[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #300
From: mfossi () securityfocus ! com
Date: 2006-07-19 18:08:30
Message-ID: Pine.LNX.4.64.0607191208180.4204 () mail ! securityfocus ! com
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #300
----------------------------------------
This issue is Sponsored by: Qualys
On-Demand Vulnerability Management
Proactively Identify and remediate Network Vulnerabilities, Measure and Manage
Risk. Free 14 Day Trial with NO Obligation!
http://newsletter.industrybrains.com/c?fe;1;5e792;5cd;233;1e60;da4
------------------------------------------------------------------
I. FRONT AND CENTER
1. Basic journey of a packet
2. Application-level virtualization for Windows
II. MICROSOFT VULNERABILITY SUMMARY
1. Wireshark Protocol Dissectors Multiple Vulnerabilities
2. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
3. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service
Vulnerability
4. Microsoft Internet Explorer DXImageTransform Properties Denial Of
Service Vulnerability
5. Outpost Firewall PRO Local Privilege Escalation Vulnerability
6. Lotus Notes Mail Recipient Information Disclosure Vulnerability
7. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
8. Zoho Virtual Office Message HTML Injection Vulnerability
9. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service
Vulnerabilities
10. Microsoft Internet Explorer MHTMLFile Denial Of Service
Vulnerability
11. Rabox WinLPD Remote Buffer Overflow Vulnerability
12. IceWarp Web Mail Multiple File Include Vulnerabilities
13. VisNetic Mail Server Multiple File Include Vulnerabilities
14. Microsoft ISA Server File Extension Filter Bypass Vulnerability
15. Microsoft Powerpoint Multiple Unspecified Vulnerabilities
16. Microsoft Works Spreadsheet Multiple Remote Vulnerabilties
17. Microsoft Internet Explorer RevealTrans Denial Of Service
Vulnerability
18. Microsoft Powerpoint Remote Code Execution Vulnerability
19. Microsoft Internet Explorer TriEditDocument Denial Of Service
Vulnerability
20. Adobe Acrobat / Adobe Reader Local Privilege Escalation
Vulnerability
21. Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
22. Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of
Service Vulnerability
23. Microsoft Windows DHCP Client Service Remote Code Execution
Vulnerability
24. Microsoft ASP.NET Application Folder Information Disclosure
Vulnerability
25. MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability
26. Microsoft Office Malformed GIF File Remote Code Execution
Vulnerability
27. Microsoft Office Malformed PNG File Remote Code Execution
Vulnerability
28. Microsoft Office String Parsing Remote Code Execution Vulnerability
29. Microsoft Office Property Code Execution Vulnerability
30. Microsoft Excel LABEL Record Remote Code Execution Vulnerability
31. SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow
Vulnerability
32. Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution
Vulnerability
33. Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of
Service Vulnerability
34. Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of
Service Vulnerability
35. Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service
Vulnerability
36. Microsoft Windows Server Driver Remote Information Disclosure
Vulnerability
37. Microsoft Excel FNGROUPCOUNT Record Remote Code Execution
Vulnerability
38. Microsoft Office Malformed String Parsing Code Execution
Vulnerability
39. Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
40. Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
41. Microsoft Excel Selection Record Variant Remote Code Execution
Vulnerability
42. Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow
Vulnerability
43. Microsoft IIS ASP Remote Code Execution Vulnerability
44. Microsoft Excel Selection Record Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Questions about File deletion avoidance in Windows platform
2. SecurityFocus Microsoft Newsletter #299
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. Basic journey of a packet
By Don Parker
The purpose of this introductory article is to look at basic look at the
journey of a packet across the Internet, from packet creation to switches,
routers, NAT, and so on. This topic is recommended for those who are new to the
networking and security field and may not have a basic understanding of the
underlying process.
http://www.securityfocus.com/infocus/1870
2. Application-level virtualization for Windows
By Federico Biancuzzi
Federico Biancuzzi interviews Eyal Dotan, who has developed application-level
virtualization software that protects Windows hosts from malware. They discuss
the architecture, advantages of this design, performance, and how this method
could be applied to servers running Windows or be ported to other OSes.
http://www.securityfocus.com/columnists/410
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Wireshark Protocol Dissectors Multiple Vulnerabilities
BugTraq ID: 19051
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:
- A format string vulnerability.
- An off-by-one vulnerability.
- An infinite loop vulnerability.
- A memory allocation vulnerability.
These may permit attackers to execute arbitrary code, which can facilitate a
compromise of an affected computer or cause a denial-of-service condition to
legitimate users of the application.
2. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
BugTraq ID: 19043
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19043
Summary:
WinRAR is susceptible to a remote buffer-overflow vulnerability. This issue is
due to a failure of the application to properly bounds check user-supplied
input prior to copying it to an insufficiently-sized memory buffer.
This vulnerability allows attackers to execute arbitrary machine code in the
context of the affected application.
Versions of WinRAR from 3.0 to 3.60 beta 6 are vulnerable to this issue.
3. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service
Vulnerability
BugTraq ID: 19030
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19030
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
4. Microsoft Internet Explorer DXImageTransform Properties Denial Of Service
Vulnerability
BugTraq ID: 19029
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19029
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.
An attacker can exploit this vulnerability to crash Internet Explorer and deny
service to users.
Internet Explorer 6 SP2 is prone to this issue; other versions may also be
vulnerable.
5. Outpost Firewall PRO Local Privilege Escalation Vulnerability
BugTraq ID: 19024
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19024
Summary:
Outpost Firewall PRO will allow local attackers to gain elevated privileges,
which may lead to a complete compromise.
Version 3.51.759.6511 (462) is reported vulnerable. Other versions may be
affected as well.
6. Lotus Notes Mail Recipient Information Disclosure Vulnerability
BugTraq ID: 19022
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19022
Summary:
Lotus Notes is prone to an information-disclosure vulnerability.
The problem occurs because the 'SendTo/AltSendTo', 'CopyTo/AltCopyTo', and
'BlindCopyTo/AltBlindCopyTo' fields are not kept in sync when 'reply to all' is
used.
This may result in unintended recipients receiving emails. This could result in
the disclosure of sensitive information if an email containing sensitive or
privileged information is sent to unintended readers.
7. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
BugTraq ID: 19018
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19018
Summary:
Lavasoft Personal Firewall will allow local attackers to gain elevated
privileges, which may lead to a complete compromise.
Version 1.0.543.5722 (433) is reported vulnerable. Other versions may be
affected as well.
8. Zoho Virtual Office Message HTML Injection Vulnerability
BugTraq ID: 19016
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19016
Summary:
Zoho Virtual Office is prone to an HTML-injection vulnerability because the
application fails to properly sanitize user-supplied input before using it in
dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the
affected website, potentially allowing an attacker to steal cookie-based
authentication credentials or to control how the site is rendered to the user;
other attacks are also possible.
This issue affects version 3.2 Build 3210; other versions may also be
vulnerable.
9. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service
Vulnerabilities
BugTraq ID: 19015
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19015
Summary:
Multiple denial of service vulnerabilities affect Armagetron Advanced. These
issues are due to a failure of the application to handle malformed network
data.
An attacker may leverage these issues to cause a remote denial-of-service
condition in affected applications.
10. Microsoft Internet Explorer MHTMLFile Denial Of Service Vulnerability
BugTraq ID: 19013
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19013
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.
The problem occurs when the application is used to view a malicious URI or
webpage consisting of a malformed MHTMLfile element.
An attacker can exploit this issue to crash Internet Explorer and deny service
to the user.
Internet Explorer 6 SP2 is vulnerable to this issue; other versions may also be
vulnerable.
11. Rabox WinLPD Remote Buffer Overflow Vulnerability
BugTraq ID: 19011
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19011
Summary:
Winlpd is prone to a remote buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the
context of the vulnerable application. Since this application listens on TCP
port 515, it requires elevated privileges. Successfully exploiting this issue,
therefore, likely facilitates the complete compromise of affected computers.
Winlpd version 1.2, build 1076 is vulnerable to this issue; other versions may
also be affected.
12. IceWarp Web Mail Multiple File Include Vulnerabilities
BugTraq ID: 19007
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19007
Summary:
IceWarp Web Mail is prone to multiple local file-include vulnerabilities and a
remote file-include vulnerability. These issues are due to a failure in the
application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files or local
files containing malicious PHP code and execute it in the context of the
webserver process. This may allow the attacker to compromise the application
and access the underlying system.
13. VisNetic Mail Server Multiple File Include Vulnerabilities
BugTraq ID: 19002
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19002
Summary:
VisNetic Mail Server is prone to multiple local file-include vulnerabilities
and a remote file includes vulnerability. These issues are due to a failure in
the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files or local
files containing malicious PHP code and execute it in the context of the web
server process. This may allow the attacker to compromise the application and
access the underlying system.
Version 8.3.5 is vulnerable to this issue; prior versions may also be affected.
14. Microsoft ISA Server File Extension Filter Bypass Vulnerability
BugTraq ID: 18994
Remote: Yes
Date Published: 2006-07-15
Relevant URL: http://www.securityfocus.com/bid/18994
Summary:
Microsoft ISA (Internet Security and Acceleration) Server is prone to a
vulnerability that may let users bypass rules for filtering file extensions.
Attackers could exploit this vulnerability to bypass administrative policy and
to access restricted content on the Internet.
This vulnerability is reported to affect Microsoft ISA Server 2004. Other
versions may also be affected.
15. Microsoft Powerpoint Multiple Unspecified Vulnerabilities
BugTraq ID: 18993
Remote: Yes
Date Published: 2006-07-14
Relevant URL: http://www.securityfocus.com/bid/18993
Summary:
Microsoft PowerPoint is prone to multiple remote vulnerabilities.
Three proof-of-concept exploit files designed to trigger vulnerabilities in
PowerPoint have been released.
It is currently unknown if these three exploit files pertain to newly
discovered, unpublished vulnerabilities or if they exploit previously disclosed
issues. These issues may allow remote attackers to cause crashes or to execute
arbitrary machine code in the context of the affected application, but this has
not been confirmed.
This BID will be updated and potentially split into individual records as
further analysis is completed.
Microsoft PowerPoint 2003 is vulnerable to these issues; other versions may
also be affected.
16. Microsoft Works Spreadsheet Multiple Remote Vulnerabilties
BugTraq ID: 18989
Remote: Yes
Date Published: 2006-07-14
Relevant URL: http://www.securityfocus.com/bid/18989
Summary:
The spreadsheet component of Microsoft Works is prone to multiple remote
vulnerabilities, including buffer-overflow and denial-of service issues.
These issues occur because the application fails to handle specifically crafted
spreadsheet documents when importing them into Microsoft Works.
These vulnerabilities allow remote attackers to execute arbitrary machine code
in the context of affected application. Attackers may also crash vulnerable
applications, denying service to legitimate users.
Microsoft Works version 8.0 is vulnerable to these issues; other versions may
also be affected.
17. Microsoft Internet Explorer RevealTrans Denial Of Service Vulnerability
BugTraq ID: 18960
Remote: Yes
Date Published: 2006-07-12
Relevant URL: http://www.securityfocus.com/bid/18960
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
18. Microsoft Powerpoint Remote Code Execution Vulnerability
BugTraq ID: 18957
Remote: Yes
Date Published: 2006-07-12
Relevant URL: http://www.securityfocus.com/bid/18957
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to execute arbitrary code
in the context of targeted users.
A malicious code named 'Trojan.PPDropper.B' is actively exploiting this
vulnerability.
This issue affects PowerPoint 2003; other versions may also be vulnerable.
19. Microsoft Internet Explorer TriEditDocument Denial Of Service Vulnerability
BugTraq ID: 18946
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18946
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
20. Adobe Acrobat / Adobe Reader Local Privilege Escalation Vulnerability
BugTraq ID: 18945
Remote: No
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18945
Summary:
Adobe Acrobat / Adobe Reader for Mac are prone to a privilege-escalation
vulnerability.
The vulnerability presents itself because of insecure default permissions
associated with installed files and folders.
Adobe Acrobat and Adobe Reader versions 6.0.4 and prior are affected. Note that
this issue arises only on multiuser systems on Mac OS X platforms.
21. Microsoft Excel File Rebuilding Remote Code Execution Vulnerability
BugTraq ID: 18938
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18938
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
22. Microsoft Internet Explorer HtmlDlgSafeHelper Remote Denial Of Service
Vulnerability
BugTraq ID: 18929
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18929
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
23. Microsoft Windows DHCP Client Service Remote Code Execution Vulnerability
BugTraq ID: 18923
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18923
Summary:
Microsoft Windows DHCP Client service is prone to a remote code-execution
vulnerability because the service fails to properly bounds-check user-supplied
input before copying it to an insufficiently sized memory buffer.
This vulnerability allows remote attackers to execute arbitrary machine code
with SYSTEM-level privileges on affected computers. This facilitates the
complete compromise of affected computers.
24. Microsoft ASP.NET Application Folder Information Disclosure Vulnerability
BugTraq ID: 18920
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18920
Summary:
ASP.NET is prone to an information-disclosure vulnerability. This issue is due
to a failure in the applications to properly validate user-supplied input.
An attacker can exploit this issue to retrieve potentially sensitive
information. Information retrieved may aid in further attacks.
25. MIMESweeper For Web Access Denied Cross-site Scripting Vulnerability
BugTraq ID: 18916
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18916
Summary:
MIMESweeper For Web is prone to a cross-site scripting vulnerability because it
fails to sanitize input before displaying it to users of the application.
An attacker may leverage this issue to have arbitrary script code execute in
the browser of an unsuspecting user in the context of the affected site. This
may help the attacker steal cookie-based authentication credentials and launch
other attacks.
26. Microsoft Office Malformed GIF File Remote Code Execution Vulnerability
BugTraq ID: 18915
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18915
Summary:
Microsoft Office is prone to a remote code-execution vulnerability when
handling a malformed GIF file.
The issue occurs when an Office application such as Excel, Word, or PowerPoint
tries to open a malformed GIF file.
An attacker could exploit this vulnerability to cause memory corruption and
subsequently the execution of malicious code in the context of the user running
the affected application.
27. Microsoft Office Malformed PNG File Remote Code Execution Vulnerability
BugTraq ID: 18913
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18913
Summary:
Microsoft Office is prone to a remote code-execution vulnerability when
handling a malformed PNG graphic file.
The issue occurs when an Office application such as Excel, Word, or PowerPoint
tries to open a malformed PNG graphic file.
An attacker could exploit this vulnerability to cause memory corruption and
subsequently to execute malicious code in the context of the user running the
affected application.
28. Microsoft Office String Parsing Remote Code Execution Vulnerability
BugTraq ID: 18912
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18912
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue
is due to a failure of the software to properly handle malformed strings in
Office documents.
Successfully exploiting this issue allows attackers to execute arbitrary code
in the context of targeted users.
29. Microsoft Office Property Code Execution Vulnerability
BugTraq ID: 18911
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18911
Summary:
Microsoft Office is prone to a code-execution vulnerability. This is due to a
failure to handle exceptional conditions.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
30. Microsoft Excel LABEL Record Remote Code Execution Vulnerability
BugTraq ID: 18910
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18910
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
31. SIPfoundry SIPXtapi CSeq Processing Remote Buffer-Overflow Vulnerability
BugTraq ID: 18906
Remote: Yes
Date Published: 2006-07-10
Relevant URL: http://www.securityfocus.com/bid/18906
Summary:
The sipXtapi product is reported to be prone to a remote buffer-overflow
vulnerability. This issue presents itself when the application handles a
specially crafted 'CSeq' value.
A successful attack may lead to unauthorized remote access in the context of a
user running an affected application that uses the vulnerable library.
Reports indicate that sipXtapi versions that were released prior to March 24,
2006 are vulnerable to this issue. Certain PingTel products and versions of AOL
Triton may be affected because they employ the vulnerable library.
32. Microsoft Office MSO.DLL LsCreateLine() Potential Code Execution
Vulnerability
BugTraq ID: 18905
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18905
Summary:
Microsoft Office is reported prone to a potential code-execution vulnerability.
This vulnerability occurs when the application handles a specially crafted
document. A successful attack may result in a remote compromise in the context
of an affected user. Attack attempts may result in a denial-of-service
condition as well.
Reports indicate that this issue can be triggered with a malicious Microsoft
Word document; however, other Microsoft Office applications that employ the
affected function are vulnerable as well.
33. Microsoft Internet Explorer Object.Microsoft.DXTFilter Denial Of Service
Vulnerability
BugTraq ID: 18903
Remote: Yes
Date Published: 2006-07-09
Relevant URL: http://www.securityfocus.com/bid/18903
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
34. Microsoft Internet Explorer DirectAnimation.DAUserData Denial Of Service
Vulnerability
BugTraq ID: 18902
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18902
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website that uses the 'DirectAnimation.DAUserData' object in a
malicious manner.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
35. Microsoft Internet Explorer 6 RDS.DataControl Denial Of Service
Vulnerability
BugTraq ID: 18900
Remote: Yes
Date Published: 2006-07-08
Relevant URL: http://www.securityfocus.com/bid/18900
Summary:
Microsoft Internet Explorer version 6 is reportedly prone to a
denial-of-service vulnerability because the application fails to perform
boundary checks before copying user-supplied data into sensitive process
buffers.
This issue is triggered when an attacker convinces a victim user to activate a
malicious ActiveX control object.
Remote attackers may exploit this issue to crash Internet Explorer 6,
effectively denying service to legitimate users.
A stack-based heap overflow may be possible, and as a result, remote code
execution in the context of the user running the affected application may
occur. This has not been confirmed.
36. Microsoft Windows Server Driver Remote Information Disclosure Vulnerability
BugTraq ID: 18891
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18891
Summary:
Microsoft Windows Server driver is susceptible to a remote
information-disclosure vulnerability. This issue is due to a flaw in the
handling of certain SMB traffic.
Exploiting this issue allows remote attackers to gain access to potentially
sensitive fragments of kernel memory. This may aid them in further attacks.
37. Microsoft Excel FNGROUPCOUNT Record Remote Code Execution Vulnerability
BugTraq ID: 18890
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18890
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
38. Microsoft Office Malformed String Parsing Code Execution Vulnerability
BugTraq ID: 18889
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18889
Summary:
Microsoft Office is prone to a code-execution vulnerability. This condition can
occur when a malformed string within an Office file is parsed.
This vulnerability is located in a shared library used by multiple Office
applications, potentially allowing many different attack vectors.
An attacker could exploit this issue by enticing a victim to load a malicious
Office file. If the vulnerability is successfully exploited, this could result
in the execution of arbitrary code in the context of the currently logged-in
user.
This issue differs from the one described in BID 18912 (Microsoft Office String
Parsing Remote Code Execution Vulnerability).
39. Microsoft Excel COLINFO Record Remote Code Execution Vulnerability
BugTraq ID: 18888
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18888
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability because it
fails to handle exceptional conditions.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
40. Microsoft Excel OBJECT Record Remote Code Execution Vulnerability
BugTraq ID: 18886
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18886
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability because it
fails to handle exceptional conditions.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
41. Microsoft Excel Selection Record Variant Remote Code Execution
Vulnerability
BugTraq ID: 18885
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18885
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
42. Microsoft Windows Server Driver Mailslot Remote Heap Buffer Overflow
Vulnerability
BugTraq ID: 18863
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18863
Summary:
Microsoft Windows Server driver is prone to a remote heap buffer-overflow
vulnerability. This issue is due to a failure of the software to properly
bounds check user-supplied input prior to copying it to an insufficiently-sized
memory buffer.
Exploiting this issue allows anonymous, remote attackers to execute arbitrary
machine code in the context of the affected driver. This facilitates the
complete compromise of affected computers.
Microsoft Windows XP SP2 and Microsoft Windows Server 2003 SP1 are not
vulnerable to this issue in their default configuration.
43. Microsoft IIS ASP Remote Code Execution Vulnerability
BugTraq ID: 18858
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18858
Summary:
Microsoft Internet Information Server (IIS) is prone to a remote code-execution
vulnerability because it fails to properly bounds-check user-supplied input
before copying it to an insufficiently sized memory buffer.
To exploit this issue, attackers must be able to place and execute malicious
ASP pages on computers running the affected ASP server software. This may be an
issue in shared-hosting environments.
This issue allows remote attackers to execute arbitrary machine code in the
context of the affected webserver software.
44. Microsoft Excel Selection Record Remote Code Execution Vulnerability
BugTraq ID: 18853
Remote: Yes
Date Published: 2006-07-11
Relevant URL: http://www.securityfocus.com/bid/18853
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.
Successfully exploiting this issue allows attackers to corrupt process memory
and to execute arbitrary code in the context of targeted users.
Note that Microsoft Office applications include functionality to embed Office
files as objects contained in other Office files. As an example, Microsoft Word
files may contain embedded malicious Microsoft Excel files, making Word
documents another possible attack vector.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Questions about File deletion avoidance in Windows platform
http://www.securityfocus.com/archive/88/440280
2. SecurityFocus Microsoft Newsletter #299
http://www.securityfocus.com/archive/88/439857
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Qualys
On-Demand Vulnerability Management
Proactively Identify and remediate Network Vulnerabilities, Measure and Manage
Risk. Free 14 Day Trial with NO Obligation!
http://newsletter.industrybrains.com/c?fe;1;5e792;5cd;233;1e60;da4
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic