SecurityFocus Microsoft Newsletter #215

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 11/16/04

  • Next message: Thompson, Tichard: "RE: Microsoft rights management server alternatives"
    Date: Tue, 16 Nov 2004 14:20:43 -0700 (MST)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #215
    ----------------------------------------

    This Issue is Sponsored By: Check Point

    Learn how Check Point Connectra delivers secure
    SSL VPN access, protecting your network from worms and
    other malware threats. Download this free Web Security
    Information Kit with whitepapers from Stratecast Partners
    and Ziff-Davis, plus much more. It's free! Download now.

    http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041116

    ------------------------------------------------------------------------
    I. FRONT AND CENTER
         1. The Worst Case Scenario
    II. MICROSOFT VULNERABILITY SUMMARY
         1. Software602 602 LAN Suite Multiple Remote Denial Of Service ...
         2. MiniShare Server Remote Buffer Overflow Vulnerability
         3. Microsoft Internet Explorer Local Resource Enumeration Vulne...
         4. Samba Remote Wild Card Denial Of Service Vulnerability
         5. EGroupWare JiNN Application Unspecified Vulnerability
         6. Nucleus CMS Multiple Unspecified Input Validation Vulnerabil...
         7. Infusium ASP Message Board Multiple Unspecified Input Valida...
         8. SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
         9. Samhain Labs Samhain Database Update Local Heap Overflow Vul...
         10. Microsoft Internet Explorer Embedded Content Status Bar URI ...
         11. Microsoft Windows DDEShare Buffer Overflow Vulnerability
         12. Kerio Personal Firewall IP Options Denial Of Service Vulnera...
         13. Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
         14. Mozilla Firefox Insecure Default Installation Vulnerability
         15. WhitSoft Development SlimFTPd Remote Buffer Overflow Vulnera...
         16. Multiple Browser IMG Tag Multiple Vulnerabilities
         17. 04WebServer Multiple Remote Vulnerabilities
         18. vBulletin LAST.PHP SQL Injection Vulnerability
         19. Phorum FOLLOW.PHP SQL Injection Vulnerability
         20. ZoneLabs IMsecure URI Filter Bypass Vulnerability
         21. GD Graphics Library Multiple Unspecified Remote Buffer overf...
         22. ARJ Software UNARJ Remote Buffer Overflow Vulnerability
         23. Youngzsoft CCProxy Logging Function Unspecified Remote Buffe...
         24. SecureAction Research Secure Network Messenger Remote Denial...
    III. MICROSOFT FOCUS LIST SUMMARY
         1. Supported products in Windows Security Center (WSC) (Thread)
         2. Microsoft rights management server alternatives (Thread)
         3. SecurityFocus Microsoft Newsletter #214 (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. CAT Cellular Authentication Token and eAuthentication Servic...
         2. KeyCaptor Keylogger
         3. SpyBuster
         4. FreezeX
         5. NeoExec for Active Directory
         6. Secrets Protector v2.03
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. lock 2.0
         2. WapgGui 1.0
         3. VTrace 0.1
         4. Random Number Generator Pro v1.31
         5. creddump
         6. antinat v0.81
    VI. UNSUBSCRIBE INSTRUCTIONS
    VII. SPONSOR INFORMATION

    I. FRONT AND CENTER
    -------------------
    1. The Worst Case Scenario
    By Mark Rasch

    The fine print in an insurance policy becomes an issue when a bizarre chain
    of IT disasters leaves a company without a single copy of the source code
    to its flagship product.

    http://www.securityfocus.com/columnists/276

    II. MICROSOFT VULNERABILITY SUMMARY
    -----------------------------------
    1. Software602 602 LAN Suite Multiple Remote Denial Of Service ...
    BugTraq ID: 11615
    Remote: Yes
    Date Published: Nov 06 2004
    Relevant URL: http://www.securityfocus.com/bid/11615
    Summary:
    602 LAN SUITE is reported prone to multiple remote denial of service vulnerabilities. The following specific issues are reported:

    It is reported that an attacker may consume CPU and memory resources on a target 602 LAN SUITE server. Reports indicate that this condition exists due to a lack of sanity checking prior to the allocation of regions of memory by the affected software.

    A remote attacker may exploit this vulnerability to consume system resources, ultimately impacting the performance of the target computer and potentially resulting in a denial of service.

    A second vulnerability is reported in the manner in which 602 LAN SUITE handles telnet proxy requests. It is reported that the proxy does not perform sufficient sanity checks on the destination IP of a proxy request.

    A remote attacker may exploit this condition to exhaust all available sockets on a target computer that is running 602 LAN SUITE telnet proxy. This will effectively deny service to legitimate requests.

    2. MiniShare Server Remote Buffer Overflow Vulnerability
    BugTraq ID: 11620
    Remote: Yes
    Date Published: Nov 08 2004
    Relevant URL: http://www.securityfocus.com/bid/11620
    Summary:
    It is reported that MiniShare is susceptible to a remote buffer overflow vulnerability. This issue is due to insufficient buffer boundary verification prior to copying user-supplied data.

    This vulnerability allows remote attackers to execute arbitrary code in the context of the affected application.

    Version 1.4.1 of MiniShare is reported vulnerable to this issue. Other versions may also be affected.

    3. Microsoft Internet Explorer Local Resource Enumeration Vulne...
    BugTraq ID: 11621
    Remote: Yes
    Date Published: Nov 08 2004
    Relevant URL: http://www.securityfocus.com/bid/11621
    Summary:
    Microsoft Internet Explorer is reported prone to a local resource enumeration vulnerability. It is reported that the vulnerability exists because when handling 'res://' requests for local resources, Internet explorer behavior may reveal the existence of local files.

    An attacker may employ information that is harvested in this manner to aid in further attacks that are launched against a target computer.

    4. Samba Remote Wild Card Denial Of Service Vulnerability
    BugTraq ID: 11624
    Remote: Yes
    Date Published: Nov 08 2004
    Relevant URL: http://www.securityfocus.com/bid/11624
    Summary:
    A remote denial of service vulnerability affects the wild card file name functionality of Samba. This issue is caused due to a failure of the application to properly validate malformed user-supplied strings.

    An attacker may leverage this issue to cause the affected application to hang, effectively denying service to legitimate users.

    5. EGroupWare JiNN Application Unspecified Vulnerability
    BugTraq ID: 11625
    Remote: Yes
    Date Published: Nov 08 2004
    Relevant URL: http://www.securityfocus.com/bid/11625
    Summary:
    eGroupWare JiNN application is reported prone to an unspecified vulnerability.

    Further details of this issue are not available at the time of writing. This BID will be updated as details are released.

    6. Nucleus CMS Multiple Unspecified Input Validation Vulnerabil...
    BugTraq ID: 11631
    Remote: Yes
    Date Published: Nov 09 2004
    Relevant URL: http://www.securityfocus.com/bid/11631
    Summary:
    Multiple unspecified vulnerabilities reportedly affect Nucleus CMS. These issue are due to a failure of the application to properly sanitize user-supplied input prior to employing it in critical locations including dynamic content and database queries.

    A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.

    7. Infusium ASP Message Board Multiple Unspecified Input Valida...
    BugTraq ID: 11632
    Remote: Yes
    Date Published: Nov 09 2004
    Relevant URL: http://www.securityfocus.com/bid/11632
    Summary:
    Multiple unspecified vulnerabilities reportedly affect the Infusium ASP Message Board. These issue are due to a failure of the application to properly sanitize user-supplied input prior to employing it in critical locations including dynamic content and database queries.

    A remote attacker may leverage these issues to steal cookie-based authentication credentials, reveal sensitive data and corrupt database contents.

    8. SQLgrey Postfix Greylisting Service SQL Injection Vulnerabil...
    BugTraq ID: 11633
    Remote: Yes
    Date Published: Nov 08 2004
    Relevant URL: http://www.securityfocus.com/bid/11633
    Summary:
    SQLgrey Postfix Greylisting Service is prone to an SQL injection vulnerability. This issue is reportedly due to insufficient sanitization of SQL syntax from fields in email processed by the software.

    The issue could be exploited to influence SQL queries, potentially allowing for compromise of the software or other attacks that impact database security.

    9. Samhain Labs Samhain Database Update Local Heap Overflow Vul...
    BugTraq ID: 11635
    Remote: No
    Date Published: Nov 08 2004
    Relevant URL: http://www.securityfocus.com/bid/11635
    Summary:
    A locally exploitable heap-based buffer overflow exists in Samhain. This issue is exposed when the database is run in update mode and may allow a malicious local user to execute arbitrary code with superuser privileges if successfully exploited.

    10. Microsoft Internet Explorer Embedded Content Status Bar URI ...
    BugTraq ID: 11637
    Remote: Yes
    Date Published: Nov 09 2004
    Relevant URL: http://www.securityfocus.com/bid/11637
    Summary:
    Microsoft Internet Explorer is reported prone to a status bar URI obfuscation weakness. The issue presents itself when an embedded object is encapsulated in a HREF tag.

    This issue may be leveraged by an attacker to display false information in the status bar of the browser of an unsuspecting user, allowing an attacker to present web pages to users that seem to originate from a trusted location. This may facilitate phishing style attacks; other attacks may also be possible.

    11. Microsoft Windows DDEShare Buffer Overflow Vulnerability
    BugTraq ID: 11638
    Remote: Yes
    Date Published: Nov 09 2004
    Relevant URL: http://www.securityfocus.com/bid/11638
    Summary:
    A buffer overflow vulnerability is reported to affect the Microsoft Windows 'ddeshare.exe' utility.

    Although unconfirmed it is conjectured that a remote attacker may potentially exploit this condition to execute arbitrary code in the context of a user that is employing the affected utility to process a malicious remote DDE share name.

    12. Kerio Personal Firewall IP Options Denial Of Service Vulnera...
    BugTraq ID: 11639
    Remote: Yes
    Date Published: Nov 09 2004
    Relevant URL: http://www.securityfocus.com/bid/11639
    Summary:
    A remote denial of service vulnerability affects the IP options filtering functionality of Kerio's Personal Firewall. This issue is caused by a failure of the application to properly handle malformed network packets.

    A remote attacker can exploit this issue anonymously with a spoofed packet to cause a computer running the affected application to hang indefinitely, denying service to legitimate users.

    13. Mozilla Firefox Download Dialogue Box File Name Spoofing Vul...
    BugTraq ID: 11643
    Remote: Yes
    Date Published: Nov 10 2004
    Relevant URL: http://www.securityfocus.com/bid/11643
    Summary:
    A download dialogue box file name spoofing vulnerability affects Mozilla Firefox. This issue is due to a design error that facilitates the spoofing of file names.

    An attacker may leverage this issue to spoof downloaded file names to unsuspecting users. This issue may lead to a compromise of the target computer as well as other consequences.

    NOTE: This issue has been fixed by reducing the number of space characters displayed in the dialogue box. It should be noted that this issue may still be triggered by using other characters to fill the space such as non-displayable characters and even extremely long file names. Users should be cautious about downloading files with the affected application.

    14. Mozilla Firefox Insecure Default Installation Vulnerability
    BugTraq ID: 11644
    Remote: No
    Date Published: Nov 10 2004
    Relevant URL: http://www.securityfocus.com/bid/11644
    Summary:
    Mozilla Firefox is a Web browser developed and supported by the Mozilla Organization. It is freely available for most UNIX and Linux based operating systems as well as Microsoft Windows.

    An insecure default installation vulnerability affects Mozilla Firefox. This issue is due to a failure of the application to place secure permissions on installed files. It should be noted that this issue only affects the vulnerable application installed on the Apple Mac OS X platform.

    An unsuspecting user that double-clicks on such an affected application may have attacker-specified code executing with their privileges, potentially facilitating privilege escalation.

    15. WhitSoft Development SlimFTPd Remote Buffer Overflow Vulnera...
    BugTraq ID: 11645
    Remote: Yes
    Date Published: Nov 10 2004
    Relevant URL: http://www.securityfocus.com/bid/11645
    Summary:
    A remote buffer overflow vulnerability affects WhitSoft Development SlimFTPd. This issue is due to a failure of the application to perform proper bounds checking on user-supplied strings prior to copying them into process buffers.

    An attacker can leverage this issue to execute arbitrary machine code with the privileges of the affected FTP server, facilitating unauthorized access and privilege escalation.

    16. Multiple Browser IMG Tag Multiple Vulnerabilities
    BugTraq ID: 11648
    Remote: Yes
    Date Published: Nov 10 2004
    Relevant URL: http://www.securityfocus.com/bid/11648
    Summary:
    Various browsers are reported prone to multiple vulnerabilities in the image handling functionality through the <IMG> tag. These issues can allow remote attackers to determine the existence of local files, cause a denial of service condition, and disclose passwords for Windows systems via file shares.

    Mozilla Firefox 0.10.1 and prior versions are reported vulnerable to these issues. It is alleged that Microsoft Internet Explorer and Netscape Browsers are also vulnerable to these issues. Due to this vulnerable packages for Internet Explorer and Netscape have been added. This BID will be updated as more information becomes available.

    17. 04WebServer Multiple Remote Vulnerabilities
    BugTraq ID: 11652
    Remote: Yes
    Date Published: Nov 10 2004
    Relevant URL: http://www.securityfocus.com/bid/11652
    Summary:
    Multiple remote vulnerabilities reportedly affect 04WebServer. These issues are due to a failure of the application to properly sanitize user-supplied input.

    An attacker may leverage these issues to carry out cross-site scripting attacks against any Web sites hosted on the affected server and to inject arbitrary characters into log files, potentially leading to corruption.

    18. vBulletin LAST.PHP SQL Injection Vulnerability
    BugTraq ID: 11658
    Remote: Yes
    Date Published: Nov 11 2004
    Relevant URL: http://www.securityfocus.com/bid/11658
    Summary:
    vBulletin is reported vulnerable to a remote SQL injection vulnerability. This issue is due to a failure of the application to properly validate user-supplied input prior to including it in an SQL query.

    An attacker exploits this issue to manipulate and inject SQL queries onto the underlying database. It is reportedly possible to leverage this issue to steal database contents including administrator password hashes and user credentials as well as to attack the underlying database.

    Update: It is reported that this vulnerability exists in third party scripts that can be used with vBulletin. Currently, the vendor of the affected scripts is not known. This BID will be updated as more information becomes available.

    19. Phorum FOLLOW.PHP SQL Injection Vulnerability
    BugTraq ID: 11660
    Remote: Yes
    Date Published: Nov 11 2004
    Relevant URL: http://www.securityfocus.com/bid/11660
    Summary:
    Reportedly Phorum is affected by a remote SQL injection vulnerability. This issue is due to a failure of the application to properly sanitized user supplied URI input.

    This issue allows remote attackers to manipulate query logic, leading to unauthorized access to sensitive information such as the user password hash or corruption of database data. SQL injection attacks may also potentially be used to exploit latent vulnerabilities in the underlying database implementation.

    This issue has been reported to affected versions prior to 5.0.13.

    20. ZoneLabs IMsecure URI Filter Bypass Vulnerability
    BugTraq ID: 11662
    Remote: Yes
    Date Published: Nov 11 2004
    Relevant URL: http://www.securityfocus.com/bid/11662
    Summary:
    It is reported that IMsecure is vulnerable to a filter bypass vulnerability.

    This vulnerability allows remote attackers to bypass the security filter of the affected product.

    Versions prior to 1.5.0.39 are reportedly affected by this vulnerability.

    21. GD Graphics Library Multiple Unspecified Remote Buffer overf...
    BugTraq ID: 11663
    Remote: Yes
    Date Published: Nov 12 2004
    Relevant URL: http://www.securityfocus.com/bid/11663
    Summary:
    Multiple unspecified remote buffer overflow vulnerabilities have been identified in the GD Graphics Library. These issues are due to a failure of the library to do sufficient bounds checking prior to processing user-specified strings.

    An attacker may leverage these issues to remotely execute arbitrary code on a computer with the privileges of a user that views a malicious image file. This may facilitate unauthorized access or privilege escalation.

    22. ARJ Software UNARJ Remote Buffer Overflow Vulnerability
    BugTraq ID: 11665
    Remote: Yes
    Date Published: Nov 12 2004
    Relevant URL: http://www.securityfocus.com/bid/11665
    Summary:
    A remote buffer overflow vulnerability affects ARJ Software's unarj. This issue is caused by a failure of the application to carry out sufficient bounds checking on user-supplied strings prior to processing.

    A remote attacker may leverage this issue to execute arbitrary code with the privileges of a user that process a malicious file with the affected application. This may facilitate unauthorized access or privilege escalation.

    23. Youngzsoft CCProxy Logging Function Unspecified Remote Buffe...
    BugTraq ID: 11666
    Remote: Yes
    Date Published: Nov 11 2004
    Relevant URL: http://www.securityfocus.com/bid/11666
    Summary:
    CCProxy is reported prone to an unspecified remote buffer overflow vulnerability. This issue may allow remote attackers to execute arbitrary code on a vulnerable computer, which can allow for unauthorized access.

    All versions of CCProxy are considered vulnerable at the moment.

    24. SecureAction Research Secure Network Messenger Remote Denial...
    BugTraq ID: 11670
    Remote: Yes
    Date Published: Nov 12 2004
    Relevant URL: http://www.securityfocus.com/bid/11670
    Summary:
    A remote denial of service vulnerability affects SecureAction Research Secure Network Messenger. This issue is due to a failure of the application to properly handle exceptional network data.

    An attacker may leverage this issue to cause a computer running the vulnerable application to crash, denying service to legitimate users.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. Supported products in Windows Security Center (WSC) (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/381203

    2. Microsoft rights management server alternatives (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/381142

    3. SecurityFocus Microsoft Newsletter #214 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/381012

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. CAT Cellular Authentication Token and eAuthentication Servic...
    By: Mega AS Consulting Ltd
    Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
    Relevant URL: http://www.megaas.co.nz
    Summary:

    Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.

    We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.

    2. KeyCaptor Keylogger
    By: Keylogger Software
    Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
    Summary:

    KeyCaptor is your solution for recording ALL keystrokes of ALL users on your computer! Now you have the power to record emails, websites, documents, chats, instant messages, usernames, passwords, and MUCH MORE!

    With our advanced stealth technology, KeyCaptor will not show in your processes list and cannot be stopped from running unless you say so!

    3. SpyBuster
    By: Remove Spyware
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.remove-spyware.com/spybuster.htm
    Summary:

    Our award winning spyware / adware scanner and removal software, SpyBuster will scan your computer for over 4,000 known spyware and adware applications. SpyBuster protects your computer from data stealing programs that can expose your personal information.

    SpyBuster scanning technology allows for a quick and easy sweep, so you can resume your work in minutes.

    4. FreezeX
    By: Faronics Technologies USA Inc
    Platforms: Windows 2000, Windows 95/98, Windows XP
    Relevant URL: http://www.faronics.com/html/Freezex.asp
    Summary:

    FreezeX prevents all unauthorized programs, including viruses, keyloggers and spy ware from executing. Powerful and secure, FreezeX ensures that any new executable, program, or application that is downloaded, introduced via removable media or the network will never install

    5. NeoExec for Active Directory
    By: NeoValens
    Platforms: Windows 2000, Windows XP
    Relevant URL: http://www.neovalens.com
    Summary:

    NeoExec® is an operating system extension for Windows 2000/XP that allows the setting of privileges at the application level rather than at the user level.

    NeoExec® is the ideal solution for applications that require elevated privileges to run as the privileges are granted to the application, not the user.

    NeoExec® is the only solution on the market capable of modifying at runtime the processes' security context -- without requiring a second account as with RunAs and RunAs-derived products.

    6. Secrets Protector v2.03
    By: E-CRONIS
    Platforms: Windows 2000, Windows XP
    Relevant URL: http://www.e-cronis.com/download/sp.exe
    Summary:

    It's the end of your worries about top-secret data of your company, your confidential files or the pictures from the last party. All these will be hidden beyond the reach of ANY intruder and you will be the only one able to handle them. And what you want to delete will be DELETED. It is the ultimate security tool to protect your sensitive information on PC, meeting the three most important security issues: Integrity, Confidentiality and Availability. This product gives you the features of a "folder locker" and a "secure eraser".

    Your secret information is available only trough this software and there is no other mean to access it. The information is protected at file system level and it cannot be accidentally deleted or overwritten neither in Safe mode nor in other operating system. This program doesn't make your operating system unstable as other related product do and protects your information from being seen, altered or deleted by an unauthorized user with or without his wish. The program allows you to permanently erase your sensitive data using secure wiping methods leaving no trace of your information. Depending on the selected wiping method your data is unrecoverable using software or even hardware recovery techniques.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    ------------------------------------
    1. lock 2.0
    By: Uri Fridman
    Relevant URL: http://www.geocities.com/urifrid/lock-2.0-src.zip
    Platforms: Windows 2000
    Summary:

    Lock is a command line tool to lock the
    workstation, options include:
    - lock the workstation
    - lock workstation and run default
    screensaver
    - minimize all open windows and lock the
    workstation
    - send the system to sleep (standby)

    open source, free and small.

    2. WapgGui 1.0
    By: William D. Bartholomew
    Relevant URL: http://www.bartholomew.id.au/Default.aspx?tabid=32
    Platforms: Windows 2000, Windows XP
    Summary:

    A free, open-source, user-friendly interface to run the WAPG password generator. Supports generation of random and pronounceable passwords, specifying minimum and maximum length, specifying what character classes should or must be used, and much more.

    3. VTrace 0.1
    By: Emilio Cini
    Relevant URL: http://www.guerradigital.com.br/vtrace/vtrace.zip
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    Tool for visual tracert, exhibiting the geographical location of each it plans that the package travels ties to arrive to the specified domain.

    4. Random Number Generator Pro v1.31
    By: Segobit Software
    Relevant URL: http://www.segobit.com/rng.zip
    Platforms: Windows 2000, Windows 95/98, Windows NT
    Summary:

    Random Number Generator is a Windows based application designed to generate random numbers. Program allow users choose lower and upper limits and increments of the numbers. Limits can be positive or negative values. User can exclude digits from generated random numbers. Random numbers can be edit and copied to the clipboard for pasting into other applications. Random Number Generator can print all random numbers or save numbers as file. Random Number Generator will generate to 9999 numbers at the time.

    5. creddump
    By: Massimiliano Montoro
    Relevant URL: http://www.oxid.it/downloads/creddump.zip
    Platforms: Windows XP
    Summary:

    Credential Manager is a new SSO solution that Microsoft offers in Windows Server 2003 and Windows XP to provide a secured store for credential information. It and allows you to input user name and passwords for various network resources and applications once, and then have the system automatically supply that information for subsequent visits to those resources without your intervention.

    6. antinat v0.81
    By: Malcolm Smith
    Relevant URL: http://yallara.cs.rmit.edu.au/~malsmith/products/antinat/
    Platforms: MacOS, POSIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    The Antinat SOCKS Server is a multi-threaded, scalable SOCKS server with a client library for writing proxy-based applications. It supports SOCKS 4, SOCKS 5, authentication, firewalling, UDP, and name resolution.

    VI. UNSUBSCRIBE INSTRUCTIONS
    ----------------------------
    To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

    If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.

    VII. SPONSOR INFORMATION
    -----------------------

    This Issue is Sponsored By: Check Point

    Learn how Check Point Connectra delivers secure
    SSL VPN access, protecting your network from worms and
    other malware threats. Download this free Web Security
    Information Kit with whitepapers from Stratecast Partners
    and Ziff-Davis, plus much more. It's free! Download now.

    http://www.securityfocus.com/sponsor/CheckPoint_ms-secnews_041116

    ------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Thompson, Tichard: "RE: Microsoft rights management server alternatives"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #231
      ... Stormy Studios KNet Remote Buffer Overflow Vulnerability ... Mozilla Firefox Address Bar Image Dragging Remote Script Exe... ... Relevant URL: http://www.securityfocus.com/bid/12669 ... This vulnerability is reported to exist in RealNetworks products for Microsoft Windows, Linux, and Apple Mac platforms. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #207
      ... Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S... ... Jigunet TwinFTP Server Directory Traversal Vulnerability ... IBM OEM Microsoft Windows XP And Windows XP SP1 Default Admi... ... Relevant URL: http://www.securityfocus.com/bid/11155 ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #226
      ... Golden FTP Server Remote Buffer Overflow Vulnerability ... Redmond's plan to make you install Windows authentication software before ... Relevant URL: http://www.securityfocus.com/bid/12333 ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #213
      ... Microsoft Internet Explorer Malformed IFRAME Remote Buffer O... ... GD Graphics Library Remote Integer Overflow Vulnerability ... Relevant URL: http://www.securityfocus.com/bid/11510 ... Internet Explorer version 6.0.2900.2180 running on Windows XP SP2 is reportedly not vulnerable to this issue. ...
      (Focus-Microsoft)
    • SecurityFocus Microsoft Newsletter #221
      ... Windows Media Player ActiveX Control Media File Attribute Co... ... ArGoSoft Mail Server HTML Injection Vulnerability ... Snort DecodeTCPOptions Remote Denial Of Service Vulnerabilit... ... Relevant URL: http://www.securityfocus.com/bid/12031 ...
      (Focus-Microsoft)