SecurityFocus Microsoft Newsletter #324



SecurityFocus Microsoft Newsletter #324
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

Hack Yourself- Finding Web Application Security Holes- White Paper
Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices.
Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000CgNW

------------------------------------------------------------------
I. FRONT AND CENTER
1. Wireless Forensics: Tapping the Air - Part Two
2. PHP apps: Security's Low-Hanging Fruit
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Explorer WMF File Denial of Service Vulnerability
2. Snort Backtracking Denial of Service Vulnerability
3. EF Commander ISO File Remote Buffer Overflow Vulnerability
4. Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability
5. Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability
6. Camouflage Security Password Bypass Vulnerability
7. SecureKit Steganography Carrier File Password Security Bypass Vulnerability
8. Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability
9. Microsoft Outlook Advanced Find Remote Code Execution Vulnerability
10. CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability
11. Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability
12. Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability
13. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
14. Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability
15. Eudora WorldMail Mail Manager Server MAILMA.exe Remote Heap-Based Buffer Overflow Vulnerability
16. Microsoft Excel Malformed String Remote Code Execution Vulnerability
17. Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability
18. The Address Book Multiple Remote Vulnerabilities
19. Microsoft January Advance Notification Multiple Vulnerabilities
20. PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability
21. Apache And Microsoft IIS Range Denial of Service Vulnerability
22. Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
23. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
24. MoviePlay LST File Handling Buffer Overflow Vulnerability
25. Kerio Personal Firewall IPHLPAPI.DLL Local Privilege Escalation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Deploying Microsoft SMS in a DMZ
2. How to deploy Microsoft OWA without using ISA?
3. SecurityFocus Microsoft Newsletter #323
4. Secure Remote access - windows 2003
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Wireless Forensics: Tapping the Air - Part Two
By Raul Siles, GSE
This two-part series looks at the issues associated with collecting and analyzing network traffic from wireless networks in an accurate and comprehensive way; a discipline known as wireless forensics. Part two focuses on the technical challenges for wireless traffic analysis, advanced anti-forensic techniques that could thwart a forensic investigation, and some legal considerations for both the U.S. and Europe.
http://www.securityfocus.com/infocus/1885

2. PHP apps: Security's Low-Hanging Fruit
By Kelly Martin
PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.
http://www.securityfocus.com/columnists/427


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Explorer WMF File Denial of Service Vulnerability
BugTraq ID: 21992
Remote: Yes
Date Published: 2007-01-10
Relevant URL: http://www.securityfocus.com/bid/21992
Summary:
Microsoft Windows Explorer is prone to a denial-of-service vulnerability.

A remote attacker may exploit this vulnerability by presenting a malicious file to a victim user and enticing them to open it with the vulnerable application. Users that simply browse folders containing the malicious file will also trigger this issue.

It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.

2. Snort Backtracking Denial of Service Vulnerability
BugTraq ID: 21991
Remote: Yes
Date Published: 2007-01-10
Relevant URL: http://www.securityfocus.com/bid/21991
Summary:
Snort is prone to a denial-of-service vulnerability because the network intrusion detection (NID) system fails to handle specially crafted network packets.

An attacker can exploit this issue to cause the affected NID system to consume 100% CPU resources, allowing malicious network traffic to avoid detection.

This issue affects versions prior to 2.6.1.

3. EF Commander ISO File Remote Buffer Overflow Vulnerability
BugTraq ID: 21969
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21969
Summary:
EF Commander is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data prior to using it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the user running the affected application.

This issue affects version 5.75; other versions may also be vulnerable.

4. Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability
BugTraq ID: 21952
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21952
Summary:
Microsoft Excel is reportedly prone to an unspecified remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users.

Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word and other Office documents another possible attack vector.

Insufficient details are currently available to elaborate further.

5. Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability
BugTraq ID: 21942
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21942
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes certain Office files.

Note that this issue may not be exploited automatically through email. For an attack to succeed, a victim must manually open an attachment sent by email or obtained through other means.

An attacker may exploit this issue to execute arbitrary code in the context of the currently logged-in user.

This issue affects the Microsoft Office 2003 Brazilian Grammar Checker application used in various Microsoft applications that have Brazilian Portuguese language support.

6. Camouflage Security Password Bypass Vulnerability
BugTraq ID: 21939
Remote: Yes
Date Published: 2007-01-08
Relevant URL: http://www.securityfocus.com/bid/21939
Summary:
Camouflage is prone to a security-bypass vulnerability due to a design error.

An attacker can exploit this issue to gain access to data 'hidden' by the application. Information gained could aid in further attacks.

Version 1.2.1 is vulnerable; other versions may also be affected.

7. SecureKit Steganography Carrier File Password Security Bypass Vulnerability
BugTraq ID: 21938
Remote: No
Date Published: 2007-01-08
Relevant URL: http://www.securityfocus.com/bid/21938
Summary:
SecureKit Stenanography is prone to a security-bypass vulnerability because of a design flaw when encrypting sensitive information.

Successful exploits allow local attackers to bypass the security restriction to obtain sensitive information that may lead to other attacks.

This issue affects versions 1.8 and 1.71; other versions may also be affected.

8. Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability
BugTraq ID: 21937
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21937
Summary:
Microsoft Outlook is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed email messages.

A remote attacker can exploit this issue to crash affected email clients. This issue will persist as long as the email message resides on the mail server, creating a prolonged denial-of-service condition.

9. Microsoft Outlook Advanced Find Remote Code Execution Vulnerability
BugTraq ID: 21936
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21936
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to properly handle malformed saved search files.

A remote attacker can exploit this issue to execute arbitrary code with the privileges of unsuspecting users. A successful exploit may aid in the remote compromise of the underlying computer.

10. CenterICQ IJHook.CC Remote Buffer Overflow Vulnerability
BugTraq ID: 21932
Remote: Yes
Date Published: 2007-01-08
Relevant URL: http://www.securityfocus.com/bid/21932
Summary:
CenterICQ is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial of service.

This issue affects versions 4.9.11 up to 4.21.0.

11. Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability
BugTraq ID: 21931
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21931
Summary:
Microsoft Outlook is prone to a remote code-execution vulnerability because the application fails to properly handle malformed iCal requests.

A remote attacker can exploit this issue to execute arbitrary code with the privileges of unsuspecting users. A successful exploit may aid in the remote compromise of the underlying computer.

12. Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability
BugTraq ID: 21930
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21930
Summary:
Microsoft Windows is prone to a buffer-overrun vulnerability that arises because of an error in the processing of Vector Markup Language documents.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application.

13. Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
BugTraq ID: 21925
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21925
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker could exploit this issue to execute arbitrary code with the privileges of the user running the application. The attacker could leverage the issue to compromise affected computers.

14. Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability
BugTraq ID: 21922
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21922
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which can result in the compromise of affected computers.

15. Eudora WorldMail Mail Manager Server MAILMA.exe Remote Heap-Based Buffer Overflow Vulnerability
BugTraq ID: 21897
Remote: Yes
Date Published: 2007-01-05
Relevant URL: http://www.securityfocus.com/bid/21897
Summary:
Eudora WorldMail Mail Manager Server is prone to a remote heap-based buffer-overflow vulnerability.

An attacker could exploit this issue to execute arbitrary code on vulnerable installations of Eudora WorldMail. This may facilitate the compromise of the application and underlying system.

16. Microsoft Excel Malformed String Remote Code Execution Vulnerability
BugTraq ID: 21877
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21877
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the affected application, which could result in the compromise of affected computers.

17. Microsoft Internet Explorer MSXML3 Race Condition Memory Corruption Vulnerability
BugTraq ID: 21872
Remote: Yes
Date Published: 2007-01-04
Relevant URL: http://www.securityfocus.com/bid/21872
Summary:
Microsoft Internet Explorer is prone to a remote memory-corruption vulnerability because of a race condition that may cause a NULL-pointer dereference, read or write operations to invalid addresses, or other memory-corruption issues.

Attackers may likely exploit this issue to execute arbitrary machine code in the context of the vulnerable application, but this has not been confirmed. Failed exploit attempts will likely crash the application.

18. The Address Book Multiple Remote Vulnerabilities
BugTraq ID: 21870
Remote: Yes
Date Published: 2007-01-04
Relevant URL: http://www.securityfocus.com/bid/21870
Summary:
The Address Book is prone to multiple remote vulnerabilities. These issues include multiple SQL-injection vulnerabilities, multiple HTML-injections, an information-disclosure vulnerability, a local file-include vulnerability, multiple cross-site scripting vulnerabilities, an authentication-bypass vulnerability, and arbitrary file-upload vulnerability.

A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, and execute arbitrary code within the context of the browser. Other attacks are also possible.

Version 0.1 is vulnerable to this issue; other versions may also be affected.

19. Microsoft January Advance Notification Multiple Vulnerabilities
BugTraq ID: 21869
Remote: Yes
Date Published: 2007-01-04
Relevant URL: http://www.securityfocus.com/bid/21869
Summary:
Microsoft has released advance notification that the vendor will be releasing four security bulletins in all (One for Windows and three for Microsoft Office) on January 9, 2007. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

*Update January 8, 2006: Microsoft has updated the advance notification information for the January 2007 security bulletin release. Four bulletins have been dropped, leaving a remainder of four bulletins that will be published on January 9th from the original eight bulletins proposed.

20. PowerArchiver PAISO.DLL ISO File Handling Buffer Overflow Vulnerability
BugTraq ID: 21867
Remote: Yes
Date Published: 2007-01-04
Relevant URL: http://www.securityfocus.com/bid/21867
Summary:
PowerArchiver is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this vulnerability allows attackers to execute arbitrary machine code in the context of the affected application.

Versions of PowerArchiver 2006 prior to 9.64.03 are vulnerable to this issue.

21. Apache And Microsoft IIS Range Denial of Service Vulnerability
BugTraq ID: 21865
Remote: Yes
Date Published: 2007-01-03
Relevant URL: http://www.securityfocus.com/bid/21865
Summary:
Apache and Microsoft IIS are prone to a denial-of-service vulnerability.

A remote attacker may exploit this issue to cause denial-of-service conditions.

22. Adobe Reader Plugin Open Parameters Cross-Site Scripting Vulnerability
BugTraq ID: 21858
Remote: Yes
Date Published: 2007-01-03
Relevant URL: http://www.securityfocus.com/bid/21858
Summary:
Adobe Reader Plugin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the visited site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Adobe Reader versions 6 and 7 for Mozilla Firefox, Opera, and Microsoft Internet Explorer. Other versions for other browsers may also be affected.

23. Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
BugTraq ID: 21856
Remote: Yes
Date Published: 2007-01-09
Relevant URL: http://www.securityfocus.com/bid/21856
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application, which can result in the compromise of affected computers.

24. MoviePlay LST File Handling Buffer Overflow Vulnerability
BugTraq ID: 21840
Remote: Yes
Date Published: 2007-01-02
Relevant URL: http://www.securityfocus.com/bid/21840
Summary:
MoviePlay is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this vulnerability allows attackers to execute arbitrary machine code in the context of the affected application.

MoviePlay 4.76 is reported vulnerable; other versions may be affected as well.

25. Kerio Personal Firewall IPHLPAPI.DLL Local Privilege Escalation Vulnerability
BugTraq ID: 21828
Remote: No
Date Published: 2007-01-01
Relevant URL: http://www.securityfocus.com/bid/21828
Summary:
Kerio Personal Firewall is prone to a local privilege-escalation vulnerability.

A local attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer.

Versions 4.3.246 and 4.3.268 are vulnerable to this issue; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Deploying Microsoft SMS in a DMZ
http://www.securityfocus.com/archive/88/456479

2. How to deploy Microsoft OWA without using ISA?
http://www.securityfocus.com/archive/88/456037

3. SecurityFocus Microsoft Newsletter #323
http://www.securityfocus.com/archive/88/455838

4. Secure Remote access - windows 2003
http://www.securityfocus.com/archive/88/455670

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

Hack Yourself- Finding Web Application Security Holes- White Paper
Learn how to defend against Web Application Attacks with real-world examples of recent hacking methods such as: SQL Injection, Cross Site Scripting and Parameter Manipulation. Learn step-by-step vulnerability testing methods for your own Web Applications and guidelines for establishing best administration and coding practices.
Download *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/web.asp?Campaign_ID=70160000000CgNW



Relevant Pages

  • SecurityFocus Microsoft Newsletter #131
    ... MICROSOFT VULNERABILITY SUMMARY ... Advanced Poll Remote Information Disclosure Vulnerability ... PHPNuke News Module Article.PHP SQL Injection Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #449
    ... MICROSOFT VULNERABILITY SUMMARY ... World in Conflict Typecheck Remote Denial of Service Vulnerability ... Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #448
    ... MICROSOFT VULNERABILITY SUMMARY ... Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability ... Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #211
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Kernel Local Denial of Service Vulnerabili... ... OCPortal Content Management System Remote File Include Vulne... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #229
    ... Windows NTFS Alternate Data Streams ... MICROSOFT VULNERABILITY SUMMARY ... VBulletin Forumdisplay.PHP Remote Command Execution Vulnerab... ... AWStats Debug Remote Information Disclosure Vulnerability ...
    (Focus-Microsoft)