SecurityFocus Microsoft Newsletter #320
----------------------------------------
This Issue is Sponsored by: Watchfire
Watchfire announces AppScan 7.0! The industry's only web
application security scanner with new features that include
Privilege Escalation Testing, Validation Highlighting and
Reasoning and Complex Authentication Support to automate
even more scanning and provide greater visibility and
control for security professionals, penetration testers and
QA staff. See for yourself. Download an evaluation copy of
AppScan now!
https://www.watchfire.com/securearea/app
scancamp.aspx?id=701500000008YTx
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Christmas Shopping: Vista Over XP?
2. Vulnerability Scanning Web 2.0 Client-Side
Components
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Frame Src Denial Of
Service Vulnerability
2. JustSystems Multiple Products Unspecified Buffer
Overflow Vulnerability
3. SMF Image File HTML Injection Vulnerability
4. Microsoft Windows Print Spooler GetPrinterData
Denial of Service Vulnerability
5. BlazeVideo HDTV PLF Stack Buffer Overflow
Vulnerability
6. CoolPlayer Multiple Buffer Overflow
Vulnerabilities
7. Outpost Firewall PRO Security Bypass Weakness
8. Invision Gallery Index.PHP IMG Parameter SQL
Injection Vulnerability
9. Palm Desktop Application Directory Local Insecure
Permissions Vulnerability
10. AtomixMP3 M3U File Path Buffer Overflow
Vulnerability
11. Xerox WorkCentre and WorkCentre Pro Multiple
Vulnerabilities
12. VUPlayer M3U UNC Name Buffer Overflow
Vulnerability
13. MailEnable IMAP Service Multiple Buffer Overflow
Vulnerabilities
14. Business Objects Crystal Reports Predictable
Session Identifiers Session Hijacking Vulnerability
15. Songbird Media Player Denial of Service
Vulnerability
16. Telnet-FTP Server Remote Denial of Service
Vulnerability
17. Telnet-FTP Server Directory Traversal
Vulnerability
18. BlazeVideo BlazeDVD Playlist Files Remote Memory
Corruption Vulnerability
19. Quinnware Quintessential Player Playlist Files
Remote Memory Corruption Vulnerability
20. MailEnable WebAdmin Unauthorized Access
Vulnerability
21. WarHound General Shopping Cart Item.ASP SQL
Injection Vulnerability
22. 3Com 3CTftpSvc Filename Remote Buffer Overflow
Vulnerability
23. Allied Telesyn AT-TFTP Server Filename Remote
Buffer Overflow Vulnerability
24. 3Com TFTP Transporting Mode Remote Buffer
Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #319
2. DNS recursive
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Christmas Shopping: Vista Over XP?
By Federico Biancuzzi
Microsoft has announced Vista's release dates. From a
security standpoint what choice should consumers take during
this Christmas shopping season? Most will be faced with
Windows XP only or Windows XP with Microsoft's Express
Upgrade option to Vista. Federico Biancuzzi interviewed a
wide range of security researchers and anti-virus folks to
get some consensus on the security of Vista over Windows XP
for consumers, with some advice for corporate users as well.
http://ww
w.securityfocus.com/columnists/425
2. Vulnerability Scanning Web 2.0 Client-Side Components
By Shreeraj Shah
This article discusses the challenges faced when
vulnerability scanning Web 2.0 applications, and then
provides a methodology to detect vulnerabilities in Web 2.0
client-side application components.
http://www.
securityfocus.com/infocus/1881
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer Frame Src Denial Of Service
Vulnerability
BugTraq ID: 21447
Remote: Yes
Date Published: 2006-12-05
Relevant URL: http://www.sec
urityfocus.com/bid/21447
Summary:
Microsoft Internet Explorer is prone to a denial-of-service
vulnerability because the application fails to handle
exceptional conditions.
This issue is triggered when an attacker entices a victim
user to visit a malicious website.
Remote attackers may exploit this issue to crash Internet
Explorer, effectively denying service to legitimate users.
2. JustSystems Multiple Products Unspecified Buffer Overflow
Vulnerability
BugTraq ID: 21445
Remote: Yes
Date Published: 2006-12-05
Relevant URL: http://www.sec
urityfocus.com/bid/21445
Summary:
Multiple JustSystems products are prone to a buffer-overflow
vulnerability because the application fails to properly
bounds-check user-supplied data.
A successful attack may allow remote attackers to execute
arbitrary code in the context of the vulnerable application.
Failed attack attempts may cause denial-of-service
conditions.
http://secunia.com/
product/12805/
3. SMF Image File HTML Injection Vulnerability
BugTraq ID: 21431
Remote: Yes
Date Published: 2006-12-04
Relevant URL: http://www.sec
urityfocus.com/bid/21431
Summary:
SMF is prone to an HTML-injection vulnerability because it
fails to properly sanitize user-supplied input before using
it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the
context of the affected website, potentially allowing an
attacker to steal cookie-based authentication credentials or
to control how the site is rendered to the user; other
attacks are also possible.
Note that this vulnerability may be triggered only in the
Internet Explorer browser.
SMF version 1.1 is vulnerable to this issue.
4. Microsoft Windows Print Spooler GetPrinterData Denial of
Service Vulnerability
BugTraq ID: 21401
Remote: Yes
Date Published: 2006-12-02
Relevant URL: http://www.sec
urityfocus.com/bid/21401
Summary:
Microsoft Windows Print Spooler service is prone to a
denial-of-service vulnerability.
A remote attacker can exploit this issue to crash the
affected service, denying service to legitimate users.
Reports indicate that this issue affects Print Spooler on
Microsoft Windows 2000 SP4; other versions may also be
vulnerable.
5. BlazeVideo HDTV PLF Stack Buffer Overflow Vulnerability
BugTraq ID: 21399
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.sec
urityfocus.com/bid/21399
Summary:
BlazeVideo HDTV is prone to a stack-based buffer-overflow
vulnerability because the application fails to handle
malformed playlist files.
An attacker can exploit this issue to execute arbitrary code
within the context of the application or to trigger a
denial-of-service condition.
BlazeVideo HDTV 2.1 and prior versions are vulnerable to
this issue.
6. CoolPlayer Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 21396
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.sec
urityfocus.com/bid/21396
Summary:
CoolPlayer is prone to multiple buffer-overflow
vulnerabilities because the application fails to check the
size of the data before copying it into a finite-sized
internal memory buffer.
An attacker can exploit these issues to execute arbitrary
code within the context of the application or to cause a
denial-of-service condition.
CoolPlayer 215 and prior versions are vulnerable to this
issue; other versions may also be affected.
7. Outpost Firewall PRO Security Bypass Weakness
BugTraq ID: 21390
Remote: No
Date Published: 2006-12-01
Relevant URL: http://www.sec
urityfocus.com/bid/21390
Summary:
Outpost Firewall PRO is prone to a weakness that may allow
local privileged attackers to bypass security restrictions.
Successful exploits may allow local privileged attackers to
bypass security restrictions to crash the affected
application and potentially execute malicious code in the
context of the vulnerable application.
Outpost Firewall PRO version 4.0 is affected by this issue;
other versions may also be affected.
8. Invision Gallery Index.PHP IMG Parameter SQL Injection
Vulnerability
BugTraq ID: 21388
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.sec
urityfocus.com/bid/21388
Summary:
Invision Gallery is prone to an SQL-injection vulnerability
because the application fails to properly sanitize
user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise
the application, access or modify data, or exploit
vulnerabilities in the underlying database implementation.
9. Palm Desktop Application Directory Local Insecure
Permissions Vulnerability
BugTraq ID: 21382
Remote: No
Date Published: 2006-12-01
Relevant URL: http://www.sec
urityfocus.com/bid/21382
Summary:
Palm Desktop is prone to an insecure-permissions
vulnerability.
A local attacker could exploit this issue to gain access to
sensitive data. Information obtained may aid in further
attacks.
Version 4.1.4 is vulnerable; other versions may also be
affected.
10. AtomixMP3 M3U File Path Buffer Overflow Vulnerability
BugTraq ID: 21380
Remote: Yes
Date Published: 2006-12-01
Relevant URL: http://www.sec
urityfocus.com/bid/21380
Summary:
AtomixMP3 is prone to a buffer-overflow vulnerability
because the application fails to properly verify the size of
user-supplied data before copying it into an insufficiently
sized memory buffer.
