ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 38



>
> *******************************
> Widely Deployed Software
> *******************************
>
> (1) HIGH: Microsoft Agent Memory Corruption (MS07-051)
> Affected:
> Microsoft Windows 2000
>
> Description: Microsoft Agent is a Microsoft technology that allows for
> custom "software assistants", small animated characters that can
> instruct users on how to use applications or provide other services.
> This service is available as an ActiveX control. A flaw in
> the handling
> of certain URLs passed to Microsoft Agent could result in a memory
> corruption vulnerability. A specially crafted web page that
> instantiated
> this control and exploited this vulnerability would be able to execute
> arbitrary code with the privileges of the current user. A
> proof-of-concept for this vulnerability is publicly available.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-051.mspx
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=592
> Proof-of-Concept
> http://downloads.securityfocus.com/vulnerabilities/exploits/25
> 566-PoC.html
> SecurityFocus BID
> http://www.securityfocus.com/bid/25566
>
> *****************************************************************
>
> (2) HIGH: Microsoft MSN and Windows Live Messenger Memory
> Corruption (MS07-054)
> Affected:
> Microsoft MSN Messenger versions prior to 7.0.0820
> Microsoft Windows Live Messenger versions prior to 8.1
>
> Description: Microsoft Windows Live Messenger, formerly known as
> Microsoft MSN Messenger, is Microsoft's instant messaging application.
> This application supports live videoconferencing. Failure to properly
> handle specially crafted video data could trigger a memory corruption
> vulnerability. An attacker that successfully exploited this
> vulnerability would be able to execute arbitrary code with the
> privileges of the current user. Note that the user must first accept a
> video chat session from an attacker to be vulnerable. A
> proof-of-concept
> for this vulnerability is publicly available. This vulnerability was
> discussed in a previous edition of @RISK.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/Bulletin/MS07-054.mspx
> Previous @RISK Entry
> http://www.sans.org/newsletters/risk/display.php?v=6&i=36#widely3
> Proof-of-Concept
> http://milw0rm.com/exploits/4334
> SecurityFocus BID
> http://www.securityfocus.com/bid/25461
>
> *****************************************************************
>
> (3) HIGH: Apple Quicktime Script Injection Vulnerability
> Affected:
> Apple QuickTime version 7.2.0 and prior
>
> Description: Apple QuickTime is Apple's streaming media framework.
> QuickTime media link files are XML files that can be used to define
> various media streams and other parameters for QuickTime. A specially
> crafted media link file containing JavaScript or Mozilla Chrome
> information could trigger a vulnerability and lead to arbitrary script
> execution when viewed in a web browser. A malicious website
> hosting such
> a file could exploit this vulnerability to execute arbitrary scripting
> code with the privileges of the current user. Note that, depending on
> configuration, malicious content may be opened without first prompting
> the user.  It is believed that the vulnerability is exploitable in
> Mozilla-based browsers (such as Firefox), Microsoft Internet Explorer,
> and Apple Safari. A proof-of-concept for this vulnerability
> is publicly
> available. Note that several Apple applications install QuickTime,
> including iTunes and Safari. It is believed that both the Mac OS X and
> Microsoft Windows platforms are vulnerable.
>
> Status: Apple has not confirmed, no updates available.
>
> References:
> GNUCITIZEN Posting
> http://www.gnucitizen.org/blog/0day-quicktime-pwns-firefox
> Proof-of-Concept
> http://milw0rm.com/exploits/4399
> QuickTime Home Page
> http://www.apple.com/quicktime
> SecurityFocus BID
> http://www.securityfocus.com/bid/20138
>
> *****************************************************************
>
> (4) HIGH: Multiple HP Products ActiveX Control Buffer Overflow
> Affected:
> HP HPQUTIL.DLL ActiveX Component
> Products known to install this DLL include:
> HP Photo and Image Gallery
> HP All-in-One Series
>
> Description: Multiple HP products install the HPQUTIL.DLL
> library. This
> library exports several ActiveX controls. One of these
> controls contains
> a buffer overflow vulnerability in its "ListFiles" method. A specially
> crafted web page that instantiates this control could trigger this
> buffer overflow and execute arbitrary code with the privileges of the
> current user. A proof-of-concept for this vulnerability is publicly
> available.
>
> Status: HP has not confirmed, no updates available. Users can mitigate
> the impact of this vulnerability by disabling the vulnerable
> control via
> Microsoft's "kill bit" mechanism for CLSID
> "F3F381A3-4795-41FF-8190-7AA2A8102F85".
>
> References:
> GOODFELLAS Security Advisory
> http://www.securityfocus.com/archive/1/479442
> Proof-of-Concept
> http://downloads.securityfocus.com/vulnerabilities/exploits/25673.html
> Microsoft Knowledge Base Article (documents the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> SecurityFocus BID
> http://www.securityfocus.com/bid/25673
>
> *****************************************************************
>
> (5) MODERATE: Microsoft Visual Studio Crystal Reports File
> Processing Vulnerability (MS07-052)
> Affected:
> Microsoft Visual Studio .NET 2002/2003
> Microsoft Visual Studio 2005
>
> Description: Microsoft Visual Studio, Microsoft's integrated
> development
> environment, ships with an embedded copy of Business Objects' Crystal
> Reports. Crystal Reports is a popular enterprise reporting
> application.
> A specially crafted Crystal Reports report file (RPT file)
> could trigger
> a vulnerability in Microsoft Visual Studio. Successfully
> exploiting this
> vulnerability would allow an attacker to execute arbitrary
> code with the
> privileges of the current user. Depending upon configuration, Visual
> Studio may open such files without first prompting the user. A
> proof-of-concept for this vulnerability is publicly available.
>
> Status: Microsoft confirmed, updates available. This vulnerability was
> first publicly reported in November of 2006 for the standalone Crystal
> Reports product. This advisory concerns the embedded copy in Microsoft
> Visual Studio.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-052.mspx
> Proof-of-Concept (binary file)
> http://www.securityfocus.com/data/vulnerabilities/exploits/212
> 61-CrystalReportsModified.rpt
> Business Objects Knowledge Base Article
> http://technicalsupport.businessobjects.com/Publishing/195/141
> 0607_f.html
> Business Objects Home Page
> http://www.businessobjects.com/
> SecurityFocus BID
> http://www.securityfocus.com/bid/21261
>
> *****************************************************************
>
> ****************
> Other Software
> ****************
>
> Part II - Comprehensive List of Newly Discovered Vulnerabilities from
> Qualys (www.qualys.com)
>
> Week 38, 2007
> ______________________________________________________________________
>
> 07.38.15 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Media Player Classic Malformed AVI Header Multiple Remote
> Vulnerabilities
> Description: Media Player Classic is a media player available for
> Microsoft Windows. The application is exposed to multiple remote
> issues that occur when handling malformed AVI files. Media Player
> Classic version 6.4.9.0 is affected.
> Ref: http://www.securityfocus.com/archive/1/475150
> ______________________________________________________________________
>
> 07.38.16 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: WinSCP URL Protocol Handler Arbitrary File Access
> Description: WinSCP is a freely available secure file transfer client
> for Microsoft Windows operating systems. WinSCP has the functionality
> to handle "sftp:" (SSH File Transfer Protocol) and "scp:" (Secure
> Copy) addresses. The application is exposed to an arbitrary file
> access issue. WinSCP versions prior to 4.0.4 are affected.
> Ref: http://www.securityfocus.com/archive/1/479298
> ______________________________________________________________________
>
>
> 07.38.19 CVE: Not Available
> Platform: Linux
> Title: MPlayer AVIHeader.C Heap Based Buffer Overflow
> Description: MPlayer is an application for playing movies. It runs on
> Linux operating systems. The application is exposed to a heap-based
> buffer overflow issue because it fails to perform adequate boundary
> checks on user-supplied input data. MPlayer version 1.0rc1 is
> affected.
> Ref: http://www.securityfocus.com/archive/1/479222
> ______________________________________________________________________
>
> 07.38.22 CVE: CVE-2007-4730
> Platform: Cross Platform
> Title: X.Org X Server Composite Extension Local Buffer Overflow
> Description: The X.Org X Windows System is a windows server for Unix,
> Linux, and variants. It is freely available and distributed publicly.
> The application is exposed to a local buffer overflow issue due to a
> design error in the X Server composite extension. X.Org X Server
> version 1.3.99.2 (RC2) is affected.
> Ref:
> http://lists.freedesktop.org/archives/xorg-announce/2007-Septe
mber/000378.html
> ______________________________________________________________________
>
>
> 07.38.26 CVE: Not Available
> Platform: Cross Platform
> Title: Quagga Routing Suite Multiple Denial Of Service Vulnerabilities
> Description: Quagga Routing Suite is a suite of routing applications
> written for FreeBSD, Linux, Solaris, and NetBSD operating systems. The
> application is exposed to multiple denial of service issues. A denial
> of service condition occurs when the application handles specially
> crafted "OPEN" messages, and also when the application
> handles specially
> crafted "COMMUNITY" attributes that are included in messages. Quagga
> Routing Suite versions prior to 0.99.9 are affected.
> Ref: http://www.quagga.net/download/quagga-0.99.9.changelog.txt
> ______________________________________________________________________
>
>
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held by a
> party other than Qualys (as indicated herein) and permission to use
> such material must be requested from the copyright owner.
>



 




Copyright © Lexa Software, 1996-2009.