SecurityFocus Microsoft Newsletter #368




SecurityFocus Microsoft Newsletter #368
----------------------------------------

This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Don't blame the IDS
2.E-mail privacy to disappear?
II. MICROSOFT VULNERABILITY SUMMARY
1. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
2. Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
3. Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability
4. Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability
5. Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
6. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability
7. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
8. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability
9. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability
10. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability
11. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability
12. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities
13. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability
14. Microsoft Windows Recursive DNS Spoofing Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #367
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Don't blame the IDS
By Don Parker
Some years ago, I remember reading a press release from the Gartner Group. It was about intrusion detection systems (IDS) offering little return for the monetary investment in them and furthermore, that this very same security technology would be obsolete by the year 2005. A rather bold statement and an even bolder prediction on their part.
http://www.securityfocus.com/columnists/457

2.E-mail privacy to disappear?
By Mark Rasch
On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your e-mail -- similar to the way they could simply subpoena any physical mail sitting on your desk -- is unconstitutionally broad.
http://www.securityfocus.com/columnists/456


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. WebEx GPCContainer Memory Access Violation Multiple Denial of Service Vulnerabilities
BugTraq ID: 26430
Remote: Yes
Date Published: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/26430
Summary:
WebEx is prone to multiple remote denial-of-service vulnerabilities.

Attackers can exploit these issues to crash applications that use the ActiveX control, denying service to legitimate users.

2. Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
BugTraq ID: 26414
Remote: Yes
Date Published: 2007-11-12
Relevant URL: http://www.securityfocus.com/bid/26414
Summary:
Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities.

Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users.

Note: Forms 2.0 ActiveX is distributed with any application that includes Visual Basic for Applications 5.0.

3. Microsoft Office Web Component Memory Access Violation Denial of Service Vulnerability
BugTraq ID: 26405
Remote: Yes
Date Published: 2007-11-12
Relevant URL: http://www.securityfocus.com/bid/26405
Summary:
Microsoft Office Web Component is prone to a denial-of-service vulnerability because of a memory access violation.

Attackers can exploit this issue to crash Internet Explorer and deny service to legitimate users.

This issue affects OWC11 for Microsoft Office 2003.

4. Cerberus FTP Server Web Interface Cross Site Scripting Vulnerability
BugTraq ID: 26381
Remote: Yes
Date Published: 2007-11-08
Relevant URL: http://www.securityfocus.com/bid/26381
Summary:
Cerberus FTP Server web interface is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting this issue allows attackers to execute arbitrary HTML or script code in a user's browser session in the context of an affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This issue affects versions prior to Cerberus FTP Server 2.46.

5. Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
BugTraq ID: 26380
Remote: Yes
Date Published: 2007-11-08
Relevant URL: http://www.securityfocus.com/bid/26380
Summary:
Microsoft has released advance notification that the vendor will be releasing two security bulletins on November 13, 2007. The highest severity rating for these issues is 'Critical'.

The following individual records have been created to document these vulnerabilities:

25945 Microsoft Windows URI Handler Command Execution Vulnerability
25919 Microsoft Windows Recursive DNS Spoofing Vulnerability

6. Microsoft DebugView Kernel Module Dbgv.SYS Local Privilege Escalation Vulnerability
BugTraq ID: 26359
Remote: No
Date Published: 2007-11-06
Relevant URL: http://www.securityfocus.com/bid/26359
Summary:
Microsoft DebugView is prone to a local privilege-escalation vulnerability because it allows user-supplied data to be copied into memory addresses reserved for the kernel.

An attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer. Failed attempts could cause denial-of-service conditions.

Microsoft DebugView 4.64 is vulnerable; other versions may also be affected.

7. Apple QuickTime PICT Image Remote Multiple Heap Buffer Overflow Vulnerabilities
BugTraq ID: 26345
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26345
Summary:
Apple QuickTime is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues by enticing an unsuspecting user to open a specially crafted PICT image file.

Successfully exploiting these issues allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

These issues affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

8. Apple QuickTime PICT Image Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 26344
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26344
Summary:
Apple QuickTime is prone to a stack-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted image file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

9. Apple QuickTime Panorama Sample Atoms Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26342
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26342
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

10. Apple QuickTime STSD Atom Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26341
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26341
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

11. Apple QuickTime Image Description Atom Remote Memory Corruption Vulnerability
BugTraq ID: 26340
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26340
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OS X.

12. Apple QuickTime for Java Multiple Unspecified Remote Privilege Escalation Vulnerabilities
BugTraq ID: 26339
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26339
Summary:
Apple QuickTime for Java is prone to multiple unspecified privilege-escalation vulnerabilities.

Successfully exploiting these issues allows remote attackers to access potentially sensitive information or to execute arbitrary code with elevated privileges. These issues facilitate the remote compromise of affected computers.

These issues affect QuickTime for Java for both Apple Mac OS X and Microsoft Windows platforms.

13. Apple QuickTime Color Table Atom Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 26338
Remote: Yes
Date Published: 2007-11-05
Relevant URL: http://www.securityfocus.com/bid/26338
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow issue because it fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit this issue by enticing an unsuspecting user to open a specially crafted movie file.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the user running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Microsoft Windows XP SP2, and Mac OSX.

14. Microsoft Windows Recursive DNS Spoofing Vulnerability
BugTraq ID: 25919
Remote: Yes
Date Published: 2007-11-13
Relevant URL: http://www.securityfocus.com/bid/25919
Summary:
Microsoft Windows DNS Server is prone to a vulnerability that permits an attacker to spoof responses to DNS requests.

A successful attack will corrupt the DNS cache with attacker-specified content. This may aid in further attacks such as phishing.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #367
http://www.securityfocus.com/archive/88/483444

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is Sponsored by: SPI Dynamics

ALERT: Ajax Security Dangers- How Hackers are attacking Ajax Web Apps
While Ajax can greatly improve the usability of a Web application, it can also create several opportunities for possible attack if the application is not designed with security in mind. Download this SPI Dynamics white paper.
https://download.spidynamics.com/1/ad/AJAX.asp?Campaign_ID=70160000000D4Kl