SecurityFocus Microsoft Newsletter #358
----------------------------------------
This Issue is Sponsored by: CSI
CSI 2007, November 3-9 in Washington, DC, is the only
conference that delivers a business-focused overview of
enterprise security. It will convene 2,000+ delegates, 80
exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new
tools and techniques. Register now for savings on
conference fees and/or free exhibits admission.
http://www.csiannual.com
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as conveying topics of interest for our community.
We are proud to offer content from Matasano at this time and
will be adding more in the coming weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1. Mod Your iPhone- For Fun or Profit?
2. Virtualized rootkits - Part 2
II. MICROSOFT VULNERABILITY SUMMARY
1. Atomix MP3 Malformed PLS Playlist File Buffer
Overflow Vulnerability
2. Intuit QuickBooks Online Edition ActiveX Controls
Multiple Vulnerabilities
3. Mozilla Firefox 2.0.0.6 Unspecified Protocol
Handling Command Injection Vulnerability
4. MailMarshal Tar Archive Remote Directory
Traversal Vulnerability
5. Ots Labs OtsTurntables M3U Local Buffer Overflow
Vulnerability
6. Virtual DJ M3U File Buffer Overflow
Vulnerability
7. Virtual DJ M3U Local Buffer Overflow
Vulnerability
8. Norman Virus Control NVCOAFT51.SYS Driver
Multiple Vulnerabilities
9. Hexamail POP3 Server Remote Buffer Overflow
Vulnerability
10. Multiple MicroWorld eScan Products Local
Privilege Escalation Vulnerability
11. Oracle JInitiator ActiveX Control Multiple
Buffer Overflow Vulnerabilities
12. Entrust ESP Certificate Path Verification
Vulnerability
13. Subversion for Windows Remote Directory
Traversal Vulnerability
14. Microsoft MSN Messenger Video Conversation
Buffer Overflow Vulnerability
15. Motorola Timbuktu Pro for Windows Multiple
Remote Buffer Overflow Vulnerabilities
16. Motorola Timbuktu Pro Directory Traversal
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #357
2. Active Directory
3. Software smart-card emulation
4. NTFS default special permissions
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Mod Your iPhone- For Fun or Profit?
By Mark Rasch
I admit it: I own an iPhone. Indeed, I bought one the day
they came out. No, I didn't wait in line for hours; I just
walked into the local Apple store, plunked down my life's
savings, and voila, another AT&T customer!
http://ww
w.securityfocus.com/columnists/453
2. Virtualized rootkits - Part 2
By Federico Biancuzzi
There has been a lot of buzz around the topic of virtualized
rootkits. Joanna Rutkowska has been working on a new version
of Blue-Pill, her proof of concept invisible rootkit, while
a team made by three prominent security experts (Thomas
Ptacek, Nate Lawson, Peter Ferrie) challenged her that there
is not an "invisible" rootkit, and that they were
going to present at BlackHat conference various techniques
to detect Blue-Pill. Federico Biancuzzi interviewed both
sides to learn more. Part 2 of 2
http://ww
w.securityfocus.com/columnists/452
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Atomix MP3 Malformed PLS Playlist File Buffer Overflow
Vulnerability
BugTraq ID: 25546
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.sec
urityfocus.com/bid/25546
Summary:
Atomix MP3 is prone to a buffer-overflow vulnerability
because the application fails to bounds-check user-supplied
data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to
load a malicious MP3 file. If successful, the attacker can
execute arbitrary code in the context of the affected
application.
2. Intuit QuickBooks Online Edition ActiveX Controls
Multiple Vulnerabilities
BugTraq ID: 25544
Remote: Yes
Date Published: 2007-09-05
Relevant URL: http://www.sec
urityfocus.com/bid/25544
Summary:
Multiple Intuit QuickBooks Online Edition ActiveX controls
are prone to multiple vulnerabilities including multiple
stack-based buffer-overflow issues and an access-validation
issue.
Attackers can exploit these issues to execute arbitrary code
in the context of an application using the controls
(typically Internet Explorer) or to upload and download
files in arbitrary locations on the affected computer.
Successful exploits will compromise the application and
possibly the underlying computer. Failed attacks will likely
cause denial-of-service conditions.
QuickBooks Online Edition versions prior to 10 are
vulnerable.
3. Mozilla Firefox 2.0.0.6 Unspecified Protocol Handling
Command Injection Vulnerability
BugTraq ID: 25543
Remote: Yes
Date Published: 2007-09-01
Relevant URL: http://www.sec
urityfocus.com/bid/25543
Summary:
Mozilla Firefox is prone to an unspecified vulnerability
that lets attackers inject commands through the 'mailto',
'nntp', 'news', and 'snews' protocol handlers.
Exploiting this issue allows remote attackers to pass and
execute arbitrary commands and arguments by employing the
'mailto', 'nntp', 'news', and 'snews' protocol handlers.
Utilizing this issue would permit remote attackers to
influence command options that can be called through the
various handlers and therefore execute commands and script
code with the privileges of a user running the applications.
Successful attacks may result in a variety of consequences,
including remote unauthorized access.
4. MailMarshal Tar Archive Remote Directory Traversal
Vulnerability
BugTraq ID: 25523
Remote: Yes
Date Published: 2007-09-04
Relevant URL: http://www.sec
urityfocus.com/bid/25523
Summary:
MailMarshal is prone to a directory-traversal vulnerability
because the application fails to validate user-supplied
data.
Remote attackers an overwrite files in arbitrary locations
on a vulnerable computer in the context of the user running
the affected application.
5. Ots Labs OtsTurntables M3U Local Buffer Overflow
Vulnerability
BugTraq ID: 25514
Remote: No
Date Published: 2007-09-03
Relevant URL: http://www.sec
urityfocus.com/bid/25514
Summary:
Ots Labs OtsTurntables is prone to a local buffer-overflow
vulnerability because it fails to properly bounds-check
user-supplied input.
Attackers may be able to execute arbitrary machine code in
the context of the affected application. Failed exploit
attempts will likely result in denial-of-service
conditions.
OtsTurntables 1.00 is vulnerable; other versions may also be
affected.
6. Virtual DJ M3U File Buffer Overflow Vulnerability
BugTraq ID: 25513
Remote: Yes
Date Published: 2007-09-02
Relevant URL: http://www.sec
urityfocus.com/bid/25513
Summary:
Virtual DJ is prone to a buffer-overflow vulnerability
because the application fails to properly bounds-check
user-supplied data.
Attackers may attempt to exploit this issue by coercing
users to access malicious M3U playlist files.
Successfully exploiting this issue allows remote attackers
to execute arbitrary machine code in the context of the user
running the affected application. This facilitates the
remote compromise of affected computers.
Virtual DJ 5.0 is vulnerable; other versions may also be
affected.
7. Virtual DJ M3U Local Buffer Overflow Vulnerability
BugTraq ID: 25512
Remote: No
Date Published: 2007-09-03
Relevant URL: http://www.sec
urityfocus.com/bid/25512
Summary:
Virtual DJ is prone to a local buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied
input.
Attackers may be able to execute arbitrary machine code in
the context of the affected application. Failed exploit
attempts will likely result in denial-of-service
conditions.
Virtual DJ 5.0 is vulnerable; other versions may also be
affected.
8. Norman Virus Control NVCOAFT51.SYS Driver Multiple
Vulnerabilities
BugTraq ID: 25499
Remote: No
Date Published: 2007-08-31
Relevant URL: http://www.sec
urityfocus.com/bid/25499
Summary:
Norman Virus Control is prone to multiple vulnerabilities
including a heap-based kernel memory buffer-overflow issue
and multiple input-validation vulnerabilities.
These issues reside in the 'nvcoaft51.sys' driver.
Attackers can exploit these issues to execute arbitrary code
with SYSTEM-level privileges. Successful exploits will
completely compromise affected computers. Failed attacks
will likely cause denial-of-service conditions.
Norman Virus Control 5.82 is vulnerable; other versions may
also be affected.
NOTE: Other Norman products may also use the affected
driver.
9. Hexamail POP3 Server Remote Buffer Overflow
Vulnerability
BugTraq ID: 25496
Remote: Yes
Date Published: 2007-08-30
Relevant URL: http://www.sec
urityfocus.com/bid/25496
Summary:
Hexamail Server is prone to a remote buffer-overflow
vulnerability because it fails to properly bounds-check
user-supplied input.
Successfully exploiting this issue allows remote attackers
to execute arbitrary code in the context of the affected
application, likely with SYSTEM-level privileges because the
server must listen on TCP ports lower than 1024.
Hexamail Server 3.0.0.001 is vulnerable to this issue; other
versions may also be affected.
10. Multiple MicroWorld eScan Products Local Privilege
Escalation Vulnerability
BugTraq ID: 25493
Remote: No
Date Published: 2007-08-30
Relevant URL: http://www.sec
urityfocus.com/bid/25493
Summary:
Multiple MicroWorld eScan products are vulnerable to a local
privilege-escalation vulnerability because of insecure
default file permissions.
Attackers can exploit this issue to execute arbitrary code
with SYSTEM-level privileges. Successful attacks will
completely compromise affected computers.
The following are vulnerable:
eScan Internet Security 9.0.722.1
eScan Virus Control 9.0.722.1
eScan AntiVirus 9.0.722.1
Other versions and software packages may also be affected.
11. Oracle JInitiator ActiveX Control Multiple Buffer
Overflow Vulnerabilities
BugTraq ID: 25473
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.sec
urityfocus.com/bid/25473
Summary:
Oracle JInitiator is prone to multiple remote
buffer-overflow vulnerabilities because the application
fails to properly bounds-check user-supplied data before
copying it into an insufficiently sized memory buffer.
Exploiting these issues allows remote attackers to execute
arbitrary code in the context of applications using the
affected ActiveX control and to compromise affected
computers. Failed attempts will likely result in
denial-of-service conditions.
These issues affect Oracle JInitiator 1.1.8.16; other
versions may also be affected.
12. Entrust ESP Certificate Path Verification Vulnerability
BugTraq ID: 25471
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.sec
urityfocus.com/bid/25471
Summary:
Entrust ESP fails to properly validate certificate chains.
Successfully exploiting this issue may allow attackers to
use invalid security certificates, possibly aiding them in
further attacks.
Entrust Entelligence Security Provider 8 is vulnerable to
this issue; other versions may also be affected.
13. Subversion for Windows Remote Directory Traversal
Vulnerability
BugTraq ID: 25468
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.sec
urityfocus.com/bid/25468
Summary:
Subversion is prone to a remote directory-traversal
vulnerability because the application fails to properly
sanitize user-supplied input.
Successfully exploiting this issue allows attackers to write
arbitrary data to arbitrary locations on unsuspecting users'
computers.
This issue affects Subversion running on Microsoft Windows
and on any other platform where directory-separator
characters are '' or characters other than '/'.
Versions prior to Subversion 1.4.5 are vulnerable.
14. Microsoft MSN Messenger Video Conversation Buffer
Overflow Vulnerability
BugTraq ID: 25461
Remote: Yes
Date Published: 2007-08-28
Relevant URL: http://www.sec
urityfocus.com/bid/25461
Summary:
Microsoft MSN Messenger is prone to a buffer-overflow
vulnerability because it fails to perform adequate boundary
checks on user-supplied data.
Successfully exploiting this issue allows remote attackers
to execute arbitrary code in the context of the application.
Failed exploit attempts will likely result in
denial-of-service conditions.
Microsoft MSN Messenger 7 is considered vulnerable; other
versions may also be prone to this issue.
15. Motorola Timbuktu Pro for Windows Multiple Remote Buffer
Overflow Vulnerabilities
BugTraq ID: 25454
Remote: Yes
Date Published: 2007-08-27
Relevant URL: http://www.sec
urityfocus.com/bid/25454
Summary:
Motorola Timbuktu Pro is prone to multiple remote
buffer-overflow vulnerabilities because the software fails
to properly bounds-check user-supplied input.
Successfully exploiting these issues allows remote attackers
to execute arbitrary machine code with SYSTEM-level
privileges, which may lead to a complete compromise of
affected computers. Failed exploit attempts likely result in
denial-of-service conditions.
Timbuktu Pro 8.6.3.1367 for Windows is vulnerable to these
issues; other versions and platforms may also be affected.
16. Motorola Timbuktu Pro Directory Traversal Vulnerability
BugTraq ID: 25453
Remote: Yes
Date Published: 2007-08-27
Relevant URL: http://www.sec
urityfocus.com/bid/25453
Summary:
Motorola Timbuktu Pro is prone to a directory-traversal
vulnerability because it fails to sufficiently sanitize
user-supplied input data.
Exploiting this issue may allow an attacker to delete or
create arbitrary files with SYSTEM-level privileges. This
could completely compromise affected computers.
Timbuktu Pro 8.6.3.1367 for Windows is vulnerable; other
versions and platforms may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #357
http:/
/www.securityfocus.com/archive/88/478141
2. Active Directory
http:/
/www.securityfocus.com/archive/88/478140
3. Software smart-card emulation
http:/
/www.securityfocus.com/archive/88/478049
4. NTFS default special permissions
http:/
/www.securityfocus.com/archive/88/477517
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: CSI
CSI 2007, November 3-9 in Washington, DC, is the only
conference that delivers a business-focused overview of
enterprise security. It will convene 2,000+ delegates, 80
exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new
tools and techniques. Register now for savings on
conference fees and/or free exhibits admission.
http://www.csiannual.com
|