SecurityFocus Microsoft Newsletter #306



SecurityFocus Microsoft Newsletter #306
----------------------------------------

This issue is Sponsored by: SPI Dynamics

FREE Webcast: "Building a Web Application Assessment Program"
During this Webcast, you will learn; key challenges to implementing a Web application assessment program, how to limit false positives and increase accuracy and why engaging developers is critical to the security process.

https://download.spidynamics.com/1/ad/AMPw.asp?Campaign_ID=70160000000CaZH

------------------------------------------------------------------
I. FRONT AND CENTER
1. Anonymous No More
2. Microsoft Office security, part two
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer COM Object Instantiation Daxctle.OCX Heap Buffer Overflow vulnerability.
2. Cybozu Garoon Multiple SQL Injection Vulnerabilities
3. Sendmail Long Header Denial Of Service Vulnerability
4. ImageMagick Sun Bitmap Image File Remote Unspecified Buffer Overflow Vulnerability
5. ImageMagick XCF Image File Remote Unspecified Buffer Overflow Vulnerability
6. Wireshark Multiple Vulnerabilities
7. CScope Reffile Local Buffer Overflow Vulnerability
8. CScope Cscope.Lists Multiple Buffer Overflow Vulnerabilities
9. Drupal E-commerce Module Multiple Cross-Site Scripting Vulnerabilities
10. Trident Software PowerZip ZIP Archive Handling Buffer Overflow Vulnerability
11. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Vulnerability
12. Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer Overflow Vulnerabilities
13. Microsoft Internet Explorer Multiple COM Object Color Property Denial of Service Vulnerabilities
14. Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
15. PHProjekt Content Management Module Multiple Remote File Include Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. IP address assignment problem
2. SecurityFocus Microsoft Newsletter #305
3. User creation audit trail
4. Workstation Shutdown / Logoff Policy
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Anonymous No More
By Mark Rasch
In early August, officials at America Online released information about searches being conducted by AOL members and users of the AOL search tool.
http://www.securityfocus.com/columnists/414

2. Microsoft Office security, part two
By Khushbu Jithra
This article discusses Microsoft Office's OLE Structured Storage and the nature of recent dropper programs and other exploit agents, in an effort to scrutinize the workings of some of the recent MS Office exploits. Part two will then collates some forensic investigation avenues through different MS Office features. Parts of the article sample different MS Office vulnerabilities to discuss their nature and the method of exploitation.
http://www.securityfocus.com/infocus/1874


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Internet Explorer COM Object Instantiation Daxctle.OCX Heap Buffer Overflow vulnerability.
BugTraq ID: 19738
Remote: Yes
Date Published: 2006-08-28
Relevant URL: http://www.securityfocus.com/bid/19738
Summary:
Microsoft Internet Explorer is prone to a heap buffer-overflow vulnerability..

The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls.

An attacker can exploit this issue to execute arbitrary code within context of the affected application. Failed exploit attempts will result in a denial-of-service.

2. Cybozu Garoon Multiple SQL Injection Vulnerabilities
BugTraq ID: 19731
Remote: Yes
Date Published: 2006-08-28
Relevant URL: http://www.securityfocus.com/bid/19731
Summary:
Cybozu Garoon is prone to multiple SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful attack could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. An attacker can gain administrative access to the application by carrying out a successful attack.

These issues affect versions prior to 2.1.1.

3. Sendmail Long Header Denial Of Service Vulnerability
BugTraq ID: 19714
Remote: Yes
Date Published: 2006-08-25
Relevant URL: http://www.securityfocus.com/bid/19714
Summary:
Sendmail is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the Sendmail process causing a denial-of-service.

As this issue was reported in OpenBSD's version of Sendmail, information regarding affected Sendmail packages is currently unavailable. This BID will be updated as more information is disclosed.

4. ImageMagick Sun Bitmap Image File Remote Unspecified Buffer Overflow Vulnerability
BugTraq ID: 19699
Remote: Yes
Date Published: 2006-08-24
Relevant URL: http://www.securityfocus.com/bid/19699
Summary:
ImageMagick is prone to an unspecified remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

This BID will be updated as further information is disclosed.

Versions of ImageMagick prior to 6.2.9-2 are vulnerable to this issue.

5. ImageMagick XCF Image File Remote Unspecified Buffer Overflow Vulnerability
BugTraq ID: 19697
Remote: Yes
Date Published: 2006-08-24
Relevant URL: http://www.securityfocus.com/bid/19697
Summary:
ImageMagick is prone to an unspecified remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This issue allows attackers to execute arbitrary machine code in the context of applications that use the ImageMagick library.

This BID will be updated as further information is disclosed.

Versions of ImageMagick prior to 6.2.9-2 are vulnerable to this issue.

6. Wireshark Multiple Vulnerabilities
BugTraq ID: 19690
Remote: Yes
Date Published: 2006-08-24
Relevant URL: http://www.securityfocus.com/bid/19690
Summary:
Wireshark is prone to multiple vulnerabilities:

- Multiple denial-of-service vulnerabilities.
- Multiple off-by-one vulnerabilities.

These may permit attackers to execute arbitrary code, which can facilitate a compromise of an affected computer or cause a denial-of-service condition to legitimate users of the application.

7. CScope Reffile Local Buffer Overflow Vulnerability
BugTraq ID: 19687
Remote: No
Date Published: 2006-08-24
Relevant URL: http://www.securityfocus.com/bid/19687
Summary:
Cscope is prone to a local buffer-overflow vulnerability. The issue is due to a failure in the application to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.

The issue allows local attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Cscope 15.x is affected by this vulnerability. Previous versions may be affected as well.

8. CScope Cscope.Lists Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 19686
Remote: Yes
Date Published: 2006-08-24
Relevant URL: http://www.securityfocus.com/bid/19686
Summary:
Cscope is prone to multiple buffer-overflow vulnerabilities. The issues are due to a failure in the application to properly validate the size of attacker-supplied data before copying it into a finite-sized buffer.

These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely crash the application, denying service to legitimate users.

Cscope 15.x is affected by these vulnerabilities. Previous versions may be affected as well.

9. Drupal E-commerce Module Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 19675
Remote: Yes
Date Published: 2006-08-22
Relevant URL: http://www.securityfocus.com/bid/19675
Summary:
Drupal E-commerce Module is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Versions prior to 4.7 revision 1.37.2.4 are vulnerable to these issues.

10. Trident Software PowerZip ZIP Archive Handling Buffer Overflow Vulnerability
BugTraq ID: 19671
Remote: Yes
Date Published: 2006-08-23
Relevant URL: http://www.securityfocus.com/bid/19671
Summary:
PowerZip is susceptible to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

This vulnerability allows attackers to execute arbitrary machine code in the context of the affected application.

Versions of PowerZip prior to 7.07 Build 3901 are vulnerable to this issue.

11. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Vulnerability
BugTraq ID: 19667
Remote: Yes
Date Published: 2006-08-22
Relevant URL: http://www.securityfocus.com/bid/19667
Summary:
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability. A successful exploit may result in arbitrary code-execution in the context of the user running the browser.

This issue was introduced with the patches released with Microsoft advisory MS06-042.

Internet Explorer 6 SP1 running on Microsoft Windows 2000 and Windows XP SP1 is vulnerable to this issue.

12. Alt-N MDaemon Multiple Remote Pre-Authentication POP3 Buffer Overflow Vulnerabilities
BugTraq ID: 19651
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19651
Summary:
Alt-N MDaemon POP3 Server is susceptible to multiple remote buffer-overflow vulnerabilities. The issues are due to the application's failure to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

These issues allow remote, unauthenticated attackers to execute arbitrary machine code in the context of affected servers. This may facilitate the compromise of affected computers.

MDaemon versions 8 and 9 are reported to be vulnerable; previous versions may be affected as well.

13. Microsoft Internet Explorer Multiple COM Object Color Property Denial of Service Vulnerabilities
BugTraq ID: 19640
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19640
Summary:
Microsoft Internet Explorer is prone to multiple denial-of-service vulnerabilities. The vulnerabilities exists when instantiating COM objects.

The vulnerabilities arise because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls, resulting in denial-of-service conditions. Remote code execution may be possible, however this has not been confirmed.

This BID may be related to the issues described in BID 14511 (Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability) and BID 15061 Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability). However, these issues affect a different set of COM objects that were not addressed in the previous BIDs.

14. Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
BugTraq ID: 19636
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19636
Summary:
Microsoft Windows 2000 is prone to multiple memory-corruption vulnerabilities that are related to the instantiation of COM objects. These issues may be remotely triggered through Internet Explorer.

The vulnerabilities arise because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls, resulting in arbitrary code execution, but this has not been confirmed. The affected objects are not likely intended to be instantiated through Internet Explorer.

This BID may be related to the issues discussed in BID 17453 (Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability). However, these issues affect a different set of COM objects that were not addressed in previous BIDs.

15. PHProjekt Content Management Module Multiple Remote File Include Vulnerabilities
BugTraq ID: 19628
Remote: Yes
Date Published: 2006-08-21
Relevant URL: http://www.securityfocus.com/bid/19628
Summary:
Multiple remote file-include vulnerabilities affect the Content Management module for PHProjekt because the application fails to properly sanitize user-supplied input before using it in a PHP 'include()' function call.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process.

These issues affect version 0.6.1; earlier versions may also be vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IP address assignment problem
http://www.securityfocus.com/archive/88/444349

2. SecurityFocus Microsoft Newsletter #305
http://www.securityfocus.com/archive/88/444097

3. User creation audit trail
http://www.securityfocus.com/archive/88/444098

4. Workstation Shutdown / Logoff Policy
http://www.securityfocus.com/archive/88/443340

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

FREE Webcast: "Building a Web Application Assessment Program"
During this Webcast, you will learn; key challenges to implementing a Web application assessment program, how to limit false positives and increase accuracy and why engaging developers is critical to the security process.

https://download.spidynamics.com/1/ad/AMPw.asp?Campaign_ID=70160000000CaZH



---------------------------------------------------------------------------
---------------------------------------------------------------------------