Focus on Microsoft
SecurityFocus Microsoft Newsletter #448 Jul 15 2009 02:59PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #448
----------------------------------------

This issue is sponsored by Ironkey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey. S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

Learn more at https://www.ironkey.com/S200_Launch

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
2. Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability
3. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
4. Wyse Device Manager Unspecified Remote Buffer Overflow Vulnerability
5. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution
Vulnerability
6. Pirch IRC Client Remote Buffer Overflow Vulnerability
7. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
8. Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability
9. Microsoft July 2009 Advance Notification Multiple Vulnerabilities
10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
11. Bugzilla Bug Status Modification Security Bypass Vulnerability
12. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
13. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
14. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution
Vulnerability
15. Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption
Vulnerability
16. Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability
17. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
18. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35667
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35667
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails
to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

2. Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability
BugTraq ID: 35660
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35660
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user
running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A
crash was observed in Firefox 3.5 on Windows XP SP3.

3. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 35652
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35652
Summary:
LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform
adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary malicious code in the context of a user
running an application that uses the affected library. Failed exploit attempts will likely crash the
application.

LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected.

4. Wyse Device Manager Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 35649
Remote: Yes
Date Published: 2009-07-10
Relevant URL: http://www.securityfocus.com/bid/35649
Summary:
Wyse Device Manager is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

5. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability
BugTraq ID: 35642
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35642
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the
OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs:

0002E541-0000-0000-C000-000000000046
0002E559-0000-0000-C000-000000000046

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

6. Pirch IRC Client Remote Buffer Overflow Vulnerability
BugTraq ID: 35639
Remote: Yes
Date Published: 2009-07-12
Relevant URL: http://www.securityfocus.com/bid/35639
Summary:
Pirch IRC is prone to a remote buffer-overflow vulnerability because it fails to bounds-check
user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious
IRC server. Successful attacks will allow arbitrary code to run within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

Pirch IRC 98 is vulnerable; other versions may also be affected.

NOTE: The vulnerability may be related to the issue described in BID 5079. We will update the BID
when more information emerges.

7. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
BugTraq ID: 35631
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35631
Summary:
Microsoft ISA Server is prone to an authentication-bypass vulnerability.

An attacker with knowledge of a valid account name can exploit this issue to bypass authentication
and gain access to arbitrary resources within the context of the selected account.

8. Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability
BugTraq ID: 35620
Remote: Yes
Date Published: 2009-07-09
Relevant URL: http://www.securityfocus.com/bid/35620
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in
denial-of-service conditions. Reports indicate that this issue may be used to corrupt process memory
and be leveraged to execute code, but this has not been confirmed.

Internet Explorer 7 and 8 are known to be vulnerable; other versions may be affected as well.

9. Microsoft July 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35617
Remote: Yes
Date Published: 2009-07-09
Relevant URL: http://www.securityfocus.com/bid/35617
Summary:
Microsoft has released advance notification that on July 14, 2009 the vendor will be releasing six
security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
DirectX
Virtual PC
Virtual Server
ISA Server
Publisher

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

We will create individual records to better document these issues when the bulletins are released.

10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
BugTraq ID: 35616
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35616
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

11. Bugzilla Bug Status Modification Security Bypass Vulnerability
BugTraq ID: 35604
Remote: Yes
Date Published: 2009-07-08
Relevant URL: http://www.securityfocus.com/bid/35604
Summary:
Bugzilla is prone to a security-bypass vulnerability.

Successful exploits will allow authenticated attackers to modify the status of bug reports, which
may aid in further attacks.

The following are vulnerable:

Bugzilla 3.1.1 through 3.2.3
Bugzilla 3.3.1 through 3.3.4

12. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
BugTraq ID: 35601
Remote: No
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35601
Summary:
Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by
an error in decoding privileged instructions.

Note that this issue affects only systems that do not use hardware-assisted virtualization.

Successful exploits may allow local attackers to elevate privileges within a guest operating system.

13. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
BugTraq ID: 35600
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35600
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

14. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
BugTraq ID: 35599
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35599
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

15. Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability
BugTraq ID: 35585
Remote: Yes
Date Published: 2009-07-06
Relevant URL: http://www.securityfocus.com/bid/35585
Summary:
Microsoft Windows is prone to a remote memory-corruption vulnerability that affects the Video
Control ActiveX control.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected.

16. Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 35558
Remote: Yes
Date Published: 2009-07-06
Relevant URL: http://www.securityfocus.com/bid/35558
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the TV Tuner library.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected.

17. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
BugTraq ID: 35187
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35187
Summary:
Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails
to properly bounds-check user-supplied input before copying it into an insufficiently sized memory
buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

18. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
BugTraq ID: 35186
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35186
Summary:
Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the
software fails to properly bounds-check user-supplied input before copying it into an insufficiently
sized memory buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Ironkey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey. S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

. Always-On AES 256-bit Hardware Encryption

. FIPS 140-2 Level 3 Validated

. Hardened Case.Waterproof Beyond MIL-STD-810F

. Remote Management Software

Research for the IronKey architecture was funded in part by the U.S. Department of Homeland
Security. In addition, IronKey maintains a trusted supply chain: all research and development is
performed in the USA, and all boards are built and all drives are assembled in secure facilities in
the USA.

IronKey Basic S200 drives will also be available in high-capacity 16GB models.

https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus
&ik_t=newsletter

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus