SecurityFocus Microsoft Newsletter #346
----------------------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting
Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow
hackers to compromise confidential information, steal
cookies and create requests that can be mistaken for those
of a valid user!! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/x
ss.asp?Campaign_ID=70160000000CsFU
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as conveying topics of interest for our community.
We are proud to offer content from Matasano at this time and
will be adding more in the coming weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Embedded Problems
2. Security Analogies
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Office MSODataSourceControl ActiveX
Control Buffer Overflow Vulnerability
2. OpenOffice RTF File Parser Buffer Overflow
Vulnerability
3. RETIRED: Microsoft Internet Explorer Navigation
Cancel Webpage Spoofing Vulnerability
4. Apple Safari for Windows Unspecified SVG Parse
Engine Multiple Unspecified Vulnerabilities
5. Microsoft Windows CE .NET Compact Framework
Components Multiple Vulnerabilities
6. TEC-IT TBarCode OCX ActiveX Control Arbitrary
File Overwrite Vulnerability
7. Microsoft Internet Explorer Language Pack
Installation Remote Code Execution Vulnerability
8. Microsoft Windows CE MSXML Multiple
Vulnerabilities
9. Microsoft Internet Explorer Speech API 4 COM
Object Instantiation Buffer Overflow Vulnerabilities
10. Microsoft Internet Explorer CSS Tag Memory
Corruption Vulnerability
11. Microsoft Internet Explorer Prototype Variable
Uninitialized Memory Corruption Vulnerability
12. Microsoft Windows SChannel Security Remote Code
Execution Vulnerability
13. Microsoft Windows Vista Permissive User
Information Store ACLs Information Disclosure Vulnerability
14. Microsoft Outlook Express Content Disposition
Parsing Information Disclosure Vulnerability
15. Novell NetWare Modular Authentication Service
Local Information Disclosure Vulnerability
16. Microsoft Windows CE Internet Explorer Remote
Denial of Service Vulnerability
17. Microsoft Windows CE Internet Explorer SSL
Unspecified Denial Of Service Vulnerability
18. Microsoft Windows CE Internet Explorer
Content-Type Denial of Service Vulnerability
19. Microsoft Outlook Express MHTML URL Parsing
Information Disclosure Vulnerability
20. Microsoft Windows CE Malformed RNDIS Packet
Remote Denial of Service Vulnerability
21. Microsoft Visio Packed Objects Remote Code
Execution Vulnerability
22. Zenturi ProgramChecker ActiveX Control
NavigateURL Arbitrary File Execution Vulnerability
23. Zenturi ProgramChecker ActiveX Control Multiple
Arbitrary File Deletion Vulnerabilities
24. Microsoft Internet Explorer URLMON.DLL COM
Object Instantiation Remote Code Execution Vulnerability
25. RETIRED: Microsoft June 2007 Advance
Notification Multiple Vulnerabilities
26. ClamAV Multiple Unspecified Vulnerabilities
27. Microsoft Visio Version Number Remote Code
Execution Vulnerability
28. Computer Associates ARCserve Backup Multiple
Unspecified Remote Buffer Overflow Vulnerabilities
29. Microsoft Windows GDI+ ICO File Remote Denial of
Service Vulnerability
30. RETIRED: Yahoo! Messenger Multiple Unspecified
Remote Code Execution Vulnerabilities
31. MPlayer Multiple CDDB Parsing Buffer Overflow
Vulnerabilities
32. Mozilla Firefox Beatnik Extension Remote Script
Code Execution Vulnerability
33. Clam AntiVirus ClamAV OLE2 Parser Remote Denial
Of Service Vulnerability
34. Mozilla Firefox Resource Variant Directory
Traversal Vulnerability
35. Microsoft Internet Explorer Location Object
Webpage Spoofing Vulnerability
36. SNMPC Username/Password Remote Denial of Service
Vulnerability
37. Clam AntiVirus ClamAV RAR Handling Remote Denial
Of Service Vulnerability
38. Microsoft Internet Explorer Javascript Cross
Domain Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Embedded Problems
By Federico Biancuzzi
Federico Biancuzzi interviews Barnaby Jack to discuss the
vector rewrite attack, which architectures are vulnerable,
how to defend the integrity of the exception vector table,
some firmware extraction methods, and what bad things you
can do on a cheap SOHO router.
http://ww
w.securityfocus.com/columnists/446
2. Security Analogies
By Scott Granneman
Scott Granneman discusses security analogies and their
function in educating the masses on security concepts.
http://ww
w.securityfocus.com/columnists/445
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Office MSODataSourceControl ActiveX Control
Buffer Overflow Vulnerability
BugTraq ID: 24462
Remote: Yes
Date Published: 2007-06-13
Relevant URL: http://www.sec
urityfocus.com/bid/24462
Summary:
Microsoft Office MSODataSourceControl ActiveX Control is
prone to a buffer-overflow vulnerability because the
application fails to bounds-check user-supplied data before
copying it into an insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers
to execute arbitrary code in the context of the application
using the ActiveX control (typically Internet Explorer).
Failed exploit attempts will likely result in
denial-of-service conditions.
2. OpenOffice RTF File Parser Buffer Overflow Vulnerability
BugTraq ID: 24450
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24450
Summary:
OpenOffice is prone to a remote heap-based buffer-overflow
vulnerability because the application fails to bounds-check
user-supplied data before copying it into an insufficiently
sized buffer.
Remote attackers may exploit this issue by enticing victims
into opening maliciously crafted RTF files.
An attacker can exploit this issue to execute arbitrary code
within the context of the affected application. Failed
exploit attempts will result in a denial of service.
3. RETIRED: Microsoft Internet Explorer Navigation Cancel
Webpage Spoofing Vulnerability
BugTraq ID: 24448
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24448
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing
vulnerability.
Attackers may exploit this vulnerability via a malicious
webpage to spoof the contents of the Navigation canceled
page. This may assist in phishing or other attacks that rely
on content spoofing.
NOTE: This BID is being retired because this issue was
previously reported in BID 22966: Microsoft Internet
Explorer NavCancel.HTM Cross-Site Scripting Vulnerability.
4. Apple Safari for Windows Unspecified SVG Parse Engine
Multiple Unspecified Vulnerabilities
BugTraq ID: 24446
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24446
Summary:
Apple Safari for Microsoft Windows is prone to multiple
unspecified vulnerabilities.
Few technical details are currently available. We will
update this BID as more information emerges.
Safari 3 public beta for Windows is reported vulnerable.
5. Microsoft Windows CE .NET Compact Framework Components
Multiple Vulnerabilities
BugTraq ID: 24444
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24444
Summary:
Components of the .NET Compact Framework for Microsoft
Windows CE are prone to multiple vulnerabilities.
Exploiting these issues may allow remote attackers to cause
denial-of-service conditions, corrupt memory, or execute
arbitrary machine code in the context of the affected
application. This facilitates the remote compromise of
affected computers. Other attacks are also possible.
6. TEC-IT TBarCode OCX ActiveX Control Arbitrary File
Overwrite Vulnerability
BugTraq ID: 24440
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24440
Summary:
TBarCode ActiveX control is prone to a vulnerability that
could permit an attacker to overwrite arbitrary files.
The attacker can exploit this issue to overwrite arbitrary
files on the victim's computer in the context of the
vulnerable application using the ActiveX control (typically
Internet Explorer).
7. Microsoft Internet Explorer Language Pack Installation
Remote Code Execution Vulnerability
BugTraq ID: 24429
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24429
Summary:
Microsoft Internet Explorer is prone to remote
code-execution vulnerability because of a race-condition in
its language-pack installation support.
A remote attacker can exploit this issue to execute
arbitrary code in the context of the user running the
vulnerable application.
8. Microsoft Windows CE MSXML Multiple Vulnerabilities
BugTraq ID: 24428
Remote: Yes
Date Published: 2007-06-11
Relevant URL: http://www.sec
urityfocus.com/bid/24428
Summary:
Microsoft Windows CE is prone to multiple denial-of-service
vulnerabilities and a cross-site scripting vulnerability.
An attacker can exploit these issues to cause infinite-loop
conditions and denial-of-service conditions or to run
arbitrary script code in the browser of an unsuspecting user
in the context of the affected site. This may help the
attacker steal cookie-based authentication credentials and
launch other attacks.
9. Microsoft Internet Explorer Speech API 4 COM Object
Instantiation Buffer Overflow Vulnerabilities
BugTraq ID: 24426
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24426
Summary:
Microsoft Internet Explorer is prone to multiple
buffer-overflow vulnerabilities when instantiating certain
COM objects.
An attacker may exploit these issues by enticing victims
into opening a maliciously crafted webpage.
Successfully exploiting these issues allows remote
attackers to execute arbitrary machine code in the context
of the affected application, facilitating the remote
compromise of affected computers.
10. Microsoft Internet Explorer CSS Tag Memory Corruption
Vulnerability
BugTraq ID: 24423
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24423
Summary:
Microsoft Internet Explorer is prone to a remote
code-execution vulnerability because the application fails
to properly handle certain CSS data.
A remote attacker can exploit this issue to execute
arbitrary code in the context of the user running the
vulnerable application.
11. Microsoft Internet Explorer Prototype Variable
Uninitialized Memory Corruption Vulnerability
BugTraq ID: 24418
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24418
Summary:
Microsoft Internet Explorer is prone to a memory-corruption
vulnerability when accessing objects that are improperly
instantiated or deleted.
An attacker may exploit this issue by enticing victims into
opening a maliciously crafted webpage.
Successfully exploiting this issue allows remote attackers
to execute arbitrary machine code in the context of the
affected application, facilitating the remote compromise of
affected computers.
12. Microsoft Windows SChannel Security Remote Code
Execution Vulnerability
BugTraq ID: 24416
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24416
Summary:
The Microsoft Windows Schannel security package is prone to
a remote code-execution vulnerability.
This vulnerability occurs when processing and validating
server-sent digital signatures by the client application.
A remote attacker could exploit this issue by convincing a
victim to visit a malicious website. Remote code execution
is possible, but may be extremely difficult. In most cases,
denial-of-service conditions will occur.
13. Microsoft Windows Vista Permissive User Information
Store ACLs Information Disclosure Vulnerability
BugTraq ID: 24411
Remote: No
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24411
Summary:
Microsoft Windows Vista is prone to a local
information-disclosure vulnerability.
Local attackers can exploit this issue to obtain sensitive
information that may allow them to gain unauthorized access
to the affected computer.
14. Microsoft Outlook Express Content Disposition Parsing
Information Disclosure Vulnerability
BugTraq ID: 24410
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24410
Summary:
Outlook Express is prone to a cross-domain
information-disclosure vulnerability.
This vulnerability may let a malicious website access
properties of a site in an arbitrary external domain in the
context of the victim's browser. Attackers could exploit
this issue to access sensitive information (such as cookies
or passwords) that is associated with the external domain.
15. Novell NetWare Modular Authentication Service Local
Information Disclosure Vulnerability
BugTraq ID: 24405
Remote: No
Date Published: 2007-06-07
Relevant URL: http://www.sec
urityfocus.com/bid/24405
Summary:
Novell NetWare Modular Authentication Service (NMAS) is
prone to a local information-disclosure vulnerability
because 'NMASINST' dumps the admin account and password into
a log file in clear text.
The flaw presents itself in NMAS 3.1.2; prior versions are
also affected.
16. Microsoft Windows CE Internet Explorer Remote Denial of
Service Vulnerability
BugTraq ID: 24395
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.sec
urityfocus.com/bid/24395
Summary:
Microsoft Windows CE Internet Explorer is prone to a remote
denial-of-service vulnerability because it fails to properly
handle maliciously crafted webserver responses.
Successful exploits will result in denial-of-service
conditions on the affected application.
Windows CE 5.0 is vulnerable to this issue.
17. Microsoft Windows CE Internet Explorer SSL Unspecified
Denial Of Service Vulnerability
BugTraq ID: 24394
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.sec
urityfocus.com/bid/24394
Summary:
Microsoft Internet Explorer for Windows CE is prone to a
denial-of-service vulnerability when running custom Secure
Sockets Layer (SSL) web-based programs.
Few technical details are currently available. We will
update this BID as more information emerges.
Attackers can exploit this issue to cause denial-of-service
conditions.
18. Microsoft Windows CE Internet Explorer Content-Type
Denial of Service Vulnerability
BugTraq ID: 24393
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.sec
urityfocus.com/bid/24393
Summary:
Microsoft Internet Explorer for Windows CE is prone to a
denial-of-service vulnerability because the software fails
to handle exceptional conditions.
This issue is triggered when an attacker entices a victim
user to visit a malicious website.
Remote attackers may exploit this issue to crash Internet
Explorer, effectively denying service to legitimate users.
Given the nature of this vulnerability, a possible cause for
the problem may be a buffer overflow, but this has not been
confirmed.
This issue affects Internet Explorer for Windows CE 6.
19. Microsoft Outlook Express MHTML URL Parsing Information
Disclosure Vulnerability
BugTraq ID: 24392
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24392
Summary:
Outlook Express is prone to a cross-domain
information-disclosure vulnerability.
This vulnerability may let a malicious website access
properties of a site in an arbitrary external domain in the
context of the victim user's browser. Attackers could
exploit this issue to gain access to sensitive information
(such as cookies or passwords) that is associated with the
external domain.
20. Microsoft Windows CE Malformed RNDIS Packet Remote
Denial of Service Vulnerability
BugTraq ID: 24391
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.sec
urityfocus.com/bid/24391
Summary:
Microsoft Windows CE is prone to a remote denial-of-service
vulnerability because it fails to properly handle
maliciously crafted network packets and file data.
Successful exploits will result in denial-of-service
conditions on applications using the affected RNDIS device
driver.
Microsoft Windows CE 5.0 is vulnerable to this issue.
21. Microsoft Visio Packed Objects Remote Code Execution
Vulnerability
BugTraq ID: 24384
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24384
Summary:
Microsoft Visio is prone to a remote code-execution
vulnerability because it fails to adequately handle
user-supplied data.
Attackers can exploit this issue to execute arbitrary code
in the context of the user running the application. Failed
exploit attempts will result in a denial-of-service
condition.
22. Zenturi ProgramChecker ActiveX Control NavigateURL
Arbitrary File Execution Vulnerability
BugTraq ID: 24382
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.sec
urityfocus.com/bid/24382
Summary:
Zenturi ProgramChecker ActiveX control is prone to a
vulnerability that may allow attackers to execute arbitrary
local files.
Attackers can exploit this issue to execute an arbitrary
file on the victim's computer in the context of the
vulnerable application using the ActiveX control (typically
Internet Explorer).
23. Zenturi ProgramChecker ActiveX Control Multiple
Arbitrary File Deletion Vulnerabilities
BugTraq ID: 24380
Remote: Yes
Date Published: 2007-06-08
Relevant URL: http://www.sec
urityfocus.com/bid/24380
Summary:
Zenturi ProgramChecker ActiveX control is prone to multiple
vulnerabilities that attackers can exploit to delete
arbitrary files. The issue occurs because the software fails
to properly sanitize user-supplied input.
Attackers can exploit these issues to delete arbitrary files
on the victim's computer in the context of the vulnerable
application using the ActiveX control (typically Internet
Explorer).
24. Microsoft Internet Explorer URLMON.DLL COM Object
Instantiation Remote Code Execution Vulnerability
BugTraq ID: 24372
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24372
Summary:
Microsoft Internet Explorer is prone to remote
code-execution vulnerability.
A remote attacker can exploit this issue to execute
arbitrary code in the context of the user running the
vulnerable application.
25. RETIRED: Microsoft June 2007 Advance Notification
Multiple Vulnerabilities
BugTraq ID: 24366
Remote: Yes
Date Published: 2007-06-07
Relevant URL: http://www.sec
urityfocus.com/bid/24366
Summary:
Microsoft has released advance notification that the vendor
will be releasing six security bulletins on June 12, 2007.
The highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently
available. Individual BIDs will be created for each issue;
this record will be removed when the security bulletins are
released.
These vulnerabilities have been assigned to the following
BIDs:
24448 Microsoft Internet Explorer Navigation Cancel Webpage
Spoofing Vulnerability
24426 Microsoft Internet Explorer Speech API 4 COM Object
Instantiation Memory Corruption Vulnerability
24418 Microsoft Internet Explorer Unspecified Uninitialized
Memory Corruption Vulnerability
24416 Microsoft Windows SChannel Security Remote Code
Execution Vulnerability
24429 Microsoft Internet Explorer Language Pack Installation
Remote Code Execution Vulnerability
24423 Microsoft Internet Explorer CSS Tag Memory Corruption
Vulnerability
24372 Microsoft Internet Explorer URLMON.DLL COM Object
Instantiation Remote Code Execution Vulnerability
24410 Microsoft Outlook Express Content Disposition Parsing
Information Disclosure Vulnerability
24370 Microsoft Win32 API Parameter Validation Remote Code
Execution Vulnerability
24411 Microsoft Windows Vista Permissive User Information
Store ACLs Information Disclosure Vulnerability
24392 Microsoft Outlook Express MHTML URL Redirect
Information Disclosure Vulnerability
24349 Microsoft Visio Version Number Remote Code Execution
Vulnerability
24384 Microsoft Visio Packed Objects Remote Code Execution
Vulnerability
23103 Microsoft Windows Vista Windows Mail Local File
Execution Vulnerability
17717 Outlook Express MHTML URI Handler Information
Disclosure Vulnerability
26. ClamAV Multiple Unspecified Vulnerabilities
BugTraq ID: 24358
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.sec
urityfocus.com/bid/24358
Summary:
ClamAV is prone to multiple unspecified vulnerabilities.
These issues arise because the software incorrectly
calculates the end of a buffer and gives improper
permissions to temporary files.
Versions prior to ClamAV 0.90.3 are vulnerable to these
issues.
27. Microsoft Visio Version Number Remote Code Execution
Vulnerability
BugTraq ID: 24349
Remote: Yes
Date Published: 2007-06-12
Relevant URL: http://www.sec
urityfocus.com/bid/24349
Summary:
Microsoft Visio is prone to a remote code-execution
vulnerability because it fails to adequately validate
user-supplied data.
Attackers can exploit this issue to execute arbitrary code
in the context of the user running the application. Failed
attempts will result in denial-of-service conditions.
28. Computer Associates ARCserve Backup Multiple Unspecified
Remote Buffer Overflow Vulnerabilities
BugTraq ID: 24348
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.sec
urityfocus.com/bid/24348
Summary:
Computer Associates ARCserve Backup for Laptops &
Desktops is prone to multiple unspecified remote
buffer-overflow vulnerabilities. These issues occur because
the application fails to bounds-check user-supplied input
before copying it into an insufficiently sized memory
buffer.
No further details are currently available. We will update
this BID as more information emerges.
Successfully exploiting these issues allows remote attackers
to execute arbitrary machine code with SYSTEM-Level
privileges. This will result in a complete compromise of
affected computers.
ARCserve Backup for Laptops & Desktops r11.1 is reported
vulnerable.
Update - June 7 2007: The vendor has announced that a
patches are being developed to address these issues.
29. Microsoft Windows GDI+ ICO File Remote Denial of Service
Vulnerability
BugTraq ID: 24346
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.sec
urityfocus.com/bid/24346
Summary:
Microsoft Windows is prone to a remote denial-of-service
vulnerability because it fails to properly handle
maliciously crafted ICO files.
An attacker may exploit this issue by enticing victims into
opening a malicious file.
Successful exploits will result in denial-of-service
conditions on applications using the affected library.
Applications such as Windows Explorer or Picture and Fax
viewer have been identified as vulnerable.
30. RETIRED: Yahoo! Messenger Multiple Unspecified Remote
Code Execution Vulnerabilities
BugTraq ID: 24341
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.sec
urityfocus.com/bid/24341
Summary:
Yahoo! Messenger is prone to multiple unspecified remote
code-execution vulnerabilities.
No further details are currently available. We will update
this BID as more information emerges.
Successfully exploiting these issues allows remote attackers
to execute arbitrary machine code in the context of the
affected application. This facilitates the remote compromise
of affected computers.
Specific vulnerable versions of Yahoo! Messenger are not
known, but versions in the 8 series for Microsoft Windows
are reported affected.
UPDATE (June 7, 2007): The vendor announced that a fix is
being developed to address this issue.
This BID has been replaced by the following writeups:
BID 24355 Yahoo! Messenger Webcam Viewer ActiveX Control
Buffer Overflow Vulnerability
BID 24354 Yahoo! Messenger Webcam Upload ActiveX Control
Buffer Overflow Vulnerability
31. MPlayer Multiple CDDB Parsing Buffer Overflow
Vulnerabilities
BugTraq ID: 24339
Remote: Yes
Date Published: 2007-06-06
Relevant URL: http://www.sec
urityfocus.com/bid/24339
Summary:
MPlayer is prone to multiple buffer-overflow vulnerabilities
when it attempts to process malformed album and category
titles. These issues occur because the application fails to
perform proper bounds-checking on user-supplied data before
copying it to an insufficiently sized memory buffer.
An attacker may exploit these issues to execute arbitrary
code with the privileges of the user that activated the
vulnerable application. This may facilitate unauthorized
access or privilege escalation.
MPlayer 1.0rc1 is vulnerable to these issues; other versions
may also be affected.
32. Mozilla Firefox Beatnik Extension Remote Script Code
Execution Vulnerability
BugTraq ID: 24324
Remote: Yes
Date Published: 2007-06-05
Relevant URL: http://www.sec
urityfocus.com/bid/24324
Summary:
A remote code-execution vulnerability affects the Beatnik
extension for Mozilla Firefox because the application fails
to validate input errors when processing RSS feeds.
An attacker may leverage this issue to execute arbitrary
code in the context of the user account running the affected
extension. This may facilitate cross-site scripting as well
as a compromise of an affected computer.
Beatnik 1.0 is vulnerable; other versions may also be
affected.
33. Clam AntiVirus ClamAV OLE2 Parser Remote Denial Of
Service Vulnerability
BugTraq ID: 24316
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.sec
urityfocus.com/bid/24316
Summary:
ClamAV is prone to a denial-of-service vulnerability when
handling malformed OLE2 files.
A successful attack may allow an attacker to cause
denial-of-service conditions.
Versions prior to ClamAV 0.90.3 are affected.
34. Mozilla Firefox Resource Variant Directory Traversal
Vulnerability
BugTraq ID: 24303
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.sec
urityfocus.com/bid/24303
Summary:
Mozilla Firefox is prone to a directory-traversal
vulnerability because it fails to adequately sanitize
user-supplied data.
An attacker can exploit this issue to access arbitrary files
on an unsuspecting user's computer. Successful exploits can
expose potentially sensitive information that could aid in
further attacks.
This issue was introduced as part of the fix for BID 24191
(Mozilla Firefox Resource Directory Traversal Vulnerability)
in Firefox 2.0.0.4.
35. Microsoft Internet Explorer Location Object Webpage
Spoofing Vulnerability
BugTraq ID: 24298
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.sec
urityfocus.com/bid/24298
Summary:
Microsoft Internet Explorer is prone to a webpage-spoofing
vulnerability.
Attackers may exploit this vulnerability via a malicious
webpage to spoof the contents and origin of a page that the
victim may trust. Attackers may find this issue useful in
phishing or other attacks that rely on content spoofing.
36. SNMPC Username/Password Remote Denial of Service
Vulnerability
BugTraq ID: 24292
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.sec
urityfocus.com/bid/24292
Summary:
SNMPc is prone to a remote denial-of-service vulnerability.
Successfully exploiting this issue would cause the affected
application to crash, denying service to legitimate users.
This issue is reported to affect versions of SNMPc prior to
7.0.19.
37. Clam AntiVirus ClamAV RAR Handling Remote Denial Of
Service Vulnerability
BugTraq ID: 24289
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.sec
urityfocus.com/bid/24289
Summary:
ClamAV is prone to a denial-of-service vulnerability.
A successful attack may allow an attacker to cause
denial-of-service conditions.
38. Microsoft Internet Explorer Javascript Cross Domain
Information Disclosure Vulnerability
BugTraq ID: 24283
Remote: Yes
Date Published: 2007-06-04
Relevant URL: http://www.sec
urityfocus.com/bid/24283
Summary:
The browser is prone to a cross-domain
information-disclosure vulnerability because scripts may
persist across navigations.
This vulnerability may let a malicious site interact with a
site in an arbitrary external domain. Attackers could
exploit this to gain access to sensitive information that is
associated with the external domain. Other attacks may be
possible, such as executing script code in other browser
security zones.
UPDATE: Reports indicate that Safari browser may also be
vulnerable, but this has not been confirmed.
UPDATE (June 6, 2007): The WebKit framework used by Safari
is reported vulnerable. Builds 522 and later, which are
associated with the nightly WebKit build, are vulnerable;
other versions may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics
ALERT: "How A Hacker Launches A Cross-Site Scripting
Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow
hackers to compromise confidential information, steal
cookies and create requests that can be mistaken for those
of a valid user!! Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
https://download.spidynamics.com/1/ad/x
ss.asp?Campaign_ID=70160000000CsFU
|