Focus on Microsoft
SecurityFocus Microsoft Newsletter #446 Jun 19 2009 03:06PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #446
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510129;37701658;c

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
2. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
3. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
4. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
5. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
6. TorrentTrader Classic Multiple Remote Vulnerabilities
7. Multiple Kaspersky Products PDF File Scan Evasion Vulnerability
8. SugarCRM Email Attachment Arbitrary File Upload Vulnerability
9. Multiple Symantec Products RAR/TAR/ZIP File Scan Evasion Vulnerability
10. Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
11. Apple Safari for Windows Reset Password Information Disclosure Vulnerability
12. Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
13. Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability
14. Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure
Vulnerability
15. Apple Safari CFNetwork Script Injection Weakness
16. Apple Safari Windows Installer Local Privilege Escalation Vulnerability
17. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
18. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
19. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
20. Kerio MailServer WebMail Cross Site Scripting Vulnerability
21. RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
22. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
23. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
24. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
25. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
26. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
27. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
28. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
29. Microsoft Excel Record Object Remote Code Execution Vulnerability
30. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
31. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
32. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
33. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution
Vulnerability
34. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
35. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution
Vulnerability
36. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
37. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution
Vulnerability
38. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution
Vulnerability
39. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution
Vulnerability
40. Microsoft Windows Search Script Injection Vulnerability
41. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
42. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
43. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
44. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
45. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
46. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow
Vulnerability
47. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
48. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution
Vulnerability
49. Microsoft Word Record Parsing Buffer Overflow Vulnerability
50. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
51. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #445
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 35432
Remote: No
Date Published: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35432
Summary:
DESlock+ is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may
facilitate a complete compromise of the affected computer.

DESlock+ 4.0.2 is vulnerable; other versions may also be affected.

2. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
BugTraq ID: 35414
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35414
Summary:
Apple iPhone and iPod touch are prone to multiple vulnerabilities.

Successfully exploiting these issues may allow attackers to bypass security restrictions, obtain
sensitive information, or cause denial-of-service conditions.

These issues affect the following:

iPhone OS 1.0 through 2.2.1
iPhone OS for iPod touch 1.1 through 2.2.1

3. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
BugTraq ID: 35411
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35411
Summary:
Multiple browsers are prone to a vulnerability that may allow attackers to spoof arbitrary HTTPS sites.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTPS
site. Successful exploits will lead to a false sensitive security since the victim is visiting a
site that is assumed to be legitimate.

4. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
BugTraq ID: 35410
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35410
Summary:
ClamAV is prone to multiple vulnerabilities because it fails to properly restrict certain files
after scanning them.

A successful attack may allow malicious users to bypass security restrictions placed on certain
files. Exploits may aid in further attacks.

Versions prior to ClamAv 0.95.2 are vulnerable.

5. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
BugTraq ID: 35380
Remote: Yes
Date Published: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35380
Summary:
Multiple web browsers are prone to a man-in-the-middle vulnerability.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially
allowing the attacker to steal cookie-based authentication credentials or to control how sites are
rendered to the user. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA
2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better
document it.

UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple
browsers, not just Mozilla products.

6. TorrentTrader Classic Multiple Remote Vulnerabilities
BugTraq ID: 35369
Remote: Yes
Date Published: 2009-06-15
Relevant URL: http://www.securityfocus.com/bid/35369
Summary:
TorrentTrader Classic is prone to multiple vulnerabilities:

- An insufficient entropy weakness
- Multiple information-disclosure vulnerabilities
- Multiple SQL-injection vulnerabilities
- Multiple HTML-injection vulnerabilities
- Multiple cross-site-scripting vulnerabilities
- A local-file-include vulnerability

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,
compromise the application, obtain sensitive information, access or modify data, or exploit latent
vulnerabilities in the underlying database.

TorrentTrader Classic 1.09 is vulnerable; other versions may also be affected.

7. Multiple Kaspersky Products PDF File Scan Evasion Vulnerability
BugTraq ID: 35365
Remote: Yes
Date Published: 2009-06-13
Relevant URL: http://www.securityfocus.com/bid/35365
Summary:
Multiple Kaspersky products are prone to a vulnerability that may allow certain PDF files to bypass
the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application will fail to detect.

8. SugarCRM Email Attachment Arbitrary File Upload Vulnerability
BugTraq ID: 35361
Remote: Yes
Date Published: 2009-06-13
Relevant URL: http://www.securityfocus.com/bid/35361
Summary:
SugarCRM is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs
because the application fails to adequately validate user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of
the webserver process. This may facilitate unauthorized access or privilege escalation; other
attacks are also possible.

The issue affects SugarCRM 5.2.0e; prior versions may also be vulnerable.

9. Multiple Symantec Products RAR/TAR/ZIP File Scan Evasion Vulnerability
BugTraq ID: 35354
Remote: Yes
Date Published: 2009-06-12
Relevant URL: http://www.securityfocus.com/bid/35354
Summary:
Multiple Symantec products are prone to a vulnerability that may allow certain compressed archives
to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application will fail to detect.

The following products are affected:

Symantec Mail Security for Domino
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security for SMTP
Symantec Brightmail Gateway
Symantec AntiVirus for Network Attached Storage
Symantec AntiVirus for Caching
Symantec AntiVirus for Messaging
Symantec Protection for SharePoint Servers
Symantec Protection Suite
Symantec Scan Engine
Symantec Client Security
Symantec Endpoint Protection
Symantec AntiVirus Corporate Edition
Norton Internet Security
Norton 360
Norton AntiVirus
Norton Systemworks

10. Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
BugTraq ID: 35353
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35353
Summary:
Safari is prone to a security-bypass vulnerability because it fails to properly verify X.509
extended validation (EV) certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by
impersonating trusted webservers. This will aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

11. Apple Safari for Windows Reset Password Information Disclosure Vulnerability
BugTraq ID: 35352
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35352
Summary:
Apple Safari is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

12. Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
BugTraq ID: 35351
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35351
Summary:
Apple Safari is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user
running the affected application or to obtain sensitive information.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

13. Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability
BugTraq ID: 35347
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35347
Summary:
Apple Safari is prone to an information-disclosure vulnerability.

A local attacker can exploit this issue to access other users' files as they are downloaded.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft
Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

14. Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
BugTraq ID: 35346
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35346
Summary:
Apple Safari is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

15. Apple Safari CFNetwork Script Injection Weakness
BugTraq ID: 35344
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35344
Summary:
Apple Safari is prone to a weakness that may allow attackers to run arbitrary script code.

Attackers may exploit this issue through social engineering or through exploiting other latent
vulnerabilities to execute arbitrary script code in the context of the victim.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7 and on
Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

16. Apple Safari Windows Installer Local Privilege Escalation Vulnerability
BugTraq ID: 35339
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35339
Summary:
Apple Safari is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to gain elevated privileges, which may aid in
further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

17. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
BugTraq ID: 35335
Remote: Yes
Date Published: 2009-06-12
Relevant URL: http://www.securityfocus.com/bid/35335
Summary:
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because
it fails to properly restrict access to certain functionality when handling media files.

An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.

18. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
BugTraq ID: 35308
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35308
Summary:
Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to
adequately handle TrueType fonts.

An attacker can exploit this issue to execute arbitrary code in the context of the application.
Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to Safari 4.0 running on Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

19. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35275
Remote: Yes
Date Published: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35275
Summary:
Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Freelance file.

Successful exploits can allow the attacker to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

20. Kerio MailServer WebMail Cross Site Scripting Vulnerability
BugTraq ID: 35264
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35264
Summary:
Kerio MailServer WebMail is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.

Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are vulnerable.

21. RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
BugTraq ID: 35260
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35260
Summary:
Safari is prone to multiple security vulnerabilities that have been addressed in Apple security
advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple
Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.

NOTE: This BID is being retired because the following individual records have been created to
better document issues previously mentioned in this BID:

35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure
Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing
Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability

22. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
BugTraq ID: 35255
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35255
Summary:
Microsoft Windows is prone to a weakness that affects the Windows DNS client and arises because of a
design error in the DNS devolution process.

The attacker could set up a malicious site and carry out attacks against victims who are
inadvertently directed to the malicious site. These attacks could include disclosure of the private
IP address, disclosure of authentication credentials, modification of client proxy settings,
phishing, redirection to other malicious sites, enticing vulnerable users to download malware, and more.

23. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 35248
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35248
Summary:
eBay Enhanced Picture Services ActiveX control is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

24. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35246
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35246
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel
('.xls') file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

25. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
BugTraq ID: 35245
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35245
Summary:
Microsoft Excel is prone to an integer-overflow vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

26. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
BugTraq ID: 35244
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35244
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

27. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
BugTraq ID: 35243
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35243
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

28. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
BugTraq ID: 35242
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35242
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

29. Microsoft Excel Record Object Remote Code Execution Vulnerability
BugTraq ID: 35241
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35241
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

30. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35240
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35240
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

31. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35238
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35238
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

32. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
BugTraq ID: 35235
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35235
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

33. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability
BugTraq ID: 35234
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35234
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

34. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
BugTraq ID: 35232
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35232
Summary:
Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability
because it fails to properly enforce access restrictions on certain requests to a site that requires
authentication.

An attacker can exploit this issue to gain unauthorized access to protected resources, which may
lead to other attacks.

This issue affects IIS 5.0.

35. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 35226
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35226
Summary:
Microsoft Active Directory is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the application.
Successful exploits will completely compromise the affected computer. Failed attacks will cause
denial-of-service conditions.

36. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
BugTraq ID: 35225
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35225
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

37. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35224
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35224
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

38. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35223
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35223
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

39. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35222
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35222
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

40. Microsoft Windows Search Script Injection Vulnerability
BugTraq ID: 35220
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35220
Summary:
Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately
sanitize user-supplied input when previewing search results.

Successful exploits will cause malicious script code to run in the local context, allowing attackers
to steal potentially sensitive information or perform other attacks.

The issue affects Windows Search installed on all supported editions of Windows XP and Windows
Server 2003. Note that Windows Vista and Windows Server 2008 are not affected.

41. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
BugTraq ID: 35219
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35219
Summary:
Microsoft Windows RPC Marshalling Engine is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending a specially crafted RPC request to an affected computer.

Successfully exploiting this issue will allow the attacker to execute arbitrary code with full
system rights, completely compromising affected computers. Failed exploit attempts will likely
result in a denial-of-service condition.

42. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 35218
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35218
Summary:
Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

43. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35215
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35215
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

44. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
BugTraq ID: 35209
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35209
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler
service.

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges, which can result in the complete compromise of affected computers.

45. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
BugTraq ID: 35208
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35208
Summary:
Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects
the Print Spooler service.

Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in
further attacks.

46. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35206
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35206
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the
Windows Print Spooler.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level
privileges. Failed exploit attempts will likely cause denial-of-service conditions.

47. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
BugTraq ID: 35200
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35200
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because
the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another
domain or security zone. This may allow the attacker to obtain sensitive information or may aid in
further attacks.

48. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35198
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35198
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

49. Microsoft Word Record Parsing Buffer Overflow Vulnerability
BugTraq ID: 35190
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35190
Summary:
Microsoft Word is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

50. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35188
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35188
Summary:
Microsoft Word is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

51. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
BugTraq ID: 35184
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35184
Summary:
Microsoft Office Works for Windows document converters are prone to a remote code-execution
vulnerability because the application fails to properly handle specially crafted files.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successful exploits would allow the attacker to execute arbitrary code in the context of the
currently logged-in user.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #445
http://www.securityfocus.com/archive/88/504256

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510129;37701658;c

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus