Focus on Microsoft
SecurityFocus Microsoft Newsletter #436 Mar 18 2009 10:56PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #436
----------------------------------------

This issue is sponsored by Tripwire

Configuration Assessment: Choosing the Right Solution
Configuration assessment lets businesses proactively secure their IT infrastructure and achieve
compliance with important industry standards and regulations. Learn why configuration assessment is
so important, why organizations find it difficult to control system configurations, and what types
of configuration assessment solutions are available.

http://dinclinx.com/Redirect.aspx?36;3065;32;189;0;3;259;458f725ab218caf
9

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Contracting For Secure Code
2. Free Market Filtering
II. MICROSOFT VULNERABILITY SUMMARY
1. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
2. CDex 'ogg' File Buffer Overflow Vulnerability
3. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability
4. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability
5. JustSystems Ichitaro Unspecified Code Execution Vulnerability
6. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability
7. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
8. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability
9. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities
10. Apple iTunes Information Disclosure and Denial of Service Vulnerabilities
11. POP Peeper 'Date' Remote Buffer Overflow Vulnerability
12. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
13. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
14. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability
15. PostgreSQL Low Cost Function Information Disclosure Vulnerability
16. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
17. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
18. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability
19. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability
20. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability
21. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability
22. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
23. Microsoft Windows SChannel Authentication Spoofing Vulnerability
24. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability
25. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
26. Microsoft Windows DNS Server WPAD Access Validation Vulnerability
27. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
28. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability
29. Symantec pcAnywhere Local Format String Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #435
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Contracting For Secure Code
By Chris Wysopal
Forcing suppliers to attest to the security of provided software is gaining adherents: Just ask
Kaspersky Lab.
http://www.securityfocus.com/columnists/494

2. Free Market Filtering
By Mark Rasch
The Australian government is considering requiring that Internet service providers in that country
install filters which would prevent citizens from accessing tens of thousands of sites that contain
"objectionable" material.
http://www.securityfocus.com/columnists/493

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Icarus 'PGN' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34167
Remote: Yes
Date Published: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34167
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails
to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

2. CDex 'ogg' File Buffer Overflow Vulnerability
BugTraq ID: 34164
Remote: Yes
Date Published: 2009-03-18
Relevant URL: http://www.securityfocus.com/bid/34164
Summary:
CDex is prone to a buffer-overflow vulnerability because the application fails to perform adequate
boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

CDex 1.70 (Beta 2) is vulnerable; other versions may also be affected.

3. PHPRunner 'SearchField' Parameter SQL Injection Vulnerability
BugTraq ID: 34146
Remote: Yes
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34146
Summary:
PHPRunner generates scripts that are prone to an SQL-injection vulnerability because they fail to
sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data,
or exploit latent vulnerabilities in the underlying database.

PHPRunner 4.2 is vulnerable; other versions may also be affected.

4. Talkative IRC 'PRIVMSG' Buffer Overflow Vulnerability
BugTraq ID: 34141
Remote: Yes
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34141
Summary:
Talkative IRC is prone to a stack-based buffer-overflow vulnerability because it fails to
bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious
IRC server. Successful attacks will allow arbitrary code to run within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

Talkative IRC 0.4.4.16 is vulnerable; other versions may also be affected.

5. JustSystems Ichitaro Unspecified Code Execution Vulnerability
BugTraq ID: 34138
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34138
Summary:
Ichitaro is prone to an unspecified remote code-execution vulnerability.

Attackers may exploit this issue to execute arbitrary code within the context of the vulnerable
application. Failed attempts will result in a denial-of-service condition.

Ichitaro 2008 and prior versions are vulnerable.

6. WinAsm Studio '.wap' Project File Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 34132
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34132
Summary:
WinAsm Studio is prone to a heap-based buffer-overflow vulnerability because it fails to perform
adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

WinAsm Studio 5.1.5.0 is vulnerable; other versions may also be affected.

7. Serv-U FTP Server 'MKD' Command Directory Traversal Vulnerability
BugTraq ID: 34125
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34125
Summary:
Serv-U FTP Server is prone to a directory-traversal vulnerability because the application fails to
sufficiently sanitize user-supplied input.

Exploiting this issue allows an authenticated user to create directories outside the FTP root
directory, which may lead to other attacks.

Serv-U FTP Server 7.4.0.1 is vulnerable; other versions may also be affected.

8. Rosoft Media Player 'rml' File Buffer Overflow Vulnerability
BugTraq ID: 34124
Remote: Yes
Date Published: 2009-03-16
Relevant URL: http://www.securityfocus.com/bid/34124
Summary:
Rosoft Media Player is prone to a buffer-overflow vulnerability because the application fails to
perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

9. Multiple SlySoft Products Driver IOCTL Request Multiple Local Buffer Overflow Vulnerabilities
BugTraq ID: 34103
Remote: No
Date Published: 2009-03-12
Relevant URL: http://www.securityfocus.com/bid/34103
Summary:
Multiple SlySoft products are prone to multiple buffer-overflow vulnerabilities because they fail to
adequately validate user-supplied input.

A local attacker can exploit these issues to crash the affected system, causing a denial-of-service
condition. The attacker may also be able to run arbitrary code with SYSTEM-level privileges, but
this has not been confirmed.

The following applications are vulnerable:

SlySoft AnyDVD 6.5.2.2
SlySoft Virtual CloneDrive 5.4.2.3
SlySoft CloneDVD 2.9.2.0
SlySoft CloneCD 5.3.1.3

10. Apple iTunes Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 34094
Remote: Yes
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34094
Summary:
Apple iTunes is prone to an information-disclosure vulnerability and a denial-of-service vulnerability.

Successfully exploiting these issues may allow an attacker to obtain sensitive information or cause
the affected application to crash, denying service to legitimate users.

Versions prior to Apple iTunes 8.1 are vulnerable.

11. POP Peeper 'Date' Remote Buffer Overflow Vulnerability
BugTraq ID: 34093
Remote: Yes
Date Published: 2009-03-12
Relevant URL: http://www.securityfocus.com/bid/34093
Summary:
POP Peeper is prone to a buffer-overflow vulnerability because it fails to properly bounds-check
user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in denial-of-service conditions.

POP Peeper 3.4.0.0 is vulnerable; other versions may also be affected.

12. PostgreSQL Conversion Encoding Remote Denial of Service Vulnerability
BugTraq ID: 34090
Remote: Yes
Date Published: 2009-03-11
Relevant URL: http://www.securityfocus.com/bid/34090
Summary:
PostgreSQL is prone to a remote denial-of-service vulnerability.

Exploiting this issue may allow attackers to terminate connections to the PostgreSQL server, denying
service to legitimate users.

13. Autonomy KeyView Module 'wp6sr.dll' Buffer Overflow Vulnerability
BugTraq ID: 34086
Remote: Yes
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/34086
Summary:
Autonomy KeyView module is prone to a buffer-overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied data before copying it to insufficiently sized buffers.

Exploiting this issue will allow an attacker to corrupt memory and to cause denial-of-service
conditions or potentially to execute arbitrary code in the context of the application using the module.

Multiple products using the KeyView module are affected.

14. RainbowPlayer '.rpl' File Remote Buffer Overflow Vulnerability
BugTraq ID: 34072
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34072
Summary:
RainbowPlayer is prone to a remote buffer-overflow vulnerability because the application fails to
perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

RainbowPlayer 0.91 is vulnerable; other versions may also be affected.

15. PostgreSQL Low Cost Function Information Disclosure Vulnerability
BugTraq ID: 34069
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34069
Summary:
PostgreSQL is prone to an information-disclosure vulnerability.

Local attackers can exploit this issue to obtain sensitive information that may lead to further
attacks.

PostgreSQL 8.3.6 is vulnerable; other versions may also be affected.

16. MediaCoder '.m3u' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 34051
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34051
Summary:
MediaCoder is prone to a remote stack-based buffer-overflow vulnerability because the application
fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

MediaCoder 6.2.4275 is vulnerable; other versions may also be affected.

17. eZip Wizard Zip File Stack Remote Buffer Overflow Vulnerability
BugTraq ID: 34044
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34044
Summary:
eZip Wizard is prone to a remote stack-based buffer-overflow vulnerability because the application
fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running
the affected application. Failed exploit attempts will result in a denial-of-service condition.

eZip Wizard 3.0 is vulnerable; other versions may also be affected.

18. RadASM '.rap' Project File Stack-Based Buffer Overflow Vulnerability
BugTraq ID: 34042
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34042
Summary:
RadASM is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate
checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

RadASM 2.2.1.5 is vulnerable; other versions may also be affected.

19. Nokia Multimedia Player '.npl' File Heap Buffer Overflow Vulnerability
BugTraq ID: 34041
Remote: Yes
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34041
Summary:
Nokia Multimedia Player is prone to a heap-based buffer-overflow vulnerability because it fails to
perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the
context of the application. Failed exploit attempts will cause denial-of-service conditions.

Nokia Multimedia Player 1.0 is vulnerable; other versions may also be affected.

20. mks_vir 'mksmonen.sys' IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 34039
Remote: No
Date Published: 2009-03-09
Relevant URL: http://www.securityfocus.com/bid/34039
Summary:
The 'mks_vir' program is prone a local privilege-escalation vulnerability.

An attacker can exploit this issue to execute arbitrary code with elevated privileges; this may aid
in further attacks.

Versions prior to mks_vir 9 Beta 1.2.0.0 build 297 are vulnerable.

21. Microsoft Windows Kernel Handle Local Privilege Escalation Vulnerability
BugTraq ID: 34027
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34027
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.

22. Microsoft Windows Invalid Pointer Local Privilege Escalation Vulnerability
BugTraq ID: 34025
Remote: No
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34025
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.

23. Microsoft Windows SChannel Authentication Spoofing Vulnerability
BugTraq ID: 34015
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34015
Summary:
Microsoft Windows SChannel is prone to an authentication-spoofing vulnerability because it fails to
properly validate certain client-server certificate exchanges.

Successful exploits will allow attackers to authenticate to trusted servers by spoofing a legitimate
user's credentials. This may aid in further attacks.

24. Microsoft Windows WINS Server WPAD and ISATAP Access Validation Vulnerability
BugTraq ID: 34013
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34013
Summary:
The Microsoft Windows WINS Server is prone to an access-validation vulnerability because the
software fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) and
ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) entries.

An authenticated attacker may exploit this issue to create a WPAD or ISATAP WINS entry. This may aid
in man-in-the-middle and spoofing attacks. Other attacks are also possible.

25. Microsoft Windows Kernel GDI EMF/WMF Remote Code Execution Vulnerability
BugTraq ID: 34012
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/34012
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to open a malicious EMF or WMF
image file.

Successfully exploiting this issue will allow attackers to execute arbitrary code with kernel-level
privileges, completely compromising affected computers. Failed exploit attempts will result in a
denial-of-service condition.

26. Microsoft Windows DNS Server WPAD Access Validation Vulnerability
BugTraq ID: 33989
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33989
Summary:
The Microsoft Windows DNS Server is prone to an access-validation vulnerability because the software
fails to properly restrict access when defining WPAD (Web Proxy Autodiscovery Protocol) entries.

An authenticated attacker may exploit this issue to create a WPAD DNS entry. This may aid in
man-in-the-middle and spoofing attacks. Other attacks are also possible.

27. Microsoft Windows DNS Server Incorrect Caching DNS Spoofing Vulnerability
BugTraq ID: 33988
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33988
Summary:
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails
to cache responses to specially crafted DNS queries.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to
redirect network traffic and to launch man-in-the-middle attacks.

28. Microsoft Windows DNS Server Response Caching DNS Spoofing Vulnerability
BugTraq ID: 33982
Remote: Yes
Date Published: 2009-03-10
Relevant URL: http://www.securityfocus.com/bid/33982
Summary:
The Microsoft Windows DNS Server is prone to a DNS-spoofing vulnerability because the software fails
to properly reuse cached responses.

Successfully exploiting this issue allows remote attackers to spoof DNS replies, allowing them to
redirect network traffic and to launch man-in-the-middle attacks.

29. Symantec pcAnywhere Local Format String Vulnerability
BugTraq ID: 33845
Remote: No
Date Published: 2009-03-17
Relevant URL: http://www.securityfocus.com/bid/33845
Summary:
Symantec pcAnywhere is prone to a local format-string vulnerability.

A local attacker may exploit this issue to crash the affected application, resulting in a
denial-of-service condition. The attacker may also be able to execute arbitrary code within the
context of the application, but this has not been confirmed.

pcAnywhere 12.0, 12.1, and 12.5 are vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #435
http://www.securityfocus.com/archive/88/501694

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Tripwire

Configuration Assessment: Choosing the Right Solution
Configuration assessment lets businesses proactively secure their IT infrastructure and achieve
compliance with important industry standards and regulations. Learn why configuration assessment is
so important, why organizations find it difficult to control system configurations, and what types
of configuration assessment solutions are available.

http://dinclinx.com/Redirect.aspx?36;3065;32;189;0;3;259;458f725ab218caf
9

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus