>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) HIGH: Microsoft Office Unspecified Remote Code Execution
> Affected:
> Microsoft Office 2000
> Microsoft Office 2004 for Mac
> Possibly other versions.
>
> Description: Microsoft Office contains a memory corruption
> vulnerability
> in the processing of certain file formats. A specially-crafted file
> could exploit this vulnerability and execute arbitrary code with the
> privileges of the current user. This vulnerability is
> reported as being
> actively exploited in the wild. Currently, the public exploit is using
> Microsoft Excel files, but other file formats may be vulnerable. The
> extent of exploitation in the wild is currently believed to
> be very low.
> Note that Microsoft Office documents are not opened by default on
> versions of Office after Office 2000, or if the Office Document
> Confirmation Tool has been installed. No technical details for this
> vulnerability are believed to be publicly available.
>
> Status: Microsoft confirmed, no updates available.
>
> References:
> Microsoft Security Advisory
>
> Virus Information from McAfee
>
> Microsoft Office Document Confirmation Tool
>
> 2D2-077F-4031-9EE6-C9538E9F2A2F&displaylang=en
> Slashdot Discussion
>
> SecurityFocus BID
>
>
>
> **************************************************************
> ***********
>
> (3) LOW: Cisco SIP Packet Processing Denial-of-Service
> Affected:
> Cisco devices that support Voice-over-IP
>
> Description: Cisco devices that support Voice-over-IP (VoIP), but that
> are not properly configured for VoIP, are prone to a denial-of-service
> vulnerability. Currently, the nature of the vulnerability is not
> publicly known, but has been confirmed to involve traffic on UDP port
> 5060 and the Session Initiation Protocol (SIP). Note that devices that
> are properly configured for VoIP are not vulnerable. Users are advised
> to block UDP port 5060 at the network perimeter, if possible.
>
> Status: Cisco confirmed, updates available.
>
> Council Site Actions: Most of the responding council sites
> are using the
> affected software. Their respective network support teams plan to
> roll-out the patched during their next regularly scheduled
> system update
> process.
>
> References:
> Cisco Security Advisory
>
> Wikipedia Article on the Session Initiation Protocol
>
> SecurityFocus BID
>
>
> ***********
>
> ***********************
> Exploits and Details
> ***********************
>
> (5) DETAILS: Microsoft Agent Heap Overflow Vulnerability
>
> Description: Technical details have been publicly posted for a
> vulnerability patched in Microsoft Security Bulletin MS06-068. A
> specially-crafted string in a Microsoft Agent file (acf) with a length
> specified as greater than 0x7FFFFFFF will trigger a buffer overflow.
> Successful exploitation of this buffer overflow can result in
> arbitrary
> code execution with the privileges of the current user. This
> vulnerability was discussed in a previous issue of @RISK.
>
> Council Site Actions: Most of the responding council sites
> are already
> in the process of updating their systems.
>
> References:
> Previous @RISK Entry
>
> Microsoft Security Bulletin
>
> Posting by COSEINC
>
>
> *****************************
>
> (7) DETAILS: Computer Associates BrightStor ARCserve Buffer Overflows
>
> Description: Technical details have been publicly posted two
> vulnerabilities in Computer Associates BrightStor ARCserve.
> Specially-crafted traffic sent to the "LGSSERVER.EXE" process can
> exploit these vulnerabilities and execute arbitrary code with SYSTEM
> privileges:
> (1) A specially-crafted packet with a length specified as greater than
> 32767 will trigger a buffer overflow and result in arbitrary code
> execution. The vulnerable process listens on TCP port 1900; users are
> advised to block access to this port at the network
> perimeter, if at all
> possible.
> (2) Specially-crafted traffic beginning with the sequence
> "\x4e\x3d\x2c\x1b" and with a length greater than 65535 will trigger a
> buffer overflow and allow arbitrary code execution. The vulnerable
> process listens on TCP port 2200; users are advised to block access to
> this port at the network perimeter, if at all possible. These issues
> were discussed in a previous issue of @RISK.
>
> Council Site Actions: Only one of the responding council
> sites is using
> the affected software and they plan to load the patches during their
> next regularly schedule system update process.
>
> References:
> Previous @RISK Entry
>
> Posting by NGS Software Insight Security Research
>
>
> **************************************************************
> *****************************
>
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 6 2007
>
>
> 07.6.1 CVE: Not Available
> Platform: Windows
> Title: Windows Vista Voice Recognition Command Execution
> Description: Windows Vista is prone to a command execution
> vulnerability because of its built in voice recognition capability.
> When voice recognition is enabled and when the speakers and microphone
> are on and the volume is adjusted appropriately, voice commands given
> via an audio file may be executed by the operating system. Several
> versions of Windows Vista are affected.
> Ref:
>
> ng-windows-vista-speech-recognition.aspx
> ______________________________________________________________________
>
> 07.6.2 CVE: Not Available
> Platform: Windows
> Title: Microsoft Windows Mobile Multiple Remote Denial of
> Service Vulnerabilities
> Description: Microsoft Windows Mobile is an operating system for smart
> phones and PDAs. Due to insufficient input sanitization, it is prone
> to two remote denial of service vulnerabilities. Please refer to the
> advisory for further information.
> Ref:
> ______________________________________________________________________
>
> 07.6.3 CVE: Not Available
> Platform: Windows
> Title: Microsoft Internet Explorer Multiple ActiveX Controls Denial of
> Service Vulnerabilities
> Description: Microsoft Internet Explorer is prone to multiple denial
> of service vulnerabilities due to insufficient exception handling in
> various ActiveX controls. Internet Explorer versions 5, 6 and 7 are
> reportedly vulnerable. Please refer to the advisory for further
> information.
> Ref:
> ______________________________________________________________________
>
> 07.6.5 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Computer Associates BrightStor ARCserve BackUp LGServer Remote
> Stack Buffer Overflow
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection. BrightStor ARCserve
> Backup is prone to a remote stack
> based buffer overflow vulnerability due to inadequate bounds checks on
> user-supplied data prior to copying it to an insufficiently sized
> buffer. Computer Associates BrightStor ARCserve Backup versions 11.0,
> 11.1 and 11.1 SP1 are affected.
> Ref:
>
> abldimpsec-notice.asp
> ______________________________________________________________________
>
> 07.6.8 CVE: Not Available
> Platform: Third Party Windows Apps
> Title: Ipswitch WS_FTP 2007 SCP Handling Format String
> Description: Ipswitch WS_FTP 2007 Professional is an FTP server
> written for the Microsoft Windows operating system. It is prone to a
> format string vulnerability due to insufficient input sanitization in
> the SCP handling module.
> Ref:
> ______________________________________________________________________
>
> 07.6.23 CVE: CVE-2007-0459,CVE-2007-0458,CVE-2007-0457,CVE-2007-0456
> Platform: Cross Platform
> Title: Wireshark Multiple Protocol Denial of Service Vulnerabilities
> Description: Wireshark is an application for analyzing network
> traffic. It is vulnerable to multiple denial of service issues when
> certain unspecified HTTP packets are reassembled. Wireshark versions
> 0.99.4 and earlier are vulnerable.
> Ref:
> ______________________________________________________________________
>
> 07.6.24 CVE: Not Available
> Platform: Cross Platform
> Title: Computer Associates BrightStor ARCserve Backup LGSERVER.EXE
> Denial Of Service
> Description: Computer Associates BrightStor ARCserve Backup products
> provide backup and restore protection for multiple platforms.
> BrightStor ARCserve Backup is
> prone to a denial of service vulnerability due to insufficient error
> handling in the "LGSERVER.EXE" service. Multiple versions are
> reportedly vulnerable. Please refer to the advisory for more
> information.
> Ref:
>
> abldimpsec-notice.asp
> ______________________________________________________________________
>
> 07.6.78 CVE: Not Available
> Platform: Network Device
> Title: Intel 2200BG 802.11 Driver Beacon Frame Denial of Service
> Description: Intel 2200BG driver is prone to a remote code execution
> vulnerability due to a race condition. The vulnerability occurs when
> the affected device driver "w29n51.sys" fails to properly handle
> malformed disassociation packets. Intel 2200 driver version 9.0.3.9 is
> vulnerable, and other versions may also be affected.
> Ref:
> ______________________________________________________________________
