SecurityFocus Microsoft Newsletter #328



SecurityFocus Microsoft Newsletter #328
----------------------------------------

This Issue is Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fGl

------------------------------------------------------------------
I. FRONT AND CENTER
1. PHP Security From The Inside
2. Introduction to Windows Integrity Control
II. MICROSOFT VULNERABILITY SUMMARY
1. FlashFXP PWD Command Remote Buffer Overflow Vulnerability
2. Avast! Antivirus Server Edition Password Setting Security Bypass Vulnerability
3. VMware Clipboard Multiple Information Disclosure Vulnerabilities
4. Microsoft Internet Explorer Malformed HTML For Script Denial of Service Vulnerability
5. SmartFTP Banner Remote Heap Buffer Overflow Vulnerability
6. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
7. Microsoft Office Malformed String Remote Code Execution Vulnerability
8. Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities
9. Remotesoft .NET Explorer Remote Stack Buffer Overflow Vulnerability
10. Windows Vista Voice Recognition Command Execution Vulnerability
11. Wireshark Multiple Protocol Denial of Service Vulnerabilities
12. Microsoft Windows Mobile Multiple Remote Denial of Service Vulnerabilities
13. Nexuiz GameDir Arbitrary File Disclosure/Overwrite Vulnerability
14. RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
15. Bloodshed Dev-C++ CPP Source File Buffer Overflow Vulnerability
16. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
17. Microsoft Internet Explorer Multiple ActiveX Controls Denial of Service Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. Help with Exploit
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. PHP Security From The Inside
By Federico Biancuzzi
Stefan Esser is the founder of both the Hardened-PHP Project and the PHP Security Response Team (which he recently left). Federico Biancuzzi discussed with him how the PHP Security Response Team works, why he resigned from it, what features he plans to add to his own hardening patch, the interaction between Apache and PHP, the upcoming "Month of PHP bugs" initiative, and common mistakes in the design of well-known applications such as WordPress.
http://www.securityfocus.com/columnists/432

2. Introduction to Windows Integrity Control
By Tony Bradley, CISSP-ISSAP
This article takes a look at the Windows Integrity Control (WIC) capabilities in Windows Vista by examining how it protects objects such as files and folders on Vista computers, the different levels of protection it offers, and how administrators can control WIC using the ICACLS command-line tool.
http://www.securityfocus.com/infocus/1887


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. FlashFXP PWD Command Remote Buffer Overflow Vulnerability
BugTraq ID: 22433
Remote: Yes
Date Published: 2007-02-06
Relevant URL: http://www.securityfocus.com/bid/22433
Summary:
FlashFXP is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to cause the application to consume excessive CPU resources, denying service to legitimate users. Due to the nature of this issue, the attacker may be able to execute arbitrary code within the context of the affected application.

This issue affects version 3.4.0 build 1145; other versions may also be affected.

2. Avast! Antivirus Server Edition Password Setting Security Bypass Vulnerability
BugTraq ID: 22425
Remote: No
Date Published: 2007-02-06
Relevant URL: http://www.securityfocus.com/bid/22425
Summary:
Avast! Antivirus Server Edition is prone to a security-bypass vulnerability because of an access-validation error.

An attacker can exploit this issue to change certain settings in the affected application. This may aid in other attacks.

This issue affects version prior to 4.7.726.

3. VMware Clipboard Multiple Information Disclosure Vulnerabilities
BugTraq ID: 22413
Remote: Yes
Date Published: 2007-02-05
Relevant URL: http://www.securityfocus.com/bid/22413
Summary:
VMware is prone to two information-disclosure vulnerabilities because of multiple design errors in the clipboard plugin.

An attacker can exploit these issues to obtain sensitive information that may lead to further attacks.

Version 5.5.3 build 34685 is vulnerable to these issues; other versions may also be affected.

Note that the clipboard plugin is an add-on feature that is not active by default.

4. Microsoft Internet Explorer Malformed HTML For Script Denial of Service Vulnerability
BugTraq ID: 22408
Remote: Yes
Date Published: 2007-02-05
Relevant URL: http://www.securityfocus.com/bid/22408
Summary:
Microsoft Internet Explorer is prone to a denial-of-service vulnerability because the application fails to handle exceptional conditions.

This issue is triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users.

This issue affects Internet Explorer version 6; other versions may also be vulnerable.

5. SmartFTP Banner Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 22390
Remote: Yes
Date Published: 2007-02-05
Relevant URL: http://www.securityfocus.com/bid/22390
Summary:
SmartFTP is prone to a remote heap-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized memory buffer.

Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the server application, facilitating the compromise of affected computers.

SmartFTP version 2.0.1002 is reported vulnerable; other versions may also be affected.

6. PostgreSQL Information Disclosure and Denial of Service Vulnerabilities
BugTraq ID: 22387
Remote: Yes
Date Published: 2007-02-05
Relevant URL: http://www.securityfocus.com/bid/22387
Summary:
PostgreSQL is prone to information-disclosure and denial-of-service vulnerabilities; fixes are available.

An attacker can exploit these vulnerabilities to cause the backend database to crash and reveal sensitive information. This may lead to other attacks.

These issues affect versions 8.0, 8.1, and 8.2. The second issue described also affects version 7.3 and 7.4.

7. Microsoft Office Malformed String Remote Code Execution Vulnerability
BugTraq ID: 22383
Remote: Yes
Date Published: 2007-02-03
Relevant URL: http://www.securityfocus.com/bid/22383
Summary:
Microsoft Office is prone to a remote code-execution vulnerability. This issue occurs when the application processes maliciously crafted files.

This issue is currently being exploited via Excel files (.xls), but other Office applications are also reported vulnerable.

An attacker could exploit this issue by enticing a victim into opening a malicious Office file. If the vulnerability is successfully exploited, this could result in the execution of arbitrary code in the context of the currently logged-in user.

8. Mozilla Bugzilla HTML Injection And Information disclosure Vulnerabilities
BugTraq ID: 22380
Remote: Yes
Date Published: 2007-02-03
Relevant URL: http://www.securityfocus.com/bid/22380
Summary:
Bugzilla is prone to an information-disclosure and an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input and to protect sensitive information from unauthorized users.

Attackers may exploit these issues to execute script code in the context of the affected site or to obtain sensitive information. Arbitrary code execution may allow attackers to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Bugzilla 2.20.1 and above are affected by the HTML-injection vulnerability; only the development snapshot version 2.23.3 is vulnerable to the information-disclosure issue.

9. Remotesoft .NET Explorer Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 22377
Remote: Yes
Date Published: 2007-02-02
Relevant URL: http://www.securityfocus.com/bid/22377
Summary:
Remotesoft .NET Explorer is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data prior to copying it to an insufficiently sized buffer.

An attacker can leverage this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

10. Windows Vista Voice Recognition Command Execution Vulnerability
BugTraq ID: 22359
Remote: Yes
Date Published: 2007-02-01
Relevant URL: http://www.securityfocus.com/bid/22359
Summary:
Windows Vista is prone to a command-execution vulnerability because of its built-in voice recognition capability.

An attacker can exploit this issue to execute commands on a victim user's computer.

Note: Due to the nature of the vulnerability, victim users will notice exactly what is occurring as it happens.

11. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 22352
Remote: Yes
Date Published: 2007-02-01
Relevant URL: http://www.securityfocus.com/bid/22352
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.

Wireshark versions prior to 0.99.5 are affected.

12. Microsoft Windows Mobile Multiple Remote Denial of Service Vulnerabilities
BugTraq ID: 22343
Remote: Yes
Date Published: 2007-01-31
Relevant URL: http://www.securityfocus.com/bid/22343
Summary:
Microsoft Windows Mobile is prone to two remote denial-of-service vulnerabilities because the software fails to properly handle malformed remote data.

Successfully exploiting these issues may allow an attacker to hang or crash the application, denying service to legitimate users.

13. Nexuiz GameDir Arbitrary File Disclosure/Overwrite Vulnerability
BugTraq ID: 22332
Remote: Yes
Date Published: 2007-01-31
Relevant URL: http://www.securityfocus.com/bid/22332
Summary:
Nexuiz is prone to a vulnerability that allows attackers to access and overwrite arbitrary files.

An attacker can exploit this issue to overwrite arbitrary files on a user's computer or obtain sensitive information that may aid in further attacks.

14. RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
BugTraq ID: 22328
Remote: Yes
Date Published: 2007-01-31
Relevant URL: http://www.securityfocus.com/bid/22328
Summary:
Microsoft Word 2003 is prone to an unspecified remote code-execution vulnerability.

Microsoft Word 2003 is confirmed vulnerable to an unspecified remote code-execution issue. Other versions of Microsoft Word/Office may be affected by the vulnerability, but this has not been confirmed.

Note that this issue is distinct from issues described in BID 22225 (Microsoft Word 2000 Unspecified Code Execution Vulnerability), BID 21589 (Microsoft Word Code Execution Vulnerability), BID 21451 (Microsoft Word Unspecified Remote Code Execution Vulnerability), and BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability).

UPDATE: Further analysis and reports have revealed that this issue is a variant of the vulnerability described in BID 21518 (Microsoft Word Unspecified Code Execution Vulnerability), which is referenced by CVE-2006-6456. This BID is being retired.

15. Bloodshed Dev-C++ CPP Source File Buffer Overflow Vulnerability
BugTraq ID: 22315
Remote: Yes
Date Published: 2007-01-30
Relevant URL: http://www.securityfocus.com/bid/22315
Summary:
Bloodshed Dev-C++ is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users, and may be able to execute arbitrary machine code, but this has not been confirmed.

Bloodshed Dev-C++ version 4.9.9.2 is affected by this issue; other versions may also be vulnerable.

16. GD Graphics Library JIS-Encoded Font Buffer Overflow Vulnerability
BugTraq ID: 22289
Remote: Yes
Date Published: 2007-01-29
Relevant URL: http://www.securityfocus.com/bid/22289
Summary:
The GD graphics library is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to cause denial-of-service conditions in applications implementing the affected library. Arbitrary code execution may also be possible; this has not been confirmed.

17. Microsoft Internet Explorer Multiple ActiveX Controls Denial of Service Vulnerabilities
BugTraq ID: 22288
Remote: Yes
Date Published: 2007-01-29
Relevant URL: http://www.securityfocus.com/bid/22288
Summary:
Microsoft Internet Explorer is prone to multiple denial-of-service vulnerabilities because the application fails to handle exceptional conditions.

These issues are triggered when an attacker entices a victim user to visit a malicious website.

Remote attackers may exploit these issues to crash Internet Explorer, effectively denying service to legitimate users.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Help with Exploit
http://www.securityfocus.com/archive/88/458938

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online despite security executives' efforts to prevent malicious attacks. This whitepaper identifies the most common methods of attacks that we have seen, and outlines a guideline for developing secure web applications. Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fGl