Focus on Microsoft
SecurityFocus Microsoft Newsletter #445 Jun 12 2009 03:03PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #445
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510119;37701656;z

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
2. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
3. Kerio MailServer WebMail Cross Site Scripting Vulnerability
4. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
5. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
6. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
7. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
8. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
9. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
10. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
11. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
12. Microsoft Excel Record Object Remote Code Execution Vulnerability
13. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
14. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
15. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
16. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
17. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution
Vulnerability
18. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
19. Online Armor Personal Firewall IOCTL Request Local Privilege Escalation Vulnerability
20. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution
Vulnerability
21. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
22. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution
Vulnerability
23. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution
Vulnerability
24. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution
Vulnerability
25. Microsoft Windows Search Script Injection Vulnerability
26. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
27. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
28. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
29. Microsoft June 2009 Advance Notification Multiple Vulnerabilities
30. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
31. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
32. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow
Vulnerability
33. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
34. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution
Vulnerability
35. Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability
36. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
37. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
38. Apple QuickTime PSD Image Buffer Overflow Vulnerability
39. Apple QuickTime Clipping Region (CRGN) Atom Types Heap Overflow Vulnerability
40. Apple QuickTime Image Description Atom Sign Extension Vulnerability
41. Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability
42. Apple QuickTime PICT Image Heap Overflow Vulnerability
43. Apple QuickTime MS ADPCM Audio File Heap Buffer Overflow Vulnerability
44. Apple QuickTime User Atom Data Size Uninitialized Memory Access Remote Code Execution
Vulnerability
45. Apple QuickTime FLC Compression File Heap Overflow Vulnerability
46. Apple QuickTime Sorenson 3 Video File Remote Memory Corruption Vulnerability
47. Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability
48. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
BugTraq ID: 35308
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35308
Summary:
Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to
adequately handle TrueType fonts.

An attacker can exploit this issue to execute arbitrary code in the context of the application.
Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to Safari 4.0 running on Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

2. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35275
Remote: Yes
Date Published: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35275
Summary:
Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Freelance file.

Successful exploits can allow the attacker to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

3. Kerio MailServer WebMail Cross Site Scripting Vulnerability
BugTraq ID: 35264
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35264
Summary:
Kerio MailServer WebMail is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.

Kerio MailServer versions 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are vulnerable.

4. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
BugTraq ID: 35260
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35260
Summary:
Apple Safari is prone to multiple security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code, launch cross-site scripting attacks,
elevate privileges, or obtain sensitive information. Other attacks are also possible.

These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7,
Microsoft Windows XP, and Windows Vista.

5. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
BugTraq ID: 35255
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35255
Summary:
Microsoft Windows is prone to a weakness that affects the Windows DNS client and arises because of a
design error in the DNS devolution process.

The attacker could set up a malicious site and carry out attacks against victims who are
inadvertently directed to the malicious site. These attacks could include disclosure of the private
IP address, disclosure of authentication credentials, modification of client proxy settings,
phishing, redirection to other malicious sites, enticing vulnerable users to download malware, and more.

6. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 35248
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35248
Summary:
eBay Enhanced Picture Services ActiveX control is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

7. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35246
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35246
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel
('.xls') file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

8. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
BugTraq ID: 35245
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35245
Summary:
Microsoft Excel is prone to an integer-overflow vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

9. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
BugTraq ID: 35244
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35244
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

10. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
BugTraq ID: 35243
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35243
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

11. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
BugTraq ID: 35242
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35242
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

12. Microsoft Excel Record Object Remote Code Execution Vulnerability
BugTraq ID: 35241
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35241
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

13. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35240
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35240
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

14. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
BugTraq ID: 35239
Remote: Yes
Date Published: 2009-06-05
Relevant URL: http://www.securityfocus.com/bid/35239
Summary:
XM Easy Personal FTP Server is prone to multiple remote buffer-overflow vulnerabilities because the
application fails to sufficiently sanitize user-supplied arguments to multiple FTP commands.

An attacker can exploit these issues to execute arbitrary code in the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

XM Easy Personal FTP Server 5.7.0 is vulnerable; other versions may also be affected.

15. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35238
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35238
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

16. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
BugTraq ID: 35235
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35235
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

17. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability
BugTraq ID: 35234
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35234
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

18. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
BugTraq ID: 35232
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35232
Summary:
Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability
because it fails to properly enforce access restrictions on certain requests to a site that requires
authentication.

An attacker can exploit this issue to gain unauthorized access to protected resources, which may
lead to other attacks.

This issue affects IIS 5.0.

19. Online Armor Personal Firewall IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 35227
Remote: No
Date Published: 2009-06-04
Relevant URL: http://www.securityfocus.com/bid/35227
Summary:
Online Armor Personal Firewall is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may
facilitate a complete compromise of the affected computer.

Online Armor Personal Firewall 3.5.0.12 and prior versions are affected. Online Armor Personal
Firewall AV+ is also vulnerable.

20. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 35226
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35226
Summary:
Microsoft Active Directory is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the application.
Successful exploits will completely compromise the affected computer. Failed attacks will cause
denial-of-service conditions.

21. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
BugTraq ID: 35225
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35225
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

22. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35224
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35224
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

23. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35223
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35223
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

24. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35222
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35222
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

25. Microsoft Windows Search Script Injection Vulnerability
BugTraq ID: 35220
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35220
Summary:
Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately
sanitize user-supplied input when previewing search results.

Successful exploits will cause malicious script code to run in the local context, allowing attackers
to steal potentially sensitive information or perform other attacks.

The issue affects Windows Search installed on all supported editions of Windows XP and Windows
Server 2003. Note that Windows Vista and Windows Server 2008 are not affected.

26. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
BugTraq ID: 35219
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35219
Summary:
Microsoft Windows RPC Marshalling Engine is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending a specially crafted RPC request to an affected computer.

Successfully exploiting this issue will allow the attacker to execute arbitrary code with full
system rights, completely compromising affected computers. Failed exploit attempts will likely
result in a denial-of-service condition.

27. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 35218
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35218
Summary:
Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

28. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35215
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35215
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

29. Microsoft June 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35213
Remote: Yes
Date Published: 2009-06-04
Relevant URL: http://www.securityfocus.com/bid/35213
Summary:
Microsoft has released advance notification that on June 9, 2009 the vendor will be releasing 10
security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
Internet Explorer
Word
Excel
Office

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

We will create individual records to better document these issues when the bulletins are released.

30. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
BugTraq ID: 35209
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35209
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler
service.

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges, which can result in the complete compromise of affected computers.

31. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
BugTraq ID: 35208
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35208
Summary:
Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects
the Print Spooler service.

Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in
further attacks.

32. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35206
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35206
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the
Windows Print Spooler.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level
privileges. Failed exploit attempts will likely cause denial-of-service conditions.

33. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
BugTraq ID: 35200
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35200
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because
the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another
domain or security zone. This may allow the attacker to obtain sensitive information or may aid in
further attacks.

34. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35198
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35198
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

35. Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability
BugTraq ID: 35190
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35190
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

36. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35188
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35188
Summary:
Microsoft Word is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

37. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
BugTraq ID: 35184
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35184
Summary:
Microsoft Office Works for Windows document converters are prone to a remote code-execution
vulnerability because the application fails to properly handle specially crafted files.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successful exploits would allow the attacker to execute arbitrary code in the context of the
currently logged-in user.

38. Apple QuickTime PSD Image Buffer Overflow Vulnerability
BugTraq ID: 35168
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35168
Summary:
Apple QuickTime is prone to a buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted image.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

39. Apple QuickTime Clipping Region (CRGN) Atom Types Heap Overflow Vulnerability
BugTraq ID: 35167
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35167
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista and Windows XP SP3.

40. Apple QuickTime Image Description Atom Sign Extension Vulnerability
BugTraq ID: 35166
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35166
Summary:
Apple QuickTime is prone to a vulnerability that occurs because the bit width of a number is
increased without changing its sign in certain image description atoms.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted Apple video file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

41. Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability
BugTraq ID: 35165
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35165
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

42. Apple QuickTime PICT Image Heap Overflow Vulnerability
BugTraq ID: 35164
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35164
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

43. Apple QuickTime MS ADPCM Audio File Heap Buffer Overflow Vulnerability
BugTraq ID: 35163
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35163
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially AVI
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

44. Apple QuickTime User Atom Data Size Uninitialized Memory Access Remote Code Execution Vulnerability
BugTraq ID: 35162
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35162
Summary:
Apple QuickTime is prone to a remote code-execution vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

45. Apple QuickTime FLC Compression File Heap Overflow Vulnerability
BugTraq ID: 35161
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35161
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

46. Apple QuickTime Sorenson 3 Video File Remote Memory Corruption Vulnerability
BugTraq ID: 35159
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35159
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

47. Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability
BugTraq ID: 35157
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35157
Summary:
Apple iTunes is prone to a stack-based buffer-overflow vulnerability because it fails to perform
adequate boundary checks before copying user-supplied data to an insufficiently sized buffer.

Attackers can leverage this issue to execute arbitrary code with the privileges of the user running
the affected application. Failed attacks will likely cause denial-of-service conditions.

48. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35154
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35154
Summary:
SafeNet SoftRemote is prone to a remote stack-based buffer-overflow vulnerability because it fails
to properly bounds-check user-supplied data before copying it into an insufficiently sized memory
buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploit attempts will result in a denial-of-service condition.

Versions prior to SoftRemote 10.8.6 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510119;37701656;z

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus