ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 5 No. 44



> 
> *****************************
> Widely-Deployed Software
> *****************************
> 
> (1) HIGH: Microsoft XML Core Services XMLHTTP ActiveX Control Remote
> Code Execution (0-day)
> Affected:
> Microsoft XML Core Services 4.0
> 
> Description: Microsoft XML Core Services, used to build XML-aware
> applications, contains an ActiveX control that contains a remote code
> execution vulnerability. A malicious web page that instantiates the
> XMLHTTP ActiveX control could exploit this vulnerability and execute
> arbitrary code with the privileges of the current user. Some technical
> details for this vulnerability have been publicly posted, and this
> vulnerability is being actively exploited in the wild. Users can
> mitigate the impact of this vulnerability by disabling the ActiveX
> control via Microsoft's "kill bit" mechanism, for CLSID
> "88d969c5-f192-11d4-a65f-0040963251e5".
> 
> Status: Microsoft confirmed, no updates available.
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/927892.mspx
> SANS Internet Storm Center Handler's Diary
> http://isc.sans.org/diary.php?storyid=1825
> Securiteam Blog
> http://blogs.securiteam.com/index.php/archives/717
> SecurityFocus BID
> http://www.securityfocus.com/bid/20915
> 
> ****************************************************************
> 
> (2) HIGH: America Online ICQ ICQPhone ActiveX Control Remote 
> Code Execution
> Affected:
> America Online ICQ 5.1
> 
> Description: America Online (AOL) ICQ, a popular instant-messaging
> application, contains a remote code execution vulnerability. The
> ICQPhone ActiveX control, included by default with ICQ, can 
> be directed
> to automatically download and execute an arbitrary file from any URL.
> This file will be executed with the privileges of the current user. A
> specially-crafted web page could instantiate this ActiveX control and
> exploit this vulnerability with no further user interaction. The
> vulnerable control will be automatically updated when the user logs in
> to the ICQ network. Users can mitigate the impact of this 
> vulnerability
> by disabling the ActiveX control via Microsoft's "kill bit" mechanism,
> for CLSID "54BDE6EC-F42F-4500-AC46-905177444300".
> 
> Status: AOL confirmed, updates available.
> 
> References:
> Zero Day Initiative
> http://zerodayinitiative.com/advisories/ZDI-06-037.html
> Microsoft Knowledge Base Article (describes the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> AOL ICQ Home Page
> http://www.icq.com
> SecurityFocus BID
> Not yet available.
> 
> 
> ****************
> Other Software
> ****************
> 
> (3) MODERATE: Microsoft Visual Studio ActiveX Remote Code Execution
> Affected:
> Microsoft Visual Studio 2005
> 
> Description: Microsoft Visual Studio, Microsoft's multi-language
> integrated development environment, contains an ActiveX control that
> contains a remote code execution vulnerability. A malicious web page
> which instantiates this control could exploit this vulnerability and
> execute arbitrary code with the privileges of the current 
> user. Working
> exploit code and technical details for this vulnerability are publicly
> available, and it is believed that this vulnerability is 
> being actively
> exploited in the wild. Users can mitigate the impact of this
> vulnerability by disabling instantiation of this control via 
> Microsoft's
> "kill bit" mechanism for CLISD "7F5B7F63-F06F-4331-8A26-339E03C0AE3D".
> 
> Status: Microsoft confirmed, no updates available.
> 
> Council Site Actions:  All responding council sites are responding to
> this item on some level. Most are evaluating whether to set 
> the Kill Bit
> on installations. One site commented they have blocked this traffic
> using their perimeter active content protection mechanism. At another
> site, some of the users have set the Kill Bit on their own. 
> One desktop
> support group does not plan to take action.
> 
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/927709.mspx
> Microsoft Knowledge Base Article (describes the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> Metasploit Exploit Module
> http://metasploit.com/projects/Framework/exploits.html#ie_createobject
> SecurityFocus BID
> http://www.securityfocus.com/bid/20843
> 
> 
> *********
> Exploits
> *********
> 
> (6) Apple Wireless Driver Multiple Vulnerabilities
> 
> Council Site Actions:  Only two sites responded to this item.  One has
> sent the alert information to their networking support group. 
>  The other
> site plans to watch this item carefully.  They stated that the binary
> driver issue being debated in the FOSS community has raised 
> interest in
> this sort of attack.
> 
> References:
> Metasploit Exploit Module
> http://metasploit.com/svn/framework3/trunk/modules/auxiliary/d
> os/wireless/daringphucball.rb
> Previous @RISK Newsletter Entry
> http://www.sans.org/newsletters/risk/display.php?v=5&i=39#widely3 
> 
> *******************************************************************
> 
> 
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 44 2006
> 
> This list is compiled by Qualys ( www.qualys.com ) as part of that
> company's ongoing effort to ensure its vulnerability management web
> service tests for all known vulnerabilities that can be scanned. As of
> this week Qualys scans for 5247 unique vulnerabilities. For this
> special SANS community listing, Qualys also includes vulnerabilities
> that cannot be scanned remotely.
> 
> 06.44.1 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows NAT Helper Remote Denial of Service
> Description: Microsoft Windows is prone to a remote denial of service
> vulnerability because the Server service fails to properly handle
> unexpected network traffic.  Specifically, when the NAT Helper
> component of Microsoft Windows attempts to process malformed DNS
> queries, it may trigger a crash. DNS queries with the "Additional RR"
> field set to zero may trigger this issue. Exploiting this issue may
> cause affected computers to crash.
> Ref: http://blog.ncircle.com/archives/2006/10/microsoft_ics_d.htm
> ______________________________________________________________________
> 
> 06.44.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer MHTML Denial of Service
> Description: Microsoft Internet Explorer is prone to a denial of
> service issue when it attempts to parse certain malformed HTML
> content, specifically the IFRAME tag, which causes a stack recursion
> overflow resulting in an application crash.
> Internet Explorer 7 is vulnerable.
> Ref: http://www.securityfocus.com/bid/20875
> ______________________________________________________________________
> 
> 06.44.3 CVE: Not Available
> Platform: Other Microsoft Products
> Title: Internet Explorer RemoveChild Denial of Service
> Description: Microsoft Internet Explorer is vulnerable to a denial of
> service issue when JavaScript code is repeatedly used to remove the
> HTML DOM elements. Microsoft Internet Explorer versions 6 and 7 are
> vulnerable.
> Ref:
> http://www.theserverpages.com/articles/webmasters/iexplorer/In
> ternet_Explorer_6-and-7_Bug-or-Crash.html
> ______________________________________________________________________
> 
> 
> 06.44.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Sophos Antivirus Multiple Denial of Service Vulnerabilities
> Description: Sophos Antivirus is prone to multiple denial of service
> issues including excessive CPU consumption and buffer overflows. All
> current versions are affected.
> Ref: http://www.securityfocus.com/bid/20816
> ______________________________________________________________________
> 
> 06.44.11 CVE: CVE-2006-0187
> Platform: Third Party Windows Apps
> Title: Visual Studio 2005 WMI Object Broker Remote Code Execution
> Description: Microsoft Visual Studio 2005 is a development tool for
> building applications. It is vulnerable to arbitrary code execution
> due to an unspecified error in the WMI Object Broker ActiveX Control.
> See the advisory for further details.
> Ref: http://www.microsoft.com/technet/security/advisory/927709.mspx
> ______________________________________________________________________
> 
> 06.44.12 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Outpost Firewall PRO Local Denial of Service
> Description: Outpost Firewall PRO is a firewall application. It is
> exposed to a denial of service vulnerability. This issue is due to a
> failure of the application to properly handle unexpected input.
> Outpost Firewall PRO version 4.0 (964.582.059) is affected.
> Ref: http://www.securityfocus.com/bid/20860
> ______________________________________________________________________
> 
> 06.44.19 CVE: Not Available
> Platform: Cross Platform
> Title: Firefox Range Script Object Denial of Service
> Description: Mozilla Firefox is vulnerable to a remote denial of
> service issue when a malformed HTML document containing the
> "createRange" method along with other operations is executed by the
> application. Mozilla Firefox versions 1.5.0.7 and earlier are
> vulnerable.
> Ref: http://www.gotfault.net/research/advisory/gadv-firefox.txt
> ______________________________________________________________________
> 
> 06.44.29 CVE: Not Available
> Platform: Cross Platform
> Title: Novell Netmail Authentication Buffer Overflow
> Description: Novell Netmail is an email and calendaring system. It is
> prone to a stack-based buffer overflow vulnerability. This issue
> occurs because the authentication component fails to perform
> sufficient bounds checks on username data provided by the client.
> Novell NetMail versions 3.52 D and earlier are affected.
> Ref: http://www.securityfocus.com/bid/20853
> ______________________________________________________________________



 




Copyright © Lexa Software, 1996-2009.