SecurityFocus Microsoft Newsletter #348




SecurityFocus Microsoft Newsletter #348
----------------------------------------

This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Don't Be Evil
2. Persistence of data on storage media
II. MICROSOFT VULNERABILITY SUMMARY
1. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability
2. Conti FTP Server Large String Denial of Service Vulnerability
3. Wireshark Multiple Protocol Denial of Service Vulnerabilities
4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
5. GD Graphics Library Multiple Vulnerabilities
6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability
7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability
8. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
9. Access2ASP Multiple Cross Site Scripting Vulnerabilities
10. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability
11. Ingress Database Server Multiple Remote Vulnerabilities
12. HTTP Server Request Handling Remote Denial Of Service Vulenrability
13. BugHunter HTTP Server Parse Error Information Disclosure Vulnerability
14. Comersus Cart Multiple Input Validation Vulnerabilities
15. Avaya 4602SW IP Phone Security Bypass Vulnerability
16. AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service Vulnerability
17. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability
18. AGEPhone SIP Soft Phone Message Parsing Denial of Service Vulnerability
19. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability
20. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability
21. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
22. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability
23. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability
24. Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow Vulnerability
25. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Don't Be Evil
By Mark Rasch
A series of developments raise the specter that remotely stored or created documents may be subject to subpoena or discovery all without the knowledge or consent of the document's creators.
http://www.securityfocus.com/columnists/447

2. Persistence of data on storage media
By Jamie Ridden
Jamie Ridden discusses the re-use of storage media and how slack space can prevent sensitive data from being completely removed.
http://www.securityfocus.com/infocus/1891


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. CA BrightStor ARCserve Backup Server Unspecified Remote Code Execution Vulnerability
BugTraq ID: 24680
Remote: Yes
Date Published: 2007-06-27
Relevant URL: http://www.securityfocus.com/bid/24680
Summary:
Computer Associates BrightStor ARCserve Backup is prone to a remote code-execution vulnerability.

Currently, very few details are available regarding this issue.

Attackers can exploit this issue to execute arbitrary code with SYSTEM-level privileges.

Version 11.5 SP3 for Microsoft Windows is reported vulnerable; other versions may also be affected.

2. Conti FTP Server Large String Denial of Service Vulnerability
BugTraq ID: 24672
Remote: Yes
Date Published: 2007-06-27
Relevant URL: http://www.securityfocus.com/bid/24672
Summary:
The Conti FTP Server is prone to a denial-of-service vulnerability.

A remote attacker may be able to exploit this issue to deny service to legitimate users of the application.

3. Wireshark Multiple Protocol Denial of Service Vulnerabilities
BugTraq ID: 24662
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24662
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may permit attackers to cause crashes and deny service to legitimate users of the application.

Wireshark versions prior to 0.99.6 are affected.

4. Avax Vector AvaxSWF.DLL ActiveX Control Arbitrary File Overwrite Vulnerability
BugTraq ID: 24659
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24659
Summary:
The Avax Vector ActiveX control is prone to a vulnerability that could permit an attacker to overwrite arbitrary files.

The attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Avax Vector ActiveX v.1.3 is vulnerable.

5. GD Graphics Library Multiple Vulnerabilities
BugTraq ID: 24651
Remote: Yes
Date Published: 2007-06-26
Relevant URL: http://www.securityfocus.com/bid/24651
Summary:
The GD graphics library is prone to multiple vulnerabilities.

An attacker can exploit this issue to cause denial-of-service conditions or execute arbitrary code in the context of applications implementing the affected library.

Version prior to GD graphics library 2.0.35 are reported vulnerable.

6. LiteWEB Web Server Invalid Page Remote Denial of Service Vulnerability
BugTraq ID: 24628
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24628
Summary:
LiteWeb webserver is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker can exploit this issue to crash the affected application, denying further service to legitimate users.

This issue affects LiteWeb 2.7; other versions may also be vulnerable.

7. Key Focus Web Server Index.WKF Cross-Site Scripting Vulnerability
BugTraq ID: 24623
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24623
Summary:
Key Focus Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Key Focus Web Server 3.1.0; other versions may also be affected.

8. Apple Safari for Windows Bookmark Title Buffer Overflow Vulnerability
BugTraq ID: 24619
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24619
Summary:
Safari for Windows is prone to a buffer-overflow vulnerability. This issue is triggered when an attacker entices a victim to bookmark a maliciously crafted site.

A remote attacker may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

9. Access2ASP Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 24610
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24610
Summary:
The 'access2asp' program is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to steal cookie-based authentication credentials and launch other attacks.

This issue affects access2asp 4.5 and prior versions.

10. Lhaca File Archiver Unspecified Stack Buffer Overflow Vulnerability
BugTraq ID: 24604
Remote: Yes
Date Published: 2007-06-25
Relevant URL: http://www.securityfocus.com/bid/24604
Summary:
Lhaca file archiver is prone to an unspecified stack-based buffer-overflow vulnerability. The application fails to properly decompress malicious LZH archive files.

An attacker can exploit this issue to crash the application and execute arbitrary code within the context of the affected application.

Lhaca 1.20 is vulnerable to this issue; other versions may also be affected.

11. Ingress Database Server Multiple Remote Vulnerabilities
BugTraq ID: 24585
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24585
Summary:
Ingress Database Server included in CA eTrust Secure Content Manager is prone to multiple remote vulnerabilities, including multiple stack- and heap-based buffer-overflow issues, multiple pointer-overwrite issues, and an arbitrary-file-overwrite issue.

Successful exploits will allow attackers to completely compromise affected computers, including executing arbitrary code with SYSTEM-level privileges and truncating the 'alarkp.def' file.

12. HTTP Server Request Handling Remote Denial Of Service Vulenrability
BugTraq ID: 24576
Remote: Yes
Date Published: 2007-06-21
Relevant URL: http://www.securityfocus.com/bid/24576
Summary:
HTTP Server is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue to crash the server, denying access to legitimate users.

HTTP Server 1.6.2 is vulnerable; other versions may also be affected.

13. BugHunter HTTP Server Parse Error Information Disclosure Vulnerability
BugTraq ID: 24566
Remote: Yes
Date Published: 2007-06-20
Relevant URL: http://www.securityfocus.com/bid/24566
Summary:
BugHunter HTTP Server is prone to an information-disclosure vulnerability.

An attacker can exploit this issue to gain access to sensitive information. Information obtained may lead to further attacks.

This issue affects HTTP Server 1.6.2; other versions may also be affected.

14. Comersus Cart Multiple Input Validation Vulnerabilities
BugTraq ID: 24562
Remote: Yes
Date Published: 2007-06-20
Relevant URL: http://www.securityfocus.com/bid/24562
Summary:
Comersus Cart is affected by multiple input validation vulnerabilities.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

The attacker may also leverage this issue to execute arbitrary code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Comersus Cart 7.0.7 is vulnerable; other versions may also be affected.

15. Avaya 4602SW IP Phone Security Bypass Vulnerability
BugTraq ID: 24544
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24544
Summary:
The Avaya 4602SW IP phone is prone to a security-bypass vulnerability because it accepts SIP requests from random source IP addresses.

An attacker can exploit this issue to bypass security restrictions and then transmit malicious messages to the device.

This issue affects the Avaya 4602SW IP Phone (Model 4602D02A).

16. AGEPhone SIP Soft Phone Malformed Delimiter Denial of Service Vulnerability
BugTraq ID: 24543
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24543
Summary:
AGEphone SIP softphone is prone to a remote denial-of-service vulnerability, because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the affected application, denying further service to legitimate users.

This issue affects AGEphone 1.41.2 running on HTC HyTN wireless smartphone using Windows Mobile 5 PPC. Other versions may also be affected.

17. Avaya One-X Desktop Edition SIP Header Denial Of Service Vulnerability
BugTraq ID: 24541
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24541
Summary:
Avaya one-X Desktop Edition phone is prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to crash the phone, denying service to legitimate users.

Avaya one-X Desktop Edition 2.1.0.70 and prior versions are vulnerable.

18. AGEPhone SIP Soft Phone Message Parsing Denial of Service Vulnerability
BugTraq ID: 24540
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24540
Summary:
AGEphone SIP softphone is prone to a remote denial-of-service vulnerability, because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to disconnect currently active calls or crash the device's operating system.

This issue affects AGEphone 1.41.2 running on HTC HyTN wireless smartphone using Windows Mobile 5 PPC. Other versions may also be affected.

19. Avaya 4602SW SIP Phone Cnonce Parameter Authentication Spoofing Vulnerability
BugTraq ID: 24539
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24539
Summary:
The Avaya 4602SW SIP Phone and SIP call server is prone to an authentication-spoofing vulnerability.

This allows an attacker to impersonate a SIP call server, compromising the confidentiality of a victim's phone conversations.

20. Nortel Networks PC Client Soft Phone SIP Message Parsing Module Denial of Service Vulnerability
BugTraq ID: 24536
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24536
Summary:
Nortel Networks PC Client soft phone is prone to a remote denial-of-service vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the affected application, denying further service to legitimate users.

21. RealNetworks GameHouse GHDLCTL.DLL ActiveX Control Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 24534
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24534
Summary:
The RealNetworks GameHouse 'dldisplay' ActiveX Control is prone to multiple buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the application using the GameHouse application. Failed exploit attempts will likely result in denial-of-service conditions.

An attacker may exploit these issues by enticing victims into visiting a maliciously crafted webpage.

22. AOL Instant Messenger SIP Invite Message Denial of Service Vulnerability
BugTraq ID: 24533
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24533
Summary:
AOL Instant Messenger is prone to a denial-of-service vulnerability because the application fails to handle specially crafted SIP messages.

An attacker can exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects AOL Instant Messenger 6.1.32.1; prior versions may also be affected.

23. Nortel Networks PC Client Soft Phone Message Parsing Module Buffer Overflow Vulnerability
BugTraq ID: 24531
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24531
Summary:
Nortel Networks PC Client soft phone is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

24. Avaya One-X Desktop Edition Phone SIP Remote Buffer Overflow Vulnerability
BugTraq ID: 24530
Remote: Yes
Date Published: 2007-06-19
Relevant URL: http://www.securityfocus.com/bid/24530
Summary:
Avaya one-X Desktop Edition phone is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to disable the call-receiving functionality of affected phones.

Avaya one-X Desktop Edition 2.1.0.70 and prior versions are vulnerable.

25. Cerulean Studios Trillian Word Wrapping UTF-8 Encoded String Heap Buffer Overflow Vulnerability
BugTraq ID: 24523
Remote: Yes
Date Published: 2007-06-18
Relevant URL: http://www.securityfocus.com/bid/24523
Summary:
Trillian is prone to a heap-based buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial of service.

This issue affects Trillian 3.1.5.1; prior versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This Issue is Sponsored by: SPI Dynamics

ALERT: "How A Hacker Launches A Cross-Site Scripting Attack"- White Paper
Cross-site scripting vulnerabilities in web apps allow hackers to compromise confidential information, steal cookies and create requests that can be mistaken for those of a valid user!! Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

https://download.spidynamics.com/1/ad/xss.asp?Campaign_ID=70160000000CsFU