SecurityFocus Microsoft Newsletter #400




SecurityFocus Microsoft Newsletter #400
----------------------------------------

This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Firing Up Browser Security
2.Racing Against Reversers
II. MICROSOFT VULNERABILITY SUMMARY
1. Mozilla Firefox Unspecified Arbitrary File Access Weakness
2. SunAge Multiple Denial of Service Vulnerabilities
3. World in Conflict NULL Pointer Remote Denial of Service Vulnerability
4. Classic FTP 'LIST' Command Directory Traversal Vulnerability
5. WISE-FTP FTP Client 'LIST' Command Directory Traversal Vulnerability
6. Apple Safari Automatic File Launch Remote Code Execution Vulnerability
7. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability
8. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
9. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
10. Skulltag Malformed Packet Denial of Service Vulnerability
11. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
12. 3D-FTP 'LIST' and 'MLSD' Directory Traversal Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #399
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Firing Up Browser Security
By Federico Biancuzzi
Mozilla released its latest browser, Firefox 3.0, this week. SecurityFocus contributor Federico Biancuzzi tracked down two key members of Mozilla's security team, Window Snyder and Johnathan Nightingale, to learn more about the security features included in this major release.
http://www.securityfocus.com/columnists/475

2.Racing Against Reversers
By Federico Biancuzzi
Each time a new digital rights management (DRM) system is released, hackers are not far behind in cracking it. Reverse engineers have taken down the security protecting content encoded for Windows Media, iTunes, DVDs, and HD-DVDs.
http://www.securityfocus.com/columnists/474


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Mozilla Firefox Unspecified Arbitrary File Access Weakness
BugTraq ID: 29905
Remote: Yes
Date Published: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29905
Summary:
Mozilla Firefox is prone to a weakness that may allow attackers to gain access to arbitrary files.

Very little information is known about this issue. We will update this BID as soon as more information emerges.

An attacker can exploit this issue in conjunction with the 'carpet-bombing' issue reported by Nitest Dhanjani to gain access to arbitrary files on the affected computer. Successfully exploiting this issue may lead to other attacks.

NOTE: This issue is related to the vulnerability discussed in BID 29445 (Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability).

2. SunAge Multiple Denial of Service Vulnerabilities
BugTraq ID: 29889
Remote: Yes
Date Published: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29889
Summary:
SunAge is prone to multiple denial-of-service vulnerabilities.

Successfully exploiting these issues allows remote attackers to crash affected game servers, denying service to legitimate users.

SunAge 1.08.1 is vulnerable; previous versions may also be affected.

3. World in Conflict NULL Pointer Remote Denial of Service Vulnerability
BugTraq ID: 29888
Remote: Yes
Date Published: 2008-06-23
Relevant URL: http://www.securityfocus.com/bid/29888
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to legitimate users.

This issue affects World in Conflict 1.008; other versions may also be affected.

4. Classic FTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29846
Remote: Yes
Date Published: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29846
Summary:
Classic FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Classic FTP 1.02 for Microsoft Windows is vulnerable; other versions may also be affected.

5. WISE-FTP FTP Client 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29844
Remote: Yes
Date Published: 2008-06-20
Relevant URL: http://www.securityfocus.com/bid/29844
Summary:
WISE-FTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.

Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

Versions prior to WISE-FTP 5.5.9 are vulnerable.

6. Apple Safari Automatic File Launch Remote Code Execution Vulnerability
BugTraq ID: 29835
Remote: Yes
Date Published: 2008-06-19
Relevant URL: http://www.securityfocus.com/bid/29835
Summary:
Apple Safari is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing an unsuspecting victim to visit a malicious webpage contained in a trusted Internet Explorer 7 zone or in an Internet Explorer 6 'local intranet' or 'Trusted site' zone.

Successfully exploiting this issue will allow attackers to run arbitrary code with the privileges of the user running the affected application.

This issue affects versions prior to Apple Safari 3.1.2 running on Microsoft Windows XP and Windows Vista.

7. Microsoft Visual Basic Enterprise Edition 6 'vb6skit.dll' Remote Buffer Overflow Vulnerability
BugTraq ID: 29792
Remote: Yes
Date Published: 2008-06-18
Relevant URL: http://www.securityfocus.com/bid/29792
Summary:
Microsoft Visual Basic Enterprise Edition 6 is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate size checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will result in a denial-of-service condition.

Microsoft Visual Basic Enterprise Edition 6 SP6 is vulnerable; other versions may also be affected.

8. UltraEdit FTP/SFTP 'LIST' Command Directory Traversal Vulnerability
BugTraq ID: 29784
Remote: Yes
Date Published: 2008-06-17
Relevant URL: http://www.securityfocus.com/bid/29784
Summary:
UltraEdit is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. This issue occurs in the FTP/SFTP client.

Exploiting this issue will allow an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.

UltraEdit 14.00b is vulnerable; other versions may also be affected.

9. Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability
BugTraq ID: 29769
Remote: Yes
Date Published: 2008-06-17
Relevant URL: http://www.securityfocus.com/bid/29769
Summary:
Microsoft Word is prone to a remote memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open and interact with malicious Word files.

Successfully exploiting this issue will corrupt memory and crash the application. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the currently logged-in user.

10. Skulltag Malformed Packet Denial of Service Vulnerability
BugTraq ID: 29760
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29760
Summary:
Skulltag is prone to a vulnerability that can cause denial-of-service conditions.

A successful attack will deny service to legitimate users.

Skulltag 0.97d2-RC3 is vulnerable; other versions may also be affected.

11. No-IP DUC Client for Windows Local Information Disclosure Vulnerability
BugTraq ID: 29758
Remote: No
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29758
Summary:
The DUC application for No-IP is prone to a local information-disclosure vulnerability when it is running on Microsoft Windows.

Successfully exploiting this issue allows attackers to obtain potentially sensitive information that may aid in further attacks.

12. 3D-FTP 'LIST' and 'MLSD' Directory Traversal Vulnerabilities
BugTraq ID: 29749
Remote: Yes
Date Published: 2008-06-16
Relevant URL: http://www.securityfocus.com/bid/29749
Summary:
3D-FTP is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues allows an attacker to write arbitrary files to locations outside of the FTP client's current directory. This could help the attacker launch further attacks.

3D-FTP 8.01 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #399
http://www.securityfocus.com/archive/88/493547

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Black Hat USA:

Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting.
www.blackhat.com