Focus on Microsoft
SecurityFocus Microsoft Newsletter #450 Aug 24 2009 05:19PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #450
----------------------------------------

This issue is sponsored by SC World Congress

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October
13-14 in New York City. The Congress features a comprehensive, two-day program presented in four
tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo
showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality
content, innovative formats and sessions, global perspectives and ROI, this is the one event you
can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution
Vulnerability
5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution
Vulnerability
6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
7. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
8. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
9. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
10. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
11. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
12. Microsoft August 2009 Advance Notification Multiple Vulnerabilities
13. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
14. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
15. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
16. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
17. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation
Vulnerability
18. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
19. UltraPlayer Malformed '.usk' Playlist File Buffer Overflow Vulnerability
20. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
21. Microsoft Internet Explorer 8 Denial of Service Vulnerability
22. BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
BugTraq ID: 36029
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36029
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability.

This issue may affect the Embedded OpenType font engine.

Remote attackers can exploit this issue to cause affected computers to crash with a Blue Screen
crash event. Remote code execution may also be possible, but this currently has not been been
confirmed.

2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
BugTraq ID: 35993
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35993
Summary:
Microsoft Windows is prone to an authentication-bypass vulnerability that exists in the Telnet protocol.

An attacker can exploit this issue to gain unauthorized access to the affected computer with the
privileges of the victim user. Successfully exploiting this issue may compromise the affected computer.

3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
BugTraq ID: 35992
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35992
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
BugTraq ID: 35991
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35991
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
BugTraq ID: 35990
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35990
Summary:
Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
BugTraq ID: 35985
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35985
Summary:
Microsoft ASP.NET is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the application pool on the affected webserver to become
unresponsive, denying service to legitimate users.

NOTE: This issue only affects ASP.NET on webservers running IIS 7 in integrated mode.

7. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35983
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35983
Summary:
Subversion is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of Subversion clients
and servers. Successful exploits will compromise the affected application and possibly the computer.
Failed attacks will cause denial-of-service conditions.

The issues affect the following:
Subversion clients and servers versions 1.5.6 and prior.
Subversion clients and servers versions 1.6.0 through 1.6.3.

8. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
BugTraq ID: 35982
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35982
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by
other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user
running an application built against the affected library. Failed exploit attempts will result in a
denial-of-service condition.

9. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
BugTraq ID: 35981
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35981
Summary:
The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

10. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35980
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35980
Summary:
The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability
because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

11. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
BugTraq ID: 35977
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35977
Summary:
Sun OpenSSO Enterprise (formerly Sun Java System Access Manager and Sun Java System Identity Server)
is prone to a memory-corruption vulnerability because it fails to properly handle specially crafted
XML documents.

Very few details are available regarding this issue. We will update this BID as more information
emerges.

An attacker can exploit this issue to execute arbitrary code within the context of the vulnerable
application. Failed exploit attempts will result in a denial-of-service condition.

12. Microsoft August 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35974
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35974
Summary:
Microsoft has released advance notification that on August 11, 2009 the vendor will be releasing 9
security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
Outlook Express
Media Player
.NET
Client for Mac
Office
Visual Studio
ISA Server
BizTalk Server

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

Individual records will be created to document these issues when the bulletins are released.

13. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35973
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35973
Summary:
Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow
vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

14. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
BugTraq ID: 35972
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35972
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending specially-crafted Remote Procedure Call (RPC) messages
to a vulnerable computer.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level
privileges, completely compromising affected computers. Failed exploit attempts will result in a
denial-of-service condition.

15. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35971
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35971
Summary:
Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability
when processing certain parameters returned by a malicious RDP (Remote Desktop Protocol) server.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute
arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely
cause denial-of-service conditions.

16. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
BugTraq ID: 35970
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35970
Summary:
Microsoft Windows is prone to a remote integer-overflow vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

17. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
BugTraq ID: 35969
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35969
Summary:
The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because
it fails to adequately handle user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploits will cause a denial of service.

18. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 35967
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35967
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

19. UltraPlayer Malformed '.usk' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 35956
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35956
Summary:
UltraPlayer is prone to a buffer-overflow vulnerability because the application fails to
bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit
attempts will result in a denial-of-service condition.

UltraPlayer 2.112 is vulnerable; other versions may also be affected.

20. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
BugTraq ID: 35945
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35945
Summary:
Java Web Start ActiveX Control included in Sun JRE and JDK is prone to a remote code-execution
vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting victim to view a malicious
webpage. If successful, the attacker can run arbitrary code with the privileges of the user running
the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue is caused by the vulnerabilities described in Microsoft security advisory 973883 and is
related to the following BIDs:
35828 Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
35830 Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
35832 Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

This issue affects the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

21. Microsoft Internet Explorer 8 Denial of Service Vulnerability
BugTraq ID: 35941
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35941
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in
denial-of-service conditions. Due to the nature of this issue attackers may be able to corrupt
process memory and execute arbitrary code, but this has not been confirmed.

The issue affects Internet Explorer 8; other versions may also be vulnerable.

22. BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
BugTraq ID: 35918
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35918
Summary:
BlazeDVD Professional is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the application
or trigger a denial-of-service condition.

BlazeDVD Professional 5.1 and Blaze Video HDTV Player 6.0 are vulnerable; other versions may also be
affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by SC World Congress

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October
13-14 in New York City. The Congress features a comprehensive, two-day program presented in four
tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo
showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality
content, innovative formats and sessions, global perspectives and ROI, this is the one event you
can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus