[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ms
Subject: SecurityFocus Microsoft Newsletter #301
From: mfossi () securityfocus ! com
Date: 2006-07-25 22:30:18
Message-ID: Pine.LNX.4.64.0607251629590.8869 () mail ! securityfocus ! com
[Download RAW message or body]
SecurityFocus Microsoft Newsletter #301
----------------------------------------
This issue is Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of vendor
pitches, the Briefings are designed to be pragmatic regardless of your security
environment. Featuring 36 hands-on training courses and 10 conference tracks,
networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
------------------------------------------------------------------
I. FRONT AND CENTER
1. A month of browser bugs
II. MICROSOFT VULNERABILITY SUMMARY
1. Intervations FileCopa Directory Arguments Mutiple Buffer Overflow
Vulnerabilities
2. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
3. Microsoft Internet Explorer Native Function Iterator Denial Of
Service Vulnerability
4. Microsoft Windows Remote Denial of Service Vulnerability
5. Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack
Overflow Vulnerability
6. Microsoft Internet Explorer Multiple Object ListWidth Property Denial
Of Service Vulnerability
7. Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service
Vulnerability
8. Microsoft Internet Explorer String To Binary Function Denial Of
Service Vulnerability
9. Microsoft Internet Explorer Content-Type Denial Of Service
Vulnerability
10. Microsoft Internet Explorer OVCtl Denial Of Service Vulnerability
11. Password Safe Local Insecure Idle Timeout Lock Vulnerability
12. Microsoft Internet Explorer DataSourceControl Denial of Service
Vulnerability
13. Pablo Software Solutions Quick 'n Easy FTP Server LIST Command
Buffer Overflow Vulnerability
14. Intervations FileCopa LIST Command Remote Buffer Overflow
Vulnerability
15. Wireshark Protocol Dissectors Multiple Vulnerabilities
16. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
17. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service
Vulnerability
18. Microsoft Internet Explorer DXImageTransform Properties Denial Of
Service Vulnerability
19. Outpost Firewall PRO Local Privilege Escalation Vulnerability
20. Lotus Notes Mail Recipient Information Disclosure Vulnerability
21. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
22. Zoho Virtual Office Message HTML Injection Vulnerability
23. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service
Vulnerabilities
24. Microsoft Internet Explorer MHTMLFile Denial Of Service
Vulnerability
25. Rabox WinLPD Remote Buffer Overflow Vulnerability
26. IceWarp Web Mail Multiple File Include Vulnerabilities
27. VisNetic Mail Server Multiple File Include Vulnerabilities
28. Microsoft ISA Server File Extension Filter Bypass Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Co-Hosting SQL with IIS FTP service
2. SCHANNEL CSP SSL
3. Free encryption and credential management tools for Windows
4. SecurityFocus Microsoft Newsletter #300
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION
I. FRONT AND CENTER
---------------------
1. A month of browser bugs
By Scott Granneman
Scott Granneman looks at the virtues and pitfalls of browser fuzzing and the
overwhelmingly positive impact it has on the security community.
http://www.securityfocus.com/columnists/411
II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Intervations FileCopa Directory Arguments Mutiple Buffer Overflow
Vulnerabilities
BugTraq ID: 19153
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19153
Summary:
FileCopa is prone to multiple buffer-overflow vulnerabilities because the
application fails to properly bounds-check user-supplied input before copying
it to insufficiently sized memory buffers.
Successful exploits may allow remote attackers to execute arbitrary machine
code in the context of the affected application, which may facilitate the
remote compromise of affected computers.
FileCOPA 1.01 version 2006-07-18 is vulnerable; other versions may also be
affected.
2. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
BugTraq ID: 19148
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19148
Summary:
AGEphone is prone to a remote buffer-overflow vulnerability.
Specifically, this issue presents itself when the application handles a
malicious SIP (Session Initiation Protocol) packet.
AGEphone versions 1.24 and 1.38.1 are reported vulnerable; other versions may
be affected as well.
3. Microsoft Internet Explorer Native Function Iterator Denial Of Service
Vulnerability
BugTraq ID: 19140
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19140
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This
issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
4. Microsoft Windows Remote Denial of Service Vulnerability
BugTraq ID: 19135
Remote: Yes
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19135
Summary:
Microsoft Windows is reportedly prone to a remote denial-of-service
vulnerability. This issue may be due to the operating system's failure to
properly handle unexpected network traffic.
This issue may cause affected computers to crash, denying service to legitimate
users.
Note that Microsoft has not been able to reproduce this issue. This BID will be
updated as further analysis is performed.
5. Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow
Vulnerability
BugTraq ID: 19114
Remote: Yes
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19114
Summary:
Microsoft Internet Explorer is prone to a stack-overflow vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
6. Microsoft Internet Explorer Multiple Object ListWidth Property Denial Of
Service Vulnerability
BugTraq ID: 19113
Remote: Yes
Date Published: 2006-07-23
Relevant URL: http://www.securityfocus.com/bid/19113
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
7. Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service
Vulnerability
BugTraq ID: 19109
Remote: Yes
Date Published: 2006-07-22
Relevant URL: http://www.securityfocus.com/bid/19109
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
8. Microsoft Internet Explorer String To Binary Function Denial Of Service
Vulnerability
BugTraq ID: 19102
Remote: Yes
Date Published: 2006-07-21
Relevant URL: http://www.securityfocus.com/bid/19102
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability
because the application fails to properly bounds-check user-supplied input.
Remote attackers can exploit this issue to crash the application, causing a
denial-of-service.
9. Microsoft Internet Explorer Content-Type Denial Of Service Vulnerability
BugTraq ID: 19092
Remote: Yes
Date Published: 2006-07-20
Relevant URL: http://www.securityfocus.com/bid/19092
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
Specific information regarding affected Internet Explorer packages is not
currently available. This BID will be updated as further information is
disclosed.
10. Microsoft Internet Explorer OVCtl Denial Of Service Vulnerability
BugTraq ID: 19079
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19079
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
11. Password Safe Local Insecure Idle Timeout Lock Vulnerability
BugTraq ID: 19078
Remote: No
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19078
Summary:
Password Safe is prone to a vulnerability that may result in information
disclosure. This issue is due to a flaw in the implementation of the inactivity
timer, which is designed to lock the database when it is not in use.
This issue may allow local attackers to gain access to the contents of the
Password Safe database, since the database-locking feature may not function
correctly under certain circumstances.
Versions 2.11, 2.16, and 3.0 beta 1 are vulnerable to this issue. Other
versions may also be affected.
12. Microsoft Internet Explorer DataSourceControl Denial of Service
Vulnerability
BugTraq ID: 19069
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19069
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.
An attacker can exploit this vulnerability to crash Internet Explorer and deny
service to users.
Internet Explorer 6 SP2 is prone to this issue; other versions may also be
vulnerable.
13. Pablo Software Solutions Quick 'n Easy FTP Server LIST Command Buffer
Overflow Vulnerability
BugTraq ID: 19067
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19067
Summary:
Quick 'n Easy FTP Server is prone to a buffer-overflow vulnerability because it
fails to do proper bounds checking on user-supplied data before storing it in a
finite-sized buffer.
An attacker can exploit this issue to execute arbitrary machine code in the
context of the affected server application. This likely occurs with
SYSTEM-level privileges.
14. Intervations FileCopa LIST Command Remote Buffer Overflow Vulnerability
BugTraq ID: 19065
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19065
Summary:
FileCopa is prone to a buffer-overflow vulnerability when handling data through
the LIST command.
Reportedly, passing excessive data may overflow a finite-sized internal memory
buffer. A successful attack may result in memory corruption as memory adjacent
to the buffer is overwritten with user-supplied data.
This issue may lead to a denial-of-service condition or allow arbitrary code to
run.
15. Wireshark Protocol Dissectors Multiple Vulnerabilities
BugTraq ID: 19051
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:
- A format string vulnerability.
- An off-by-one vulnerability.
- An infinite loop vulnerability.
- A memory allocation vulnerability.
These may permit attackers to execute arbitrary code, which can facilitate a
compromise of an affected computer or cause a denial-of-service condition to
legitimate users of the application.
16. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
BugTraq ID: 19043
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19043
Summary:
WinRAR is susceptible to a remote buffer-overflow vulnerability because it
fails to properly bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer.
This vulnerability allows attackers to execute arbitrary machine code in the
context of the affected application.
Versions of WinRAR from 3.0 to 3.60 beta 6 are vulnerable to this issue.
17. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service
Vulnerability
BugTraq ID: 19030
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19030
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.
This issue is triggered when an attacker convinces a victim user to visit a
malicious website.
Remote attackers may exploit this issue to crash Internet Explorer, effectively
denying service to legitimate users.
18. Microsoft Internet Explorer DXImageTransform Properties Denial Of Service
Vulnerability
BugTraq ID: 19029
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19029
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.
An attacker can exploit this vulnerability to crash Internet Explorer and deny
service to users.
Internet Explorer 6 SP2 is prone to this issue; other versions may also be
vulnerable.
19. Outpost Firewall PRO Local Privilege Escalation Vulnerability
BugTraq ID: 19024
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19024
Summary:
Outpost Firewall PRO will allow local attackers to gain elevated privileges,
which may lead to a complete compromise.
Version 3.51.759.6511 (462) is reported vulnerable. Other versions may be
affected as well.
20. Lotus Notes Mail Recipient Information Disclosure Vulnerability
BugTraq ID: 19022
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19022
Summary:
Lotus Notes is prone to an information-disclosure vulnerability.
The problem occurs because the 'SendTo/AltSendTo', 'CopyTo/AltCopyTo', and
'BlindCopyTo/AltBlindCopyTo' fields are not kept in sync when 'reply to all' is
used.
This may result in unintended recipients receiving emails. This could result in
the disclosure of sensitive information if an email containing sensitive or
privileged information is sent to unintended readers.
21. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
BugTraq ID: 19018
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19018
Summary:
Lavasoft Personal Firewall will allow local attackers to gain elevated
privileges, which may lead to a complete compromise.
Version 1.0.543.5722 (433) is reported vulnerable. Other versions may be
affected as well.
22. Zoho Virtual Office Message HTML Injection Vulnerability
BugTraq ID: 19016
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19016
Summary:
Zoho Virtual Office is prone to an HTML-injection vulnerability because the
application fails to properly sanitize user-supplied input before using it in
dynamically generated content.
Attacker-supplied HTML and script code would execute in the context of the
affected website, potentially allowing an attacker to steal cookie-based
authentication credentials or to control how the site is rendered to the user;
other attacks are also possible.
This issue affects version 3.2 Build 3210; other versions may also be
vulnerable.
23. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service
Vulnerabilities
BugTraq ID: 19015
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19015
Summary:
Multiple denial of service vulnerabilities affect Armagetron Advanced. These
issues are due to a failure of the application to handle malformed network
data.
An attacker may leverage these issues to cause a remote denial-of-service
condition in affected applications.
24. Microsoft Internet Explorer MHTMLFile Denial Of Service Vulnerability
BugTraq ID: 19013
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19013
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.
The problem occurs when the application is used to view a malicious URI or
webpage consisting of a malformed MHTMLfile element.
An attacker can exploit this issue to crash Internet Explorer and deny service
to the user.
Internet Explorer 6 SP2 is vulnerable to this issue; other versions may also be
vulnerable.
25. Rabox WinLPD Remote Buffer Overflow Vulnerability
BugTraq ID: 19011
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19011
Summary:
Winlpd is prone to a remote buffer-overflow vulnerability because it fails to
properly bounds-check user-supplied input before copying it to an
insufficiently sized memory buffer.
This issue allows remote attackers to execute arbitrary machine code in the
context of the vulnerable application. Since this application listens on TCP
port 515, it requires elevated privileges. Successfully exploiting this issue,
therefore, likely facilitates the complete compromise of affected computers.
Winlpd version 1.2, build 1076 is vulnerable to this issue; other versions may
also be affected.
26. IceWarp Web Mail Multiple File Include Vulnerabilities
BugTraq ID: 19007
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19007
Summary:
IceWarp Web Mail is prone to multiple local file-include vulnerabilities and a
remote file-include vulnerability. These issues are due to a failure in the
application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files or local
files containing malicious PHP code and execute it in the context of the
webserver process. This may allow the attacker to compromise the application
and access the underlying system.
27. VisNetic Mail Server Multiple File Include Vulnerabilities
BugTraq ID: 19002
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19002
Summary:
VisNetic Mail Server is prone to multiple local file-include vulnerabilities
and a remote file includes vulnerability. These issues are due to a failure in
the application to properly sanitize user-supplied input.
An attacker can exploit these issues to include arbitrary remote files or local
files containing malicious PHP code and execute it in the context of the web
server process. This may allow the attacker to compromise the application and
access the underlying system.
Version 8.3.5 is vulnerable to this issue; prior versions may also be affected.
28. Microsoft ISA Server File Extension Filter Bypass Vulnerability
BugTraq ID: 18994
Remote: Yes
Date Published: 2006-07-15
Relevant URL: http://www.securityfocus.com/bid/18994
Summary:
Microsoft ISA (Internet Security and Acceleration) Server is prone to a
vulnerability that may let users bypass rules for filtering file extensions.
Attackers could exploit this vulnerability to bypass administrative policy and
to access restricted content on the Internet.
This vulnerability is reported to affect Microsoft ISA Server 2004. Other
versions may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Co-Hosting SQL with IIS FTP service
http://www.securityfocus.com/archive/88/441077
2. SCHANNEL CSP SSL
http://www.securityfocus.com/archive/88/441067
3. Free encryption and credential management tools for Windows
http://www.securityfocus.com/archive/88/441066
4. SecurityFocus Microsoft Newsletter #300
http://www.securityfocus.com/archive/88/440570
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat
Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of vendor
pitches, the Briefings are designed to be pragmatic regardless of your security
environment. Featuring 36 hands-on training courses and 10 conference tracks,
networking opportunities with over 2,500 delegates from 40+ nations.
http://www.blackhat.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic