Nabble - Security - Microsoft

Re: How to prepare Windows Installation Discs

2009-11-21T09:23:27Z

Dear friends
thank you very much for the answers. Now I must read trough and find
that what I need.

The sequence of the installation is important in my opinion.
Is the right sequence assigned by this software (nliteos for example)?

Martin

gremagehan@... wrote:

> Hello List,
>
> I'm looking for some Informations about preparing the Windows
> Installation CD's (XP Pro).
> It should be possible to prepare an installation disc with Windows
> including all Service packs.
> How to do that? It is possible to prepare installation CD for more than
> one machine?
> And what about the Windows 7?
> We prepare every week up to 20 PC's as a part of our measurement systems.
> Therefore it is not our main topic, but I thing it is better to install
> OS with all the updates
> than make online update with every box.
>
> Thank you for your answers
>
> Have a nice day
> Martin
>
>

RE: How to prepare Windows Installation Discs

2009-11-16T10:42:13Z

I have used this tool in the past to make an ISO image of all the updates required to the date the tool is run.
http://www.h-online.com/security/features/Offline-Update-746179.html

Very useful for creating windows systems offline and having them fully patched prior to connecting them toi the network.

It is still two steps install OS then install patches but you do not need to connect to Windows Update to do it.

- Stewart

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of SDeVries@...
Sent: November-13-09 3:34 AM
To: gremagehan; focus-ms
Subject: Re: How to prepare Windows Installation Discs

Martin,

You can use slip streaming to create a standardized install cd or base image. You might be better of (depending on your setup) utilizing a (RIS install for windows xp or WDS for windows 7) with a wsus server for standardized updates.

As I said. Depending on your network setup. For this google is your friend.

----- Original Message -----
From: gremagehan
Sent: 10/11/2009 05:49 PM
To: focus-ms@...
Subject: How to prepare Windows Installation Discs

Hello List,

I'm looking for some Informations about preparing the Windows
Installation CD's (XP Pro).
It should be possible to prepare an installation disc with Windows
including all Service packs.
How to do that? It is possible to prepare installation CD for more than
one machine?
And what about the Windows 7?
We prepare every week up to 20 PC's as a part of our measurement systems.
Therefore it is not our main topic, but I thing it is better to install
OS with all the updates
than make online update with every box.

Thank you for your answers

Have a nice day
Martin
Important information
This email is solely for the use of the addressee and may contain information which is confidential.
Any content within this email including attachments are subject to the terms and conditions of Shaw Stockbroking Limited's (ABN 24 003 221 583)
disclaimer as viewable at: http://www.shawstock.com.au/emaildisclaimer.asp.
If you are not the intended recipient please forward this email to broking@... and delete the original.

Re: How to prepare Windows Installation Discs

2009-11-16T10:30:37Z

HI there.

There are also solution like u can directly customise all the
components of windows XP via "Windows XPe" in windows XPe u can also
make a live Cd sort of known as Horms CD by MS and have a look at
windows embedded standard can make vista in similar manner and would
be cost effective also if on a large scale..

Cheers
:)

2009/11/13 Jérémie Bécousse <jbecousse@...>:

> Hello,
>
> Sorry for my bad English, i hope this message will be understandable!
>
> We are currently using the MS software MDT 2010 (Migration Deployment Tool)
> wich allow you to install OS without human intervention.
>
> To realise this for windows Seven and XP you need a Windows Server 2008 R2
> and MDT 2010.
>
> Nevertheless, maybe this system isn't exactly what you are looking for,
> because the CD created by this tool is just a live CD allowing the
> connection to MDT server and dowloading OS, Software, Service Pack etc.
>
> We have realised scenarios for Windows XP and Windows 7, and we install
> automatically Office, our Antivirus, TightVNC, Acrobat reader etc. with only
> two clic in about 40 minutes.
>
> About compatibility with multiple computers, it's not a problem because even
> if the OS haven't drivers for your computer, you can add them manualy in MDT
> Server.
>
> Finaly if you have 10 computers models (for exemple), you can generate image
> (.wim file) at the end of the process, and then update this image througt
> MDT. The advantage of updating is you haven't to reinstall completly a
> computer if you only have one security fix to add!
>
> This tool is very powerfull, but need a lot of configuration to do this with
> only two or three mouse clic. If you don't care to clic on Next button
> during the installation phase, you can install MDT and create your basic
> scenario in 30 minutes and deploy it in 20 minutes.
>
> Regards
>
> Jérémie Bécousse
>
> -----Message d'origine-----
> De : listbounce@... [mailto:listbounce@...] De
> la part de gremagehan@...
> Envoyé : mardi 10 novembre 2009 07:50
> À : focus-ms@...
> Objet : How to prepare Windows Installation Discs
>
> Hello List,
>
> I'm looking for some Informations about preparing the Windows
> Installation CD's (XP Pro).
> It should be possible to prepare an installation disc with Windows
> including all Service packs.
> How to do that? It is possible to prepare installation CD for more than
> one machine?
> And what about the Windows 7?
> We prepare every week up to 20 PC's as a part of our measurement systems.
> Therefore it is not our main topic, but I thing it is better to install
> OS with all the updates
> than make online update with every box.
>
> Thank you for your answers
>
> Have a nice day
> Martin
>
>

