SecurityFocus Microsoft Newsletter #424



SecurityFocus Microsoft Newsletter #424
----------------------------------------

This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability
2. SAWStudio '.prf' File Buffer Overflow Vulnerability
3. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability
4. Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability
5. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities
6. PowerStrip 'pstrip.sys' Local Privilege Escalation Vulnerability
7. ESET Smart Security 'epfw.sys' Local Privilege Escalation Vulnerability
8. Adobe Flash Player Unspecified Remote Security Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Media Player WAV/MID/SND File Parsing Integer Overflow Vulnerability
BugTraq ID: 33018
Remote: Yes
Date Published: 2008-12-25
Relevant URL: http://www.securityfocus.com/bid/33018
Summary:
Microsoft Windows Media Player is prone to an integer-overflow vulnerability.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file with the vulnerable application. A successful exploit will result in the execution of arbitrary code in the context of the user running the application.

2. SAWStudio '.prf' File Buffer Overflow Vulnerability
BugTraq ID: 33011
Remote: Yes
Date Published: 2008-12-24
Relevant URL: http://www.securityfocus.com/bid/33011
Summary:
SAWStudio is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

SAWStudio version 3.9i is vulnerable; other versions may also be affected.

3. BulletProof FTP Client Bookmark File Heap Buffer Overflow Vulnerability
BugTraq ID: 33007
Remote: Yes
Date Published: 2008-12-24
Relevant URL: http://www.securityfocus.com/bid/33007
Summary:
BulletProof FTP Client is prone to a heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

BulletProof FTP Client version 2.63 is vulnerable; other versions may also be affected.

4. Internet Explorer 'chromeHTML://' Command Line Parameter Injection Vulnerability
BugTraq ID: 32999
Remote: Yes
Date Published: 2008-12-23
Relevant URL: http://www.securityfocus.com/bid/32999
Summary:
Internet Explorer is prone to a vulnerability that lets attackers inject command-line parameters through protocol handlers. This issue occurs because the application fails to adequately sanitize user-supplied input.

Exploiting this issue would permit remote attackers to influence command options that can be called through the vulnerable protocol handler and to execute commands with the privileges of a user running the application. Attackers may also be able to leverage this issue to execute arbitrary code with the privileges of the user running the vulnerable application.

Internet Explorer 8 beta 2 is vulnerable; other versions may also be affected.

5. freeSSHd SFTP Commands Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 32972
Remote: Yes
Date Published: 2008-12-22
Relevant URL: http://www.securityfocus.com/bid/32972
Summary:
freeSSHd is prone to multiple remote buffer-overflow vulnerabilities because the application fails to perform adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.

These issues affect freeSSHd 1.2.1; other versions may also be affected.

6. PowerStrip 'pstrip.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 32961
Remote: No
Date Published: 2008-12-20
Relevant URL: http://www.securityfocus.com/bid/32961
Summary:
PowerStrip is prone to a local privilege-escalation vulnerability that occurs in the 'pstrip.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

PowerStrip 3.84 is vulnerable; other versions may also be affected.

7. ESET Smart Security 'epfw.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 32917
Remote: No
Date Published: 2008-12-18
Relevant URL: http://www.securityfocus.com/bid/32917
Summary:
ESET Smart Security is prone to a local privilege-escalation vulnerability that occurs in the 'easdrv.sys' driver.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges on a Microsoft Windows host operating system. Successfully exploiting this issue will result in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

ESET Smart Security 3.0.672 and prior are vulnerable.

8. Adobe Flash Player Unspecified Remote Security Vulnerability
BugTraq ID: 32896
Remote: Yes
Date Published: 2008-12-17
Relevant URL: http://www.securityfocus.com/bid/32896
Summary:
Adobe Flash Player is prone to an unspecified security vulnerability.

Remote attackers may exploit this vulnerability to compromise an affected computer.

No further technical details are currently available. We will update this BID as more information emerges.

This issue affects Flash Player on Linux platforms.

Versions prior to Flash Player 10.0.15.3 and 9.0.152.0 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Purewire

NEW! White Paper:
"Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's.
Download this white paper now to mitigate your online security risks.
http://www.purewire.com/lp/sec



Relevant Pages

  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #242
    ... MICROSOFT VULNERABILITY SUMMARY ... PostNuke Blocks Module Directory Traversal Vulnerability ... Groove Networks Groove Virtual Office COM Object Security By... ... The Microsoft Windows IPV6 TCP/IP stack is prone to a "loopback" condition initiated by sending a TCP packet with the "SYN" flag set and the source address and port spoofed to equal the destination source and port. ...
    (Focus-Microsoft)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • SecurityFocus Microsoft Newsletter # 87
    ... Meeting IT Security Benchmarks Through IT Audits ... MICROSOFT VULNERABILITY SUMMARY ... Bypassing Windows 2000 Domain Password settings ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #75
    ... Microsoft's Internet Security & Acceleration Server with fault-tolerance ... The Microsoft UPnP Vulnerability ... Relevant URL: ...
    (Focus-Microsoft)