SecurityFocus Microsoft Newsletter #352
----------------------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI
Dynamics White Paper
Web 2.0 applications are just as vulnerable to exploitation
by hackers as their predecessors. When Web 2.0 applications
push functionality and even code down to the client, it
provides hackers with a wealth of information they can use
to formulate attacks. Cross-Site Scripting, Web Application
Worms and Feed Injection are attacks that have become even
more dangerous when enacted against a Web 2.0 application.
Learn how to secure your web apps against exploitation,
download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/XP
.asp?Campaign_ID=70160000000Cwmw
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as conveying topics of interest for our community.
We are proud to offer content from Matasano at this time and
will be adding more in the coming weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime
II. MICROSOFT VULNERABILITY SUMMARY
1. UltraDefrag FindFiles Function Buffer Overflow
Vulnerability
2. Guidance Software EnCase Forensic Unspecified
Denial Of Service Vulnerability
3. Guidance Software EnCase Forensic Multiple Denial
Of Service Vulnerabilities
4. Drupal Multiple Cross-Site Scripting
Vulnerabilities
5. CrystalPlayer Playlist File Buffer Overflow
Vulnerability
6. Microsoft Windows ARP Request Denial of Service
Vulnerability
7. Sun Java System Application Server JSP Source
Code Disclosure Vulnerability
8. Computer Associates Multiple Products Message
Queuing Remote Stack Buffer Overflow Vulnerability
9. Kerio MailServer Attachment Filter Unspecified
Vulnerability
10. Ipswitch Instant Messaging Remote Denial of
Service Vulnerability
11. Zenturi ProgramChecker SASATL.DLL ActiveX
Control Scan Method Buffer Overflow Vulnerability
12. Microsoft Internet Explorer SeaMonkey Browser
URI Handler Command Injection Vulnerability
13. Microsoft Windows Explorer GIF File Denial of
Service Vulnerability
14. Data Dynamics ActiveReports Actrpt2.DLL ActiveX
Control Arbitrary File Overwrite Vulnerability
15. ESET NOD32 Antivirus Multiple Remote
Vulnerabilities
16. DokuWiki Spell_UTF8Test Function HTML Injection
Vulnerability
17. Opera Web Browser Dangling Pointer Remote Code
Execution Vulnerability
18. Microsoft DirectX RLE Compressed Targa Image
File Heap Overflow Overflow Vulnerability
19. Ipswitch IMail Server Multiple Buffer Overflow
Vulnerabilities
20. Data Dynamics ActiveBar Actbar3.OCX ActiveX
Control Multiple Insecure Methods Vulnerabilities
21. QuickerSite Default.ASP Cross-Site Scripting
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. User Access Control
2. win2k3 active directory - firewall ports
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge
By Don Parker
While the training industry as a whole has evolved rather
well to suit the needs of their clients, the computer
conference - specifically the computer security conference -
has declined in relevance to the everyday sys-admin and
network security practitioners.
http://ww
w.securityfocus.com/columnists/449
2. Achtung! New German Laws on Cybercrime
By Federico Biancuzzi
Germany is passing some new laws regarding cybercrime that
might affect security professionals. Federico Biancuzzi
interviewed Marco Gercke, one of the experts that was
invited to the parliamentary hearing, to learn more about
this delicate subject. They discussed what is covered by the
new laws, which areas remain in the dark, and how they might
affect vulnerability disclosure and the use of common tools,
such as nmap.
http://ww
w.securityfocus.com/columnists/448
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. UltraDefrag FindFiles Function Buffer Overflow
Vulnerability
BugTraq ID: 25102
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25102
Summary:
UltraDefrag is prone to a buffer-overflow vulnerability.
This issue is due to a failure of the application to perform
adequate bounds checks on user-supplied data.
Successfully exploiting this issue allows attackers to
execute arbitrary machine code with SYSTEM-level privileges,
facilitating the complete compromise of affected computers.
UltraDefrag versions prior to 1.0.4 are vulnerable to this
issue.
2. Guidance Software EnCase Forensic Unspecified Denial Of
Service Vulnerability
BugTraq ID: 25101
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25101
Summary:
Guidance Software EnCase Forensic is prone to an unspecified
denial-of-service vulnerability because it fails to handle
specially-crafted file systems.
Attackers can exploit this issue to cause denial-of-service
conditions. This can delay and complicate forensic
investigations.
NOTE: This issue may be related to the issues described in
BID: 25100.
EnCase Forensics version 5.0 is vulnerable; other versions
may also be affected.
3. Guidance Software EnCase Forensic Multiple Denial Of
Service Vulnerabilities
BugTraq ID: 25100
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25100
Summary:
Guidance Software EnCase Forensic is prone to multiple
denial-of-service vulnerabilities because it fails to handle
specially-crafted and malformed NTFS file systems.
Attackers can exploit this issue to crash the application or
cause it to hang. This can delay and complicate forensic
investigations.
4. Drupal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 25097
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25097
Summary:
Drupal is prone to multiple cross-site scripting
vulnerabilities because it fails to properly sanitize
user-supplied input before using it in dynamically generated
content.
An attacker may leverage these issues to have arbitrary
script code execute in the browser of an unsuspecting user
in the context of the affected site. This may help the
attacker steal cookie-based authentication credentials and
launch other attacks.
Versions prior to 4.7.7 and prior to 5.2 are vulnerable to
these issues.
5. CrystalPlayer Playlist File Buffer Overflow
Vulnerability
BugTraq ID: 25083
Remote: Yes
Date Published: 2007-07-26
Relevant URL: http://www.sec
urityfocus.com/bid/25083
Summary:
CrystalPlayer is prone to a buffer-overflow vulnerability
because the application fails to properly bounds-check
user-supplied data before copying it into an insufficiently
sized buffer.
An attacker can exploit this issue to execute arbitrary code
with the privileges of the application. Successfully
exploiting this issue will result in a compromise of
affected computers. Failed exploit attempts will likely
result in denial-of-service conditions.
This issue affects CrystalPlayer 1.98; other versions may
also be vulnerable.
6. Microsoft Windows ARP Request Denial of Service
Vulnerability
BugTraq ID: 25066
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.sec
urityfocus.com/bid/25066
Summary:
Microsoft Windows is prone to a denial-of-service
vulnerability due to its inefficient handling of malicious
ARP requests.
Attackers can exploit this issue to consume excessive CPU
resources, denying service to legitimate users for the
duration of the attack.
Microsoft Windows XP SP2 and Vista are vulnerable to this
issue; other Microsoft operating systems and versions may
also be affected.
7. Sun Java System Application Server JSP Source Code
Disclosure Vulnerability
BugTraq ID: 25058
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.sec
urityfocus.com/bid/25058
Summary:
Sun Java System Application Server on Microsoft Windows is
prone to a vulnerability that may allow remote attackers to
obtain sensitive JSP source code, which may aid them in
further attacks.
8. Computer Associates Multiple Products Message Queuing
Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 25051
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.sec
urityfocus.com/bid/25051
Summary:
Multiple Computer Associates products are prone to a remote
stack-based buffer-overflow vulnerability. This issue
affects the Message Queuing (CAM/CAFT) component. The
application fails to properly bounds-check user-supplied
data before copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute
arbitrary code with SYSTEM-level privileges.
This issue affects all versions of the CA Message Queuing
software prior to v1.11 Build 54_4 on Windows and NetWare.
9. Kerio MailServer Attachment Filter Unspecified
Vulnerability
BugTraq ID: 25038
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.sec
urityfocus.com/bid/25038
Summary:
Kerio MailServer is prone to an unspecified vulnerability
due to an error in the attachment filter.
Very few details are currently available regarding this
issue. We will update this BID as more information emerges.
Versions prior to Kerio MailServer 6.4.1 are considered
vulnerable.
10. Ipswitch Instant Messaging Remote Denial of Service
Vulnerability
BugTraq ID: 25031
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25031
Summary:
Ipswitch Instant Messaging Server is prone to a remote
denial-of-service vulnerability because the application
fails to properly handle unexpected network data.
Successfully exploiting this issue allows remote attackers
to crash the IM service, denying further instant messages
for legitimate users.
Ipswitch IM Server 2.0.5.30 is vulnerable; other versions
may also be affected.
11. Zenturi ProgramChecker SASATL.DLL ActiveX Control Scan
Method Buffer Overflow Vulnerability
BugTraq ID: 25025
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25025
Summary:
The Zenturi ProgramChecker 'sasatl.dll' ActiveX control is
prone to a buffer-overflow vulnerability because it fails to
bounds-check user-supplied data before copying it into an
insufficiently sized buffer.
Successfully exploiting this issue allows remote attackers
to execute arbitrary code in the context of the application
using the ActiveX control (typically Internet Explorer).
Failed exploit attempts likely result in denial-of-service
conditions.
12. Microsoft Internet Explorer SeaMonkey Browser URI
Handler Command Injection Vulnerability
BugTraq ID: 25021
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25021
Summary:
Microsoft Internet Explorer is prone to a vulnerability that
lets attackers inject commands through SeaMonkey's 'mailto'
protocol handler.
Exploiting these issues allows remote attackers to pass and
execute arbitrary commands and arguments through the
'SeaMonkey.exe' process by employing the 'mailto' handler.
An attacker can also employ these issues to carry out
cross-browser scripting attacks by using the '-chrome'
argument. This can allow the attacker to run JavaScript code
with the privileges of trusted Chrome context and gain full
access to SeaMonkey's resources.
Exploiting these issues would permit remote attackers to
influence command options that can be called through the
'mailto' handles and therefore execute commands and script
code with the privileges of a user running the applications.
Successful attacks may result in a variety of consequences,
including remote unauthorized access.
13. Microsoft Windows Explorer GIF File Denial of Service
Vulnerability
BugTraq ID: 25013
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25013
Summary:
Microsoft Windows Explorer is prone to a denial-of-service
vulnerability.
An attacker could exploit this issue to cause Explorer to
crash, effectively denying service. Arbitrary code execution
may be possible, but this has not been confirmed.
This issue affects Explorer on Microsoft Windows XP SP2;
other operating systems and versions may also be affected.
14. Data Dynamics ActiveReports Actrpt2.DLL ActiveX Control
Arbitrary File Overwrite Vulnerability
BugTraq ID: 24994
Remote: Yes
Date Published: 2007-07-21
Relevant URL: http://www.sec
urityfocus.com/bid/24994
Summary:
Data Dynamics ActiveReports ActiveX control is prone to an
arbitrary file-overwrite vulnerability due to a design
error.
An attacker can exploit this issue to overwrite arbitrary
files on the victim's computer in the context of the
vulnerable application using the ActiveX control (typically
Internet Explorer). Successful exploits will allow attackers
to cause denial-of-service conditions; other consequences
are possible.
This issue affect Data Dynamics ActiveReports 2.5 and prior
versions.
15. ESET NOD32 Antivirus Multiple Remote Vulnerabilities
BugTraq ID: 24988
Remote: Yes
Date Published: 2007-07-20
Relevant URL: http://www.sec
urityfocus.com/bid/24988
Summary:
ESET NOD32 Antivirus is prone to multiple remote
vulnerabilities. These issues include a
heap-memory-corruption vulnerability and multiple
denial-of-service vulnerabilities.
An attacker can exploit these issues to execute arbitrary
code with administrative privileges or cause the affected
application to crash.
These issues affect versions prior to ESET NOD32 2.2289.
16. DokuWiki Spell_UTF8Test Function HTML Injection
Vulnerability
BugTraq ID: 24973
Remote: Yes
Date Published: 2007-07-19
Relevant URL: http://www.sec
urityfocus.com/bid/24973
Summary:
DokuWiki is prone to an HTML-injection vulnerability because
the application fails to properly sanitize user-supplied
input before using it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the
context of the affected site, potentially allowing the
attacker to steal cookie-based authentication credentials or
to control how the site is rendered to the user; other
attacks are also possible.
DokuWiki 2007-06-26 and prior versions are vulnerable.
17. Opera Web Browser Dangling Pointer Remote Code Execution
Vulnerability
BugTraq ID: 24970
Remote: Yes
Date Published: 2007-07-19
Relevant URL: http://www.sec
urityfocus.com/bid/24970
Summary:
The Opera Web Browser is prone to a remote code-execution
vulnerability that occurs when parsing a specially crafted
BitTorrent header.
Exploiting this issue allows an attacker to execute
arbitrary code with the privileges of the user running the
affected application. Failed exploit attempts will result in
a denial-of-service condition.
This issue affects Opera 9.21; prior versions may also be
affected.
NOTE: This issue is reported to affect only Opera running on
Microsoft Windows; other platforms running Opera may also be
affected.
18. Microsoft DirectX RLE Compressed Targa Image File Heap
Overflow Overflow Vulnerability
BugTraq ID: 24963
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24963
Summary:
A heap-based buffer-overflow vulnerability occurs in the
Microsoft Windows DirectX component. This issue is related
to the processing of compressed Targa image files. The
specific vulnerability occurs because of the way these files
are opened.
A successful exploit will permit attackers to execute
arbitrary code in the context of the user who opens a
malicious RLE Targa image file.
An attacker can exploit this issue through any means that
will allow the attacker to deliver a malicious Targa file to
a victim user. In web-based attack scenarios, exploits
could occur automatically if the malicious page can cause
the file to be loaded automatically by Windows Media Player.
Other attack vectors such as email or instant messaging may
require the victim user to manually open the malicious Targa
file.
19. Ipswitch IMail Server Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 24962
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24962
Summary:
Ipswitch IMail Server is prone to multiple buffer-overflow
vulnerabilities because the software fails to properly check
boundaries on user-supplied data before copying it to an
insufficiently sized buffer.
Successful attacks allow arbitrary code to run, facilitating
the remote compromise of affected computers. Exploit
attempts may also cause the application to crash.
Ipswitch IMail Server 2006 is vulnerable to these issues;
other versions may also be affected.
20. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control
Multiple Insecure Methods Vulnerabilities
BugTraq ID: 24959
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24959
Summary:
Data Dynamics ActiveBar ActiveX control is prone to multiple
vulnerabilities caused by insecure methods. The problem
stems from a design error in the affected application.
An attacker can exploit this issue to overwrite arbitrary
files on the victim's computer in the context of the
vulnerable application using the ActiveX control (typically
Internet Explorer). Failed exploit attempts will likely
result in a denial-of-service condition.
These issues affect Data Dynamics ActiveBar 3.1; other
versions may also be affected.
21. QuickerSite Default.ASP Cross-Site Scripting
Vulnerability
BugTraq ID: 24948
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24948
Summary:
QuickerSite is prone to a cross-site scripting vulnerability
because it fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to
perform cross-site scripting attacks on unsuspecting users
in the context of the affected website. As a result, the
attacker may be able to steal cookie-based authentication
credentials and to launch other attacks.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. User Access Control
http:/
/www.securityfocus.com/archive/88/474348
2. win2k3 active directory - firewall ports
http:/
/www.securityfocus.com/archive/88/474237
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI
Dynamics White Paper
Web 2.0 applications are just as vulnerable to exploitation
by hackers as their predecessors. When Web 2.0 applications
push functionality and even code down to the client, it
provides hackers with a wealth of information they can use
to formulate attacks. Cross-Site Scripting, Web Application
Worms and Feed Injection are attacks that have become even
more dangerous when enacted against a Web 2.0 application.
Learn how to secure your web apps against exploitation,
download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/XP
.asp?Campaign_ID=70160000000Cwmw
|