SecurityFocus Microsoft Newsletter #282



SecurityFocus Microsoft Newsletter #282
----------------------------------------

ALERT: "How a Hacker Launches a SQL Injection Attack!" - SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543

------------------------------------------------------------------
I. FRONT AND CENTER
1. Human rights and wrongs online
2. Social engineering reloaded
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Excel Malformed Formula Size Remote Code Execution Vulnerability
2. Macromedia Flash Multiple Unspecified Security Vulnerabilities
3. Unalz Hostile Destination Path Vulnerability
4. Drupal Multiple Input Validation Vulnerabilities
5. Microsoft Excel Malformed Record Remote Code Execution Vulnerability
6. Firebird Local Inet_Server Buffer Overflow Vulnerability
7. Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
8. Free-AV AntiVir Personal Edition Classic Local Privilege Escalation Vulnerability
9. SafeDisc Secdrv.SYS Local Privilege Escalation Vulnerability
10. Ipswitch IMail Server / Collaboration Suite IMAP FETCH Remote Buffer Overflow Vulnerability
11. Microsoft March Advance Notification Multiple Vulnerabilities
12. Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
13. Kerio MailServer Remote Denial of Service Vulnerability
14. Peercast.org PeerCast Remote Buffer Overflow Vulnerability
15. Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
16. Novell BorderManager Remote Denial Of Service Vulnerability
17. Magic Winmail Server Multiple Unspecified Vulnerabilities
18. Microsoft Office Routing Slip Processing Remote Buffer Overflow Vulnerability
19. Liero Xtreme Remote Denial Of Service Vulnerability
20. Liero Xtreme Remote Format String Vulnerability
21. Microsoft Internet Explorer Java Applet Handling Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. trouble using SSL on WSUS
2. New Sasser variant on the loose? Anyone else?
3. Automate group membership validation
4. FW: user logon script context....
5. SecurityFocus Microsoft Newsletter #281
6. AW: user logon script context....
7. user logon script context....
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Human rights and wrongs online
By Mark Rasch
A government's position on censorship used to protect its citizenry is dictated by who they are. The well-popularized censorship of Internet content in China by Google and other big players, and criticism of this by the U.S. government, is really just the tip of the iceburg.
http://www.securityfocus.com/columnists/392

2. Social engineering reloaded
By Sarah Granger
The purpose of this article is to go beyond the basics and explore how social engineering, employed as technology, has evolved over the past few years. A case study of a typical Fortune 1000 company will be discussed, putting emphasis on the importance of education about social engineering for every corporate security program.
http://www.securityfocus.com/infocus/1860


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Excel Malformed Formula Size Remote Code Execution Vulnerability
BugTraq ID: 17108
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17108
Summary:
Microsoft Excel is prone to a remote code execution vulnerability. This issue may be triggered when an Excel document with a malformed formula size is opened.

2. Macromedia Flash Multiple Unspecified Security Vulnerabilities
BugTraq ID: 17106
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17106
Summary:
The Macromedia Flash plug-in is susceptible to multiple unspecified vulnerabilities.

An attacker can potentially exploit these vulnerabilities to execute arbitrary code. The most likely vector of attack is through a malicious SWF file designed to trigger the vulnerability that has been placed on a website. A denial of service condition may arise from attack attempts as well.

Versions of the Flash Player prior to 7.0.63.0 and 8.0.24.0 are vulnerable to these issues.

3. Unalz Hostile Destination Path Vulnerability
BugTraq ID: 17105
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17105
Summary:
unalz contains a vulnerability in the handling of pathnames for archived files.

By specifying a path for an archived item that points outside the expected destination directory, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem, possibly including paths containing system binaries and other sensitive or confidential information.

It is conjectured that an attacker could use this to create or overwrite binaries in any desired location, using the privileges of the invoking user.

version 0.53 is vulnerable; other versions may also be affected.

4. Drupal Multiple Input Validation Vulnerabilities
BugTraq ID: 17104
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17104
Summary:
Drupal is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site, disclose sensitive information, hijack user sessions and utilize a vulnerable Drupal installation as an email relay.

5. Microsoft Excel Malformed Record Remote Code Execution Vulnerability
BugTraq ID: 17101
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17101
Summary:
Microsoft Excel is prone to a remote code execution vulnerability. This issue may be triggered when a Excel document with malformed record data is opened.

6. Firebird Local Inet_Server Buffer Overflow Vulnerability
BugTraq ID: 17077
Remote: No
Date Published: 2006-03-13
Relevant URL: http://www.securityfocus.com/bid/17077
Summary:
Firebird is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly check boundaries of user-supplied command-line argument data before copying it to an insufficiently sized memory buffer.

Attackers may exploit this issue to execute arbitrary machine code with elevated privileges, because the affected binaries are often installed with setuid privileges.

7. Apple QuickTime/iTunes Integer And Heap Overflow Vulnerabilities
BugTraq ID: 17074
Remote: Yes
Date Published: 2006-03-11
Relevant URL: http://www.securityfocus.com/bid/17074
Summary:
An integer overflow and heap-based buffer overflow vulnerability have been reported in Apple QuickTime and iTunes. These issues affect both Mac OS X and Microsoft Windows releases of the software.

A successful exploit will result in execution of arbitrary code in the context of the currently logged in user.

8. Free-AV AntiVir Personal Edition Classic Local Privilege Escalation Vulnerability
BugTraq ID: 17071
Remote: No
Date Published: 2006-03-11
Relevant URL: http://www.securityfocus.com/bid/17071
Summary:
AntiVir Personal Edition Classic is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to launch other applications with SYSTEM privileges. This may facilitate a complete compromise of the affected computer.

AntiVir Personal Edition Classic version 7 is vulnerable; other versions may also be affected.

9. SafeDisc Secdrv.SYS Local Privilege Escalation Vulnerability
BugTraq ID: 17070
Remote: No
Date Published: 2006-03-11
Relevant URL: http://www.securityfocus.com/bid/17070
Summary:
SafeDisc is prone to a local privilege-escalation vulnerability. This issue is due to the failure of the application to restrict access to the configuration parameters of an installed service.


This vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM-level privileges, facilitating the complete compromise of affected computers.

10. Ipswitch IMail Server / Collaboration Suite IMAP FETCH Remote Buffer Overflow Vulnerability
BugTraq ID: 17063
Remote: Yes
Date Published: 2006-03-10
Relevant URL: http://www.securityfocus.com/bid/17063
Summary:
Ipswitch IMail Server / Collaboration Suite are prone to a remote buffer-overflow vulnerability.

The vulnerability presents itself when the server handles a specially crafted IMAP FETCH command.

This may result in memory corruption leading to a denial-of-service condition or arbitrary code execution.

11. Microsoft March Advance Notification Multiple Vulnerabilities
BugTraq ID: 17049
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17049
Summary:
Microsoft has released advanced notification that they will be releasing two security bulletins for Windows on March 14, 2006. The highest severity rating for these issues is Critical.

Further details about these issues are not currently available. Individual BIDs will be created and this record will be removed when the security bulletins are released.

12. Easy File Sharing Web Server Multiple Input Validation Vulnerabilities
BugTraq ID: 17046
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17046
Summary:
Easy File Sharing Web Server is prone to multiple input-validation vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content.

The issues include HTML-injection, denial-of-service, and arbitrary file-upload vulnerabilities.

An attacker can exploit these issues to steal cookie-based authentication credentials, control how the site is rendered to the user, cause the application to crash, and facilitate a compromise of the underlying computer.

13. Kerio MailServer Remote Denial of Service Vulnerability
BugTraq ID: 17043
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17043
Summary:
Kerio MailServer is prone to a remote denial-of-service vulnerability. This issue affects Kerio MailServer versions 6.1.3 and prior.

14. Peercast.org PeerCast Remote Buffer Overflow Vulnerability
BugTraq ID: 17040
Remote: Yes
Date Published: 2006-03-09
Relevant URL: http://www.securityfocus.com/bid/17040
Summary:
PeerCast is prone to a remote buffer-overflow vulnerability. This can facilitate a remote compromise due to arbitrary code execution.

PeerCast 0.1215 and prior versions are vulnerable.

15. Zone Labs ZoneAlarm Security Suite Local Privilege Escalation Vulnerability
BugTraq ID: 17037
Remote: No
Date Published: 2006-03-08
Relevant URL: http://www.securityfocus.com/bid/17037
Summary:
Zone Labs ZoneAlarm Security Suite is prone to a local privilege escalation vulnerability. This issue is due to the failure of the application to properly specify the full path of DLLs.

This vulnerability allows local attackers to execute arbitrary malicious code with SYSTEM level privileges, facilitating the complete compromise of affected computers.

ZoneAlarm Security Suite version 6.1.744.000 is vulnerable to this issue; other versions may also be affected.

16. Novell BorderManager Remote Denial Of Service Vulnerability
BugTraq ID: 17031
Remote: Yes
Date Published: 2006-03-08
Relevant URL: http://www.securityfocus.com/bid/17031
Summary:
Novell BorderManager is affected by a remote denial-of-service vulnerability. This issue is due to a failure of the application to properly handle exceptional network input.

This issue will allow an attacker to cause the affected client computer to hang, denying service to legitimate users.

17. Magic Winmail Server Multiple Unspecified Vulnerabilities
BugTraq ID: 17009
Remote: Yes
Date Published: 2006-03-07
Relevant URL: http://www.securityfocus.com/bid/17009
Summary:
Magic Winmail Server is reportedly prone to multiple unspecified security vulnerabilities. The cause and impact of these issues are currently unknown.

These issues may be related to those discussed in BID 15493 (Magic Winmail Server Multiple Input Validation Vulnerabilities)

18. Microsoft Office Routing Slip Processing Remote Buffer Overflow Vulnerability
BugTraq ID: 17000
Remote: Yes
Date Published: 2006-03-14
Relevant URL: http://www.securityfocus.com/bid/17000
Summary:
Microsoft Office is prone to a remote buffer overflow vulnerability.

This vulnerability presents itself when a specially crafted document is handled by the application.

A successful attack can result in a remote compromise in the context of an affected user.

19. Liero Xtreme Remote Denial Of Service Vulnerability
BugTraq ID: 16992
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16992
Summary:
Liero Xtreme is prone to a remote denial of service vulnerability.

A remote attacker may exploit this issue to deny service for legitimate users.

20. Liero Xtreme Remote Format String Vulnerability
BugTraq ID: 16990
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16990
Summary:
Liero Xtreme is reported prone to a remote format string vulnerability.


It is possible that as a result of this issue, malicious data containing format specifiers will be interpreted literally by the application; this may result in attacker-specified memory being corrupted or disclosed, leading to arbitrary code execution.

A successful exploit could result in a failure of the application or arbitrary code execution in the context of the application.

21. Microsoft Internet Explorer Java Applet Handling Denial of Service Vulnerability
BugTraq ID: 16978
Remote: Yes
Date Published: 2006-03-06
Relevant URL: http://www.securityfocus.com/bid/16978
Summary:
Microsoft Internet Explorer is affected by a denial-of-service vulnerability. This issue arises because the application fails to handle exceptional conditions in a proper manner. This issue presents itself only when Sun's Java runtime environment is installed and configured to be the default handler for Java applets.

An attacker may exploit this issue by enticing a user to visit a malicious site, resulting in a denial-of-service condition in the application.

Specific version information for Microsoft Internet Explorer and the Java runtime are not currently available. This BID will be updated as further information is disclosed.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. trouble using SSL on WSUS
http://www.securityfocus.com/archive/88/427610

2. New Sasser variant on the loose? Anyone else?
http://www.securityfocus.com/archive/88/427492

3. Automate group membership validation
http://www.securityfocus.com/archive/88/427290

4. FW: user logon script context....
http://www.securityfocus.com/archive/88/427243

5. SecurityFocus Microsoft Newsletter #281
http://www.securityfocus.com/archive/88/427144

6. AW: user logon script context....
http://www.securityfocus.com/archive/88/427140

7. user logon script context....
http://www.securityfocus.com/archive/88/427134

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
ALERT: "How a Hacker Launches a SQL Injection Attack!" - SPI Dynamics White Paper
It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70130000000C543




---------------------------------------------------------------------------
---------------------------------------------------------------------------