Focus on Microsoft
SecurityFocus Microsoft Newsletter #449 Jul 23 2009 05:27PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #449
----------------------------------------

This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

Learn more at https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus
&ik_t=newsletter

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. World in Conflict Typecheck Remote Denial of Service Vulnerability
2. Wireshark 1.2.0 Multiple Vulnerabilities
3. Google Chrome Privilege Escalation Weakness
4. MightSOFT Audio Editor Pro MP3 File Unspecified Memory Corruption Vulnerability
5. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
6. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
7. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
8. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution
Vulnerability
9. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
11. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
12. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
13. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution
Vulnerability
14. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
15. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Forcing Password Changes for Non-Interacitve Logons
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. World in Conflict Typecheck Remote Denial of Service Vulnerability
BugTraq ID: 35751
Remote: Yes
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35751
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails
to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to
legitimate users.

This issue affects World in Conflict 1.0.1.1 and prior versions.

2. Wireshark 1.2.0 Multiple Vulnerabilities
BugTraq ID: 35748
Remote: Yes
Date Published: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35748
Summary:
Wireshark is prone to multiple vulnerabilities, including a buffer-overflow issue and
denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate
users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code,
but this has not been confirmed.

These issues affect Wireshark 0.9.2 through 1.2.0.

3. Google Chrome Privilege Escalation Weakness
BugTraq ID: 35723
Remote: Yes
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35723
Summary:
Google Chrome is prone to a weakness that may allow attackers to escalate privileges after carrying
out a successful code-execution attack against a renderer (tab) process.

This issue affects versions prior to Chrome 2.0.172.37.

4. MightSOFT Audio Editor Pro MP3 File Unspecified Memory Corruption Vulnerability
BugTraq ID: 35719
Remote: Yes
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35719
Summary:
MightSOFT Audio Editor Pro is prone to an unspecified memory-corruption vulnerability.

An attacker can exploit this issue by tricking a victim into opening a malicious MP3 file to execute
arbitrary code and to cause denial-of-service conditions.

Audio Editor Pro 2.91 is vulnerable; other versions may also be affected.

5. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35667
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35667
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails
to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

6. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
BugTraq ID: 35660
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35660
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user
running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A
crash was observed in Firefox 3.5 on Windows XP SP3.

UPDATE (July 15, 2009): Remote code execution is also possible in Firefox 3.5 running on Apple Mac OS X.

7. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 35652
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35652
Summary:
LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform
adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary malicious code in the context of a user
running an application that uses the affected library. Failed exploit attempts will likely crash the
application.

LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected.

8. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability
BugTraq ID: 35642
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35642
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the
OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs:

0002E541-0000-0000-C000-000000000046
0002E559-0000-0000-C000-000000000046

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

9. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
BugTraq ID: 35631
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35631
Summary:
Microsoft ISA Server is prone to an authentication-bypass vulnerability.

An attacker with knowledge of a valid account name can exploit this issue to bypass authentication
and gain access to arbitrary resources within the context of the selected account.

10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
BugTraq ID: 35616
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35616
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

11. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
BugTraq ID: 35601
Remote: No
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35601
Summary:
Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by
an error in decoding privileged instructions.

Note that this issue affects only systems that do not use hardware-assisted virtualization.

Successful exploits may allow local attackers to elevate privileges within a guest operating system.

12. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
BugTraq ID: 35600
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35600
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

13. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
BugTraq ID: 35599
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35599
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

14. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
BugTraq ID: 35187
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35187
Summary:
Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails
to properly bounds-check user-supplied input before copying it into an insufficiently sized memory
buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

15. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
BugTraq ID: 35186
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35186
Summary:
Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the
software fails to properly bounds-check user-supplied input before copying it into an insufficiently
sized memory buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Forcing Password Changes for Non-Interacitve Logons
http://www.securityfocus.com/archive/88/505115

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

Always-On AES 256-bit Hardware Encryption
FIPS 140-2 Level 3 Validated
Hardened Case?Waterproof Beyond MIL-STD-810F
Remote Management Software

Research for the IronKey architecture was funded in part by the U.S. Department of Homeland
Security. In addition, IronKey maintains a trusted supply chain: all research and development is
performed in the USA, and all boards are built and all drives are assembled in secure facilities in
the USA.

IronKey Basic S200 drives will also be available in high-capacity 16GB models.

https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus
&ik_t=newsletter

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus