SecurityFocus Microsoft Newsletter #116

From: Marc Fossi (mfossi@securityfocus.com)
Date: 12/09/02

  • Next message: Ogle Ron (Rennes): "FW: /Rpc virtual directory in IIS - How did it get there?"
    Date: Mon, 9 Dec 2002 11:14:59 -0700 (MST)
    From: Marc Fossi <mfossi@securityfocus.com>
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #116
    ---------------------------------------

    This issue is sponsored by St. Bernard Software

    Solution to Find & Fix Network Vulnerabilities

    Identifying and eliminating network vulnerabilities just got easier.
    Award-winning Retina scans networks for early detection of
    vulnerabilities, while UpdateEXPERT provides automated critical patch
    management assistance.

    For a FREE TRIAL visit: http://www.eeye.com/ctrack.asp?ref=STBJOINT2

    -------------------------------------------------------------------------------

    I. FRONT AND CENTER
         1. Barbarians at the Gate: An Introduction to Distributed Denial...
         2. Does Research Support Dumping Linux?
         3. SecurityFocus DPP Program
         4. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL)
    II. MICROSOFT VULNERABILITY SUMMARY
         1. Computer Associates InoculateIT Yaha.E Exchange Filter Bypassing
         2. YaBB YaBB.pl Cross Site Scripting Vulnerability
         3. Moby NetSuite POST Handler Buffer Overflow Vulnerability
         4. McAfee VirusScan WebScanX Code Execution Vulnerability
         5. Microsoft Windows XP Wireless LAN AP Information Disclosure...
         6. PortailPHP SQL Injection Vulnerability
         7. Pedestal Software Integrity Protection Driver Bypass Vulnerability
         8. 3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation...
         9. Microsoft Internet Explorer Dialog Style Same Origin Policy...
         10. phpBB search.php Cross Site Scripting Vulnerability
         11. pWins Web Server Directory Traversal Vulnerability
         13. Webster HTTP Server Long Request Buffer Overrun Vulnerability
         14. Webster HTTP Server File Disclosure Vulnerability
         15. Webster HTTP Server Cross Site Scripting Vulnerability
         16. Lawson Financials Account Credentials World Accessible...
    III. MICROSOFT FOCUS LIST SUMMARY
         1. Container Names in RSACryptoServiceProvider class (Thread)
         2. issues with syskey in NT 4.0 (Thread)
         3. SecurityFocus Microsoft Newsletter #115 (Thread)
         4. Question: Buffer Overrun in Microsoft Data Access Components...
         5. Secure / Encrypt Terminal Services (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. ActivPack for NDS
         2. i.Secure Office
         3. SafeBoot 3
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. klogger v1.0
         2. CECrypt v1.1
         3. KerbCrack v1.0
    VI. SPONSOR INFORMATION

    I. FRONT AND CENTER
    -------------------
    1. Barbarians at the Gate: An Introduction to Distributed Denial of
       Service Attacks
    By Matthew Tanase

    DDoS attacks first made headlines in February 2000. Now, almost three
    years later, can it be that we're still vulnerable? Unfortunately the
    answer is yes. This article will explain the concept of DDoS attacks, how
    they work, how to react if you become a target, and how the security
    community can work together to prevent them.

    http://online.securityfocus.com/infocus/1647

    2. Does Research Support Dumping Linux?
    By Tim Mullen

    Microsoft's security policies are getting better every day, even as a new
    report slams open-source competitors as security nightmares. But the easy
    answers aren't always the right ones.

    http://online.securityfocus.com/columnists/127

    3. SecurityFocus DPP Program

    Attention Universities!! Sign-up now for preferred pricing on the only
    global early-warning system for cyber attacks - SecurityFocus DeepSight
    Threat Management System.

    Click here for more information:
    http://www.securityfocus.com/corporate/products/dpsection.shtml

    4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

    Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

    Solutions to today’s security concerns; hands-on experts; blockbuster
    vendor expo; the CISO Executive Summit; invaluable networking
    opportunities. InfoSec World has it all!

    Go to: http://www.misti.com/10/os03nl37inf.html

    II. BUGTRAQ SUMMARY
    -------------------
    1. Computer Associates InoculateIT Yaha.E Exchange Filter Bypassing Vulnerability
    BugTraq ID: 6290
    Remote: Yes
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6290
    Summary:

    Computer Associates InoculateIT's Exchange option allows incoming email to
    be scanned as well as background scanning of the Exchange database.

    It has been reported that some email messsages containing the
    W32.Yaha.E@mm worm are able to bypass the incoming mail scanner. Most
    messages containing this worm are detected by the scanner, but some
    messages are allowed through.

    Some messages generated by the Yaha worm use the Microsoft IE MIME Header
    Attachment Execution Vulnerability (BID 2524). This may be related to
    this issue, however, precise details are not currently known.

    This entry will be updated if and when more details become available.

    2. YaBB YaBB.pl Cross Site Scripting Vulnerability
    BugTraq ID: 6272
    Remote: Yes
    Date Published: Nov 28 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6272
    Summary:

    YaBB (Yet Another Bulletin Board) is freely available web forum software
    that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS,
    and Microsoft Windows 9x/ME/NT/2000/XP platforms.

    A cross-site scripting vulnerability has been reported in the YaBB forum
    'YaBB.pl' script. This vulnerability is due to insufficient sanitization
    of URI parameters.

    As a result, it is possible for a remote attacker to create a malicious
    link to the login page of a site hosting the web forum. The malicious link
    may contain arbitrary HTML code in URI parameters. When this link is
    visited by an unsuspecting web user, the attacker-supplied code will be
    executed in their browser in the security context of the vulnerable
    website.

    It has been demonstrated that this vulnerability may be exploited to steal
    cookie-based authentication credentials.

    This vulnerability has been reported for YaBB 1 Gold - SP 1. It is not
    known if other versions are affected.

    3. Moby NetSuite POST Handler Buffer Overflow Vulnerability
    BugTraq ID: 6277
    Remote: Yes
    Date Published: Nov 29 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6277
    Summary:

    Moby NetSuite is a small SMTP and HTTP/CGI server designed for use with
    the Microsoft Windows operating system.

    A buffer overflow vulnerability has been reported for Moby NetSuite that
    may result in a denial of service condition. Reportedly, it is possible to
    cause NetSuite to crash when a malformed POST request is received.
    Specifically, the denial of service condition is triggered when a POST
    request is received that has an overly large integer value as the value
    for the 'Content-Length' header field.

    An attacker can exploit this vulnerability by issuing a POST request with
    a 'Content-Length' value that is a very large integer. When NetSuite
    attempts to service the malformed POST request, it will crash resulting in
    a denial of service. Restarting the service is neccessary to restore
    functionality.

    Although unconfirmed, this may be a remotely exploitable buffer overflow
    condition and code execution may be possible.

    4. McAfee VirusScan WebScanX Code Execution Vulnerability
    BugTraq ID: 6288
    Remote: No
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6288
    Summary:

    McAfee VirusScan contains a component for scanning Internet downloads and
    active content called WebScanX. Since explorer.exe can also be used as a
    web browser, WebScanX will hook the application.

    A vulnerability exists in WebScanX that could allow arbitrary code
    execution in the security context of the local system account. This
    behaviour only appears to occur if a user's home directory (ie. Documents
    and Settings\<username>) is located on a network share.

    When Explorer is used to browse the local disk, WebScanX appears to open
    several DLL (Dynamic Link Libraries) from the user's home directory. If
    one of these DLLs were replaced with a malicious file, WebScanX could
    execute the attacker-supplied code in the local system context.

    This vulnerability was reported on VirusScan 4.5.1sp1. Other versions may
    be vulnerable.

    5. Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability
    BugTraq ID: 6312
    Remote: Yes
    Date Published: Dec 04 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6312
    Summary:

    An information disclosure vulnerability has been reported for Microsoft
    Windows XP systems using a wireless LAN setup.

    The vulnerability exists due to the configuration of Windows XP. If a
    system is configured for use with a wireless network, Windowx XP systems
    will automatically search for available access points (APs). If APs are
    not found, requests are still submitted until a connection is achieved.

    An attacker can exploit this vulnerability to set up an AP with the same
    SSID (Service Set ID) of an AP configured for use with an XP system. When
    the vulnerable system recognizes this malicious AP, it will then begin
    transmission of data.

    This can be exploited by an attacker to intercept and decrypt any
    transmissions received from a vulnerable system. Information obtained in
    this manner may be used to launch further, destructive attacks against a
    vulnerable system.

    6. PortailPHP SQL Injection Vulnerability
    BugTraq ID: 6273
    Remote: Yes
    Date Published: Nov 28 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6273
    Summary:

    Portail PHP is a Web portal project based PHP and MySQL. It is available
    for the Linux, Unix, and Microsoft Windows operating systems.

    A vulnerability exists in the mod_search module included with PortailPHP.
    The vulnerability is due to insufficient sanitization of variables used to
    construct SQL queries in the 'index.php' script. Specifically, the 'rech'
    variable is not sanitized of malicious SQL input. It is possible to modify
    the logic of SQL queries through malformed query strings in requests for
    the vulnerable script.

    By injecting SQL code into the 'rech' variable, it may be possible for an
    attacker to corrupt database information.

    7. Pedestal Software Integrity Protection Driver Bypass Vulnerability
    BugTraq ID: 6295
    Remote: No
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6295
    Summary:

    Pedestal Software Integrity Protection Driver (IPD) is open source
    software designed to prohibit new services and drivers from being
    installed and to prevent the modification of existing drivers. This
    provides protection from rootkit installation on Microsoft Windows NT/2000
    systems.

    When systems with IPD installed are rebooted, the IPD does not start until
    the system has been up for twenty minutes. This allows new services and
    drivers to be installed, or the uninstallation of IPD.

    IPD appears to rely on the system clock to determine the end of the twenty
    minute startup window. This could allow an attacker who gains privileged
    access to the system to set the system clock back in order to increase the
    time window before IPD starts.

    During this period, the attacker could install a rootkit or make further
    modifications to the system before resetting the system clock allowing IPD
    to start.

    8. 3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation Vulnerability
    BugTraq ID: 6296
    Remote: Yes
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6296
    Summary:

    ShopFactory is an e-commerce application for Microsoft Windows operating
    systems. It is distributed by 3D3.Com.

    A problem with ShopFactory may make it possible for users to change prices
    on items.

    When a user visits a site and creates a shopping cart, information on
    items added to the cart are stored in web cookies. The information stored
    in these cookies is later retrieved by ShopFactory and used to give the
    user the price on the item. Changing the information contained in the
    cookie could change variables quoted to the user by the ShopFactory site.

    This vulnerability has been reported to allow the changing of prices. A
    malicious user could attempt to exploit this vulnerability to steal from
    e-commerce sites.

    9. Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability
    BugTraq ID: 6306
    Remote: Yes
    Date Published: Dec 03 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6306
    Summary:

    It is possible to bypass the origin policy used by Internet Explorer for
    the showModalDialog and showModelessDialog functions. Under some
    circumstances, it may be possible to execute script code in sensitive
    contexts.

    Microsoft Internet Explorer includes support for dialog windows through
    script calls to the two functions showModalDialog and showModelessDialog.
    These functions accept a URL location for the dialog content, and an
    option argument parameter to allow data to be passed to the dialog from
    the calling page. Additionally, various styles can be applied to the
    dialog from the calling page such as font-size, width, and height.

    A check is done to ensure that data is only passed to dialogs located in
    the same domain, port and protocol as the calling page. This prevents a
    malicious party from injecting content into arbitrary dialogs. However,
    script code can be injected into the style parameters and bypass this
    check.

    As a result, a malicious party may open a dialog with a URL which will
    pass this check, and have the script code within the style parameters
    execute in the zone of the target URL.

    The consequences of exploitation are highly dependant on the functionality
    of the targetted dialog. It is likely that this vulnerability could lead
    to subversion of information or social engineering attacks.

    It has been demonstrated to possibly inject script code into dialogs
    included by default with versions of Internet Explorer 6.0 and 6.0SP1,
    however, earlier versions may also be vulnerable. This can be used to
    execute arbitrary script code in the Local Computer Zone.

    10. phpBB search.php Cross Site Scripting Vulnerability
    BugTraq ID: 6311
    Remote: Yes
    Date Published: Dec 03 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6311
    Summary:

    phpBB is an open-source web forum application that is written in PHP and
    supported by a number of database products. It will run on most Unix and
    Linux variants, as well as Microsoft Windows operating systems.

    phpBB is prone to cross site scripting attacks. The problem lies in the
    search.php script which fails to properly sanitize user-supplied input in
    the 'search_username' parameter.

    By exploiting this issue it may be possible to steal a users cookie-based
    authentication credentials. This could be accomplished by constructing a
    malicious link containing script code embedded in the 'search_username'
    parameter.

    11. pWins Web Server Directory Traversal Vulnerability
    BugTraq ID: 6271
    Remote: Yes
    Date Published: Nov 28 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6271
    Summary:

    pWins is a Web server implemented using Ruby and Perl. It is designed for
    use on Linux variant and Microsoft Windows operating environments.

    It has been reported that pWins fails to properly sanitize web requests.
    By sending a malicious web request to the vulnerable server, using
    directory traversal sequences, it is possible for a remote attacker to
    access sensitive resources located outside of the web root.

    An attacker is able to traverse outside of the established web root by
    using dot-dot-slash (../) directory traversal sequences. An attacker may
    be able to obtain any web server readable files from outside of the web
    root directory.

    Disclosure of sensitive system files may aid the attacker in launching
    further attacks against the target system.

    This vulnerability has been reported for pWins 0.2.5 for the Microsoft
    Windows platform.

    12. Microsoft Windows XP Fast User Switching Process Viewing Weakness
    BugTraq ID: 6280
    Remote: No
    Date Published: Nov 29 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6280
    Summary:

    Microsoft Windows XP contains a feature called Fast User Switching (FUS).
    This allows multiple users to be concurrently logged onto the system; only
    one user can interact with the system at a time. FUS is enabled by
    default on Windows XP Home edition, but not on Professional edition. It
    cannot be enabled on systems that are members of a domain.

    FUS contains a weakness that could allow unprivileged users to view other
    users' process lists.

    Members of the Administrators group can enable an option to view other
    users' process lists. If a member of the Administrators group enables
    this option and is subsequently removed from the group, they are still
    able to view other users' process lists.

    While this is not directly exploitable, it may violate other users'
    privacy or the information obtained may potentially be used to mount
    attacks on other local users.

    13. Webster HTTP Server Long Request Buffer Overrun Vulnerability
    BugTraq ID: 6289
    Remote: Yes
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6289
    Summary:

    Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
    Foundation Classes (MFC). It is available for the Microsoft Windows
    operating system.

    A buffer overrun vulnerability has been discovered in Webster HTTP server.
    It is possible to trigger this condition by passing Webster HTTP server a
    malicious URL containing 275 or more bytes of data.

    This issue can be exploited to overwrite the programs instruction pointer,
    potentially resulting in the execution of malicious code. Exploitation of
    this issue would allow an attacker to run arbitrary system commands with
    the privileges of Webster.

    14. Webster HTTP Server File Disclosure Vulnerability
    BugTraq ID: 6291
    Remote: Yes
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6291
    Summary:

    Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
    Foundation Classes (MFC). It is available for the Microsoft Windows
    operating system.

    A file disclosure vulnerability has been discovered in Webster HTTP
    Server. By constructing a malicious URL containing directory traversal
    sequences (../), it is possible for a remote attacker to disclose a known
    system resource.

    This vulnerability could be exploited to obtain the systems SAM file or
    other sensitive resources, which may be used by the attacker to launch
    further attacks against the target system.

    15. Webster HTTP Server Cross Site Scripting Vulnerability
    BugTraq ID: 6292
    Remote: Yes
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6292
    Summary:

    Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft
    Foundation Classes (MFC). It runs on Windows 95, 98, NT, 2000, Me, and XP
    platforms.

    It has been discovered that Webster HTTP Server fails to sanitize
    user-supplied input, making it vulnerable to cross site scripting attacks.
    By including HTML or script code in a malconstructed link, it may be
    possible to execute arbitrary code within the context of the visited
    website.

    This issue may be exploited to steal cookie-based authentication
    credentials from legitimate users of the website running the vulnerable
    software. The attacker may hijack the session of the legitimate by using
    cookie-based authentication credentials.

    16. Lawson Financials Account Credentials World Accessible Vulnerability
    BugTraq ID: 6293
    Remote: No
    Date Published: Dec 02 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6293
    Summary:

    Lawson Financials is a commercially available financial planning and
    tracking software package. It is available for the Unix and Microsoft
    Windows platforms.

    A problem with Lawson Financials may make it possible for local users to
    gain access to other user's accounts.

    Lawson Financials requires specific configuration guidelines for the
    Lawson certification process. These guidelines give users the ability to
    install Lawson Financials with a limited set of configuration options.

    Some default configurations of Lawson Financials may allow unauthorized
    users access to sensitive information. By default, user credentials such
    as the Lawson Financials user name and password are stored in a
    world-readable, world-writable file. This could allow a user with local
    access to a Lawson Financials system to gain access to the Financials
    database. This is known to affect Financials installed on the UNIX
    operating system.

    Exploiting this vulnerability could result in an attacker connecting
    directly to the database via some means such as ODBC or JDBC. The
    attacker would then have access to the Financials database with the
    privileges of any user listed in the database user file. It should be
    noted that passwords stored in the file are in plain text.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. Container Names in RSACryptoServiceProvider class (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/302112

    2. issues with syskey in NT 4.0 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/302111

    3. SecurityFocus Microsoft Newsletter #115 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/301856

    4. Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414) (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/301855

    5. Secure / Encrypt Terminal Services (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/301663

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. ActivPack for NDS
    by ActivCard
    Platforms: RACF, Windows 2000, Windows 95/98, Windows NT, Windows XP
    http://www.activcard.com/activ/products/infrastructure/activpack_nds/index.html
    Summary:

    ActivPack delivers integrated digital identity services, strong
    authentication and smart card/token management for a comprehensive
    solution seamlessly integrated into NDS® eDirectory and the ConsoleOne
    management system. Linked tightly with Novell Modular Authentication
    Service (NMAS) and iChain, ActivCard enables smart card-based login to NDS
    using a private key and digital certificate stored securely on the user's
    card, and token-based login with one-time passwords.

    2. i.Secure Office
    by Archisoft Security Solutions Limited
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    http://www.archisoft.com.hk/secureoffice.html
    Summary:

    i.Secure Office is a plug-in security module for Microsoft Office. It
    makes use of the latest PKI technology together with personal Smart Token
    to ensure that every document that reaches its users is uniquely
    identified, confidential and intact. i.Secure Office works transparently
    with Microsoft Office to promote unsurpassed security.

    3. SafeBoot 3
    by Control Break International
    Platforms: DOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
    http://www.safeboot.com/products/safeboot.html
    Summary:

    SafeBoot 3 is a PC security system that prevents the data stored on a PC's
    hard disk from being read or used by an unauthorized person. SafeBoot 3
    encrypts the data stored on the hard disk and secures access to the PC via
    a password or token at boot time. If a user fails to logon to SafeBoot 3,
    or if an unauthorized person tries to access or use the PC, SafeBoot 3
    will prevent access to the PC and its data.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    -------------------------------------
    1. klogger v1.0
    by Arne Vidstrom
    Relevant URL:
    http://www.ntsecurity.nu/toolbox/klogger/
    Platforms: Windows 2000, Windows NT, Windows XP
    Summary:

    "klogger" is a keystroke logger for Windows NT / 2000.

    2. CECrypt v1.1
    by Arne Vidstrom
    Relevant URL:
    http://www.ntsecurity.nu/toolbox/cecrypt/
    Platforms: Windows CE
    Summary:

    CECrypt is a file encryption tool for Windows CE, that can encrypt with
    either 3-DES or IDEA.

    3. KerbCrack v1.0
    by Arne Vidstrom
    Relevant URL:
    http://www.ntsecurity.nu/toolbox/kerbcrack/
    Platforms: Windows 2000, Windows XP
    Summary:

    KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer
    listens on the network and captures Windows 2000/XP Kerberos logins. The
    cracker can be used to find the passwords from the capture file using a
    brute force attack or a dictionary attack.

    VI. SPONSOR INFORMATION
    -----------------------
    This issue is sponsored by St. Bernard Software

    Solution to Find & Fix Network Vulnerabilities

    Identifying and eliminating network vulnerabilities just got easier.
    Award-winning Retina scans networks for early detection of
    vulnerabilities, while UpdateEXPERT provides automated critical patch
    management assistance.

    For a FREE TRIAL visit: http://www.eeye.com/ctrack.asp?ref=STBJOINT2

    -------------------------------------------------------------------------------



    Relevant Pages

    • SecurityFocus Microsoft Newsletter #83
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #44
      ... Subject: SecurityFocus Microsoft Newsletter #44 ... MS Visual Studio RAD Support Buffer Overflow Vulnerability ... Microsoft Windows 2000 SMTP Improper Authentication Vulnerability ... Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #77
      ... MICROSOFT VULNERABILITY SUMMARY ... Novell GroupWise Web Root Disclosure Vulnerability ... Microsoft Windows NT Security Policy Bypass Vulnerability ... CVS Server Global Variable Denial Of Service Vulnerability ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #163
      ... MICROSOFT VULNERABILITY SUMMARY ... Bugzilla Javascript Buglists Remote Information Disclosure V... ... Microsoft Internet Explorer DHTML Drag and Drop Local File S... ... Microsoft Windows Workstation Service Remote Buffer Overflow... ...
      (Focus-Microsoft)