Focus on Microsoft
SecurityFocus Microsoft Newsletter #444 May 29 2009 03:07PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #444
----------------------------------------

This issue is sponsored by Thawte

SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online
identity assurance processes for SSL certificate issuance. Find out how the EV standard increases
the visibility of authentication status through the use of a green address bar in the latest high
security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.A Botnet by Any Other Name
2.Projecting Borders into Cyberspace
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
2. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
3. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
4. ImageMagick TIFF File Integer Overflow Vulnerability
5. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability
6. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation
Vulnerabilities
7. SonicWALL Global Security Client Local Privilege Escalation Vulnerability
8. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
9. Soulseek Distributed File Search Buffer Overflow Vulnerability
10. Wireshark PCNFSD Dissector Denial of Service Vulnerability
11. Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability
12. Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability
13. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
14. CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
15. Mereo Malformed URI Remote Denial Of Service Vulnerability
16. httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. New Tech Tip: Configuring Windows 7 for a limited user
2. AD Password complexity - passwords too long?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

2.Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions
but stop short.
http://www.securityfocus.com/columnists/500

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
BugTraq ID: 35139
Remote: Yes
Date Published: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35139
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component
fails to properly handle QuickTime media files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context
of the user running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

2. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
BugTraq ID: 35133
Remote: No
Date Published: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35133
Summary:
Citrix Password Manager is prone to a local information-disclosure vulnerability.

Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in
further attacks.

Versions prior to Password Manager 4.6 SP1 are vulnerable.

3. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
BugTraq ID: 35130
Remote: Yes
Date Published: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35130
Summary:
Simple Machines Forum (SMF) is prone to an HTML-injection vulnerability because the application
fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially
allowing the attacker to steal cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.

NOTE: This issue was originally documented as a cross-site scripting vulnerability. After further
analysis, the BID has been rewritten as an HTML-injection issue.

4. ImageMagick TIFF File Integer Overflow Vulnerability
BugTraq ID: 35111
Remote: Yes
Date Published: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35111
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly bounds-check
user-supplied input. The vulnerability occurs when handling malformed TIFF files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of
a user running the application. Failed exploit attempts will result in a denial-of-service condition.

ImageMagick 6.5.2-8 is vulnerable; other versions may be affected as well.

5. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability
BugTraq ID: 35105
Remote: Yes
Date Published: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35105
Summary:
S3DPlayer Web and StandAlone are prone to a remote command-injection vulnerability because they fail
to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands, within the context of the affected
application.

6. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
BugTraq ID: 35100
Remote: No
Date Published: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35100
Summary:
Multiple ArcaBit ArcaVir products are prone to multiple local privilege-escalation vulnerabilities
that affect the 'ps_drv.sys' driver.

An attacker can exploit these issues to execute arbitrary code with elevated privileges,
facilitating a complete compromise of the affected computer.

The following applications are vulnerable:

ArcaVir 2009 Antivirus Protection
ArcaVir 2009 Internet Security
ArcaVir 2009 System Protection
ArcaVir 2009 Home Protection

7. SonicWALL Global Security Client Local Privilege Escalation Vulnerability
BugTraq ID: 35094
Remote: No
Date Published: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35094
Summary:
SonicWALL Global Security Client is prone to a local privilege-escalation vulnerability because the
application fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.

Global Security Client 1.0.0.15 is vulnerable; other versions may also be affected.

8. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
BugTraq ID: 35092
Remote: No
Date Published: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35092
Summary:
SonicWALL Global VPN Client is prone to a local privilege-escalation vulnerability.

Successfully exploiting this issue allows local users to execute arbitrary code with LocalSystem
privileges, facilitating the complete compromise of affected computers.

Global VPN Client 4.0.0.835 is vulnerable; other versions may also be affected.

9. Soulseek Distributed File Search Buffer Overflow Vulnerability
BugTraq ID: 35091
Remote: Yes
Date Published: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35091
Summary:
Soulseek is prone to a stack-based buffer-overflow vulnerability because the application fails to
perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempt will result in a denial-of-service condition.

Soulseek 156 and 157 NS are vulnerable; other versions may also be affected.

10. Wireshark PCNFSD Dissector Denial of Service Vulnerability
BugTraq ID: 35081
Remote: Yes
Date Published: 2009-05-21
Relevant URL: http://www.securityfocus.com/bid/35081
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash.

This issue affects Wireshark 0.8.20 through 1.0.7.

11. Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability
BugTraq ID: 35065
Remote: Yes
Date Published: 2009-05-21
Relevant URL: http://www.securityfocus.com/bid/35065
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a
denial-of-service condition.

12. Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability
BugTraq ID: 35064
Remote: Yes
Date Published: 2009-05-21
Relevant URL: http://www.securityfocus.com/bid/35064
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a
denial-of-service condition.

13. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
BugTraq ID: 35052
Remote: Yes
Date Published: 2009-05-20
Relevant URL: http://www.securityfocus.com/bid/35052
Summary:
Nullsoft Winamp is prone to a buffer-overflow vulnerability because the application fails to perform
adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Winamp 5.55 and prior versions are vulnerable.

14. CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
BugTraq ID: 35040
Remote: Yes
Date Published: 2009-05-20
Relevant URL: http://www.securityfocus.com/bid/35040
Summary:
CiscoWorks Common Services TFTP Server is prone to a directory-traversal vulnerability because it
fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to upload and download arbitrary files outside of the
TFTP server root directory. This may result in a denial-of-service condition or lead to a complete
compromise of the affected computer.

This issue is tracked by Cisco Bug ID CSCsx07107.

CiscoWorks Common Services 3.0.x, 3.1.x, and 3.2.x running on Microsoft Windows are vulnerable.

15. Mereo Malformed URI Remote Denial Of Service Vulnerability
BugTraq ID: 35014
Remote: Yes
Date Published: 2009-05-18
Relevant URL: http://www.securityfocus.com/bid/35014
Summary:
Mereo is prone to a denial-of-service vulnerability because it fails to adequately sanitize
user-supplied input.

Attackers can exploit this issue to crash the affected application, denying service to legitimate
users.

Mereo 1.8.0 is vulnerable; other versions may also be affected.

16. httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities
BugTraq ID: 35006
Remote: Yes
Date Published: 2009-05-18
Relevant URL: http://www.securityfocus.com/bid/35006
Summary:
The 'httpdx' program is prone to multiple remote buffer-overflow vulnerabilities because the
application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

These issues affect httpdx 0.5b; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. New Tech Tip: Configuring Windows 7 for a limited user
http://www.securityfocus.com/archive/88/503884

2. AD Password complexity - passwords too long?
http://www.securityfocus.com/archive/88/503573

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte

SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online
identity assurance processes for SSL certificate issuance. Find out how the EV standard increases
the visibility of authentication status through the use of a green address bar in the latest high
security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f21
4c470a

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus