SecurityFocus Microsoft Newsletter #352
----------------------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI
Dynamics
White Paper Web 2.0 applications are just as vulnerable to
exploitation
by hackers as their predecessors. When Web 2.0 applications
push
functionality and even code down to the client, it provides
hackers with
a wealth of information they can use to formulate attacks.
Cross-Site
Scripting, Web Application Worms and Feed Injection are
attacks that
have become even more dangerous when enacted against a Web
2.0
application. Learn how to secure your web apps against
exploitation,
download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/XP
.asp?Campaign_ID=70160000000Cwmw
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as
conveying topics of interest for our community. We are proud
to offer
content from Matasano at this time and will be adding more
in the coming
weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Security conferences versus practical knowledge
2. Achtung! New German Laws on Cybercrime II.
MICROSOFT
VULNERABILITY SUMMARY
1. UltraDefrag FindFiles Function Buffer Overflow
Vulnerability
2. Guidance Software EnCase Forensic Unspecified
Denial Of
Service Vulnerability
3. Guidance Software EnCase Forensic Multiple
Denial Of Service
Vulnerabilities
4. Drupal Multiple Cross-Site Scripting
Vulnerabilities
5. CrystalPlayer Playlist File Buffer Overflow
Vulnerability
6. Microsoft Windows ARP Request Denial of Service
Vulnerability
7. Sun Java System Application Server JSP Source
Code Disclosure
Vulnerability
8. Computer Associates Multiple Products Message
Queuing Remote
Stack Buffer Overflow Vulnerability
9. Kerio MailServer Attachment Filter Unspecified
Vulnerability
10. Ipswitch Instant Messaging Remote Denial of
Service
Vulnerability
11. Zenturi ProgramChecker SASATL.DLL ActiveX
Control Scan
Method Buffer Overflow Vulnerability
12. Microsoft Internet Explorer SeaMonkey Browser
URI Handler
Command Injection Vulnerability
13. Microsoft Windows Explorer GIF File Denial of
Service
Vulnerability
14. Data Dynamics ActiveReports Actrpt2.DLL ActiveX
Control
Arbitrary File Overwrite Vulnerability
15. ESET NOD32 Antivirus Multiple Remote
Vulnerabilities
16. DokuWiki Spell_UTF8Test Function HTML
Injection
Vulnerability
17. Opera Web Browser Dangling Pointer Remote Code
Execution
Vulnerability
18. Microsoft DirectX RLE Compressed Targa Image
File Heap
Overflow Overflow Vulnerability
19. Ipswitch IMail Server Multiple Buffer Overflow
Vulnerabilities
20. Data Dynamics ActiveBar Actbar3.OCX ActiveX
Control Multiple
Insecure Methods Vulnerabilities
21. QuickerSite Default.ASP Cross-Site Scripting
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. User Access Control
2. win2k3 active directory - firewall ports IV.
UNSUBSCRIBE
INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Security conferences versus practical knowledge By Don
Parker While
the training industry as a whole has evolved rather well to
suit the
needs of their clients, the computer conference -
specifically the
computer security conference - has declined in relevance to
the everyday
sys-admin and network security practitioners.
http://ww
w.securityfocus.com/columnists/449
2. Achtung! New German Laws on Cybercrime By Federico
Biancuzzi Germany
is passing some new laws regarding cybercrime that might
affect security
professionals. Federico Biancuzzi interviewed Marco Gercke,
one of the
experts that was invited to the parliamentary hearing, to
learn more
about this delicate subject. They discussed what is covered
by the new
laws, which areas remain in the dark, and how they might
affect
vulnerability disclosure and the use of common tools, such
as nmap.
http://ww
w.securityfocus.com/columnists/448
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. UltraDefrag FindFiles Function Buffer Overflow
Vulnerability BugTraq
ID: 25102
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25102
Summary:
UltraDefrag is prone to a buffer-overflow vulnerability.
This issue is
due to a failure of the application to perform adequate
bounds checks on
user-supplied data.
Successfully exploiting this issue allows attackers to
execute arbitrary
machine code with SYSTEM-level privileges, facilitating the
complete
compromise of affected computers.
UltraDefrag versions prior to 1.0.4 are vulnerable to this
issue.
2. Guidance Software EnCase Forensic Unspecified Denial Of
Service
Vulnerability BugTraq ID: 25101
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25101
Summary:
Guidance Software EnCase Forensic is prone to an
unspecified
denial-of-service vulnerability because it fails to handle
specially-crafted file systems.
Attackers can exploit this issue to cause denial-of-service
conditions.
This can delay and complicate forensic investigations.
NOTE: This issue may be related to the issues described in
BID: 25100.
EnCase Forensics version 5.0 is vulnerable; other versions
may also be
affected.
3. Guidance Software EnCase Forensic Multiple Denial Of
Service
Vulnerabilities BugTraq ID: 25100
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25100
Summary:
Guidance Software EnCase Forensic is prone to multiple
denial-of-service
vulnerabilities because it fails to handle specially-crafted
and
malformed NTFS file systems.
Attackers can exploit this issue to crash the application or
cause it to
hang. This can delay and complicate forensic
investigations.
4. Drupal Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID:
25097
Remote: Yes
Date Published: 2007-07-27
Relevant URL: http://www.sec
urityfocus.com/bid/25097
Summary:
Drupal is prone to multiple cross-site scripting
vulnerabilities because
it fails to properly sanitize user-supplied input before
using it in
dynamically generated content.
An attacker may leverage these issues to have arbitrary
script code
execute in the browser of an unsuspecting user in the
context of the
affected site. This may help the attacker steal
cookie-based
authentication credentials and launch other attacks.
Versions prior to 4.7.7 and prior to 5.2 are vulnerable to
these issues.
5. CrystalPlayer Playlist File Buffer Overflow Vulnerability
BugTraq ID:
25083
Remote: Yes
Date Published: 2007-07-26
Relevant URL: http://www.sec
urityfocus.com/bid/25083
Summary:
CrystalPlayer is prone to a buffer-overflow vulnerability
because the
application fails to properly bounds-check user-supplied
data before
copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code
with the
privileges of the application. Successfully exploiting this
issue will
result in a compromise of affected computers. Failed exploit
attempts
will likely result in denial-of-service conditions.
This issue affects CrystalPlayer 1.98; other versions may
also be
vulnerable.
6. Microsoft Windows ARP Request Denial of Service
Vulnerability BugTraq
ID: 25066
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.sec
urityfocus.com/bid/25066
Summary:
Microsoft Windows is prone to a denial-of-service
vulnerability due to
its inefficient handling of malicious ARP requests.
Attackers can exploit this issue to consume excessive CPU
resources,
denying service to legitimate users for the duration of the
attack.
Microsoft Windows XP SP2 and Vista are vulnerable to this
issue; other
Microsoft operating systems and versions may also be
affected.
7. Sun Java System Application Server JSP Source Code
Disclosure
Vulnerability BugTraq ID: 25058
Remote: Yes
Date Published: 2007-07-25
Relevant URL: http://www.sec
urityfocus.com/bid/25058
Summary:
Sun Java System Application Server on Microsoft Windows is
prone to a
vulnerability that may allow remote attackers to obtain
sensitive JSP
source code, which may aid them in further attacks.
8. Computer Associates Multiple Products Message Queuing
Remote Stack
Buffer Overflow Vulnerability BugTraq ID: 25051
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.sec
urityfocus.com/bid/25051
Summary:
Multiple Computer Associates products are prone to a remote
stack-based
buffer-overflow vulnerability. This issue affects the
Message Queuing
(CAM/CAFT) component. The application fails to properly
bounds-check
user-supplied data before copying it to an insufficiently
sized buffer.
A successful exploit will allow an attacker to execute
arbitrary code
with SYSTEM-level privileges.
This issue affects all versions of the CA Message Queuing
software prior
to v1.11 Build 54_4 on Windows and NetWare.
9. Kerio MailServer Attachment Filter Unspecified
Vulnerability BugTraq
ID: 25038
Remote: Yes
Date Published: 2007-07-24
Relevant URL: http://www.sec
urityfocus.com/bid/25038
Summary:
Kerio MailServer is prone to an unspecified vulnerability
due to an
error in the attachment filter.
Very few details are currently available regarding this
issue. We will
update this BID as more information emerges.
Versions prior to Kerio MailServer 6.4.1 are considered
vulnerable.
10. Ipswitch Instant Messaging Remote Denial of Service
Vulnerability
BugTraq ID: 25031
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25031
Summary:
Ipswitch Instant Messaging Server is prone to a remote
denial-of-service
vulnerability because the application fails to properly
handle
unexpected network data.
Successfully exploiting this issue allows remote attackers
to crash the
IM service, denying further instant messages for legitimate
users.
Ipswitch IM Server 2.0.5.30 is vulnerable; other versions
may also be
affected.
11. Zenturi ProgramChecker SASATL.DLL ActiveX Control Scan
Method Buffer
Overflow Vulnerability BugTraq ID: 25025
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25025
Summary:
The Zenturi ProgramChecker 'sasatl.dll' ActiveX control is
prone to a
buffer-overflow vulnerability because it fails to
bounds-check
user-supplied data before copying it into an insufficiently
sized
buffer.
Successfully exploiting this issue allows remote attackers
to execute
arbitrary code in the context of the application using the
ActiveX
control (typically Internet Explorer). Failed exploit
attempts likely
result in denial-of-service conditions.
12. Microsoft Internet Explorer SeaMonkey Browser URI
Handler Command
Injection Vulnerability BugTraq ID: 25021
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25021
Summary:
Microsoft Internet Explorer is prone to a vulnerability that
lets
attackers inject commands through SeaMonkey's 'mailto'
protocol handler.
Exploiting these issues allows remote attackers to pass and
execute
arbitrary commands and arguments through the 'SeaMonkey.exe'
process by
employing the 'mailto' handler.
An attacker can also employ these issues to carry out
cross-browser
scripting attacks by using the '-chrome' argument. This can
allow the
attacker to run JavaScript code with the privileges of
trusted Chrome
context and gain full access to SeaMonkey's resources.
Exploiting these issues would permit remote attackers to
influence
command options that can be called through the 'mailto'
handles and
therefore execute commands and script code with the
privileges of a user
running the applications. Successful attacks may result in a
variety of
consequences, including remote unauthorized access.
13. Microsoft Windows Explorer GIF File Denial of Service
Vulnerability
BugTraq ID: 25013
Remote: Yes
Date Published: 2007-07-23
Relevant URL: http://www.sec
urityfocus.com/bid/25013
Summary:
Microsoft Windows Explorer is prone to a denial-of-service
vulnerability.
An attacker could exploit this issue to cause Explorer to
crash,
effectively denying service. Arbitrary code execution may be
possible,
but this has not been confirmed.
This issue affects Explorer on Microsoft Windows XP SP2;
other operating
systems and versions may also be affected.
14. Data Dynamics ActiveReports Actrpt2.DLL ActiveX Control
Arbitrary
File Overwrite Vulnerability BugTraq ID: 24994
Remote: Yes
Date Published: 2007-07-21
Relevant URL: http://www.sec
urityfocus.com/bid/24994
Summary:
Data Dynamics ActiveReports ActiveX control is prone to an
arbitrary
file-overwrite vulnerability due to a design error.
An attacker can exploit this issue to overwrite arbitrary
files on the
victim's computer in the context of the vulnerable
application using the
ActiveX control (typically Internet Explorer). Successful
exploits will
allow attackers to cause denial-of-service conditions;
other
consequences are possible.
This issue affect Data Dynamics ActiveReports 2.5 and prior
versions.
15. ESET NOD32 Antivirus Multiple Remote Vulnerabilities
BugTraq ID:
24988
Remote: Yes
Date Published: 2007-07-20
Relevant URL: http://www.sec
urityfocus.com/bid/24988
Summary:
ESET NOD32 Antivirus is prone to multiple remote
vulnerabilities. These
issues include a heap-memory-corruption vulnerability and
multiple
denial-of-service vulnerabilities.
An attacker can exploit these issues to execute arbitrary
code with
administrative privileges or cause the affected application
to crash.
These issues affect versions prior to ESET NOD32 2.2289.
16. DokuWiki Spell_UTF8Test Function HTML Injection
Vulnerability
BugTraq ID: 24973
Remote: Yes
Date Published: 2007-07-19
Relevant URL: http://www.sec
urityfocus.com/bid/24973
Summary:
DokuWiki is prone to an HTML-injection vulnerability because
the
application fails to properly sanitize user-supplied input
before using
it in dynamically generated content.
Attacker-supplied HTML and script code would execute in the
context of
the affected site, potentially allowing the attacker to
steal
cookie-based authentication credentials or to control how
the site is
rendered to the user; other attacks are also possible.
DokuWiki 2007-06-26 and prior versions are vulnerable.
17. Opera Web Browser Dangling Pointer Remote Code
Execution
Vulnerability BugTraq ID: 24970
Remote: Yes
Date Published: 2007-07-19
Relevant URL: http://www.sec
urityfocus.com/bid/24970
Summary:
The Opera Web Browser is prone to a remote code-execution
vulnerability
that occurs when parsing a specially crafted BitTorrent
header.
Exploiting this issue allows an attacker to execute
arbitrary code with
the privileges of the user running the affected application.
Failed
exploit attempts will result in a denial-of-service
condition.
This issue affects Opera 9.21; prior versions may also be
affected.
NOTE: This issue is reported to affect only Opera running on
Microsoft
Windows; other platforms running Opera may also be
affected.
18. Microsoft DirectX RLE Compressed Targa Image File Heap
Overflow
Overflow Vulnerability BugTraq ID: 24963
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24963
Summary:
A heap-based buffer-overflow vulnerability occurs in the
Microsoft
Windows DirectX component. This issue is related to the
processing of
compressed Targa image files. The specific vulnerability
occurs because
of the way these files are opened.
A successful exploit will permit attackers to execute
arbitrary code in
the context of the user who opens a malicious RLE Targa
image file.
An attacker can exploit this issue through any means that
will allow the
attacker to deliver a malicious Targa file to a victim user.
In
web-based attack scenarios, exploits could occur
automatically if the
malicious page can cause the file to be loaded automatically
by Windows
Media Player. Other attack vectors such as email or instant
messaging
may require the victim user to manually open the malicious
Targa file.
19. Ipswitch IMail Server Multiple Buffer Overflow
Vulnerabilities
BugTraq ID: 24962
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24962
Summary:
Ipswitch IMail Server is prone to multiple buffer-overflow
vulnerabilities because the software fails to properly check
boundaries
on user-supplied data before copying it to an insufficiently
sized
buffer.
Successful attacks allow arbitrary code to run, facilitating
the remote
compromise of affected computers. Exploit attempts may also
cause the
application to crash.
Ipswitch IMail Server 2006 is vulnerable to these issues;
other versions
may also be affected.
20. Data Dynamics ActiveBar Actbar3.OCX ActiveX Control
Multiple
Insecure Methods Vulnerabilities BugTraq ID: 24959
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24959
Summary:
Data Dynamics ActiveBar ActiveX control is prone to
multiple
vulnerabilities caused by insecure methods. The problem
stems from a
design error in the affected application.
An attacker can exploit this issue to overwrite arbitrary
files on the
victim's computer in the context of the vulnerable
application using the
ActiveX control (typically Internet Explorer). Failed
exploit attempts
will likely result in a denial-of-service condition.
These issues affect Data Dynamics ActiveBar 3.1; other
versions may also
be affected.
21. QuickerSite Default.ASP Cross-Site Scripting
Vulnerability BugTraq
ID: 24948
Remote: Yes
Date Published: 2007-07-18
Relevant URL: http://www.sec
urityfocus.com/bid/24948
Summary:
QuickerSite is prone to a cross-site scripting vulnerability
because it
fails to properly sanitize user-supplied input.
Exploiting this vulnerability may allow an attacker to
perform
cross-site scripting attacks on unsuspecting users in the
context of the
affected website. As a result, the attacker may be able to
steal
cookie-based authentication credentials and to launch other
attacks.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. User Access Control
http:/
/www.securityfocus.com/archive/88/474348
2. win2k3 active directory - firewall ports
http:/
/www.securityfocus.com/archive/88/474237
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address.
The contents of the subject or message body do not matter.
You will
receive a confirmation request message to which you will
have to answer.
Alternatively you can also visit
http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and
ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - SPI
Dynamics
White Paper Web 2.0 applications are just as vulnerable to
exploitation
by hackers as their predecessors. When Web 2.0 applications
push
functionality and even code down to the client, it provides
hackers with
a wealth of information they can use to formulate attacks.
Cross-Site
Scripting, Web Application Worms and Feed Injection are
attacks that
have become even more dangerous when enacted against a Web
2.0
application. Learn how to secure your web apps against
exploitation,
download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/XP
.asp?Campaign_ID=70160000000Cwmw
|