SecurityFocus Microsoft Newsletter #309



SecurityFocus Microsoft Newsletter #309
----------------------------------------

This issue is Sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus

------------------------------------------------------------------
I. FRONT AND CENTER
1. Liar, Liar, and pretexting
2. Beginner's guide to wireless auditing
II. MICROSOFT VULNERABILITY SUMMARY
1. NewsGator FeedDemon Active Script Code-Execution Vulnerability
2. Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
3. MailEnable SMTP SPF Remote Denial of Service Vulnerability
4. Ipswitch WS_FTP Server XCRC XSHA1 and XMD5 Commands Buffer Overflow Vulnerabilities
5. Microsoft PowerPoint Remote Code Execution Vulnerability
6. Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
7. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Variant Vulnerability
8. Adobe ColdFusion Flash Remoting Gateway Denial of Service Vulnerability
9. Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
10. CCHost Index.PHP SQL Injection Vulnerability
11. IBM Lotus Domino Web Access Session Hijacking Vulnerability
12. Paul Smith Computer Services VCAP Calendar Server Remote Denial of Service Vulnerability
13. Paul Smith Computer Services VCAP Calendar Server Directory Traversal Vulnerability
14. Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
15. CMS.R. Index.PHP SQL Injection Vulnerability
16. RETIRED: Invision Power Board Index.PHP ST Parameter SQL Injection Vulnerability
17. Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability
18. Microsoft PGM Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Storing Images in SQL Server (2005)
2. SecurityFocus Microsoft Newsletter #308
3. Terminal Servers @ Datacenter
4. Question about Sniffer in Windows
5. windump on browsing of shared folders across vpn in winxp
6. Don't Get Too Comfortable - Sept. '06 Patches
7. IP address assignment problem
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Liar, Liar, and pretexting
By Mark Rasch
Mark Rasch details the legality of pretexting by putting it in context with how it used, comparing it with legal forms of lying, and by looking at previous court cases involving pretexting in the United States. Hewlett Packard's use of pretexting also brings up potential charges of criminal fraud, violations of consumer protection laws, issues of deception, and the use of spyware. Together these issues make for a very interesting legal situation at HP.
http://www.securityfocus.com/columnists/417

2. Beginner's guide to wireless auditing
By David Maynor
This article is designed as a beginner's guide to fuzzing wireless device drivers, starting with how to build an auditing environment, how to construct fuzzing tools and finally, how to interpret the results. This auditing environment can be used for WiFi as well as Bluetooth and infrared devices.
http://www.securityfocus.com/infocus/1877


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. NewsGator FeedDemon Active Script Code-Execution Vulnerability
BugTraq ID: 20114
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20114
Summary:
NewsGator FeedDemon is prone to an active script code-execution vulnerability because it fails to sufficiently sanitize Atom feed data prior to rendering the feed.

Successful exploits may result in active scripting content being executed in the context of the application. The 'Internet Zone' is utilized by the application to render the remote HTML content, lessening the impact of this issue.

2. Microsoft Internet Explorer Vector Markup Language Buffer Overflow Vulnerability
BugTraq ID: 20096
Remote: Yes
Date Published: 2006-09-19
Relevant URL: http://www.securityfocus.com/bid/20096
Summary:
Microsoft Internet Explorer is prone to a buffer-overflow vulnerability.

The vulnerability arises because of an error in the processing of Vector Markup Language documents.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. The method by which this vulnerability is currently being exploited will typically terminate Internet Explorer.

This vulnerability is currently being exploited in the wild as Trojan.Vimalov.

This vulnerability affects Internet Explorer version 6.0 on a fully patched system. Previous versions may also be affected.

3. MailEnable SMTP SPF Remote Denial of Service Vulnerability
BugTraq ID: 20091
Remote: Yes
Date Published: 2006-09-18
Relevant URL: http://www.securityfocus.com/bid/20091
Summary:
MailEnable is prone to a remote denial-of-service vulnerability.

This issue allows remote attackers to crash the application, denying further service to legitimate users.

4. Ipswitch WS_FTP Server XCRC XSHA1 and XMD5 Commands Buffer Overflow Vulnerabilities
BugTraq ID: 20076
Remote: Yes
Date Published: 2006-09-14
Relevant URL: http://www.securityfocus.com/bid/20076
Summary:
Ipswitch WS_FTP Server is prone to a number of stack-overflow vulnerabilities. Updates are available.

A successful exploit may lead to remote arbitrary code execution with administrative privileges, facilitating the complete compromise of affected computers.

Ipswitch WS_FTP Server 5.05 is vulnerable to this issue; other versions may also be affected.

5. Microsoft PowerPoint Remote Code Execution Vulnerability
BugTraq ID: 20059
Remote: Yes
Date Published: 2006-09-16
Relevant URL: http://www.securityfocus.com/bid/20059
Summary:
Microsoft PowerPoint is prone to a remote code-execution vulnerability.

This issue can allow remote attackers to execute arbitrary code on a vulnerable computer by supplying a malicious PowerPoint document to a user. This issue is being actively exploited in the wild as Trojan.PPDropper.E.

This issue is currently known to affect only Office 2000 (Chinese version only) on Windows XP (Chinese edition).

6. Microsoft Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability
BugTraq ID: 20047
Remote: Yes
Date Published: 2006-09-13
Relevant URL: http://www.securityfocus.com/bid/20047
Summary:
Microsoft Internet Explorer is prone to a heap buffer-overflow vulnerability.

The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue is similar to, but separate from, the one described in BID 19738 (Microsoft Internet Explorer Daxctle.OCX Spline Method Heap Buffer Overflow Vulnerability).

7. Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Variant Vulnerability
BugTraq ID: 19987
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19987
Summary:
Microsoft Internet Explorer is prone to a remote buffer-overflow vulnerability. A successful exploit may result in arbitrary code-execution in the context of the user running the browser.

This issue was introduced with the rereleased patches of Microsoft advisory MS06-042.

This issue is nearly identical to that discussed in BID 19667 (Microsoft Internet Explorer HTTP 1.1 and Compression Long URI Buffer Overflow Vulnerability), but is a separate vulnerability.

8. Adobe ColdFusion Flash Remoting Gateway Denial of Service Vulnerability
BugTraq ID: 19984
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19984
Summary:
Adobe ColdFusion is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

9. Adobe Flash Player Multiple Remote Code Execution Vulnerabilities
BugTraq ID: 19980
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19980
Summary:
Adobe Flash Player is prone to multiple remote code-execution vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker could exploit this issue by creating a media file containing large, dynamically generated string data and submitting it to be processed by the media player.

These issues allow remote attackers to execute arbitrary machine code in the context of the user running the application. Other attacks are also possible.

Adobe Flash Player 8.0.24.0 and prior, Adobe Flash Professional 8, Flash Basic, Adobe Flash MX, and 2004Adobe Flex 1.5 are affected.

10. CCHost Index.PHP SQL Injection Vulnerability
BugTraq ID: 19978
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19978
Summary:
ccHost is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

11. IBM Lotus Domino Web Access Session Hijacking Vulnerability
BugTraq ID: 19966
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19966
Summary:
IBM Lotus Domino Web Access is prone to a session-hijacking vulnerability.

An attacker can exploit this issue to authenticate to the application as any user provided that the user's authentication credentials are still on the server. This may lead to other attacks.

Version 7.0.1 is vulnerable to this issue; other versions may also be affected.

12. Paul Smith Computer Services VCAP Calendar Server Remote Denial of Service Vulnerability
BugTraq ID: 19959
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19959
Summary:
vCAP Calendar Server is prone to a remote denial-of-service vulnerability. This issue is due to a design error.

An attacker can exploit this issue to crash the application, effectively denying service.

vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this issue.

13. Paul Smith Computer Services VCAP Calendar Server Directory Traversal Vulnerability
BugTraq ID: 19958
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19958
Summary:
vCAP Calendar Server is prone to a directory-traversal vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable system in the context of the affected application. Information obtained may aid in further attacks.

vCAP Calendar Server 1.9.0 Beta and prior versions are vulnerable to this issue.

14. Microsoft Publisher Font Parsing Remote Code Execution Vulnerability
BugTraq ID: 19951
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19951
Summary:
Microsoft Publisher is prone to a code-execution vulnerability. This is due to a flaw when handling malformed PUB files.

Successfully exploiting this issue allows attackers to corrupt process memory and to execute arbitrary code in the context of targeted users.

15. CMS.R. Index.PHP SQL Injection Vulnerability
BugTraq ID: 19950
Remote: Yes
Date Published: 2006-09-11
Relevant URL: http://www.securityfocus.com/bid/19950
Summary:
CMS.R. is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

16. RETIRED: Invision Power Board Index.PHP ST Parameter SQL Injection Vulnerability
BugTraq ID: 19946
Remote: Yes
Date Published: 2006-09-11
Relevant URL: http://www.securityfocus.com/bid/19946
Summary:
Invision Power Board is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Update: The vendor states that this is not a vulnerability, because the affected parameter is passed through PHP's 'intval' prior to its use. This BID is therefore being retired.

17. Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability
BugTraq ID: 19927
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19927
Summary:
Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other users.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, in the context of the victim's session. This could allow the attacker to perform actions on behalf of the victim, such as spoofing content or hijacking their session.

Microsoft Indexing Service is not installed or enabled by default. Even if installed, it is not accessible from Internet Information Services (IIS). This vulnerability affects only systems that have IIS and Indexing Service installed and that have the Indexing Service configured to be accessible from IIS through a web-based interface.

18. Microsoft PGM Remote Buffer Overflow Vulnerability
BugTraq ID: 19922
Remote: Yes
Date Published: 2006-09-12
Relevant URL: http://www.securityfocus.com/bid/19922
Summary:
Microsoft Pragmatic General Multicast (PGM) is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check externally supplied data.

An attacker can exploit this issue to execute arbitrary code, facilitating a complete system compromise.

This issue affects systems only when Microsoft Message Queuing (MSMQ) 3.0 is installed; this is not the default.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Storing Images in SQL Server (2005)
http://www.securityfocus.com/archive/88/446413

2. SecurityFocus Microsoft Newsletter #308
http://www.securityfocus.com/archive/88/446218

3. Terminal Servers @ Datacenter
http://www.securityfocus.com/archive/88/446210

4. Question about Sniffer in Windows
http://www.securityfocus.com/archive/88/446136

5. windump on browsing of shared folders across vpn in winxp
http://www.securityfocus.com/archive/88/446048

6. Don't Get Too Comfortable - Sept. '06 Patches
http://www.securityfocus.com/archive/88/445921

7. IP address assignment problem
http://www.securityfocus.com/archive/88/444349

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus



---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter #131
    ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #211
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #229
    ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #237
    ... MICROSOFT VULNERABILITY SUMMARY ... JPortal Banner.PHP SQL Injection Vulnerability ... Microsoft Windows Kernel Object Management Denial Of Service... ... Microsoft Windows Message Queuing Remote Buffer Overflow Vul... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #260
    ... MICROSOFT VULNERABILITY SUMMARY ... Remote: Yes ... attacker to execute arbitrary code on a vulnerable computer with SYSTEM ...
    (Focus-Microsoft)