SecurityFocus Microsoft Newsletter #303
----------------------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: Ajax Security Dangers- How Hackers are attacking Ajax
Web Apps
While Ajax can greatly improve the usability of a Web
application, it can also
create several opportunities for possible attack if the
application is not
designed with security in mind. Download this SPI Dynamics
white paper.
https://download.spidynamics.com/1/ad/
AJAX.asp?Campaign_ID=70160000000CZBn
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Dynamic linking in Linux and Windows, part one
2. E-mail privacy in the workplace
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Management Console Zone Bypass
Vulnerability
2. Microsoft Visual Basic for Applications Document
Check Buffer
Overflow Vulnerability
3. Microsoft Windows Server Service Remote Buffer
Overflow Vulnerability
4. Microsoft Hyperlink Object Library Function
Remote Buffer Overflow
Vulnerability
5. Microsoft Windows DNS Client Buffer Overrun
Vulnerability
6. CA eTrust Antivirus WebScan Malicious Update Code
Execution
Vulnerability
7. EasyCafe Security Restriction Bypass
Vulnerability
8. Microsoft Internet Explorer Source Element
Cross-Domain Information
Disclosure Vulnerability
9. Computer Associates Virus Definition Downgrade
Vulnerability
10. XChat Remote Denial of Service Vulnerability
11. Microsoft Windows 2000 Kernel Local Privilege
Escalation
Vulnerability
12. Microsoft Windows Unhandled Exception Remote
Code Execution
Vulnerability
13. Clam Anti-Virus ClamAV UPX Compressed PE File
Heap Buffer Overflow
Vulnerability
14. LHAZ LHA Long Multiple Buffer Overflow
Vulnerabilities
15. Microsoft Windows User Profile Privilege
Escalation Vulnerability
16. Microsoft Windows GDI32.DLL WMF Remote Denial of
Service
Vulnerability
17. Microsoft Internet Explorer IFrame Refresh
Denial of Service
Vulnerability
18. Yahoo! Messenger File Extension Spoofing
Vulnerability
19. CA eTrust Antivirus WebScan Remote Buffer
Overflow Vulnerability
20. Microsoft Powerpoint Remote Code Execution
Vulnerability
21. Microsoft Internet Explorer COM Object
Instantiation Code Execution
Vulnerability
22. Microsoft Internet Explorer Window Location
Cross-Domain Information
Disclosure Vulnerability
23. Microsoft August Advance Notification Multiple
Vulnerabilities
24. Fenestrae Faxination Server Unspecified Command
Execution
Vulnerability
25. Microsoft Winsock Gethostbyname Buffer Overflow
Vulnerability
26. Microsoft Internet Explorer Chained Cascading
Style Sheets Remote
Code Execution Vulnerability
27. Microsoft Internet Explorer HTML Layout and
Positioning Remote Code
Execution Vulnerability
28. Simpliciti Locked Browser JavaScript Kiosk
Security Bypass
Vulnerability
29. RETIRED: Microsoft Windows GDI Plus Library
Remote Denial Of Service
Vulnerability
30. Microsoft Windows Routing and Remote Access
Denial of Service
Vulnerability
31. LibTIFF TiffScanLineSize Remote Buffer Overflow
Vulnerability
32. LibTiff Sanity Checks Multiple Denial of Service
Vulnerabilities
33. LibTiff EstimateStripByteCounts() Denial of
Service Vulnerability
34. LibTIFF TiffFetchShortPair Remote Buffer
Overflow Vulnerability
35. Symantec On-Demand Protection Encrypted Data
Information Disclosure
Vulnerability
36. Easy File Sharing FTP Server Pass Command Remote
Buffer Overflow
Vulnerability
37. Microsoft PowerPoint Unspecified Code Execution
Vulnerability
38. Microsoft Internet Explorer Deleted Frame Object
Denial Of Service
Vulnerability
39. Microsoft Internet Explorer ADODB.Recordset
NextRecordset Denial of
Service Vulnerability
40. Microsoft Windows Graphical Device Interface
Plus Library Denial Of
Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Help needed
2. Account Control: Running Windows Vista with Least
Privilege
3. free backgammon
4. SecurityFocus Microsoft Newsletter #302
5. username change best practices...
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Dynamic linking in Linux and Windows, part one
By Reji Thomas, and Bhasker Reddy
This article discusses shared libraries in both Windows and
Linux, and offers a
walk through various data structures to explain how dynamic
linking is done in
these operating systems. The paper will be useful for
developers interested in
the security implications and the relative speed of dynamic
linking, and
assumes some prior knowledge of static and shared libraries.
http://www.
securityfocus.com/infocus/1872
2. E-mail privacy in the workplace
By Mark Rasch
Even with a well-heeled corporate privacy policy stating
that all employee
communications may be monitored in the workplace, the
legality of e-mail
monitoring is not as clear cut as one might think.
http://ww
w.securityfocus.com/columnists/412
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Management Console Zone Bypass Vulnerability
BugTraq ID: 19417
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19417
Summary:
Microsoft Management Console (MMC) is prone to a cross-zone
scripting
vulnerability. The cause of this vulnerability is that the
operating system
does not properly restrict access to MMC components,
allowing the MMC files to
be referenced from the Internet Zone in some cases.
This vulnerability could let an attacker execute arbitrary
code, completely
compromising the computer.
2. Microsoft Visual Basic for Applications Document Check
Buffer Overflow
Vulnerability
BugTraq ID: 19414
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19414
Summary:
A vulnerability has been discovered in Microsoft Visual
Basic for Applications.
The vulnerability occurs due to insufficient bounds checking
when checking the
properties of malicious documents. As a result, a malformed
document may be
capable of triggering a buffer-overflow within the affected
application,
effectively allowing for the execution of arbitrary code.
Microsoft Office, Access, Visio, Word, and Works are also
reportedly attack
vectors, since they employ VBA when handling certain
document types. Email is
another potential attack vector for this vulnerability,
however opening an
email would not trigger the issue. Replying or forwarding
the message could
potentially trigger it.
Microsoft has reported that this issue is being exploited in
the wild.
3. Microsoft Windows Server Service Remote Buffer Overflow
Vulnerability
BugTraq ID: 19409
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19409
Summary:
Microsoft Windows Server Service is prone to a remote
buffer-overflow
vulnerability.
This vulnerability arises when the service processes a
malicious message in RPC
communications.
A successful attack may result in arbitrary code execution
with SYSTEM
privileges leading to a full compromise. Attack attempts may
result in
denial-of-service conditions as well.
Microsoft has reported that this issue is being exploited in
the wild.
4. Microsoft Hyperlink Object Library Function Remote Buffer
Overflow
Vulnerability
BugTraq ID: 19405
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19405
Summary:
Microsoft's Hyperlink Object Library is prone to a
buffer-overflow
vulnerability. This issue is due to the library's failure
to properly
bounds-check user-supplied input before copying it to an
insufficiently sized
memory buffer.
Successfully exploiting this issue allows attackers to
execute arbitrary
machine code in the context of applications that use the
affected library. This
facilitates the remote compromise of affected computers.
Failed exploit
attempts will likely crash targeted applications.
This issue is different than the one described in BID 18500
(Microsoft
HLINK.DLL Link Memory Corruption Vulnerability).
5. Microsoft Windows DNS Client Buffer Overrun Vulnerability
BugTraq ID: 19404
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19404
Summary:
Microsoft Windows is prone to a remotely exploitable buffer
overrun condition
in the DNS client.
This issue is exposed when a client handles a malicious
response from a DNS
server. This may be leveraged to execute arbitrary code and
facilitate a
complete compromise of the affected computer.
6. CA eTrust Antivirus WebScan Malicious Update Code
Execution Vulnerability
BugTraq ID: 19403
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.sec
urityfocus.com/bid/19403
Summary:
CA eTrust Antivirus WebScan is prone to a remote
code-execution vulnerability
because it fails to properly validate parameters supplied to
the WebScan
ActiveX control.
An attacker could exploit this vulnerability to cause
WebScan to install
malicious application files from an attacker-specified
source. This could
result in the execution of arbitrary code.
This issue affects version 1.1.0.1047 and earlier; other
versions may also be
affected.
7. EasyCafe Security Restriction Bypass Vulnerability
BugTraq ID: 19401
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.sec
urityfocus.com/bid/19401
Summary:
EasyCafe is prone to a security restriction bypass
vulnerability
This issue occurs becaue the application fails to prevent an
attacker from
gaining unauthorized access to a clients computer.
An attacker can exploit this issue to gain unauthorized
access to the clients
computer. Other attacks are also possible.
Version 2.1.7 to 2.2.14 are vulnerable to this issue; other
versions may also
be affected.
8. Microsoft Internet Explorer Source Element Cross-Domain
Information
Disclosure Vulnerability
BugTraq ID: 19400
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19400
Summary:
Microsoft Internet Explorer is prone to an
information-disclosure vulnerability
because it fails to properly enforce cross-domain policies.
This issue may allow attackers to access arbitrary websites
in the context of a
targeted user's browser session. This may allow attackers
to perform actions in
web applications with the privileges of exploited users or
to gain access to
potentially sensitive information. This may aid attackers in
further attacks.
9. Computer Associates Virus Definition Downgrade
Vulnerability
BugTraq ID: 19399
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.sec
urityfocus.com/bid/19399
Summary:
A flaw in the Computer Associates WebScan product reportedly
could cause the
application's virus definitions to be downgraded to a
previous version.
This presents a security risk because the virus definitions
in question may be
out of date and may not effectively detect newer variants of
malicious code.
10. XChat Remote Denial of Service Vulnerability
BugTraq ID: 19398
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.sec
urityfocus.com/bid/19398
Summary:
XChat is prone to a remote denial-of-service vulnerability
because it fails to
properly handle unexpected data from malicious IRC users.
This issue allows remote attackers to crash affected IRC
clients, denying
service to legitimate users. To exploit this issue,
attackers send malformed
data to unsuspecting users.
XChat version 2.6.7 for Windows is vulnerable to this issue;
other versions and
platforms may also be affected.
11. Microsoft Windows 2000 Kernel Local Privilege Escalation
Vulnerability
BugTraq ID: 19388
Remote: No
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19388
Summary:
A local privilege-escalation vulnerability exists in
Microsoft Windows 2000.
This vulnerability affects the Windows kernel and may be
exploited by local
attackers to completely compromise an affected computer.
12. Microsoft Windows Unhandled Exception Remote Code
Execution Vulnerability
BugTraq ID: 19384
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19384
Summary:
Microsoft Windows is prone to a remote code-execution
vulnerability. This
vulnerability is caused by an error in how chained
exceptions are unloaded by
the operating system.
This vulnerability could be exploited by a malicious web
page. A successful
exploit would completely compromise the affected computer.
Specific details about this vulnerability are not available
at this time. This
BID will be updated if more information becomes available.
13. Clam Anti-Virus ClamAV UPX Compressed PE File Heap
Buffer Overflow
Vulnerability
BugTraq ID: 19381
Remote: Yes
Date Published: 2006-08-07
Relevant URL: http://www.sec
urityfocus.com/bid/19381
Summary:
ClamAV is prone to a heap buffer-overflow vulnerability.
This issue is due to
the application's failure to properly bounds-check
user-supplied data before
copying it to an insufficiently sized memory buffer.
This issue occurs when the application attempts to handle
compressed UPX files.
Exploiting this issue could allow attacker-supplied machine
code to be executed
in the context of the affected application. The issue would
occur when the
malformed file is scanned manually or automatically in
deployments such as
email gateways.
ClamAV versions 0.88.2 and 0.88.3 are vulnerable to this
issue; prior versions
may also be affected.
14. LHAZ LHA Long Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19377
Remote: Yes
Date Published: 2006-07-31
Relevant URL: http://www.sec
urityfocus.com/bid/19377
Summary:
Lhaz is prone to multiple buffer-overflow vulnerabilities
because the
application fails to check overly long filenames before
copying them to a
finite-sized buffer.
An attacker can exploit these issues to execute arbitrary
code within the
context of the affected application.
Version 1.31 is vulnerable to these issues; other versions
may also be
affected.
15. Microsoft Windows User Profile Privilege Escalation
Vulnerability
BugTraq ID: 19375
Remote: No
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19375
Summary:
Microsoft Windows is prone to a local privilege-escalation
vulnerability. The
vulnerability is caused by an insecure search path for the
WinLogon facility.
If exploited, this could let an attacker run an arbitrary
DLL with elevated
privileges.
This issue is reported to affect Windows 2000 in the default
configuration.
Other Windows operating systems are not affected unless the
configuration
settings related to this vulnerability are changed from the
default.
16. Microsoft Windows GDI32.DLL WMF Remote Denial of Service
Vulnerability
BugTraq ID: 19365
Remote: Yes
Date Published: 2006-08-06
Relevant URL: http://www.sec
urityfocus.com/bid/19365
Summary:
Microsoft Windows is reportedly prone to a remote
denial-of-service
vulnerability. This issue occurs because the application
fails to handle
Malicious WMF file.
This issue may cause Windows Explorer to crash, denying
service to legitimate
users.
17. Microsoft Internet Explorer IFrame Refresh Denial of
Service Vulnerability
BugTraq ID: 19364
Remote: Yes
Date Published: 2006-08-06
Relevant URL: http://www.sec
urityfocus.com/bid/19364
Summary:
Microsoft Internet Explorer is prone to a denial-of-service
vulnerability when
handling malicious HTML files.
Successfully exploiting this issue allows attackers to
consume excessive CPU
resources in the affected browser and eventually cause
Internet Explorer to
crash, causing a denial-of-service.
18. Yahoo! Messenger File Extension Spoofing Vulnerability
BugTraq ID: 19353
Remote: Yes
Date Published: 2006-08-04
Relevant URL: http://www.sec
urityfocus.com/bid/19353
Summary:
A vulnerability in Yahoo! Messenger allows remote attackers
to spoof file
extensions. This issue is due to a design error.
An attacker may leverage this issue to spoof downloaded
filenames to
unsuspecting users. This issue may lead to a compromise of
the target computer
as well as other consequences.
Yahoo! Messenger version 8.0.0.863 is reportedly affected;
earlier versions may
be affected as well.
19. CA eTrust Antivirus WebScan Remote Buffer Overflow
Vulnerability
BugTraq ID: 19351
Remote: Yes
Date Published: 2006-08-04
Relevant URL: http://www.sec
urityfocus.com/bid/19351
Summary:
CA eTrust Antivirus WebScan is prone to a remote
buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied
input before copying it
to an insufficiently sized memory buffer.
Due to improper validation of user-supplied input, a remote
attacker may cause
a buffer-overflow condition and may also execute arbitrary
code in the context
of the user running the affected application.
This issue affects version 1.1.0.1047 and earlier; other
versions may also be
affected.
20. Microsoft Powerpoint Remote Code Execution Vulnerability
BugTraq ID: 19341
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19341
Summary:
Microsoft PowerPoint is prone to a remote code-execution
vulnerability.
This issue results when the application handles malformed
record data within a
presentation file.
A successful exploit of this issue will let attackers
execute arbitrary code in
the context of targeted user
21. Microsoft Internet Explorer COM Object Instantiation
Code Execution
Vulnerability
BugTraq ID: 19340
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19340
Summary:
Microsoft Internet Explorer is prone to a memory-corruption
vulnerability that
is related to the instantiation of COM objects. This issue
results from a
design error.
The vulnerability arises because of the way Internet
Explorer tries to
instantiate certain COM objects as ActiveX controls,
resulting in arbitrary
code execution. The affected objects are not intended to be
instantiated
through Internet Explorer.
22. Microsoft Internet Explorer Window Location Cross-Domain
Information
Disclosure Vulnerability
BugTraq ID: 19339
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19339
Summary:
Microsoft Internet Explorer is prone to a cross-domain
information-disclosure
vulnerability.
This vulnerability may let a malicious website access
properties of a site in
an arbitrary external domain. Attackers could exploit this
issue to gain access
to sensitive information that is associated with the
external domain.
23. Microsoft August Advance Notification Multiple
Vulnerabilities
BugTraq ID: 19331
Remote: Yes
Date Published: 2006-08-03
Relevant URL: http://www.sec
urityfocus.com/bid/19331
Summary:
Microsoft has released advance notification that the vendor
will be releasing
twelve security bulletins for Windows and Office on August
8, 2006. The highest
severity rating for these issues is 'Critical'.
Further details about these issues are not currently
available. Individual BIDs
will be created and this record will be removed when the
security bulletins are
released.
24. Fenestrae Faxination Server Unspecified Command
Execution Vulnerability
BugTraq ID: 19328
Remote: Yes
Date Published: 2006-08-03
Relevant URL: http://www.sec
urityfocus.com/bid/19328
Summary:
Fenestrae Faxination Server is prone to a remote unspecified
command-execution
vulnerability.
An attacker can exploit this issue to execute arbitrary
machine commands with
SYSTEM-level privileges on affected computers.
Further details are currently unavailable; this BID will be
updated as more
information is disclosed.
25. Microsoft Winsock Gethostbyname Buffer Overflow
Vulnerability
BugTraq ID: 19319
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19319
Summary:
The Microsoft Winsock API is prone to a buffer-overflow
vulnerability.
This issue can occur when the API is invoked via a malicious
file or web page
that is sufficient to trigger the vulnerability. If the
exploit is successful,
attacker-supplied code will execute, completely comprising
the affected
computer.
26. Microsoft Internet Explorer Chained Cascading Style
Sheets Remote Code
Execution Vulnerability
BugTraq ID: 19316
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19316
Summary:
Microsoft Internet Explorer is prone to remote
code-execution vulnerability.
This issue is related to how the browser handles chained CSS
(Cascading Style
Sheets). An attacker could exploit this issue to execute
arbitrary code in the
context of the user visiting a malicious web page.
This issue affects Internet Explorer on Windows 2000,
Windows XP excluding XP
SP2, and Windows Server 2003.
27. Microsoft Internet Explorer HTML Layout and Positioning
Remote Code
Execution Vulnerability
BugTraq ID: 19312
Remote: Yes
Date Published: 2006-08-08
Relevant URL: http://www.sec
urityfocus.com/bid/19312
Summary:
Microsoft Internet Explorer is prone to remote
code-execution vulnerability.
This vulnerability is related to how the browser renders
HTML with certain
layout and positioning combinations. An attacker could
exploit this issue to
execute arbitrary code in the context of the user visiting a
malicious web
page.
This issue affects Internet Explorer on Windows 2000,
Windows XP, and Windows
Server 2003.
28. Simpliciti Locked Browser JavaScript Kiosk Security
Bypass Vulnerability
BugTraq ID: 19304
Remote: No
Date Published: 2006-08-02
Relevant URL: http://www.sec
urityfocus.com/bid/19304
Summary:
Simpliciti Locked Browser allows an attacker to use
JavaScript to bypass
security.
This vulnerability may facilitate privilege escalation. An
attacker could use
this vulnerability to their advantage and bypass existing
security limitations
and access controls of the kiosk system.
29. RETIRED: Microsoft Windows GDI Plus Library Remote
Denial Of Service
Vulnerability
BugTraq ID: 19301
Remote: Yes
Date Published: 2006-08-02
Relevant URL: http://www.sec
urityfocus.com/bid/19301
Summary:
Microsoft Windows GDI+ library 'gdiplus.dll' is prone to a
denial-of-service
vulnerability because the software fails to handle malformed
image files
properly.
An attacker may leverage this issue to trigger a
denial-of-service condition in
software implementing the vulnerable library. Other attacks
may also be
possible.
This BID has been retired.
30. Microsoft Windows Routing and Remote Access Denial of
Service Vulnerability
BugTraq ID: 19300
Remote: Yes
Date Published: 2006-08-02
Relevant URL: http://www.sec
urityfocus.com/bid/19300
Summary:
Microsoft Windows Routing and Remote Access is prone to a
denial-of-service
vulnerability. This issue is reportedly due to a
NULL-pointer dereference error
in the affected component.
This issue allows remote attackers to cause a denial of
service on affected
computers.
31. LibTIFF TiffScanLineSize Remote Buffer Overflow
Vulnerability
BugTraq ID: 19288
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.sec
urityfocus.com/bid/19288
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because
the library fails
to do proper boundary checks before copying user-supplied
data into a
finite-sized buffer.
This issue allows remote attackers to execute arbitrary
machine code in the
context of applications using the affected library. Failed
exploit attempts
will likely crash the application, denying service to
legitimate users.
32. LibTiff Sanity Checks Multiple Denial of Service
Vulnerabilities
BugTraq ID: 19286
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.sec
urityfocus.com/bid/19286
Summary:
LibTIFF is affected by multiple denial-of-service
vulnerabilities.
An attacker can exploit these vulnerabilities to cause a
denial of service in
applications using the affected library.
33. LibTiff EstimateStripByteCounts() Denial of Service
Vulnerability
BugTraq ID: 19284
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.sec
urityfocus.com/bid/19284
Summary:
LibTIFF is affected by a denial-of-service vulnerability.
An attacker can exploit this vulnerability to cause a denial
of service in
applications using the affected library.
34. LibTIFF TiffFetchShortPair Remote Buffer Overflow
Vulnerability
BugTraq ID: 19283
Remote: Yes
Date Published: 2006-08-01
Relevant URL: http://www.sec
urityfocus.com/bid/19283
Summary:
LibTIFF is prone to a buffer-overflow vulnerability because
the library fails
to do proper boundary checks before copying user-supplied
data into a
finite-sized buffer.
This issue allows remote attackers to execute arbitrary
machine code in the
context of appications using the affected library. Failed
exploit attempts will
likely crash the application, denying service to legitimate
users.
35. Symantec On-Demand Protection Encrypted Data Information
Disclosure
Vulnerability
BugTraq ID: 19248
Remote: No
Date Published: 2006-07-31
Relevant URL: http://www.sec
urityfocus.com/bid/19248
Summary:
Symantec On-Demand Protection (SODP) and On-Demand Agent
(SODA) are prone to a
vulnerability that could disclose potentially sensitive
information.
An attacker may be able to decrypt the files saved by the
applications. The
impact of this issue will depend on the information
disclosed.
This issue affects:
- SODA versions 2.5 MR2 (build 2156) and earlier
- SODP versions 2.6 (build 2232) and earlier.
Note that this issue affects only the Microsoft Windows
versions of the
applications.
36. Easy File Sharing FTP Server Pass Command Remote Buffer
Overflow
Vulnerability
BugTraq ID: 19243
Remote: Yes
Date Published: 2006-07-31
Relevant URL: http://www.sec
urityfocus.com/bid/19243
Summary:
Easy File Sharing FTP Server is prone to a buffer-overflow
vulnerability
because the application fails to do proper bounds checking
on user-supplied
data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary
machine code in the
context of the affected server application.
Version 2.0 is vulnerable to this issue; other versions may
also be affected.
37. Microsoft PowerPoint Unspecified Code Execution
Vulnerability
BugTraq ID: 19229
Remote: Yes
Date Published: 2006-07-30
Relevant URL: http://www.sec
urityfocus.com/bid/19229
Summary:
Microsoft PowerPoint is prone to an unspecified
code-execution vulnerability.
A proof-of-concept exploit file designed to trigger this
vulnerability has been
released. This issue arises when a vulnerable user opens a
malicious read-only
PowerPoint file and then closes it.
This issue is the third vulnerability discussed in BID 18993
(Microsoft
Powerpoint Multiple Unspecified Vulnerabilities). This
separate document
details further information regarding that issue.
Microsoft PowerPoint 2003 SP2 French Edition is reported
vulnerable to this
issue; other versions may also be affected.
38. Microsoft Internet Explorer Deleted Frame Object Denial
Of Service
Vulnerability
BugTraq ID: 19228
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.sec
urityfocus.com/bid/19228
Summary:
Microsoft Internet Explorer is prone to a denial-of-service
vulnerability. This
issue is triggered when an attacker convinces a victim user
to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet
Explorer, effectively
denying service to legitimate users.
39. Microsoft Internet Explorer ADODB.Recordset
NextRecordset Denial of Service
Vulnerability
BugTraq ID: 19227
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.sec
urityfocus.com/bid/19227
Summary:
Microsoft Internet Explorer is prone to a denial-of-service
condition when
processing the 'NextRecordset' method of the
'ADODB.Recordset' object.
A successful attack may cause the browser to fail.
40. Microsoft Windows Graphical Device Interface Plus
Library Denial Of Service
Vulnerability
BugTraq ID: 19221
Remote: Yes
Date Published: 2006-07-29
Relevant URL: http://www.sec
urityfocus.com/bid/19221
Summary:
Reportedly, the Microsoft Windows GDI+ library
'gdiplus.dll' is prone to a
denial-of-service vulnerability because the software fails
to handle malformed
image files properly.
An attacker may leverage this issue to trigger a
denial-of-service condition in
software implementing the vulnerable library. Other attacks
may also be
possible.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Help needed
http:/
/www.securityfocus.com/archive/88/442340
2. Account Control: Running Windows Vista with Least
Privilege
http:/
/www.securityfocus.com/archive/88/442279
3. free backgammon
http:/
/www.securityfocus.com/archive/88/442167
4. SecurityFocus Microsoft Newsletter #302
http:/
/www.securityfocus.com/archive/88/442049
5. username change best practices...
http:/
/www.securityfocus.com/archive/88/441749
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The
contents of the subject or message body do not matter. You
will receive a
confirmation request message to which you will have to
answer. Alternatively
you can also visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadminsecurityfocus.com and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics
ALERT: Ajax Security Dangers- How Hackers are attacking Ajax
Web Apps
While Ajax can greatly improve the usability of a Web
application, it can also
create several opportunities for possible attack if the
application is not
designed with security in mind. Download this SPI Dynamics
white paper.
https://download.spidynamics.com/1/ad/
AJAX.asp?Campaign_ID=70160000000CZBn
------------------------------------------------------------
---------------
------------------------------------------------------------
---------------
|