SecurityFocus Microsoft Newsletter #360
----------------------------------------
This Issue is Sponsored by:Techmentor
_______________________
TechMentor - Las Vegas - October 15 - 19
Join your fellow systems administrators and IT managers at
the Rio Hotel & Casino in Vegas for a week of in-depth
technical training. TechMentor will give you the tools and
techniques to help you get the most out of your network.
Register now!
http://techmentorevents.
com/
SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that
stand out as conveying topics of interest for our community.
We are proud to offer content from Matasano at this time and
will be adding more in the coming weeks.
http://www.securit
yfocus.com/blogs
------------------------------------------------------------
------
I. FRONT AND CENTER
1.Windows Anti-Debug Reference
2.VoIP Hopping: A Method of Testing VoIP security or
Voice VLANs
II. MICROSOFT VULNERABILITY SUMMARY
1. Privatefirewall SSDT Hooks Multiple Local
Vulnerabilities
2. Online Armor Personal Firewall SSDT Hooks
Multiple Local Vulnerabilities
3. Ghost Security Suite SSDT Hooks Multiple Local
Vulnerabilities
4. G DATA Internet Security SSDT Hooks Multiple
Local Vulnerabilities
5. Microsoft MFC Library CFileFind::FindFile Buffer
Overflow Vulnerability
6. WinImage Image Files Denial of Service and
Directory Traversal Vulnerabilities
7. Media Player Classic Remote Malformed Video File
Remote Denial of Service Vulnerability
8. COWON America jetCast Server Remote Denial Of
Service Vulnerability
9. WinSCP URL Protocol Handler Arbitrary File Access
Vulnerability
10. Media Player Classic Malformed AVI Header
Multiple Remote Vulnerabilities
11. SWsoft Plesk PLESKSESSID Parameter Multiple SQL
Injection Vulnerabilities
12. Microsoft Visual Studio PDWizard.ocx ActiveX
Control Multiple Remote Vulnerabilities
13. Microsoft Visual Studio VB To VSI Support
Library ActiveX Arbitrary File Overwrite Vulnerability
14. CellFactor Revolution Multiple Remote Code
Execution Vulnerabilities
15. Microsoft Windows Services for UNIX Local
Privilege Escalation Vulnerability
16. Microsoft Agent agentdpv.dll ActiveX Control
Malformed URL Stack Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #359
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1.Windows Anti-Debug Reference
By Nicolas Falliere
This paper classifies and presents several anti-debugging
techniques used on Windows NT-based operating systems.
http://www.
securityfocus.com/infocus/1893
2.VoIP Hopping: A Method of Testing VoIP security or Voice
VLANs
By Jason Ostrom and John Kindervag
Testing Protection Controls on a VoIP Network - A Case Study
and Method
http://www.
securityfocus.com/infocus/1892
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Privatefirewall SSDT Hooks Multiple Local
Vulnerabilities
BugTraq ID: 25712
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.sec
urityfocus.com/bid/25712
Summary:
Privatefirewall is prone to multiple local vulnerabilities.
Exploiting these vulnerabilities allows local attackers to
crash affected computers, denying service to legitimate
users. Attackers might also be able to gain elevated
privileges by executing arbitrary machine code in the
context of the kernel, but this has not been confirmed.
Privatefirewall 5.0.14.2 is vulnerable; other versions may
also be affected.
2. Online Armor Personal Firewall SSDT Hooks Multiple Local
Vulnerabilities
BugTraq ID: 25711
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.sec
urityfocus.com/bid/25711
Summary:
Online Armor Personal Firewall is prone to multiple local
vulnerabilities.
Exploiting these vulnerabilities allows local attackers to
crash affected computers, denying service to legitimate
users. Attackers might also be able to gain elevated
privileges by executing arbitrary machine code in the
context of the kernel, but this has not been confirmed.
Online Armor Personal Firewall 2.0.1.125 is vulnerable;
other versions may also be affected.
3. Ghost Security Suite SSDT Hooks Multiple Local
Vulnerabilities
BugTraq ID: 25709
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.sec
urityfocus.com/bid/25709
Summary:
Ghost Security Suite is prone to multiple local
vulnerabilities.
Exploiting these vulnerabilities allows local attackers to
crash affected computers, denying service to legitimate
users. Attackers might also be able to gain elevated
privileges by executing arbitrary machine code in the
context of the kernel, but this has not been confirmed.
Ghost Security Suite beta 1.110 and alpha 1.200 are
vulnerable; other versions may also be affected.
4. G DATA Internet Security SSDT Hooks Multiple Local
Vulnerabilities
BugTraq ID: 25705
Remote: No
Date Published: 2007-09-18
Relevant URL: http://www.sec
urityfocus.com/bid/25705
Summary:
G DATA Internet Security is prone to multiple local
vulnerabilities.
Exploiting these vulnerabilities allows local attackers to
crash affected computers, denying service to legitimate
users. Attackers might also be able to gain elevated
privileges by executing arbitrary machine code in the
context of the kernel, but this has not been confirmed.
G DATA Internet Security 2007 is vulnerable; other versions
may also be affected.
5. Microsoft MFC Library CFileFind::FindFile Buffer Overflow
Vulnerability
BugTraq ID: 25697
Remote: Yes
Date Published: 2007-09-14
Relevant URL: http://www.sec
urityfocus.com/bid/25697
Summary:
The CFileFind::FindFile method in the MFC library for
Microsoft Windows is prone to a buffer-overflow
vulnerability because the method fails to perform adequate
boundary checks of user-supplied input.
Successfully exploiting this issue may allow attackers to
execute arbitrary code in the context of applications that
use the vulnerable method.
The MFC library included with Microsoft Windows XP SP2 is
affected; other versions may also be affected.
6. WinImage Image Files Denial of Service and Directory
Traversal Vulnerabilities
BugTraq ID: 25687
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.sec
urityfocus.com/bid/25687
Summary:
WinImage is prone to a denial-of-service vulnerability and a
directory-traversal vulnerability because the application
fails to adequately sanitize user-supplied input.
Attackers can exploit these issues to cause a denial of
service or to write malicious files to arbitrary
directories.
WinImage 8.0 and 8.10 are vulnerable; other versions may
also be affected.
7. Media Player Classic Remote Malformed Video File Remote
Denial of Service Vulnerability
BugTraq ID: 25686
Remote: Yes
Date Published: 2007-09-17
Relevant URL: http://www.sec
urityfocus.com/bid/25686
Summary:
Media Player Classic is prone to a remote denial-of-service
vulnerability because the application fails to handle
malformed video files.
Remote attackers can exploit this issue to crash the
application. Reports indicate that attackers may also be
able to execute code, but this has not been confirmed.
Media Player Classic 6.4.9.1 and prior versions are
vulnerable.
8. COWON America jetCast Server Remote Denial Of Service
Vulnerability
BugTraq ID: 25660
Remote: Yes
Date Published: 2007-09-13
Relevant URL: http://www.sec
urityfocus.com/bid/25660
Summary:
jetCast Server is prone to a remote denial-of-service
vulnerability.
Attackers can exploit this issue to crash the server,
denying access to legitimate users.
jetCast Server 2 is reported vulnerable; other versions may
also be affected.
9. WinSCP URL Protocol Handler Arbitrary File Access
Vulnerability
BugTraq ID: 25655
Remote: Yes
Date Published: 2007-09-13
Relevant URL: http://www.sec
urityfocus.com/bid/25655
Summary:
WinSCP is prone to a vulnerability that lets an attacker
upload arbitrary files to a victim's computer or to download
arbitrary files from the victim's computer in the context of
the vulnerable application.
This issue affects versions prior to WinSCP 4.0.4.
10. Media Player Classic Malformed AVI Header Multiple
Remote Vulnerabilities
BugTraq ID: 25650
Remote: Yes
Date Published: 2007-09-12
Relevant URL: http://www.sec
urityfocus.com/bid/25650
Summary:
Media Player Classic (MPC) is prone to multiple remote
vulnerabilities, including a heap-based buffer-overflow
issue and an integer-overflow issue, when handling malformed
AVI files.
An attacker can exploit these issues to execute arbitrary
code with the privileges of the user running the affected
application. Failed exploit attempts will result in a
denial-of-service condition.
Media Player Classic 6.4.9.0 is vulnerable; other versions
may also be affected.
11. SWsoft Plesk PLESKSESSID Parameter Multiple SQL
Injection Vulnerabilities
BugTraq ID: 25646
Remote: Yes
Date Published: 2007-09-12
Relevant URL: http://www.sec
urityfocus.com/bid/25646
Summary:
Plesk is prone to multiple SQL-injection vulnerabilities
because it fails to sufficiently sanitize user-supplied data
before using it in SQL queries.
Exploiting these issues could allow an attacker to
compromise the application, access or modify data, or
exploit latent vulnerabilities in the underlying database.
Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Microsoft Windows
are vulnerable; other versions running on different
platforms may also be affected.
12. Microsoft Visual Studio PDWizard.ocx ActiveX Control
Multiple Remote Vulnerabilities
BugTraq ID: 25638
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.sec
urityfocus.com/bid/25638
Summary:
Microsoft Visual Studio is prone to multiple remote
vulnerabilities, including two remote command-execution
issues and four unspecified vulnerabilities.
An attacker can exploit the remote command-execution
vulnerabilities to execute arbitrary commands with the
privileges of the currently logged-in user.
Very little information is known about the four unspecified
issues. We will update this BID as more information
emerges.
These issues affect Microsoft Visual Studio 6.0.0; other
versions may also be affected.
13. Microsoft Visual Studio VB To VSI Support Library
ActiveX Arbitrary File Overwrite Vulnerability
BugTraq ID: 25635
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.sec
urityfocus.com/bid/25635
Summary:
Microsoft Visual Studio VB To VSI Support Library ActiveX
Control is prone to a vulnerability that lets attackers
overwrite arbitrary files.
An attacker can exploit this issue to overwrite arbitrary
files with local data. This will likely result in
denial-of-service conditions; other attacks may also be
possible.
14. CellFactor Revolution Multiple Remote Code Execution
Vulnerabilities
BugTraq ID: 25625
Remote: Yes
Date Published: 2007-09-10
Relevant URL: http://www.sec
urityfocus.com/bid/25625
Summary:
CellFactor: Revolution is prone to multiple remote
code-execution vulnerabilities, including a buffer-overflow
issue and a format-string issue.
Successfully exploiting these issues will allow an attacker
to execute arbitrary code within the context of the affected
application or to crash the application.
CellFactor: Revolution 1.03 is vulnerable; other versions
may also be affected.
15. Microsoft Windows Services for UNIX Local Privilege
Escalation Vulnerability
BugTraq ID: 25620
Remote: No
Date Published: 2007-09-11
Relevant URL: http://www.sec
urityfocus.com/bid/25620
Summary:
Microsoft Windows Services for UNIX is prone to a local
privilege-escalation vulnerability.
Attackers may exploit this issue to gain elevated privileges
on affected computers. This facilitates the complete
compromise of vulnerable computers.
Microsoft Windows Services for UNIX 3.0 and 3.5 and
Microsoft Subsystem for UNIX-based Applications are
vulnerable to this issue.
16. Microsoft Agent agentdpv.dll ActiveX Control Malformed
URL Stack Buffer Overflow Vulnerability
BugTraq ID: 25566
Remote: Yes
Date Published: 2007-09-11
Relevant URL: http://www.sec
urityfocus.com/bid/25566
Summary:
Microsoft Agent (agentsvr.exe) is prone to a stack-based
buffer-overflow vulnerability because the application fails
to adequately bounds-check user-supplied data.
Successfully exploiting this issue allows remote attackers
to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result
in denial-of-service conditions.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #359
http:/
/www.securityfocus.com/archive/88/479220
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe securityfocus.com from the subscribed
address. The contents of the subject or message body do not
matter. You will receive a confirmation request message to
which you will have to answer. Alternatively you can also
visit http://www.s
ecurityfocus.com/newsletters and unsubscribe via the
website.
If your email address has changed email listadminsecurityfocus.com and ask to be manually removed.
V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by:Techmentor
_______________________
TechMentor - Las Vegas - October 15 - 19
Join your fellow systems administrators and IT managers at
the Rio Hotel & Casino in Vegas for a week of in-depth
technical training. TechMentor will give you the tools and
techniques to help you get the most out of your network.
Register now!
http://techmentorevents.
com/
|