SecurityFocus Microsoft Newsletter #118

From: Marc Fossi (mfossi@securityfocus.com)
Date: 12/23/02

  • Next message: Rich Wilson: "Re: ipsecpol on Windows 2000"
    Date: Mon, 23 Dec 2002 12:27:16 -0700 (MST)
    From: Marc Fossi <mfossi@securityfocus.com>
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #118
    ---------------------------------------

    This issue is sponsored by: Qualys

    Strengthening Network Security: FREE Guide Network security is a
    constantly moving target - even proven solutions lose their punch over
    time. Find out how to get COMPLETE PROTECTION against ever-growing
    security threats with our FREE new Guide.

    Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

    -------------------------------------------------------------------------------

    I. FRONT AND CENTER
         1. Microsoft Baseline Security Analyzer V1.1
         2. Evaluating Network Intrusion Detection Signatures, Part Three
         3. OpenAV: Developing Open Source AntiVirus Engines
         4. SecurityFocus DPP Program
         5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando,FL)
    II. MICROSOFT VULNERABILITY SUMMARY
         1. Microsoft Internet Explorer PNG Deflate Heap Corruption...
         2. Microsoft Windows SMB Signing Vulnerability
         3. Deerfield VisNetic WebSite Cross Site Scripting Vulnerability
         4. Microsoft Java Virtual Machine COM Object Access Validation...
         5. Microsoft Java Virtual Machine CODEBASE Parameter File...
         6. MySQL COM_CHANGE_USER Password Length Account Compromise...
         7. MySQL libmysqlclient Library Read_Rows Buffer Overflow...
         8. MySQL libmysqlclient Library Read_One_Row Buffer Overflow...
         9. Mambo Site Server PHPInfo.PHP Information Disclosure Vulnerability
         10. Bea Systems WebLogic Xerces XML Parser Denial Of Service...
         11. Microsoft Java Virtual Machine Standard Security Manager...
         12. Microsoft Java Virtual Machine Java Object Instantiation...
         13. Mambo Site Server Account Registration HTML Injection...
         14. Mambo Site Server Path Disclosure Vulnerability
         15. Captaris Infinite WebMail HTML Injection Vulnerability
         16. EServ Buffer Overflow Vulnerability
         17. PKZip Tar Hostile Destination Path Vulnerability
         18. Microsoft Java Virtual Machine user.dir Access Information...
         19. VIM ModeLines Arbitrary Command Execution Vulnerability
         20. PHP-Nuke Web Mail Remote PHP Script Execution Vulnerability
         21. Microsoft Java Virtual Machine Multiple Vulnerabilities
         22. MySQL COM_CHANGE_USER Password Memory Corruption Vulnerability
         23. Microsoft Java Virtual Machine URL Parsing Vulnerability
         24. Microsoft Java Virtual Machine JDBC API Access Vulnerability
         25. PHP-Nuke 6.0 Multiple Cross Site Scripting Vulnerabilities
         26. Symantec Enterprise Firewall RealAudio Proxy Buffer Overflow...
         27. MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing...
         28. Cypherix Cryptainer Information Disclosure Vulnerability
         29. PHP-Nuke Web Mail Script Injection Vulnerability
         30. PHP-Nuke Multiple Path Disclosure Vulnerabilities
         31. ZipMagic Tar Hostile Destination Path Vulnerability
         32. WinZip Tar Hostile Destination Path Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
         1. Removing locking user from CTRL-ALT-DEL window - NT 4.0 (Thread)
         2. Logging Terminal Services Access? (Thread)
         3. ipsecpol on Windows 2000 (Thread)
         4. SecurityFocus Microsoft Newsletter #117 (Thread)
         5. Users Peeved at Microsoft Security Effort (Thread)
         6. IIS 4 Security (Thread)
         7. Exchange 5.5 delivery receipts (Thread)
         8. Bulletin MS02-069 (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. ipPulse
         2. BVRP Mail Warden
         3. Silent Watch
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. Lepton's Crack v1.0.1
         2. perltrash v0.3
         3. Opticon|Users 2002
    VI. SPONSOR INFORMATION

    I. FRONT AND CENTER
    -------------------
    1. Microsoft Baseline Security Analyzer V1.1
    By Mike Fahland, Eric Schultze

    Earlier this month, Microsoft released version 1.1 of the Microsoft
    Baseline Security Analyzer (MBSA). This article will offer a brief
    overview of MBSA.

    http://online.securityfocus.com/infocus/1649

    2. Evaluating Network Intrusion Detection Signatures, Part Three
    by Karen Kent

    In this three-part series of articles, we are presenting recommendations
    that will help readers to evaluate the quality of network intrusion
    detection (NID) signatures, either through hands-on testing or through
    careful consideration of third-party product reviews and comparisons. The
    first installment discussed some of the basics of evaluating NID signature
    quality, as well as selecting attacks to be used in testing. The second
    installment concluded the discussion of criteria for choosing attacks and
    provided recommendations for generating attacks and creating a good
    testing environment. This article will wrap up the series by examining
    other ways of generating attacks with other security-related tools and by
    manually creating your own attacks.

    http://online.securityfocus.com/infocus/1651

    3. OpenAV: Developing Open Source AntiVirus Engines
    by Costin G. Raiu

    This article will take a look at the OpenAntivirus AV engine, assess its
    progress so far, and offer some suggestions of how the developers can
    continue to develop it. While some of the commentary in the following
    sections may be fairly critical, the purpose of this paper is not to flame
    the OpenAV project or its developers but, on the contrary, to salute their
    efforts. Hopefully, this article and the comments herein will make a
    significant contribution to the development of a viable, working open
    source antivirus product.

    http://online.securityfocus.com/infocus/1650

    4. SecurityFocus DPP Program

    Attention Universities!! Sign-up now for preferred pricing on the only
    global early-warning system for cyber attacks - SecurityFocus DeepSight
    Threat Management System.

    Click here for more information:
    http://www.securityfocus.com/corporate/products/dpsection.shtml

    5. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

    Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

    Solutions to today’s security concerns; hands-on experts; blockbuster
    vendor expo; the CISO Executive Summit; invaluable networking
    opportunities. InfoSec World has it all!

    Go to: http://www.misti.com/10/os03nl37inf.html

    II. BUGTRAQ SUMMARY
    -------------------
    1. Microsoft Internet Explorer PNG Deflate Heap Corruption Vulnerability
    BugTraq ID: 6366
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6366
    Summary:

    A heap corruption vulnerability has been reported for Microsoft Internet
    Explorer 5.01 through 6.0.

    The vulnerability is related to the way that Microsoft Internet Explorer
    (MSIE) interprets PNG image data. Specifically, the 'inflate_fast()'
    function within 'pngfilt.dll' does not properly handle invalid length
    codes within PNG image files.

    An attacker can exploit this vulnerability by tricking a user into viewing
    a maliciously constructed PNG image file. When the image file is rendered
    by the 'pngfilt.dll' library, it will trigger the heap corruption
    condition and overwrite critical areas in memory. Any malicious
    attacker-supplied code will be executed with elevated privileges.

    It should be noted that applications which depend on MSIE to render PNG
    files are also affected.

    Internet Explorer 6.0 with Service Pack 1 is not affected by this issue.

    2. Microsoft Windows SMB Signing Vulnerability
    BugTraq ID: 6367
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6367
    Summary:

    Microsoft Windows 2000 and XP contain a new feature that can be set in
    group policy allowing SMB packets to be digitally signed. There are four
    settings that govern the signing of the SMB packets; two for acting as a
    server and two for acting as a client. The system can be configured to
    allow signing, disallow signing, or require signing. The default setting
    is to allow signing, but not require it.

    When two hosts establish an SMB session, negotiation of the digital
    signing level occurs. The systems determine what level of signing each
    requires and whether a connection can be established. If one system
    cannot meet the other system's requirements, the communication channel is
    not established.

    Due to a flaw in the way the signing negotiation is implemented, an
    attacker can malform a negotiation packet through a man-in-the-middle
    attack to cause the target system to silently drop its signing requirement
    for that particular session. This could allow the attacker to then modify
    the SMB packets undetected by the receiving system since the digital
    signature is not checked. The attacker would have to exploit this
    vulnerability once for each SMB session to be modified.

    It is important to note that when a client logs into a domain, the group
    policy is transmitted from the server to the client using signed SMB
    packets. This could allow a knowledgeable attacker to modify the group
    policy settings that are applied to the client.

    3. Deerfield VisNetic WebSite Cross Site Scripting Vulnerability
    BugTraq ID: 6369
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6369
    Summary:

    VisNetic Website is web server that supports multiple domains, and allows
    TLS/SSL secured domains. It is available for the Microsoft Windows
    operating system.

    When a requested page does not exist VisNetic Website will construct a
    customized 404 page containing a link to the referring page. The referring
    address is taken from the HTTP 'referer' header.

    A vulnerability has been discovered in VisNetic Website when generating a
    404 page for a non-existent resources. The issue is due to insufficient
    sanitization of the HTTP 'referer' header. It is possible to cause
    arbitrary code to be executed within the context of the visited 404 page
    by embedding script code into the HTTP 'referer' header.

    An attacker could exploit this issue to steal cookie-based authentication
    credentials, which could be used to hijack a legitimate users session.

    It should be noted that this vulnerability was discovered in VisNetic
    Website 3.5.13.1. It is not yet known whether this issue also affects
    earlier versions.

    4. Microsoft Java Virtual Machine COM Object Access Validation Vulnerability
    BugTraq ID: 6371
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6371
    Summary:

    The Microsoft Java Virtual Machine (JVM) implements the Java runtime
    environment for Microsoft Internet Explorer. A vulnerability has been
    discovered in the Microsoft JVM.

    The vulnerability is due to insufficient checks in the JVM that allow
    malicious, untrusted applets access to COM (Component Object Model)
    objects. COM objects are used by the system to perform a variety of
    functions, including the ability to modify data.

    An attacker can exploit this vulnerability by creating a malicious applet
    that invokes certain COM objects. Due to insufficient security checks
    performed by the JVM, it is possible for the untrusted applet to access
    the requested, sensitive COM object. Through the manipulation of the
    object, the attacker can modify arbitrary files on the vulnerable system
    and allow the attacker to obtain total control of the system.

    This vulnerability was originally described in BID 6365. It is now being
    assigned its own BugTraq ID.

    5. Microsoft Java Virtual Machine CODEBASE Parameter File Disclosure Vulnerability
    BugTraq ID: 6372
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6372
    Summary:

    The Microsoft JVM implements the Java runtime environment for Microsoft
    Internet Explorer. A vulnerability has been discovered in the Microsoft
    Java Virtual Machine.

    The vulnerability results from a specially constructed 'CODEBASE'
    parameter specified as part of an 'APPLET' HTML tag. The 'CODEBASE'
    parameter tells the JVM where the applet is located. If an applet is
    located on a local hard drive or resource, the applet has access to all
    files and directories that lie directly under the path of its execution.
    Due to insufficient parsing of HTML tags performed by the JVM, it may be
    possible for a malicious applet to misrepresent the location of its
    existence.

    An attacker can exploit this vulnerability to load a malicious applet from
    a remote site and trick the Virtual Machine into thinking that it was
    executed from a trusted location, such as the vulnerable system's hard
    drive. This will allow an attacker to obtain access to potentially
    sensitive files on a vulnerable system or on network shares the user has
    access to. The vendor has stated that the vulnerability will only allow an
    attacker to obtain read access to files.

    This vulnerability was originally described in BID 6365. It is now being
    assigned its own BugTraq ID.

    6. MySQL COM_CHANGE_USER Password Length Account Compromise Vulnerability
    BugTraq ID: 6373
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6373
    Summary:

    MySQL is an open source relational database project, and is available for
    a number of operating systems, including Microsoft Windows.

    A flaw in the password authentication mechanism for MySQL may make it
    possible for an authenticated database user to compromise the accounts of
    other database users.

    The flaw lies in the fact that the server uses a string returned by the
    client when the COM_CHANGE_USER command is issued to iterate through a
    comparison when attempting to authenticate the password. The server does
    not verify that the password string is of sufficient length. As a result,
    it is possible for a client to submit a single character as a response and
    that single character will be compared to the expected password. If this
    character matches the first character in the password, MySQL will
    reportedly authenticate the user. The range of the valid character set
    for passwords is 32 characters, which means that a malicious user can
    authenticate after a maximum of 32 attempts if they cycle through all of
    the valid characters.

    Since this flaw exists in the COM_CHANGE_USER command, an attacker must
    have access to a database user account to exploit the issue. They must
    also know the username of the account they are attempting to compromise.
    Depending on how the database has been deployed, this may allow for a
    malicious user to compromise the MySQL root account.

    This issue is related to the vulnerability described in Bugtraq ID 975.
    The problem was not sufficiently addressed in the COM_CHANGE_USER command.

    7. MySQL libmysqlclient Library Read_Rows Buffer Overflow Vulnerability
    BugTraq ID: 6370
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6370
    Summary:

    MySQL is an open source relational database project, and is available for
    a number of operating systems, including Microsoft Windows.

    MySQL contains a library called libmysqlclient that allows queries to be
    performed against the MySQL server database. A problem exists in the
    read_rows function of the libmysqlclient library that could result in a
    buffer overflow.

    When the MySQL client performs a SELECT query on the database, the
    read_rows function loops through the returned fields, copying them to a
    local buffer. The problem occurs because the function does not verify
    that the size of the returned fields are smaller than the buffer to which
    they are being copied.

    Additionally, each row is terminated with a '\0' without verifying that
    there is sufficient space within the destination buffer.

    This vulnerability may be exploited to cause a denial of service or to
    execute arbitrary code in the security context of the MySQL client
    application. Anything that is linked against libmysql may also be
    affected by this issue.

    8. MySQL libmysqlclient Library Read_One_Row Buffer Overflow Vulnerability
    BugTraq ID: 6374
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6374
    Summary:

    MySQL is an open source relational database project, and is available for
    a number of operating systems, including Microsoft Windows.

    MySQL contains a library called libmysqlclient that allows queries to be
    performed against the MySQL server database. A problem exists in the
    read_one_row function of the libmysqlclient library that could result in a
    buffer overflow.

    When the MySQL client fetches a row from the database, read_one_row stores
    the field and the field size without verifying that the data will not
    overrun the buffer. After storing the pointer to a field, the function
    terminates the previous field with a '\0' and moves on to the next field.
    Since the data is not verified against the size of the buffer, a malformed
    packet can supply an exceptionally long field size and have arbitrary
    memory overwritten with a '\0', potentially causing the client to crash.

    Successful exploitation will most likely result in a denial of service
    against the MySQL client application. Though it hasn't been confirmed, it
    may be possible with some client implementations to cause execution of
    arbitrary code.

    9. Mambo Site Server PHPInfo.PHP Information Disclosure Vulnerability
    BugTraq ID: 6376
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6376
    Summary:

    Mambo Site Server is a freely available, open source web content
    management tool. It is written in PHP, and available for Unix, Linux, and
    Microsoft Windows operating systems.

    A problem with Mambo may make it possible for a remote user to gain access
    to sensitive information.

    It has been reported that Mambo enables a script by default that may
    reveal sensitive information. The phpinfo.php script is packaged with
    Mambo, and installed by default in the administrator subdirectory. A
    remote user may use this script to gain information about the server,
    including path and environment information.

    This vulnerability could lead to a more directed attack against hosts.
    An attacker may access this script via
    http://www.example.com/mambo/administrator/phpinfo.php.

    10. Bea Systems WebLogic Xerces XML Parser Denial Of Service Vulnerability
    BugTraq ID: 6378
    Remote: No
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6378
    Summary:

    BEA Systems WebLogic Server is an enterprise level web and wireless
    application server for Microsoft Windows and most Unix and Linux
    distributions.

    A problem with WebLogic could allow an attacker to deny service to
    legitimate users.

    A vulnerability in the handling of XML documents has been discovered.
    XML documents are parsed by the Xerces component of the WebLogic
    infrastructure. By parsing a malicious XML document locally, it is
    possible to cause the WebLogic server process to hang.

    This issue could allow an attacker with the ability to place files on the
    vulnerable host to deny service to legitimate users. Normal service would
    resume only when the process is killed, and manually restarted.
    Additionally, this vulnerability could continue to be exploited until the
    malicious XML file is removed.

    11. Microsoft Java Virtual Machine Standard Security Manager Access Validation Vulnerability
    BugTraq ID: 6381
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6381
    Summary:

    The Microsoft JVM implements the Java runtime environment for Microsoft
    Internet Explorer. A vulnerability has been discovered in the Microsoft
    Java Virtual Machine.

    This vulnerability is due to a flaw in the access validation check
    performed by the Virtual Machine's Standard Security Manager. This
    vulnerability could allow an attacker to suppress the execution of Java
    applets in the current Internet Explorer browser session.

    The Standard Security Manager contains a list of Java applets and modules
    that applets should not be allowed to invoke. Normally, only the Virtual
    Machine itself should be allowed to write to the Standard Security
    Manager. However, due to insufficient access validation controls, any
    Java applet can write to the Standard Security Manager. This could allow
    an attacker to add other applets to the banned list, preventing the
    applets from executing or being executed by other applets.

    Exploitation of this vulnerability would only affect the current Internet
    Explorer browser session. Other sessions running in parallel to or after
    the affected session would not be affected. Simply closing the affected
    browser session would correct the results of exploitation.

    12. Microsoft Java Virtual Machine Java Object Instantiation Denial Of Service Vulnerability
    BugTraq ID: 6382
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6382
    Summary:

    The Microsoft JVM implements the Java runtime environment for Microsoft
    Internet Explorer. A vulnerability has been discovered in the Microsoft
    Java Virtual Machine.

    The vulnerability may allow an attacker to cause the hosting application
    to fail when a user executes a malicious applet. Restarting the hosting
    application will restore normal functionality.

    The vulnerability is due to the way the JVM initializes some Java objects.
    An attacker can exploit this vulnerability by creating a Java applet that
    will created an incorrectly initialized Java object. This will result in
    the corruption of memory of the hosting application and its subsequent
    failure.

    This vulnerability was originally described in BID 6365. It is now being
    assigned its own BugTraq ID.

    13. Mambo Site Server Account Registration HTML Injection Vulnerability
    BugTraq ID: 6386
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6386
    Summary:

    Mambo Site Server is a freely available, open source web content
    management tool. It is written in PHP, and available for Unix, Linux, and
    Microsoft Windows operating systems.

    Mambo Site Server does not sufficiently sanitize HTML submitted through
    the "Your Name" form field during account registration. Data in this
    field may be output to other users, such as in articles. Though it has
    been reported that an administrative user must approve articles before
    they are displayed to other users, it is possible that malicious script
    code may be displayed to the administrative user when an article is
    reviewed for approval. This possibility has not been confirmed.

    An attacker may include arbitrary HTML and script code in the "Your Name"
    field and when this information is viewed by other users, the
    attacker-supplied code will execute in their web client in the security
    context of the site.

    Exploitation may allow for theft of cookie-based authentication
    credentials or other attacks.

    It is possible that other account registration form fields also do not
    sufficiently sanitize HTML.

    14. Mambo Site Server Path Disclosure Vulnerability
    BugTraq ID: 6387
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6387
    Summary:

    Mambo Site Server is a freely available, open source web content
    management tool. It is written in PHP, and available for Unix, Linux, and
    Microsoft Windows operating systems.

    A vulnerability has been discovered in Mambo Site Server. Requesting the
    'index.php' script with an invalid parameter will cause an error page to
    be generated containing the path of the Mambo script.

    This will disclose sensitive information about the layout of the
    filesystem of the host running the vulnerable software. Information of
    this nature may aid in mounting further attacks against the host.

    It should be noted that this vulnerability was reported in Mambo Site
    Server 4.0.11. It is not yet known whether other versions are affected.

    15. Captaris Infinite WebMail HTML Injection Vulnerability
    BugTraq ID: 6411
    Remote: Yes
    Date Published: Dec 16 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6411
    Summary:

    Captaris Infinite WebMail is a Web server application that provides HTML
    access to email stored in SMTP, POP3, and IMAP mail systems. It is
    available for the Microsoft Windows operating system.

    A vulnerability has been discovered in Infinite WebMail. Due to
    insufficient sanitization of HTML content it is possible to embed
    arbitrary script code within an HTML email. The problem occurs in the <p>
    and <b> HTML tags.

    When an unsuspecting user of the vulnerable software views the malicious
    message, the attacker-supplied code will executed in their web browser in
    the security context of the webmail system.

    This may allow an attacker to steal cookie-based authentication
    credentials from users of the webmail system. Other attacks are also
    possible.

    16. EServ Buffer Overflow Vulnerability
    BugTraq ID: 6391
    Remote: Yes
    Date Published: Dec 13 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6391
    Summary:

    EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft
    Windows 9x/NT/2000 systems.

    A buffer overflow vulnerability has been reported for EServ. The
    vulnerability occurs when EServ receives an overly long stream of data for
    any of its listening services.

    An attacker can exploit this vulnerability by sending an overly long
    stream of data, consisting of at least 5080000 characters, to any of the
    ports that EServ is listening on. This will trigger the buffer overflow
    condition and will result in the EServ process crashing.

    Although unconfirmed, it may be possible for an attacker to gain control
    over the execution of the vulnerable process and execute malicious
    attacker-supplied code.

    This vulnerability was reported for EServ 2.97 and 2.99; it is likely that
    previous versions are also affected.

    17. PKZip Tar Hostile Destination Path Vulnerability
    BugTraq ID: 6419
    Remote: Yes
    Date Published: Dec 17 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6419
    Summary:

    PKZip is prone to a security vulnerability when unpacking .tar archives.
    The problem is in the handling of pathnames.

    By specifying a path for an archived item which points outside the
    expected directory scope, the creator of the archive can cause the file to
    be extracted to arbitrary locations on the filesystem. An attacker may
    take advantage of this vulnerability to cause malicious files to be placed
    anywhere on a target filesystem.

    An attacker may exploit this condition by specifying a relative extraction
    path in a malicious .tar that points to sensitive or critical files, such
    as system binaries.

    This issue was reported in PKZip for Microsoft Windows platforms. It is
    not known if other platforms are also affected.

    This issue is similar to the issue described in Bugtraq ID 5933, but
    affects how .tar archives are handled specifically.

    This vulnerability was originally described in BID 6412 "Multiple Vendor
    Archiving Software Tar Hostile Destination Path Vulnerability" and is now
    being assigned an individual Bugtraq ID.

    18. Microsoft Java Virtual Machine user.dir Access Information Disclosure Vulnerability
    BugTraq ID: 6380
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6380
    Summary:

    The Microsoft JVM implements the Java runtime environment for Microsoft
    Internet Explorer. A vulnerability has been discovered in the Microsoft
    Java Virtual Machine.

    The vulnerability may allow an attacker to obtain access to the user.dir
    system property. The user.dir property contains information about the
    current working directory of the hosting application.

    An attacker can exploit this issue by enticing a user to execute a
    malicious applet. The JVM does not restrict access to the user.dir system
    property to untrusted Java applets and will result in the malicious applet
    obtaining access to user.dir. This will allow an attacker to obtain
    information that may be used to launch further attacks against a
    vulnerable system.

    This vulnerability was originally described in BID 6365. It is now being
    assigned its own BugTraq ID.

    19. VIM ModeLines Arbitrary Command Execution Vulnerability
    BugTraq ID: 6384
    Remote: No
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6384
    Summary:

    vim is a freely available, open source text editor. It is available for
    Unix, Linux, and Microsoft Operating Systems.

    A problem with vim may make it possible to execute arbitrary commands on a
    vulnerable host.

    It has been reported that a problem exists in vim with modelines.
    Modelines are instructions placed at the beginning and end of text files
    to instruct the editor on how to handle certain elements of the file.
    Due to insufficent handling of input, it may be possible to execute
    arbitrary commands through the modelines function.

    This vulnerability could allow an attacker to execute arbitrary commands
    with the privileges of the vim user. Through social engineering, this may
    give an attacker the ability to gain remote access to the vulnerable host.

    20. PHP-Nuke Web Mail Remote PHP Script Execution Vulnerability
    BugTraq ID: 6399
    Remote: Yes
    Date Published: Dec 16 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6399
    Summary:

    PHP-Nuke is a web-based portal system. Implemented in PHP, it is available
    for a range of systems, including Unix, Linux, and Microsoft Windows.

    A vulnerability has been discovered in a web mail module available for
    PHP-Nuke. When a user opens an email containing an attachment the file
    will be stored in a remote accessible web directory. The module fails to
    filter attachments containing active content, making it possible for an
    attacker to access a PHP script located in the users web directory.

    By sending a user a malicious attachment and then accessing the script a
    remote attacker is able to cause arbitrary PHP code to be executed on the
    target system. This may allow an attacker to access sensitive information
    or compile malicious programs designed to open backdoors into the server.

    21. Microsoft Java Virtual Machine Multiple Vulnerabilities
    BugTraq ID: 6365
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6365
    Summary:

    Several vulnerabilities have been reported for Microsoft Java Virtual
    Machine.

    The first vulnerability may allow a malicious Java applet to access COM
    (Component Object Model) objects. A malicious Java applet may be able to
    access COM objects that allow control of the system. By exploiting this
    vulnerability an attacker would be able to take complete control over a
    compromised machine.

    The second vulnerability may allow an attacker to misrepresent the
    location of a malicious Java applet. Through the use of an APPLET HTML
    tag, an attacker can specify a false value for the 'CODEBASE' parameter.
    The 'CODEBASE' parameter is used to tell a browser where the Java applet
    is located. An attacker can exploit this vulnerability to load a malicious
    applet from a remote site and trick the Virtual Machine into thinking that
    it was executed from a trusted location, such as the vulnerable system's
    hard drive. This will allow an attacker to obtain access to potentially
    sensitive files on a vulnerable system.

    The third vulnerability may allow an attacker to construct a malicious URL
    that would load a Java applet from an attacker's site but misrepresent it
    as belonging to another, trusted, site. The vulnerability is due to a flaw
    in the Virtual Machine's URL parser. An attacker can exploit this
    vulnerability to intercept any traffic that the user would send to the
    trusted site. This information may be used by an attacker to launch
    further attacks against a vulnerable system.

    The fourth vulnerability may allow an attacker to access databases used by
    the system as another user. This will allow an attacker to obtain read and
    write access to the database. This vulnerability is due to the bypassing
    of existing security checks of the JDBC (Java Database Connectivity) APIs
    by malicious applets.

    The fifth vulnerability may allow an attacker to prevent Java applets on
    other pages from running. This vulnerability exists due to insufficient
    security checks in the Virtual Machine that allows Java applets to write
    to the Standard Security Manager. An attacker can exploit this
    vulnerability to write to the Standard Security Manager and prevent other
    applets from being executed. This vulnerability will allow an attacker to
    prevent Java applets from being run only in the current browser session;
    any new browser sessions will be unaffected.

    The sixth vulnerability may allow an attacker to obtain access to the
    user.dir property. The user.dir property contains information about the
    current working directory of the hosting application. Exploitation of this
    issue may allow an attacker to obtain information that may be used to
    launch further attacks against a vulnerable system.

    The final vulnerability may allow an attacker to cause the hosting
    application to fail when a user visits a malicious site. Restarting the
    hosting application will restore normal functionality. The vulnerability
    is due to the way the Virtual Machine initializes some Java objects. An
    attacker can exploit this vulnerability by creating a Java applet that
    will created an incorrectly initialized Java object. This will result in
    the corruption of memory of the hosting application and its subsequent
    failure.

    ** At the earliest possible convenience, this record will be divided up
    into new vulnerability records where it is appropriate. Existing records
    will also be updated to reflect the information contained in the Microsoft
    Security Bulletin.

    22. MySQL COM_CHANGE_USER Password Memory Corruption Vulnerability
    BugTraq ID: 6375
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6375
    Summary:

    MySQL is an open source relational database project, and is available for
    a number of operating systems, including Microsoft Windows.

    MySQL is prone to a memory corruption vulnerability in the COM_CHANGE_USER
    command.

    Due to a lack of sufficient bounds checking for client responses to
    password authentication challenges, it may be possible to corrupt
    sensitive regions of memory.

    It has been reported that it is possible to overwrite the saved
    instruction pointer on the stack with bytes generated by the random number
    generator of the password verification algorithm. Given enough attempts,
    it may be possible for an attacker to change to flow of execution of the
    program so that a significant region of memory is returned to, such as a
    region containing attacker-supplied instructions. Failed exploitation
    attempts will cause the MySQL server to crash, only to be restarted, so it
    is possible for an attacker to make multiple exploitation attempts.
    Theoretically, an attacker could leverage such a condition to cause
    execution of arbitrary code in the security context of the MySQL server
    process.

    It is believed the attacker must be able to issue a COM_CHANGE_USER
    command to exploit this issue, so having access to a valid database user
    account may be a prerequisite for exploitation. It is not known if this
    condition exists when an unauthenticated user attempts to authenticate
    normally.

    This condition may not be exploitable on Microsoft Windows platforms due
    to the random number generator for the password verification algorithm
    using a limited character set.

    23. Microsoft Java Virtual Machine URL Parsing Vulnerability
    BugTraq ID: 6377
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6377
    Summary:

    The Microsoft JVM implements the Java runtime environment for Microsoft
    Internet Explorer. A vulnerability has been discovered in the Microsoft
    Java Virtual Machine.

    This vulnerability is due to a flaw in the way the JVM parses URLs. This
    vulnerability may allow an attacker to construct a malicious URL that
    would load a Java applet from an attacker's site but misrepresent it as
    belonging to another, trusted, site.

    An attacker can exploit this vulnerability to trick a user into executing
    a malicious applet to intercept any traffic that the user would send to a
    trusted site. Such information could include personal information or even
    credit card details; an attacker could potentially obtain any information
    the user is willing to divulge to the site from which the malicious applet
    appears to originate. This vulnerability could also be used to steal
    cookie based credentials.

    This vulnerability was originally described in BID 6365. It is now being
    assigned its own BugTraq ID.

    24. Microsoft Java Virtual Machine JDBC API Access Vulnerability
    BugTraq ID: 6379
    Remote: Yes
    Date Published: Dec 12 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6379
    Summary:

    The Microsoft JVM implements the Java runtime environment for Microsoft
    Internet Explorer. A vulnerability has been discovered in the Microsoft
    Java Virtual Machine (JVM).

    The vulnerability is due to insufficient security checks performed by the
    JVM on JDBC (Java Database Connectivity) API access by remote applets. The
    JDBC APIs are a set of functions that allow Java applets to access
    databases on systems.

    Only trusted Java applets should be able to access these APIs however, an
    attacker may be able to create an applet that can bypass the existing
    security checks performed by the JVM to access the APIs. This will allow
    an attacker to access databases with the privileges of another user to
    manipulate the contents of databases accessible by the user.

    This vulnerability was originally described in BID 6365. It is now being
    assigned its own BugTraq ID.

    25. PHP-Nuke 6.0 Multiple Cross Site Scripting Vulnerabilities
    BugTraq ID: 6409
    Remote: Yes
    Date Published: Dec 16 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6409
    Summary:

    PHP-Nuke is a web-based portal system. Implemented in PHP, it is available
    for a range of systems, including Unix, Linux, and Microsoft Windows.

    Cross-site scripting vulnerabilities have been discovered in multiple PHP
    scripts used by PHP-Nuke 6. Due to insufficient sanitization of web
    requests it is possible for script code to be embedded in PHP script
    requests.

    The scripts, which are vulnerable to these issues, include
    'bb_smilies.php', 'bbcode_ref.php', 'editpost.php', 'newtopic.php',
    'reply.php', 'topicadmin.php', 'viewforum.php', and 'searchbb.php'.

    By constructing a malicious link which exploits one of these
    vulnerabilities, it may be possible to execute arbitrary code within the
    context of a website visited by an unsuspecting user. This may allow a
    remote attacker to steal cookie-based authentication credentials, which
    could be used at a later time to hijack a user's web session.

    26. Symantec Enterprise Firewall RealAudio Proxy Buffer Overflow Vulnerability
    BugTraq ID: 6389
    Remote: Yes
    Date Published: Dec 13 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6389
    Summary:

    Raptor Firewall is an enterprise level firewall originally developed by
    Axent Technologies and is maintained and distributed by Symantec. Symantec
    Enterprise Firewall is formerly known as Raptor firewall. It is available
    for Microsoft Windows and Unix operating systems.

    A vulnerability has been reported for Symantec Enterprise Firewall. A
    buffer overflow vulnerability occurs in the RealAudio Proxy installed on
    Symantec Enterprise Firewall. Reportedly when the Proxy process is sent a
    specially formatted stream of data, it will trigger a buffer overflow
    condition. This will result in the rad (ReadAudio) and statsd (statistics)
    services to unexpectedly terminate and produce Dr. Watson logs.

    The vulnerability occurs when the RealAudio Proxy receives packets that do
    not follow the RealAudio Protocol. An attacker can exploit this
    vulnerability and send a specially crafted stream of data to the Proxy
    process. This will result in a local buffer to be overrun with attacker
    supplied values and will trigger the buffer overflow condition. This will
    cause the rad and statsd services to terminate resulting in a denial of
    service condition.

    Although unconfirmed, it may be possible for an attacker to gain control
    over the execution of the vulnerable RealAudio Proxy process.

    27. MyPHPSoft MyPHPLinks SQL Injection Administration Bypassing Vulnerability
    BugTraq ID: 6395
    Remote: Yes
    Date Published: Dec 14 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6395
    Summary:

    MyPHPLinks is a freely available, open source PHP application distributed
    by MyPHPSoft. It is available for Unix, Linux, and Microsoft Windows
    operating systems.

    A problem with MyPHPLinks could allow remote attackers unauthorized access
    to system resources.

    It has been reported that a problem with the checking of input by
    MyPHPLinks exists. A problem in the checking of the idsession variable
    used by MyPHPLinks to verify Administrator access may allow a remote user
    to gain access to the host. This problem could allow an attacker to gain
    administrator access to the MyPHPLinks section of a web site.

    This vulnerability may be exploited by passing a SQL statement through the
    idsession variable. This SQL statement must evaluate to true.
    Exploitation of this vulnerability would allow an attacker to change the
    links indexed in a MyPHPLink implementation.

    28. Cypherix Cryptainer Information Disclosure Vulnerability
    BugTraq ID: 6396
    Remote: No
    Date Published: Dec 16 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6396
    Summary:

    Cypherix Cryptainer is data encryption software designed for use with
    Microsoft Windows operating systems.

    A vulnerability has been reported for Cryptainer that may allow attackers
    to obtain access to the passwords used by Cryptainer. The vulnerability
    exists due to the way Cryptainer stores the user-supplied password to
    access the program. Specifically, Cryptainer stores the password in memory
    in clear text.

    This vulnerability can only be exploited when Cryptainer is loaded and the
    victim user has entered the password at least once. However, Cryptainer
    contains a feature that allows the program to be minimized in the System
    Tray. This satisfies one condition of exploitation and may provide local
    attackers with a greater chance for exploitation.

    By exploiting this issue a malicious local user may be able to retrieve
    sensitive information from a system using Cryptainer and may lead to
    compromise of computing resources.

    29. PHP-Nuke Web Mail Script Injection Vulnerability
    BugTraq ID: 6400
    Remote: Yes
    Date Published: Dec 16 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6400
    Summary:

    PHP-Nuke is a web-based portal system. Implemented in PHP, it is available
    for a range of systems, including Unix, Linux, and Microsoft Windows.

    A vulnerability has been discovered in the web mail module available for
    PHP-Nuke. Due to insufficient sanitization of message content it is
    possible for an attacker to embed script code into a malicious HTML email.
    An unsuspecting user that opens the email will cause the script code to be
    executed within their browser.

    Exploiting this issue may allow an attacker to steal cookie-based
    authentication credentials, which may be used at a later time to hijack a
    user's web session.

    30. PHP-Nuke Multiple Path Disclosure Vulnerabilities
    BugTraq ID: 6406
    Remote: Yes
    Date Published: Dec 16 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6406
    Summary:

    PHP-Nuke is a web based Portal system. Implemented in PHP, it is available
    for a range of systems, including Unix, Linux, and Microsoft Windows.

    Multiple path disclosure vulnerabilities have been discovered in PHP
    scripts used by PHP-Nuke. The issue occurs when a request is made for a
    script, which should not be accessed directly. Some scripts do not provide
    sufficient error handling for cases where these scripts are accessed
    directly. This will cause the script to generate an error page containing
    the absolute path information. The PHP scripts affected by this issue
    include voteinclude.php, navbar.php, attachment.php, and mainfile.php.

    Exploiting this issue will cause the target server to disclose sensitive
    information about the layout of the filesystem of the host running the
    vulnerable software. Information of this nature may aid in mounting
    further attacks against the host.

    31. ZipMagic Tar Hostile Destination Path Vulnerability
    BugTraq ID: 6416
    Remote: Yes
    Date Published: Dec 17 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6416
    Summary:

    ZipMagic is a file compression utility available from Aladdin Systems. It
    is available for the Microsoft Windows operating system.

    A vulnerability has been discovered in Aladdin Systems ZipMagic when
    handling malicious .tar archives. The problem lies in the handling of
    pathnames.

    By specifying a path for an archived item which points outside the
    expected directory scope, the creator of the archive can cause the file to
    be extracted to arbitrary locations on the filesystem. An attacker may
    take advantage of this vulnerability to cause malicious files to be placed
    anywhere on a target filesystem.

    An attacker may exploit this condition by specifying a relative extraction
    path in a malicious .tar that points to sensitive or criticals files, such
    as system binaries.

    This vulnerability was originally described in BID 6412 "Multiple Vendor
    Archiving Software Tar Hostile Destination Path Vulnerability" and is now
    being assigned an individual Bugtraq ID.

    32. WinZip Tar Hostile Destination Path Vulnerability
    BugTraq ID: 6418
    Remote: Yes
    Date Published: Dec 17 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6418
    Summary:

    WinZip is an archiving utility for Microsoft Windows platforms.

    WinZip is prone to a security vulnerability when unpacking .tar archives.
    The problem is in the handling of pathnames.

    By specifying a path for an archived item which points outside the
    expected directory scope, the creator of the archive can cause the file to
    be extracted to arbitrary locations on the filesystem. An attacker may
    take advantage of this vulnerability to cause malicious files to be placed
    anywhere on a target filesystem.

    This issue is present when the "Extract folder names" option is checked in
    the extraction dialogue, which is the default setting and is used to
    retain the directory structure when extracting files. An attacker may
    exploit this condition by specifying a relative extraction path in a
    malicious .tar that points to sensitive or critical files, such as system
    binaries.

    This vulnerability was originally described in BID 6412 "Multiple Vendor
    Archiving Software Tar Hostile Destination Path Vulnerability" and is now
    being assigned an individual Bugtraq ID.

    33. WinRAR Archive Improper File Representation Weakness
    BugTraq ID: 6422
    Remote: Yes
    Date Published: Dec 17 2002 12:00AM
    Relevant URL:
    http://www.securityfocus.com/bid/6422
    Summary:

    WinRAR is a compression utility capable of reading and writing files using
    ZIP, RAR, CAB, ARJ, LZH, TAR, GZ, ACE, UUE, BZ2, JAR, and ISO archives. It
    is available for the Microsoft Windows Operating system.

    WinRAR contains a weakness when displaying the directory traversal
    sequence '../' to the user when contained in .tar archives. Instead of
    displaying the '../' sequence, the user interface will display '..'.
    This could allow a user viewing a .tar archive to believe that the
    extraction path information contained in the archive is legitimate and can
    be redistributed to other users.

    Passing along such an archive could allow another user to be exploited if
    their archive extraction utility is vulnerable to the Multiple Vendor
    Archiving Software Tar Hostile Destination Path Vulnerability (BID 6412).
    This issue was originally mentioned in BID 6412 and is now being assigned
    an individual Bugtraq ID.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. Removing locking user from CTRL-ALT-DEL window - NT 4.0 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/304088

    2. Logging Terminal Services Access? (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/304089

    3. ipsecpol on Windows 2000 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/304087

    4. SecurityFocus Microsoft Newsletter #117 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/303553

    5. Users Peeved at Microsoft Security Effort (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/303529

    6. IIS 4 Security (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/303338

    7. Exchange 5.5 delivery receipts (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/303328

    8. Bulletin MS02-069 (Thread)
    Relevant URL:

    http://online.securityfocus.com/archive/88/303278

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. ipPulse
    by Northwest Performance Software
    Platforms: Windows 95/98, Windows NT
    Relevant URL:
    http://www.ippulse.com/ippulsemain.html
    Summary:

    ipPulse is a Remote Status Monitoring Tool. Use ipPulse to monitor the
    up/down status of IP connected devices (nodes) on any IP connected
    network. ipPulse uses a variety of methods, including SNMP, to poll and
    check the network connectivity of a list of user-defined nodes. ipPulse
    alerts you to failures using a variety of techniques ranging from audible
    messages to email and pager notification. You can even control ipPulse
    remotely by logging into Remote Control using any Telnet application.

    2. BVRP Mail Warden
    by BVRP Software UK
    Platforms: Windows 2000, Windows NT
    Relevant URL:
    http://shop.bvrp.com/english/asp/default.asp?UserPrefLanguage=1&UserPrefCountry=3&UserPrefCurrency=4&UserPrefCurrentCompany=18&UserPrefUseVicom=1 the permissions that new files # are set to when they are created. If the archives will be madQuestion: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414)
    Summary:

    BVRP Mail Warden provides vital email protection for your business against
    unwanted, dangerous or inappropriate email messages flowing in and out of
    your organisation.

    3. Silent Watch
    by Adavi
    Platforms: Windows 95/98, Windows NT
    Relevant URL:
    http://www.adavi.com/overview.cfm
    Summary:

    Desktop PC Surveillance software, monitor display, keylogs, URL logs and
    define keyword dictionary to trigger alarms and monitor hundreds of PC's
    remotely. Freeze PC's, block keyword trapped email and file transfers.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    -------------------------------------
    1. Lepton's Crack v1.0.1
    by Lepton and Nekromancer lcrack@eudoramail.com
    Relevant URL:
    http://usuarios.lycos.es/reinob/
    Platforms: Linux, POSIX, Windows 2000, Windows NT
    Summary:

    Lepton's Crack is a generic password cracker. It is easily-customizable
    with a simple plugin system and allows system administrators to review the
    quality of the passwords being used on their systems. It can perform a
    dictionary-based (wordlist) attack as well as a brute force (incremental)
    password scan. It supports standard MD4 hash, standard MD5 hash, NT
    MD4/Unicode, and Lotus Domino HTTP password (R4) formats.

    2. perltrash v0.3
    by Maik Schreiber
    Relevant URL:
    http://www.iq-computing.de/perltrash
    Platforms: Os Independent
    Summary:

    perltrash is a Perl script that emulates a "trash can". Instead of
    permanently deleting files, they are moved into the trash can. Files can
    be restored in the future if they are needed again. Single files can be
    permanently removed from the trash can. perltrash can automatically remove
    files from the trash can that are over a certain time limit or trash can
    size. It supports all kinds of files, including complete directories.

    3. Opticon|Users 2002
    by Security Storm
    Relevant URL:
    http://www.securitystorm.net/products/tools/opticon/index.asp
    Platforms: Windows 2000, Windows NT, Windows XP
    Summary:

    Opticon|Users 2002 is a simple tool to show administrators who is logged
    onto the network and from what workstation that user is accessing the
    network from. Information about the workstation used to logon from, the
    domain, the logon server, and the date/time of logon is also displayed.
    This tool makes it easy to spot unauthorized logons from a certain
    workstation or logons using an administrative account.

    VI. SPONSOR INFORMATION
    -----------------------
    This issue is sponsored by: Qualys

    Strengthening Network Security: FREE Guide Network security is a
    constantly moving target - even proven solutions lose their punch over
    time. Find out how to get COMPLETE PROTECTION against ever-growing
    security threats with our FREE new Guide.

    Get your copy today at: https://www.qualys.com/forms/nsguideh_376.php

    -------------------------------------------------------------------------------



    Relevant Pages

    • SecurityFocus Microsoft Newsletter #242
      ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
      (Focus-Microsoft)
    • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
      ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter # 87
      ... Meeting IT Security Benchmarks Through IT Audits ... MICROSOFT VULNERABILITY SUMMARY ... Bypassing Windows 2000 Domain Password settings ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #75
      ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #176
      ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
      (Focus-Microsoft)