Focus on Microsoft
SecurityFocus Microsoft Newsletter #451 Aug 24 2009 05:19PM
Rob Keith (rkeith securityfocus com)
SecurityFocus Microsoft Newsletter #451
----------------------------------------

This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and
harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet
Protect here: https://www.immunet.com/user/new

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution
Vulnerability
5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution
Vulnerability
6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
7. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
8. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
9. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
10. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
11. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
12. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
14. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation
Vulnerability
15. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
BugTraq ID: 36029
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36029
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability.

This issue may affect the Embedded OpenType font engine.

Remote attackers can exploit this issue to cause affected computers to crash with a Blue Screen
crash event. Remote code execution may also be possible, but this currently has not been been
confirmed.

2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
BugTraq ID: 35993
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35993
Summary:
Microsoft Windows is prone to an authentication-bypass vulnerability that exists in the Telnet protocol.

An attacker can exploit this issue to gain unauthorized access to the affected computer with the
privileges of the victim user. Successfully exploiting this issue may compromise the affected computer.

3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
BugTraq ID: 35992
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35992
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
BugTraq ID: 35991
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35991
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
BugTraq ID: 35990
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35990
Summary:
Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
BugTraq ID: 35985
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35985
Summary:
Microsoft ASP.NET is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the application pool on the affected webserver to become
unresponsive, denying service to legitimate users.

NOTE: This issue only affects ASP.NET on webservers running IIS 7 in integrated mode.

7. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
BugTraq ID: 35982
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35982
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by
other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user
running an application built against the affected library. Failed exploit attempts will result in a
denial-of-service condition.

8. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
BugTraq ID: 35981
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35981
Summary:
The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

9. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35980
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35980
Summary:
The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability
because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

10. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35973
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35973
Summary:
Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow
vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious Web page.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

11. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
BugTraq ID: 35972
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35972
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending specially crafted Remote Procedure Call (RPC) messages
to a vulnerable computer.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level
privileges, completely compromising affected computers. Failed exploit attempts will result in a
denial-of-service condition.

12. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35971
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35971
Summary:
Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability
when processing certain parameters returned by a malicious RDP (Remote Desktop Protocol) server.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute
arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely
cause denial-of-service conditions.

13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
BugTraq ID: 35970
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35970
Summary:
Microsoft Windows is prone to a remote integer-overflow vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

14. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
BugTraq ID: 35969
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35969
Summary:
The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because
it fails to adequately handle user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploits will cause a denial of service.

15. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 35967
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35967
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and
harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet
Protect here: https://www.immunet.com/user/new

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus