Focus on Microsoft
SecurityFocus Microsoft Newsletter #432 Feb 19 2009 11:52PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #432

----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

http://www.purewire.com/lp/sec/

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Free Market Filtering
2. Don't Blame the Browser
II. MICROSOFT VULNERABILITY SUMMARY
1. Got All Media URI Handling Remote Denial of Service Vulnerability
2. Agavi Multiple Cross Site Scripting Vulnerabilities
3. Windows Live Messenger Charset Data Remote Denial Of Service Vulnerability
4. Microsoft XML Core Services XMLHttpRequest 'SetCookie2' Header Information Disclosure Vulnerability
5. RimArts Becky! Internet Mail Return Receipt Remote Buffer Overflow Vulnerability
6. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
7. Microsoft Visio Memory Corruption Remote Code Execution Vulnerability
8. Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
9. Microsoft Visio Object Validation Remote Code Execution Vulnerability
10. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
11. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
12. Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
13. Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country install filters which would prevent citizens from accessing tens of thousands of sites that contain "objectionable" material.
http://www.securityfocus.com/columnists/493

2.Don't Blame the Browser
Melih Abdulhayoglu
There was a time when most diseases were fatal for humans. Intense study and research helped doctors manage diseases better, and subsequently even prevent them altogether.
http://www.securityfocus.com/columnists/492

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Got All Media URI Handling Remote Denial of Service Vulnerability
BugTraq ID: 33830
Remote: Yes
Date Published: 2009-02-19
Relevant URL: http://www.securityfocus.com/bid/33830
Summary:
Got All Media is prone to a remote denial-of-service vulnerability when processing URI requests.

Exploiting this issue allows remote attackers to cause denial-of-service conditions by crashing the application.

Got All Media 7.0.0.3 is vulnerable; other versions may be affected as well.

2. Agavi Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 33826
Remote: Yes
Date Published: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33826
Summary:
Agavi is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.

3. Windows Live Messenger Charset Data Remote Denial Of Service Vulnerability
BugTraq ID: 33825
Remote: Yes
Date Published: 2009-02-18
Relevant URL: http://www.securityfocus.com/bid/33825
Summary:
Windows Live Messenger is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

Windows Live Messenger 2009 14.0.8064.206 is vulnerable; other versions may also be affected.

4. Microsoft XML Core Services XMLHttpRequest 'SetCookie2' Header Information Disclosure Vulnerability
BugTraq ID: 33803
Remote: Yes
Date Published: 2009-02-17
Relevant URL: http://www.securityfocus.com/bid/33803
Summary:
Microsoft XML Core Services (MSXML) is prone to an information-disclosure vulnerability because it fails to properly protect sensitive cookie data with the 'HTTPOnly' protection mechanism.

A successful exploit may allow attackers to steal cookie-based authentication credentials; information harvested may aid in further attacks.

5. RimArts Becky! Internet Mail Return Receipt Remote Buffer Overflow Vulnerability
BugTraq ID: 33756
Remote: Yes
Date Published: 2009-02-12
Relevant URL: http://www.securityfocus.com/bid/33756
Summary:
RimArts Becky! Internet Mail is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Versions prior to Becky! Internet Mail 2.50 are vulnerable.

6. Wireshark 1.0.5 Multiple Denial Of Service Vulnerabilities
BugTraq ID: 33690
Remote: Yes
Date Published: 2009-02-09
Relevant URL: http://www.securityfocus.com/bid/33690
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application, denying service to legitimate users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code, but this has not been confirmed.

These issues affect Wireshark 0.99.6 through 1.0.5.

7. Microsoft Visio Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33661
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33661
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

8. Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33660
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33660
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

9. Microsoft Visio Object Validation Remote Code Execution Vulnerability
BugTraq ID: 33659
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33659
Summary:
Microsoft Visio is prone to a remote code-execution vulnerability because it fails to adequately handle user-supplied data.

Attackers can exploit this issue to run arbitrary code in the context of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

10. Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 33628
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33628
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

11. Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 33627
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33627
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

12. Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
BugTraq ID: 33136
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33136
Summary:
Microsoft Exchange Server is prone to a remote denial-of-service vulnerability.

A successful exploit allows a remote attacker to cause the application to stop responding, denying service to legitimate users.

13. Microsoft Exchange Server TNEF Decoding Remote Code Execution Vulnerability
BugTraq ID: 33134
Remote: Yes
Date Published: 2009-02-10
Relevant URL: http://www.securityfocus.com/bid/33134
Summary:
Microsoft Exchange Server is prone to a remote code-execution vulnerability.

Remote attackers may exploit this issue by sending maliciously constructed TNEF-encoded email data to vulnerable servers. This issue will be triggered when a user views or previews the malicious email.

Successfully exploiting this issue would allow the attacker to execute arbitrary code on an affected computer in the context of the affected application.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.

http://www.purewire.com/lp/sec/

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus