: Yes
Date Published: 2009-02-05
Relevant URL: http://www.securityfocus.com/bid/33630
Summary:
FeedDemon is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

FeedDemon 2.7 and prior versions are vulnerable.

9. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33628
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33628
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

10. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 33627
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33627
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

11. Moodle Log Table HTML Injection Vulnerability
BugTraq ID: 33610
Remote: Yes
Date Published: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33610
Summary:
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

The following Moodle branches and corresponding versions are affected:

1.9.x: prior to 1.9.4
1.8.x: prior to 1.8.8
1.7.x: prior to 1.7.7
1.6.x: prior to 1.6.9

12. QIP 2005 Malformed Rich Text Message Remote Denial of Service Vulnerability
BugTraq ID: 33609
Remote: Yes
Date Published: 2009-02-04
Relevant URL: http://www.securityfocus.com/bid/33609
Summary:
QIP 2005 is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to hang and consume excessive computer resources, denying service to legitimate users.

NOTE: This issue may occur in a third-party component used by QIP 2005, but this has not been confirmed.

This issue affects QIP 2005 build 8082; other versions may also be vulnerable.

13. Simple Machines Forum '[url]' Tag HTML Injection Vulnerability
BugTraq ID: 33595
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33595
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

14. BlazeVideo HDTV Player PLF File Heap Buffer Overflow Vulnerability
BugTraq ID: 33588
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33588
Summary:
BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files.

An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected.

15. Nokia Multimedia Player '.m3u' File Heap Buffer Overflow Vulnerability
BugTraq ID: 33586
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33586
Summary:
Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Nokia Multimedia Player 1.1 is vulnerable; other versions may also be affected.

16. NaviCOPA Web Server Remote Buffer Overflow and Source Code Information Disclosure Vulnerabilities
BugTraq ID: 33585
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33585
Summary:
NaviCOPA Web Server is prone to a remote buffer-overflow vulnerability and an information-disclosure vulnerability because the application fails to properly bounds-check or validate user-supplied input.

Successful exploits of the buffer-overflow issue may lead to the execution of arbitrary code in the context of the application or to denial-of-service conditions. Also, attackers can exploit the information-disclosure issue to retrieve arbitrary source code in the context of the webserver process. Information harvested may aid in further attacks.

NaviCOPA Web Server 3.01 is vulnerable; other versions may also be affected.

17. BreakPoint Software Hex Workshop '.cmap' File Handling Memory Corruption Vulnerability
BugTraq ID: 33584
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33584
Summary:
Hex Workshop is prone to a memory-corruption vulnerability.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Hex Workshop 6 is vulnerable; other versions may also be affected.

18. Bugzilla Pseudo-Random Number Generator Shared Seed Vulnerability
BugTraq ID: 33581
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33581
Summary:
Bugzilla is prone to a vulnerability caused by the use of a shared random seed. This issue occurs when Bugzilla is running under mod_perl.

An attacker may exploit this issue to predict random values generated by Bugzilla. This may reveal sensitive information such as attachment files or may allow the attacker to bypass cross-site request-forgery protection by predicting random token values. Other attacks may also be possible.

This issue affects Bugzilla 3.0.7, 3.2.1, and 3.3.2 when run under mod_perl.

19. Bugzilla HTML Injection and Cross Site Request Forgery Vulnerabilities
BugTraq ID: 33580
Remote: Yes
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33580
Summary:
Bugzilla is prone to multiple remote vulnerabilities, including an HTML-injection issue and cross-site request-forgery issues.

An attacker can exploit these issues to execute arbitrary script code in a user's browser in the context of the application, steal cookie-based authentication credentials, obtain sensitive information, and perform arbitrary actions in the context of the logged-in user.

These issues affect versions prior to Bugzilla 2.22.7, 3.0.7, 3.2.1, and 3.3.2.

20. RETIRED: Simple Machines Forum Censored Words HTML Injection Vulnerability
BugTraq ID: 33579
Remote: Yes
Date Published: 2009-02-03
Relevant URL: http://www.securityfocus.com/bid/33579
Summary:
Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Simple Machines Forum 1.1.7 is vulnerable; other versions may also be affected.

NOTE: This BID is being retired because an attacker needs administrative access to an affected application to exploit this issue. An attacker with such access would be able to compromise the application without having to exploit any issue.

21. Multiple Kaspersky Products 'klim5.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 33561
Remote: No
Date Published: 2009-02-02
Relevant URL: http://www.securityfocus.com/bid/33561
Summary:
Multiple Kaspersky products are prone to a local privilege-escalation vulnerability because the applications fail to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions in the following product groups:

Kaspersky AV 2008
Kaspersky AV for WorkStations 6.0

22. Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
BugTraq ID: 33136
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33136
Summary:
Microsoft Exchange Server is prone to a remote denial-of-service vulnerability.

A successful exploit allows a remote attacker to cause the application to stop responding, denying service to legitimate users.

23. Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
BugTraq ID: 33134
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33134
Summary:
Microsoft Exchange Server is prone to a remote code-execution vulnerability.

Remote attackers may exploit this issue by sending maliciously constructed TNEF-encoded email data to vulnerable servers. This issue will be triggered when a user views or previews the malicious email.

Successfully exploiting this issue would allow the attacker to execute arbitrary code on an affected computer in the context of the affected application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #430
http://www.securityfocus.com/archive/88/500706

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Sophos

Is virtualization a black hole in your security? 5 ways to ensure it isn't...

End users running unauthorized virtual environments on their computers make corporate systems and data much more vulnerable. This paper describes the hidden threats raised by unauthorized unsecured desktop virtualization, and gives five effective ways to secure yourself against them.

http://dinclinx.com/Redirect.aspx?36;4037;35;189;0;6;259;0ad5ac9ed0ee883
a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus