SecurityFocus Microsoft Newsletter #301



SecurityFocus Microsoft Newsletter #301
----------------------------------------

This issue is Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com

------------------------------------------------------------------
I. FRONT AND CENTER
1. A month of browser bugs
II. MICROSOFT VULNERABILITY SUMMARY
1. Intervations FileCopa Directory Arguments Mutiple Buffer Overflow Vulnerabilities
2. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
3. Microsoft Internet Explorer Native Function Iterator Denial Of Service Vulnerability
4. Microsoft Windows Remote Denial of Service Vulnerability
5. Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability
6. Microsoft Internet Explorer Multiple Object ListWidth Property Denial Of Service Vulnerability
7. Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service Vulnerability
8. Microsoft Internet Explorer String To Binary Function Denial Of Service Vulnerability
9. Microsoft Internet Explorer Content-Type Denial Of Service Vulnerability
10. Microsoft Internet Explorer OVCtl Denial Of Service Vulnerability
11. Password Safe Local Insecure Idle Timeout Lock Vulnerability
12. Microsoft Internet Explorer DataSourceControl Denial of Service Vulnerability
13. Pablo Software Solutions Quick 'n Easy FTP Server LIST Command Buffer Overflow Vulnerability
14. Intervations FileCopa LIST Command Remote Buffer Overflow Vulnerability
15. Wireshark Protocol Dissectors Multiple Vulnerabilities
16. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
17. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service Vulnerability
18. Microsoft Internet Explorer DXImageTransform Properties Denial Of Service Vulnerability
19. Outpost Firewall PRO Local Privilege Escalation Vulnerability
20. Lotus Notes Mail Recipient Information Disclosure Vulnerability
21. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
22. Zoho Virtual Office Message HTML Injection Vulnerability
23. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service Vulnerabilities
24. Microsoft Internet Explorer MHTMLFile Denial Of Service Vulnerability
25. Rabox WinLPD Remote Buffer Overflow Vulnerability
26. IceWarp Web Mail Multiple File Include Vulnerabilities
27. VisNetic Mail Server Multiple File Include Vulnerabilities
28. Microsoft ISA Server File Extension Filter Bypass Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Co-Hosting SQL with IIS FTP service
2. SCHANNEL CSP SSL
3. Free encryption and credential management tools for Windows
4. SecurityFocus Microsoft Newsletter #300
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A month of browser bugs
By Scott Granneman
Scott Granneman looks at the virtues and pitfalls of browser fuzzing and the overwhelmingly positive impact it has on the security community.
http://www.securityfocus.com/columnists/411


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Intervations FileCopa Directory Arguments Mutiple Buffer Overflow Vulnerabilities
BugTraq ID: 19153
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19153
Summary:
FileCopa is prone to multiple buffer-overflow vulnerabilities because the application fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

Successful exploits may allow remote attackers to execute arbitrary machine code in the context of the affected application, which may facilitate the remote compromise of affected computers.


FileCOPA 1.01 version 2006-07-18 is vulnerable; other versions may also be affected.

2. AGEphone SIP Packet Handling Buffer Overflow Vulnerability
BugTraq ID: 19148
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19148
Summary:
AGEphone is prone to a remote buffer-overflow vulnerability.

Specifically, this issue presents itself when the application handles a malicious SIP (Session Initiation Protocol) packet.

AGEphone versions 1.24 and 1.38.1 are reported vulnerable; other versions may be affected as well.

3. Microsoft Internet Explorer Native Function Iterator Denial Of Service Vulnerability
BugTraq ID: 19140
Remote: Yes
Date Published: 2006-07-25
Relevant URL: http://www.securityfocus.com/bid/19140
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

4. Microsoft Windows Remote Denial of Service Vulnerability
BugTraq ID: 19135
Remote: Yes
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19135
Summary:
Microsoft Windows is reportedly prone to a remote denial-of-service vulnerability. This issue may be due to the operating system's failure to properly handle unexpected network traffic.

This issue may cause affected computers to crash, denying service to legitimate users.

Note that Microsoft has not been able to reproduce this issue. This BID will be updated as further analysis is performed.

5. Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability
BugTraq ID: 19114
Remote: Yes
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19114
Summary:
Microsoft Internet Explorer is prone to a stack-overflow vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

6. Microsoft Internet Explorer Multiple Object ListWidth Property Denial Of Service Vulnerability
BugTraq ID: 19113
Remote: Yes
Date Published: 2006-07-23
Relevant URL: http://www.securityfocus.com/bid/19113
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

7. Microsoft Internet Explorer Internet.HHCtrl Click Denial Of Service Vulnerability
BugTraq ID: 19109
Remote: Yes
Date Published: 2006-07-22
Relevant URL: http://www.securityfocus.com/bid/19109
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

8. Microsoft Internet Explorer String To Binary Function Denial Of Service Vulnerability
BugTraq ID: 19102
Remote: Yes
Date Published: 2006-07-21
Relevant URL: http://www.securityfocus.com/bid/19102
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to properly bounds-check user-supplied input.

Remote attackers can exploit this issue to crash the application, causing a denial-of-service.

9. Microsoft Internet Explorer Content-Type Denial Of Service Vulnerability
BugTraq ID: 19092
Remote: Yes
Date Published: 2006-07-20
Relevant URL: http://www.securityfocus.com/bid/19092
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

Specific information regarding affected Internet Explorer packages is not currently available. This BID will be updated as further information is disclosed.

10. Microsoft Internet Explorer OVCtl Denial Of Service Vulnerability
BugTraq ID: 19079
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19079
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

11. Password Safe Local Insecure Idle Timeout Lock Vulnerability
BugTraq ID: 19078
Remote: No
Date Published: 2006-07-24
Relevant URL: http://www.securityfocus.com/bid/19078
Summary:
Password Safe is prone to a vulnerability that may result in information disclosure. This issue is due to a flaw in the implementation of the inactivity timer, which is designed to lock the database when it is not in use.

This issue may allow local attackers to gain access to the contents of the Password Safe database, since the database-locking feature may not function correctly under certain circumstances.

Versions 2.11, 2.16, and 3.0 beta 1 are vulnerable to this issue. Other versions may also be affected.

12. Microsoft Internet Explorer DataSourceControl Denial of Service Vulnerability
BugTraq ID: 19069
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19069
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.

An attacker can exploit this vulnerability to crash Internet Explorer and deny service to users.

Internet Explorer 6 SP2 is prone to this issue; other versions may also be vulnerable.

13. Pablo Software Solutions Quick 'n Easy FTP Server LIST Command Buffer Overflow Vulnerability
BugTraq ID: 19067
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19067
Summary:
Quick 'n Easy FTP Server is prone to a buffer-overflow vulnerability because it fails to do proper bounds checking on user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in the context of the affected server application. This likely occurs with SYSTEM-level privileges.

14. Intervations FileCopa LIST Command Remote Buffer Overflow Vulnerability
BugTraq ID: 19065
Remote: Yes
Date Published: 2006-07-19
Relevant URL: http://www.securityfocus.com/bid/19065
Summary:
FileCopa is prone to a buffer-overflow vulnerability when handling data through the LIST command.

Reportedly, passing excessive data may overflow a finite-sized internal memory buffer. A successful attack may result in memory corruption as memory adjacent to the buffer is overwritten with user-supplied data.

This issue may lead to a denial-of-service condition or allow arbitrary code to run.

15. Wireshark Protocol Dissectors Multiple Vulnerabilities
BugTraq ID: 19051
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19051
Summary:
Wireshark is prone to multiple vulnerabilities:

- A format string vulnerability.
- An off-by-one vulnerability.
- An infinite loop vulnerability.
- A memory allocation vulnerability.

These may permit attackers to execute arbitrary code, which can facilitate a compromise of an affected computer or cause a denial-of-service condition to legitimate users of the application.

16. RARLAB WinRAR LHA Filename Handling Buffer Overflow Vulnerability
BugTraq ID: 19043
Remote: Yes
Date Published: 2006-07-18
Relevant URL: http://www.securityfocus.com/bid/19043
Summary:
WinRAR is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application.

Versions of WinRAR from 3.0 to 3.60 beta 6 are vulnerable to this issue.

17. Microsoft Internet Explorer WebViewFolderIcon Denial Of Service Vulnerability
BugTraq ID: 19030
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19030
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

18. Microsoft Internet Explorer DXImageTransform Properties Denial Of Service Vulnerability
BugTraq ID: 19029
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19029
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.

An attacker can exploit this vulnerability to crash Internet Explorer and deny service to users.

Internet Explorer 6 SP2 is prone to this issue; other versions may also be vulnerable.

19. Outpost Firewall PRO Local Privilege Escalation Vulnerability
BugTraq ID: 19024
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19024
Summary:
Outpost Firewall PRO will allow local attackers to gain elevated privileges, which may lead to a complete compromise.

Version 3.51.759.6511 (462) is reported vulnerable. Other versions may be affected as well.

20. Lotus Notes Mail Recipient Information Disclosure Vulnerability
BugTraq ID: 19022
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19022
Summary:
Lotus Notes is prone to an information-disclosure vulnerability.

The problem occurs because the 'SendTo/AltSendTo', 'CopyTo/AltCopyTo', and
'BlindCopyTo/AltBlindCopyTo' fields are not kept in sync when 'reply to all' is used.

This may result in unintended recipients receiving emails. This could result in the disclosure of sensitive information if an email containing sensitive or privileged information is sent to unintended readers.

21. Lavasoft Personal Firewall Local Privilege Escalation Vulnerability
BugTraq ID: 19018
Remote: No
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19018
Summary:
Lavasoft Personal Firewall will allow local attackers to gain elevated privileges, which may lead to a complete compromise.

Version 1.0.543.5722 (433) is reported vulnerable. Other versions may be affected as well.

22. Zoho Virtual Office Message HTML Injection Vulnerability
BugTraq ID: 19016
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19016
Summary:
Zoho Virtual Office is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

This issue affects version 3.2 Build 3210; other versions may also be vulnerable.

23. Armagetron Advanced Invalid Values Multiple Remote Denial Of Service Vulnerabilities
BugTraq ID: 19015
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19015
Summary:
Multiple denial of service vulnerabilities affect Armagetron Advanced. These issues are due to a failure of the application to handle malformed network data.

An attacker may leverage these issues to cause a remote denial-of-service condition in affected applications.

24. Microsoft Internet Explorer MHTMLFile Denial Of Service Vulnerability
BugTraq ID: 19013
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19013
Summary:
Internet Explorer is prone to a denial-of-service vulnerability.

The problem occurs when the application is used to view a malicious URI or webpage consisting of a malformed MHTMLfile element.

An attacker can exploit this issue to crash Internet Explorer and deny service to the user.

Internet Explorer 6 SP2 is vulnerable to this issue; other versions may also be vulnerable.

25. Rabox WinLPD Remote Buffer Overflow Vulnerability
BugTraq ID: 19011
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19011
Summary:
Winlpd is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of the vulnerable application. Since this application listens on TCP port 515, it requires elevated privileges. Successfully exploiting this issue, therefore, likely facilitates the complete compromise of affected computers.

Winlpd version 1.2, build 1076 is vulnerable to this issue; other versions may also be affected.

26. IceWarp Web Mail Multiple File Include Vulnerabilities
BugTraq ID: 19007
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19007
Summary:
IceWarp Web Mail is prone to multiple local file-include vulnerabilities and a remote file-include vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files or local files containing malicious PHP code and execute it in the context of the webserver process. This may allow the attacker to compromise the application and access the underlying system.

27. VisNetic Mail Server Multiple File Include Vulnerabilities
BugTraq ID: 19002
Remote: Yes
Date Published: 2006-07-17
Relevant URL: http://www.securityfocus.com/bid/19002
Summary:
VisNetic Mail Server is prone to multiple local file-include vulnerabilities and a remote file includes vulnerability. These issues are due to a failure in the application to properly sanitize user-supplied input.

An attacker can exploit these issues to include arbitrary remote files or local files containing malicious PHP code and execute it in the context of the web server process. This may allow the attacker to compromise the application and access the underlying system.

Version 8.3.5 is vulnerable to this issue; prior versions may also be affected.

28. Microsoft ISA Server File Extension Filter Bypass Vulnerability
BugTraq ID: 18994
Remote: Yes
Date Published: 2006-07-15
Relevant URL: http://www.securityfocus.com/bid/18994
Summary:
Microsoft ISA (Internet Security and Acceleration) Server is prone to a vulnerability that may let users bypass rules for filtering file extensions. Attackers could exploit this vulnerability to bypass administrative policy and to access restricted content on the Internet.

This vulnerability is reported to affect Microsoft ISA Server 2004. Other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Co-Hosting SQL with IIS FTP service
http://www.securityfocus.com/archive/88/441077

2. SCHANNEL CSP SSL
http://www.securityfocus.com/archive/88/441067

3. Free encryption and credential management tools for Windows
http://www.securityfocus.com/archive/88/441066

4. SecurityFocus Microsoft Newsletter #300
http://www.securityfocus.com/archive/88/440570

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com



---------------------------------------------------------------------------
---------------------------------------------------------------------------