Focus on Microsoft
SecurityFocus Microsoft Newsletter #447 Jun 26 2009 05:44PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #447
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510135;37701660;s

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
2. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service
Vulnerability
3. Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
4. Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass Vulnerability
5. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
6. Apple Safari 'parent/top' Cross Domain Scripting Vulnerability
7. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
8. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
9. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35496
Remote: Yes
Date Published: 2009-06-25
Relevant URL: http://www.securityfocus.com/bid/35496
Summary:
Motorola Timbuktu Pro for Windows is prone to a remote stack-based buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied data before copying it into an
insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed
exploit attempts will result in denial-of-service conditions.

Versions prior to Timbuktu Pro 8.6.7 for Windows are vulnerable.

2. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service Vulnerability
BugTraq ID: 35482
Remote: Yes
Date Published: 2009-06-23
Relevant URL: http://www.securityfocus.com/bid/35482
Summary:
Apple Safari is prone to an information-disclosure and denial-of-service vulnerability because it
fails to properly sanitize user-supplied input.

An attacker can exploit this issue to access local files. On Microsoft Windows platforms, the
attacker may launch rogue instances of Windows Explorer, which may affect the computer's overall
stability, leading to a denial-of-service.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft
Windows XP and Vista.

3. Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
BugTraq ID: 35469
Remote: Yes
Date Published: 2009-06-23
Relevant URL: http://www.securityfocus.com/bid/35469
Summary:
Adobe Shockwave Player is prone to a remote code-execution vulnerability caused by a
memory-dereferencing error while parsing Adobe Director files.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in
user. Failed exploit attempts may cause a denial-of-service condition.

Versions prior to Shockwave Player 11.5.0.600 for Microsoft Windows are vulnerable.

4. Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass Vulnerability
BugTraq ID: 35455
Remote: Yes
Date Published: 2009-06-22
Relevant URL: http://www.securityfocus.com/bid/35455
Summary:
Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly
enforce restrictions on script behavior.

An attacker may exploit this issue to bypass restrictions on the execution of JavaScript code. This
may aid in further attacks.

5. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
BugTraq ID: 35451
Remote: Yes
Date Published: 2009-06-21
Relevant URL: http://www.securityfocus.com/bid/35451
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate
boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of a user
running an application that uses the affected library. Failed exploit attempts will likely crash the
application.

LibTIFF 3.8.2 is vulnerable; other versions may be affected as well.

6. Apple Safari 'parent/top' Cross Domain Scripting Vulnerability
BugTraq ID: 35441
Remote: Yes
Date Published: 2009-06-19
Relevant URL: http://www.securityfocus.com/bid/35441
Summary:
Apple Safari is prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain
potentially sensitive information or launch spoofing attacks against other sites. Other attacks are
also possible.

7. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 35432
Remote: No
Date Published: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35432
Summary:
DESlock+ is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may
facilitate a complete compromise of the affected computer.

DESlock+ 4.0.2 is vulnerable; other versions may also be affected.

8. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
BugTraq ID: 35411
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35411
Summary:
Multiple browsers are prone to a vulnerability that may allow attackers to spoof arbitrary HTTPS sites.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTPS
site. Successful exploits will lead to a false sensitive security since the victim is visiting a
site that is assumed to be legitimate.

9. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
BugTraq ID: 35410
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35410
Summary:
ClamAV is prone to multiple vulnerabilities because it fails to properly restrict certain files
after scanning them.

A successful attack may allow malicious users to bypass security restrictions placed on certain
files. Exploits may aid in further attacks.

Versions prior to ClamAv 0.95.2 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510135;37701660;s

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus