SecurityFocus Microsoft Newsletter #110

From: Marc Fossi (mfossi@securityfocus.com)
Date: 10/28/02


Date: Mon, 28 Oct 2002 15:45:43 -0700 (MST)
From: Marc Fossi <mfossi@securityfocus.com>
To: Focus-MS <focus-ms@securityfocus.com>


SecurityFocus Microsoft Newsletter #110
---------------------------------------

This Issue Is Sponsored By: CipherTrust

CHOKING ON SPAM? Protect your Microsoft Exchange server against spam and
other threats with IronMail, the secure email gateway appliance from
CipherTrust.

Request our newest white paper, "The Top 10 Techniques To Control Spam For
The Enterprise." here:

http://www.ciphertrust.com/article/securityfocus_1028_01.htm

-------------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Reverse Engineering Hostile Code
     2. Certifiably Certified
     3. SecurityFocus DPP Program
     4. InfoSec World Conference and Expo/2003
     5. Proactive Network Security Guide from Qualys
II. MICROSOFT VULNERABILITY SUMMARY
     1. Multiple VBulletin Cross Site Scripting Vulnerabilities
     2. Software602 Web602 Web Server Unauthorized Admin Directory...
     3. AN HTTPD Malformed SOCKS4 Request Buffer Overflow Vulnerability
     4. PHP Arena PAFileDB Email To Friend Cross-Site Scripting...
     5. PHP Arena PAFileDB Rate File Cross-Site Scripting Vulnerability
     6. AOL Instant Messenger Local File Execution Vulnerability
     7. FlashFXP FTP Password Disclosure Vulnerability
     8. Radiobird Software WebServer 4 All Host Field Header Buffer...
     9. PHP Arena PAFileDB Download Cross-Site Scripting Vulnerability
     10. Multiple Microsoft Internet Explorer Cached Objects Zone Bypas...
     11. Microsoft Windows 2000 SNMP Printer Query Denial of Service...
     12. Windows Media Player For Solaris Default World Writeable...
     13. YaBB Login Cross-Site Scripting Vulnerability
     14. Microsoft Windows 2000 RPC Service Denial of Service...
     15. Microsoft Internet Explorer Document.Write() Zone Bypass...
     16. PHP Arena PAFileDB Search Cross-Site Scripting Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
     1. How ISA rule base works and how to bind users IP with MAC...
     2. Subject: How ISA rule base works and how to bind users IP with...
     3. Some Useful Security Tools (Thread)
     4. Securing Citrix NFuse and IIS 5 (Thread)
     5. SecurityFocus Microsoft Newsletter #109 (Thread)
      6. GetAd.exe testing (Thread)
IV. MICROSOFT PRODUCTS
     1. Tiny Personal Firewall
     2. Data Sentinel
V. MICROSOFT TOOLS
     1. BCWipe 2.28
     2. Advanced Net Tools (ANT) 2.7
     3. Atelier Web Security Port Scanner 4.0
VI. SPONSORSHIP INFORMATION

I. FRONT AND CENTER
-------------------
1. Reverse Engineering Hostile Code
By Joe Stewart

This article outlines the process of reverse engineering hostile code.
Armed with this knowledge, even someone who is not an expert at assembly
language programming should be able to look at the internals of a hostile
program and determine what it is doing, at least on a surface level.

http://online.securityfocus.com/infocus/1637

2. Certifiably Certified
By Richard Forno

Despite impressive acronyms that look great on a resume, security
certifications don't guarantee that the holder is qualified to secure
vital information.

http://online.securityfocus.com/columnists/118

3. SecurityFocus DPP Program

Attention Organizations and Universities!! Sign-up now for preferred
pricing on the only global early-warning system for cyber attacks -
SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. IIR's 3G Fraud & Security Forum (21-23 October, London)

A specialized conference designed specifically for Fraud and Security
Managers in the 3G and mobile commerce space. This year's agenda focuses
on technical strategies for detecting and minimizing the fraud risks in 3G
services: what will be the key vulnerabilities in 3G and how can you
manage the increased risks of content partner fraud, transaction-based
roaming and m-commerce fraud? We will also be devoting a whole day to 3G
network security - penetration testing, third party access risks, IDS,
with even a live hack demonstration of Internet fraud.

Key speakers include Radicchio, Orange, Optimus, Vodafone, Visa, BTexact,
CFCA, with a keynote from security guru Charles Brookson, Chair of the GSM
Association Security Group.

For more details please visit http://www.iir-conferences.com/3GFraud

5. Proactive Network Security: FREE Guide

Fight back against hackers-AUTOMATICALLY. New FREE Guide shows you how to
deploy full service vulnerability assessment solution for your NETWORK and
simplify your security audits--with anywhere, anytime, on-demand browser
access. Click here now to get a head-start on hackers!

https://www.qualys.com/forms/guide_228.php

II. BUGTRAQ SUMMARY
-------------------
1. Multiple VBulletin Cross Site Scripting Vulnerabilities
BugTraq ID: 5997
Remote: Yes
Date Published: Oct 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5997
Summary:

vBulletin is commercial web forum software written in PHP and back-ended
by a MySQL database. It will run on most Linux and Unix variants, as well
as Microsoft operating systems.

vBulletin does not filter HTML tags from URI parameters, making it prone
to cross-site scripting attacks. The vulnerability exists due to
inadequate filtering of the '$scriptpath' and '$url' parameters. The
contents of these variables will be displayed in a few error pages.

As a result, it is possible for a remote attacker to create a malicious
link containing script code which will be executed in the browser of a
legitimate user, in the context of the website running vBulletin.

This issue may be exploited to steal cookie-based authentication
credentials from legitimate users of the website running the vulnerable
software. Cookie-based authentication credentials may be used by the
attacker to hijack the session of the legitimate user.

2. Software602 Web602 Web Server Unauthorized Admin Directory Access Vulnerability
BugTraq ID: 6006
Remote: Yes
Date Published: Oct 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6006
Summary:

Web602 is a Web server designed for use with Microsoft Windows operating
systems. Web602 is included as part of Software602's LAN Suite 2002
package.

An unauthorized administrative access vulnerability has been reported for
Web602 web server. Reportedly, Web602 allows access to the '/admin/'
folder without any authorization.

An attacker can exploit this vulnerability to obtain access to the admin
folder and perform any administrative actions.

This vulnerability has been reported to affect the Czech version of Web602
earlier than 2002.0.02.0916.

3. AN HTTPD Malformed SOCKS4 Request Buffer Overflow Vulnerability
BugTraq ID: 6012
Remote: Yes
Date Published: Oct 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6012
Summary:

AN HTTPD is a general purpose server that is also able to function as a
SOCKS4 server. It is designed for use on Microsoft Windows operating
systems.

A buffer overflow vulnerability has been reported for AN HTTPD. The
vulnerability is due to insufficient bounds checking of usernames for
SOCKS4 requests.

When AN HTTPD acts as a SOCKS4 server, it handles user names in an unsafe
manner. An attacker can exploit this vulnerability by sending an overly
long username as part of a SOCKS4 request. This may overflow a buffer used
by AN HTTPD and cause the server to overwrite adjacent memory. It may be
possible to modify sensitive information stored on the stack, including
return addresses. Successful exploitation may, in turn, lead to the
execution of arbitrary code as the AN HTTPD process.

This vulnerability is known to affect AN HTTPD versions 1.30 to 1.41c.

4. PHP Arena PAFileDB Email To Friend Cross-Site Scripting Vulnerability
BugTraq ID: 6018
Remote: Yes
Date Published: Oct 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6018
Summary:

PHP Arena paFileDB is an application which allows webmasters to post files
for download on a website. It is implemented in PHP and is available for
Unix and Linux variants as well as Microsoft Windows operating systems.

paFileDB is prone to cross-site scripting attacks.

An attacker may construct a malicious link to the vulnerable script which
contains arbitrary HTML and script code. If this link is visited by a web
user, the attacker-supplied code will execute in their web client in the
security context of the paFileDB site.

This issue is in the "Email to Friend" function of the paFileDB script.

An attacker may potentially exploit this to steal cookie-based
authentication credentials. Other attacks are also possible.

5. PHP Arena PAFileDB Rate File Cross-Site Scripting Vulnerability
BugTraq ID: 6019
Remote: Yes
Date Published: Oct 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6019
Summary:

PHP Arena paFileDB is an application which allows webmasters to post files
for download on a website. It is implemented in PHP and is available for
Unix and Linux variants as well as Microsoft Windows operating systems.

paFileDB is prone to cross-site scripting attacks.

An attacker may construct a malicious link to the vulnerable script which
contains arbitrary HTML and script code. If this link is visited by a web
user, the attacker-supplied code will execute in their web client in the
security context of the paFileDB site.

This issue is in the "Rate File" function of the paFileDB script.

An attacker may potentially exploit this to steal cookie-based
authentication credentials. Other attacks are also possible.

6. AOL Instant Messenger Local File Execution Vulnerability
BugTraq ID: 6027
Remote: Yes
Date Published: Oct 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6027
Summary:

AOL Instant Messenger (AIM) is an instant messenging client for Microsoft
Windows, MacOS, and other platforms.

AIM is prone to an issue which may allow attackers to execute arbitrary
files on the client system. It is possible to send a malicious link which
references local files to a user of the client. When the link is visited,
the referenced file on the client's local filesystem will be executed.

To exploit this issue, the attacker must know the exact location of the
file to be executed. Additionally, there can be no spaces in the path or
filename. This limits exploitability, since files must be on the same
partition and command line arguments cannot be supplied. Though the
attacker may use dot-dot-slash (../) sequences to traverse to the root
directory of the partition. If through some other means an attacker can
cause an arbitrary file to be placed on the victim filesystem, then an
attacker might exploit this issue to execute that file.

Versions other than AOL Instant Messenger 4.8.2790 do not seem to be
affected by this vulnerability. The vulnerability was reported for
Microsoft Windows versions of the client.

7. FlashFXP FTP Password Disclosure Vulnerability
BugTraq ID: 6032
Remote: No
Date Published: Oct 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6032
Summary:

FlashFXP is a FTP implementation that allows client-server file transfers
in addition to site-to-site file transfers. It is available for Microsoft
Windows.

FlashFXP is prone to a vulnerability which may cause FTP authentication
credentials to be disclosed to local attackers.

When users authenticate with FTP sites, passwords are echoed with
asterisks. However, FlashFXP stores these passwords in plaintext in the
properties for queued file transfers. FTP passwords will be revealed to
local attackers who edit the transfer queue properties.

This may allow local attackers to gain unauthorized access for FTP sites
that other local users have access to.

8. Radiobird Software WebServer 4 All Host Field Header Buffer Overflow Vulnerability
BugTraq ID: 6034
Remote: Yes
Date Published: Oct 23 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6034
Summary:

RadioBird Software WebServer 4 All is a Web server designed for use with
Microsoft Windows operating systems.

A buffer overflow vulnerability has been reported for WebServer 4 All. The
vulnerability is due to inadequate bounds checking on the 'Host:' HTTP
header field.

An attacker can exploit this vulnerability by issuing excessively long
HTTP request that contains a malformed 'Host:' header consisting of at
least 2000 characters, to a system running a vulnerable version of
WebServer 4 All. This will cause the Web server to crash.

Although unconfirmed, it may be possible for a remote attacker to exploit
this issue to execute arbitrary system commands with the privileges of the
WebServer 4 All process.

This vulnerability was reported for WebServer 4 All version 1.28.

9. PHP Arena PAFileDB Download Cross-Site Scripting Vulnerability
BugTraq ID: 6020
Remote: Yes
Date Published: Oct 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6020
Summary:

PHP Arena paFileDB is an application which allows webmasters to post files
for download on a website. It is implemented in PHP and is available for
Unix and Linux variants as well as Microsoft Windows operating systems.

paFileDB is prone to cross-site scripting attacks.

An attacker may construct a malicious link to the vulnerable script which
contains arbitrary HTML and script code. If this link is visited by a web
user, the attacker-supplied code will execute in their web client in the
security context of the paFileDB site.

This issue is in the "Download" function of the paFileDB script.

An attacker may potentially exploit this to steal cookie-based
authentication credentials. Other attacks are also possible.

10. Multiple Microsoft Internet Explorer Cached Objects Zone Bypass Vulnerability
BugTraq ID: 6028
Remote: Yes
Date Published: Oct 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6028
Summary:

Multiple vulnerabilities have been reported for Microsoft Internet
Explorer. These vulnerabilities have been reported to affect Internet
Explorer 5.5 to 6.0. Internet Explorer 6.0 with Service Pack 1 and
Internet Explorer 5 with Service Pack 2 are reportedly not vulnerable.

The vulnerabilities are due to how Internet Explorer handles cached
objects. This vulnerability may allow remote attackers to execute script
code in the context of other domains and security zones.

The cause appears to be a lack of access control checks when access to a
document object is attempted through a separate reference to it. A
malicious webmaster may exploit this vulnerability by creating a reference
to several methods of the target child window. The attacker may then have
the child window open a website in a different domain/Zone and obtain
control of the newly created window to execute malicious code. As the
domain/Zone is different in the child window, this should not be possible.

The following methods have been reported to be exploitable and will result
in an attacker obtaining the ability to execute code in the 'My Computer'
security zone.

external()
document.selection.createRange()
document.elementFromPoint()
document.getElementById()
document.getElementsByName()
document.getElementsByTagName()
document.execCommand()

An attacker who exploits this vulnerability using the clipboardData()
method will obtain read/write access to contents of the clipboard.

Exploitation of this vulnerability may allow for theft of cookie
information, website impersonation or disclosure and manipulation of local
files.

** Some reports indicate that Internet Explorer 6 with Service Pack 1 may
be vulnerable.

11. Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
BugTraq ID: 6030
Remote: Yes
Date Published: Oct 22 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6030
Summary:

Microsoft Windows 2000 is vulnerable to a denial of service due to
resource exhaustion.

When the SNMP Agent service (snmp.exe) is installed on Windows 2000, the
LANMAN MIB (lmmib2.dll) is also installed. If the Print Spooler service
(spoolsv.exe) has not been started while the SNMP Agent is running, the
system could be vulnerable to the denial of service.

Querying the SNMP Agent using a GET or GETNEXT request for print queue
related values while the Print Spooler is not active will consume
approximately 30 MB of memory per request. Sending the vulnerable system
a large number of these requests will eventually cause the system to
consume all available memory and stop responding.

A valid 'read' string would have to be known in order to exploit this
vulnerability. This string is 'Public' by default.

Systems would have to be rebooted in order to resume normal operation.

12. Windows Media Player For Solaris Default World Writeable Permissions Vulnerability
BugTraq ID: 6003
Remote: No
Date Published: Oct 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6003
Summary:

Microsoft Windows Media Player is media software available for various
operating systems including Microsoft Windows and Solaris.

A vulnerability has been reported for Windows Media Player 6.3 for
Solaris. Reportedly, the installer will ignore the existing system umask
and install files with world writeable permissions.

An attacker can exploit this vulnerability to obtain elevated privileges
to the vulnerable system by modifying, or replacing, the installed files
with arbitrary attacker-supplied files. Any unsuspecting user that
attempts to execute any Windows Media Player files may inadvertently
execute malicious attacker supplied files.

13. YaBB Login Cross-Site Scripting Vulnerability
BugTraq ID: 6004
Remote: Yes
Date Published: Oct 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6004
Summary:

YaBB (Yet Another Bulletin Board) is freely available web forum software
that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS,
and Microsoft Windows 9x/ME/NT/2000/XP platforms.

A cross-site scripting vulnerability has been reported in the YaBB forum
login script. When a user enters an erroneous username/password, the YaBB
forum login script will display an error page containing the values the
user entered. However, HTML tags or script code are not sanitized from
the password error output.

As a result, it is possible for a remote attacker to create a malicious
link to the login page of a site hosting the web forum. The malicious
link may contain arbitrary HTML and script code in the password field.
When this link is visited by an unsuspecting web user, the
attacker-supplied code will be executed in their browser in the security
context of the vulnerable website.

It has been demonstrated that this vulnerability may be exploited to steal
cookie-based authentication credentials. Furthermore, once an attacker
has hijacked a user's session with the credentials it is possible to
change that user's password without needing to further authenticate.

14. Microsoft Windows 2000 RPC Service Denial of Service Vulnerability
BugTraq ID: 6005
Remote: Yes
Date Published: Oct 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6005
Summary:

Microsoft Windows 2000 uses Remote Procedure Calls (RPC) for client-server
communications in a distributed computing environment (DCE). TCP Port 135
is typically used for DCE endpoint resolution.

A vulnerability in the Windows 2000 DCE-RPC stack could allow a remote
user to disable RPC services. If a specifically malformed packet is sent
to TCP port 135 on a vulnerable system, a null pointer dereference will
cause the RPC service to fail.

This vulnerability has been confirmed on Windows 2000 Service Pack 3,
however, other versions of Windows may also be vulnerable.

15. Microsoft Internet Explorer Document.Write() Zone Bypass Vulnerability
BugTraq ID: 6017
Remote: Yes
Date Published: Oct 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6017
Summary:

A vulnerability has been reported in Microsoft Internet Explorer that may
allow for remote attackers to execute script code in the context of other
domains/security Zones.

The cause appears to be a lack of access control checks when access to a
document object is attempted through a separate reference to it. A
malicious webmaster may exploit this vulnerability by creating a reference
to the method "document.write" of the target child window. The attacker
may then have the child window open a website in a different domain/Zone
and obtain control of the newly created window to execute malicious code.
As the domain/Zone is different in the child window, this should not be
possible.

Exploitation of this vulnerability may allow for theft of cookie
information, website impersonation or disclosure of local files.

This vulnerability is similar to the vulnerability described in BugTraq ID
5841.

16. PHP Arena PAFileDB Search Cross-Site Scripting Vulnerability
BugTraq ID: 6021
Remote: Yes
Date Published: Oct 21 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6021
Summary:

PHP Arena paFileDB is an application which allows webmasters to post files
for download on a website. It is implemented in PHP and is available for
Unix and Linux variants as well as Microsoft Windows operating systems.

paFileDB is prone to cross-site scripting attacks.

An attacker may construct a malicious link to the vulnerable script which
contains arbitrary HTML and script code. If this link is visited by a web
user, the attacker-supplied code will execute in their web client in the
security context of the paFileDB site.

This issue is reported to be exploitable by providing HTML and script code
as a search string.

An attacker may potentially exploit this to steal cookie-based
authentication credentials. Other attacks are also possible.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. How ISA rule base works and how to bind users IP with MAC. (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/297030

2. Subject: How ISA rule base works and how to bind users IP with MAC. (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/296961

3. Some Useful Security Tools (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/296815

4. Securing Citrix NFuse and IIS 5 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/296589

5. SecurityFocus Microsoft Newsletter #109 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/296462

6. GetAd.exe testing (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/296358

IV. MICROSOFT PRODUCTS
----------------------
1. Tiny Personal Firewall
by Tiny Software
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.tinysoftware.com/
Summary:

Tiny Personal Firewall 3.0 is the first and the only PC security product
that combines stateful inspection firewall with active sandbox protection
against to all new and unknown viruses, worms and trojans. Built on
ICSA-certified security technology, it is also an integral part of Tiny
Software's Centrally Managed Desktop Security (CMDS) system selected by
the US Air Force for its approximately 500,000 desktop computers.

2. Data Sentinel
by Ionx
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.ionx.co.uk/html/products/data_sentinel/index.php
Summary:

Data Sentinel is a highly advanced host based intrusion detection system
(HIDS) that empowers you with the ability to maintain the integrity of
business critical data, and detect unauthorised access by hackers or
viruses.

V. MICROSOFT TOOLS
-------------------
1. BCWipe 2.28
by Jetico
Relevant URL:
http://www.jetico.com/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:

The BCWipe utility is designed to securely delete files from the disk.
Standard file deletion leaves the contents of the "deleted" file on your
disk. Unless it has been overwritten by files subsequently saved, it can
be recovered using standard disk utilities. Working quickly and integrated
with Windows Shell, BCWipe shreds data in files so that they can not be
recovered by any means. BCWipe software is a freeware for non-commercial
and non-governmental use. Please, refer to BCWipe End-User license
agreement for more information on licensing terms.

2. Advanced Net Tools (ANT) 2.7
by Mikersoft
Relevant URL:
http://www.mikersoft.com/ant/anttrial.zip
Platforms: Windows 2000, Windows 95/98
Summary:

Share Scanner can scan any network for a list of shared drives. ARP
Configuration allows you to add/remove ARP entries and view the ARP table
all from a Windows GUI. Route Configuration allows you to add/remove
Routing entries and view the route table all from a Windows GUI. Adapter
Configuration allows you to view all adapters and add remove IP addresses
of individual adapters using a Windows GUI. IP Configuration shows you all
of the configuration information for all of the adapters on your system.
Net Stats shows all of the current connections on your PC and their
current state. It also shows what ports applications are listening on. You
can set the refresh rate at any speed you wish. TraceRoute tells you how
many hops (routers) are between your PC and another destination. It will
also show you the slowest connection point. Network Scanner can scan any
class A, B or C network for any list of open ports. Network Scanner takes
advantage of multi-threading. You can use many threads to scan at the same
time for quick results. You can save your port list to a text file. You
can also save your list of found connections to a text file. Port Scanner
can scan any computer for a list, or range of open ports. Set your speed
of finding open ports by setting the timeout variable. Ping Utility allows
you to change the size of the packets, the timeout, and the number of
packets to ping. Advanced DNS Utility shows you extended information on a
given hostname or IP address. You can also lookup the mail exchange
servers, or domain name servers for a specific domain. Query types
available: A, ANY, NS, MX, SOA. Command Test, a utility for connecting to
an open port and testing commands. Works like a telnet client but you can
send 1 line at a time. Whois Client where you can configure the whois
server for multiple DNS name types. With ANT you don't even need to use
the main GUI interface, all menus are accessible from the system tray
icon.

3. Atelier Web Security Port Scanner 4.0
by Jose Pascoa,japp@atelierweb.com
Relevant URL:
http://www.atelierweb.com/pscan/index.htm
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:

AWSPS features a very comprehensive set of tools, some of them unique, for
in-depth assessment of Network Security:

* High-speed TCP Connect scanning engine, with adjustable maximum number
of simultaneously opened ports and no-connection time-out adjustment.
* High-speed TCP Syn scanning engine for Windows 2000 platforms with
TCP/IP and ICMP packet capture, report on pen/Retransmits, Close, Filtered
ports, ICMP packet decoding and much more.
* Fast reliable UDP Port scanner with intelligent test probing of ports to
confirm whether the host is up.
* State-of-the-art NetBIOS scanner (AWSPS Professional only).
* Unique Mapping of Ports to applications feature (Ports Finder).
* Local Connections and Listening Ports instant report.
* Local TCP, UDP and ICMP statistics instant report.
* Local Active Routes, DNS Servers and Persistent Routes.
* Local IP Statistics/Settings instant report.
* Local Transport Protocols/Winsock Service Providers list and details.
* Local Addressing information table.
* Local Net to media information table.
* Local Interfaces Statistics/Settings instant report.
* Local Network related Local Registry settings.
* Comprehensive Local Area Network information, including NetBIOS Names,
LANA, Shares, Security Information, Groups/Users and running Services.
* The most complete TCP/UDP ports database.
* Full-featured Time synchronyzer according to SNTP (RFC 1769), TIME TCP
(RFC 868) and TIME UDP (RFC 868).

VI. SPONSORSHIP INFORMATION
---------------------------
This Issue Is Sponsored By: CipherTrust

CHOKING ON SPAM? Protect your Microsoft Exchange server against spam and
other threats with IronMail, the secure email gateway appliance from
CipherTrust.

Request our newest white paper, "The Top 10 Techniques To Control Spam For
The Enterprise." here:

http://www.ciphertrust.com/article/securityfocus_1028_01.htm

-------------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter #129
    ... Don't start from scratch..."Information Security ... Ethereal SOCKS Dissector Format String Vulnerability ... Microsoft Windows XP Safe Mode Policy Bypass Weakness ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #61
    ... Cisco 12000 Series Internet Router Denial Of Service Vulnerability ... Microsoft Windows 2000 RunAs Service Named Pipe Hijacking... ... Reach the LARGEST audience of security professionals with SecurityFocus ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #242
    ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
    (Focus-Microsoft)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • [NT] Korean Input Method Editor Privileges Elevation (MS06-009)
    ... Get your security news from a reliable source. ... vulnerability exists in the Windows and Office Korean Input Method Editor ... Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ... If Remote Desktop is manually enabled, ...
    (Securiteam)