SecurityFocus Microsoft Newsletter #427




SecurityFocus Microsoft Newsletter #427
----------------------------------------

This issue is sponsored by the Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.


SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Drew Verdict Makes Us All Hackers
2.MD5 Hack Interesting, But Not Threatening
II. MICROSOFT VULNERABILITY SUMMARY
1. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability
2. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
3. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability
4. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability
5. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability
6. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities
7. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability
8. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability
9. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability
10. VUPlayer '.asx' Playlist File Buffer Overflow Vulnerability
11. MP3 TrackMaker '.mp3' File Remote Heap Buffer Overflow Vulnerability
12. Microsoft January 2009 Advance Notification Multiple Vulnerabilities
13. Perception LiteServe 'USER' FTP Command Remote Buffer Overflow Vulnerability
14. Microsoft Internet Explorer 'screen[""]' Remote Denial of Service Vulnerability
15. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
16. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Drew Verdict Makes Us All Hackers
Mark Rasch
Last month, Lori Drew - the middle-aged Missouri mother who participated in a plan to deceive a 13-year-old girl that ultimately led to the girl's suicide - was convicted by a Los Angeles federal jury of several misdemeanor counts of unauthorized access to MySpace's computers.
http://www.securityfocus.com/columnists/489

2.MD5 Hack Interesting, But Not Threatening
By Tim Callan
A few days ago at the Chaos Communication Congress in Berlin, researchers presented a paper in which they had used an MD5 collision attack and substantial computing firepower to create a false SSL certificate using the RapidSSL brand of SSL certificate. In the intervening time we have seen a great deal of confusion and misinformation in the press and blogosphere about the specifics of this attack and what it means to the online ecosystem.
http://www.securityfocus.com/columnists/488


II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Multiple Browsers JavaScript Engine Cross Domain Information Disclosure Vulnerability
BugTraq ID: 33276
Remote: Yes
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33276
Summary:
Multiple web browsers are prone to a cross-domain information-disclosure vulnerability because the applications fail to properly enforce the same-origin policy.

An attacker can exploit this issue to determine which sites a user is currently logged in to. Successfully exploiting this issue may lead to other attacks.

The following browsers are vulnerable:

Microsoft Internet Explorer
Mozilla Firefox
Apple Safari
Google Chrome

Other browsers may also be affected.

2. Ots Labs OtsTurntables OFL File Buffer Overflow Vulnerability
BugTraq ID: 33257
Remote: Yes
Date Published: 2009-01-14
Relevant URL: http://www.securityfocus.com/bid/33257
Summary:
Ots Labs OtsTurntables is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary machine code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

OtsTurntables 1.00.027 is vulnerable; other versions may also be affected.

3. Office Viewer OCX ActiveX Control 'Open()' Method Arbitrary Command Execution Vulnerability
BugTraq ID: 33245
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33245
Summary:
Office OCX Office Viewer OCX ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.

Successfully exploiting this issue allows remote attackers to execute arbitrary commands in the context of the application using the ActiveX control (typically Internet Explorer).

Office Viewer OCX 3.0.1 is vulnerable; other versions may also be affected.

4. Multiple Office OCX ActiveX Controls 'OpenWebFile()' Arbitrary Program Execution Vulnerability
BugTraq ID: 33243
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33243
Summary:
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers execute arbitrary remote files.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). This may aid in further attacks.

The following ActiveX controls are vulnerable:

Office Viewer OCX 3.0.1
Word Viewer OCX 3.2
PowerPoint Viewer OCX 3.1
Excel Viewer OCX 3.2

5. Multiple Office OCX ActiveX Controls 'Save()' Arbitrary File Overwrite Vulnerability
BugTraq ID: 33238
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33238
Summary:
Multiple Office OCX ActiveX controls are prone to a vulnerability that lets attackers overwrite arbitrary files.

Successful exploits may result in denial-of-service conditions. Other attacks are also possible.

The following ActiveX controls are vulnerable:

Office Viewer OCX 3.0.1
Word Viewer OCX 3.2
PowerPoint Viewer OCX 3.1

6. Excel Viewer OCX ActiveX Control Multiple Remote Vulnerabilities
BugTraq ID: 33222
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33222
Summary:
Excel Viewer OCX ActiveX control is prone to multiple remote vulnerabilities:

- An arbitrary-file-overwrite vulnerability
- An arbitrary-file-download vulnerability

Successfully exploiting these issues will allow an attacker to corrupt and overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer).

Excel Viewer OCX 3.2 is vulnerable; other versions may also be affected.

7. Triologic Media Player '.m3u' File Heap Buffer Overflow Vulnerability
BugTraq ID: 33221
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33221
Summary:
Triologic Media Player is prone to a heap-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

Triologic Media Player 7 is vulnerable; other versions may also be affected.

8. Microsoft Windows CHM File Processing Buffer Overflow Vulnerability
BugTraq ID: 33204
Remote: Yes
Date Published: 2009-01-11
Relevant URL: http://www.securityfocus.com/bid/33204
Summary:
Microsoft Windows is prone to a buffer-overflow vulnerability because of an issue when processing CHM files.

Successfully exploiting this issue would allow attackers to corrupt memory and crash the application associated with these files. Given the nature of this issue, attackers may also be able to run arbitrary code, but this has not been confirmed.

Windows XP Service Pack 3 is vulnerable; other versions may also be affected.

9. Microsoft HTML Help Workshop '.hhp' File Handling Buffer Overflow Vulnerability
BugTraq ID: 33189
Remote: Yes
Date Published: 2009-01-12
Relevant URL: http://www.securityfocus.com/bid/33189
Summary:
Microsoft HTML Help Workshop is prone to a remote buffer-overflow vulnerability.

The vulnerability occurs when the application handles a malformed HTML Help Workshop Project ('.hhp') file.

An attacker may exploit the issue to execute arbitrary code in the context of the application.

This vulnerability affects HTML Help Workshop 4.74 and prior versions.

10. VUPlayer '.asx' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 33185
Remote: Yes
Date Published: 2009-01-09
Relevant URL: http://www.securityfocus.com/bid/33185
Summary:
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

VUPlayer 2.49 is vulnerable; other versions may also be affected.

11. MP3 TrackMaker '.mp3' File Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 33183
Remote: Yes
Date Published: 2009-01-09
Relevant URL: http://www.securityfocus.com/bid/33183
Summary:
Heathco Software MP3 TrackMaker is prone to a remote heap-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

TrackMaker 1.5 is vulnerable; other versions may also be affected.

12. Microsoft January 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 33170
Remote: Yes
Date Published: 2009-01-08
Relevant URL: http://www.securityfocus.com/bid/33170
Summary:
Microsoft has released advance notification that the vendor will be releasing security bulletins on January 13, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect Microsoft Windows.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

Individual records will be created for the issues when the bulletins are released.

13. Perception LiteServe 'USER' FTP Command Remote Buffer Overflow Vulnerability
BugTraq ID: 33158
Remote: Yes
Date Published: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33158
Summary:
Perception LiteServe is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

LiteServe 2.81 is vulnerable; other versions may also be affected.

14. Microsoft Internet Explorer 'screen[""]' Remote Denial of Service Vulnerability
BugTraq ID: 33149
Remote: Yes
Date Published: 2009-01-07
Relevant URL: http://www.securityfocus.com/bid/33149
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Attackers can exploit this issue by enticing an unsuspecting victim to view a malicious web page.

Successfully exploiting this issue will cause the application to crash, denying service to legitimate users.

Microsoft Internet Explorer 6, 7, and 8 Beta are vulnerable; other versions may also be affected.

15. Microsoft Windows SMB NT Trans2 Remote Code Execution Vulnerability
BugTraq ID: 33122
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33122
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that occurs in the SMB (Server Message Block) protocol implementation.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

16. Microsoft Windows SMB NT Trans Request Buffer Overflow Vulnerability
BugTraq ID: 33121
Remote: Yes
Date Published: 2009-01-13
Relevant URL: http://www.securityfocus.com/bid/33121
Summary:
Microsoft Windows is prone to a buffer-overflow vulnerability that occurs in the SMB (Server Message Block) protocol implementation.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Successful exploits will facilitate in the complete compromise of affected computers. Failed exploit attempts will result in a denial-of-service condition.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@xxxxxxxxxxxxxxxxx from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@xxxxxxxxxxxxxxxxx and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by the Purewire

NEW! White Paper: "Hackers Announce Open Season on Web 2.0 Users and Browsers"

Learn how hackers are exploiting your employees Web surfing to gain entry into your network. Drive-by Downloads, Click Jacking, AJAX, XSS and Browser vulns are just some of the nasty attack methods hackers are coming up with and it's no longer good enough to block known bad URL's. Download this white paper now to mitigate your online security risks.



Relevant Pages

  • SecurityFocus Microsoft Newsletter #355
    ... MICROSOFT VULNERABILITY SUMMARY ... EDraw Office Viewer Component ActiveX Control Arbitrary File Overwrite Vulnerability ... EFS Software Easy Chat Server Authentication Request Handling Remote Denial Of Service Vulnerability ... Successfully exploiting these issues allows attackers with local, interactive access to affected computers to gain SYSTEM-level privileges. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #159
    ... The newest web app vulnerability... ... MICROSOFT VULNERABILITY SUMMARY ... Rit Research Labs TinyWeb Server Remote Denial of Service Vu... ... mIRC DCC SEND Buffer Overflow Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #441
    ... MICROSOFT VULNERABILITY SUMMARY ... Popcorn POP3 Response Remote Heap Buffer Overflow Vulnerability ... Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability ... Attackers can exploit this issue to cause the graphical interface of the server to stop responding, ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #363
    ... MICROSOFT VULNERABILITY SUMMARY ... EMC RepliStor Server Service recvBuffer Overflow Vulnerability ... World in Conflict GetMagicNumberString Function Remote Denial of Service Vulnerability ... Successfully exploiting these issues allows attackers to execute arbitrary machine code in the context of the database server, ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #291
    ... MICROSOFT VULNERABILITY SUMMARY ... Caucho Resin Viewfile Information Disclosure Vulnerability ... Raydium Multiple Remote Buffer Overflow and Denial Of Service Vulnerabilities ... Attackers exploiting latent vulnerabilities in services running with these low-privilege accounts may take advantage of this weakness to gain elevated privileges. ...
    (Focus-Microsoft)