Exploiting this issue allows remote attackers to execute
arbitrary machine code in the context of the user running
the affected application. Failed exploit attempts will
likely crash applications, denying service to legitimate
users.
This issue affects AtomixMP3 2.3 and prior versions.
11. Xerox WorkCentre and WorkCentre Pro Multiple
Vulnerabilities
BugTraq ID: 21365
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.sec
urityfocus.com/bid/21365
Summary:
Xerox WorkCentre and WorkCentre Pro are prone to multiple
vulnerabilities. The issues affect the ESS/Network controler
firmware and the MicroServer Web Server application on the
vulnerable devices.
Successful exploits may allow an attacker to gain
unauthorized access to affected devices, make unauthorized
changes to system configuration, and bypass security
restrictions or anonymously retrieve secure files. Note that
the attacker may not be able to obtain password or user
information.
WorkCentre version 12.060.17.000, WorkCentre Pro version
13.060.17.000, and WorkCentre with PostScript option version
14.060.17.000 are vulnerable.
12. VUPlayer M3U UNC Name Buffer Overflow Vulnerability
BugTraq ID: 21363
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.sec
urityfocus.com/bid/21363
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because
the application fails to properly verify the size of
user-supplied data before copying it into an insufficiently
sized process buffer.
This issue allows remote attackers to execute arbitrary
machine code in the context of the user running the affected
application. Failed exploit attempts will likely crash
applications, denying service to legitimate users.
This issue affects version 2.44; earlier versions may also
be vulnerable.
13. MailEnable IMAP Service Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 21362
Remote: Yes
Date Published: 2006-11-30
Relevant URL: http://www.sec
urityfocus.com/bid/21362
Summary:
MailEnable is prone to multiple buffer-overflow
vulnerabilities in the IMAP service because the application
fails to properly bounds-check various types of
user-supplied data.
An attacker may leverage these issues to execute arbitrary
code in the context of the running application or to crash
the application, causing a denial of service.
This issues are reported to affect the following MailEnable
versions, but other versions may also be vulnerable:
1.6-1.86 Professional Edition
1.1-1.40 Enterprise Edition
2.0-2.33 Professional Edition
2.0-2.33 Enterprise Edition
14. Business Objects Crystal Reports Predictable Session
Identifiers Session Hijacking Vulnerability
BugTraq ID: 21350
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.sec
urityfocus.com/bid/21350
Summary:
Crystal Reports is prone to a session-hijacking
vulnerability.
An attacker can exploit this issue to gain access to the
affected application.
Crystal Reports Enterprise versions 9 and 10 are vulnerable
to this issue.
15. Songbird Media Player Denial of Service Vulnerability
BugTraq ID: 21343
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.sec
urityfocus.com/bid/21343
Summary:
Songbird Media Player is prone to a denial-of-service
vulnerability.
An attacker may exploit this issue to cause applications
that use the vulnerable library to consume excessive CPU and
memory resources and crash, denying further service to
legitimate users. Remote code execution may also possible.
Songbird Media Player 0.2 and prior versions are vulnerable.
16. Telnet-FTP Server Remote Denial of Service Vulnerability
BugTraq ID: 21340
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.sec
urityfocus.com/bid/21340
Summary:
Telnet-Ftp Server is prone to a remote denial-of-service
vulnerability because it fails to properly handle
user-supplied input.
Exploiting this issue allows remote attackers to crash
affected server, denying service to legitimate users.
Telnet-Ftp Server 1.0 build 1.250 is confirmed vulnerable;
other versions may be affected as well.
17. Telnet-FTP Server Directory Traversal Vulnerability
BugTraq ID: 21339
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.sec
urityfocus.com/bid/21339
Summary:
Telnet-FTP Server is prone to a directory-traversal
vulnerability.
A remote attacker can exploit this issue to gain access to
files in the context of the affected FTP server.
Telnet-FTP Server 1.0 is vulnerable; other versions may also
be affected.
18. BlazeVideo BlazeDVD Playlist Files Remote Memory
Corruption Vulnerability
BugTraq ID: 21337
Remote: Yes
Date Published: 2006-11-29
Relevant URL: http://www.sec
urityfocus.com/bid/21337
Summary:
BlazeDVD is prone to a remote memory-corruption
vulnerability because the application fails to handle
malformed playlist files.
An attacker can exploit this issue to execute arbitrary code
within the context of the application or trigger a
denial-of-service condition.
BlazeDVD 5.0 Professional and Standard versions are
vulnerable to this issue.
19. Quinnware Quintessential Player Playlist Files Remote
Memory Corruption Vulnerability
BugTraq ID: 21331
Remote: Yes
Date Published: 2006-11-28
Relevant URL: http://www.sec
urityfocus.com/bid/21331
Summary:
Quinnware Quintessential Player is prone to a remote
memory-corruption vulnerability because the application
fails to handle malformed playlist files.
An attacker can exploit this issue to execute arbitrary code
within the context of the application or trigger a
denial-of-service condition.
Quintessential Player version 4.50.1.82 is vulnerable to
this issue; other versions may also be affected.
20. MailEnable WebAdmin Unauthorized Access Vulnerability
BugTraq ID: 21325
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.sec
urityfocus.com/bid/21325
Summary:
MailEnable is prone to a vulnerability that can allow remote
attackers to gain unauthorized access to the application's
web-administration console.
MailEnable Professional Edition 2.32 and Enterprise Edition
2.32 are reported affected; other versions may be vulnerable
as well.
21. WarHound General Shopping Cart Item.ASP SQL Injection
Vulnerability
BugTraq ID: 21324
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.sec
urityfocus.com/bid/21324
Summary:
WarHound General Shopping Cart is prone to an SQL injection
vulnerability because it fails to properly sanitize
user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise
the application, access or modify data, or exploit
vulnerabilities in the underlying database implementation.
22. 3Com 3CTftpSvc Filename Remote Buffer Overflow
Vulnerability
BugTraq ID: 21322
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.sec
urityfocus.com/bid/21322
Summary:
3CTftpSvc is prone to a buffer-overflow vulnerability
because the application fails to properly bounds-check
user-supplied data before storing it in a finite-sized
buffer.
An attacker can exploit this issue to execute arbitrary code
and gain unauthorized remote access to a vulnerable
computer. A denial-of-service condition may arise as well.
3CTftpSvc 2.0.1 and prior versions are reported to be
vulnerable. Other versions may be affected as well.
23. Allied Telesyn AT-TFTP Server Filename Remote Buffer
Overflow Vulnerability
BugTraq ID: 21320
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.sec
urityfocus.com/bid/21320
Summary:
AT-TFTP is prone to a buffer-overflow vulnerability because
the application fails to properly bounds-check user-supplied
data before storing it in a finite-sized buffer.
An attacker can exploit this issue to execute arbitrary code
and gain unauthorized remote access to a vulnerable
computer. A denial-of-service condition may arise as well.
AT-TFTP 1.9 is reported vulnerable; other versions may be
affected as well.
24. 3Com TFTP Transporting Mode Remote Buffer Overflow
Vulnerability
BugTraq ID: 21301
Remote: Yes
Date Published: 2006-11-27
Relevant URL: http://www.sec
urityfocus.com/bid/21301
Summary:
3Com TFTP is prone to a buffer-overflow vulnerability
because the application fails to properly bounds-check
user-supplied data before storing it in a finite-sized
buffer.
An attacker can exploit this issue to cause the application
to crash, denying further service to legitimate users. Due
to the nature of this issue, the attacker may presumably be
able to exploit it for remote code execution.
Version 2.0.1 is vulnerable; other versions may also be
affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #319
http:/
/www.securityfocus.com/archive/88/452936
2. DNS recursive
http:/
/www.securityfocus.com/archive/88/451486
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire
Watchfire announces AppScan 7.0! The industry's only web
application security scanner with new features that include
Privilege Escalation Testing, Validation Highlighting and
Reasoning and Complex Authentication Support to automate
even more scanning and provide greater visibility and
control for security professionals, penetration testers and
QA staff. See for yourself. Download an evaluation copy of
AppScan now!
https://www.watchfire.com/securearea/app
scancamp.aspx?id=701500000008YTx
------------------------------------------------------------
---------------
------------------------------------------------------------
---------------
|