--
Thanking you.

Harsh Patel
Team iT ELF
SCIT ISS 9/11.

RE: How to prepare Windows Installation Discs

2009-11-13T09:43:01Z

Hi Martin,

Here are some write-ups that cover the XP, 2000, and 2003 server aspect.

Unattended Windows Introduction:
http://unattended.msfn.org/unattended.xp/

How to integrate software updates into your Windows installation source files:
http://support.microsoft.com/default.aspx?scid=kb;en-us;828930

How to slipstream hotfixes that replace pre-existing driver files:
http://support.microsoft.com/kb/814847

After you create Windows XP Service Pack 3 slipstreamed media, your product key is not accepted
http://support.microsoft.com/kb/950722

The Windows & solution center does not list anything for slipstream with W7 yet, but I am sure it eventually will:
http://support.microsoft.com/gp/windows7

Respectfully,

Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com

4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of gremagehan@...
Sent: Tuesday, November 10, 2009 01:50
To: focus-ms@...
Subject: How to prepare Windows Installation Discs

Hello List,

I'm looking for some Informations about preparing the Windows
Installation CD's (XP Pro).
It should be possible to prepare an installation disc with Windows
including all Service packs.
How to do that? It is possible to prepare installation CD for more than
one machine?
And what about the Windows 7?
We prepare every week up to 20 PC's as a part of our measurement systems.
Therefore it is not our main topic, but I thing it is better to install
OS with all the updates
than make online update with every box.

Thank you for your answers

Have a nice day
Martin

RE: How to prepare Windows Installation Discs

2009-11-13T01:21:21Z

Hello,

Sorry for my bad English, i hope this message will be understandable!

We are currently using the MS software MDT 2010 (Migration Deployment Tool)
wich allow you to install OS without human intervention.

To realise this for windows Seven and XP you need a Windows Server 2008 R2
and MDT 2010.

Nevertheless, maybe this system isn't exactly what you are looking for,
because the CD created by this tool is just a live CD allowing the
connection to MDT server and dowloading OS, Software, Service Pack etc.

We have realised scenarios for Windows XP and Windows 7, and we install
automatically Office, our Antivirus, TightVNC, Acrobat reader etc. with only
two clic in about 40 minutes.

About compatibility with multiple computers, it's not a problem because even
if the OS haven't drivers for your computer, you can add them manualy in MDT
Server.

Finaly if you have 10 computers models (for exemple), you can generate image
(.wim file) at the end of the process, and then update this image througt
MDT. The advantage of updating is you haven't to reinstall completly a
computer if you only have one security fix to add!

This tool is very powerfull, but need a lot of configuration to do this with
only two or three mouse clic. If you don't care to clic on Next button
during the installation phase, you can install MDT and create your basic
scenario in 30 minutes and deploy it in 20 minutes.

Regards

Jérémie Bécousse

-----Message d'origine-----
De : listbounce@... [mailto:listbounce@...] De
la part de gremagehan@...
Envoyé : mardi 10 novembre 2009 07:50
À : focus-ms@...
Objet : How to prepare Windows Installation Discs

Hello List,

I'm looking for some Informations about preparing the Windows
Installation CD's (XP Pro).
It should be possible to prepare an installation disc with Windows
including all Service packs.
How to do that? It is possible to prepare installation CD for more than
one machine?
And what about the Windows 7?
We prepare every week up to 20 PC's as a part of our measurement systems.
Therefore it is not our main topic, but I thing it is better to install
OS with all the updates
than make online update with every box.

Thank you for your answers

Have a nice day
Martin

Re: How to prepare Windows Installation Discs

2009-11-13T00:34:16Z

Martin,

You can use slip streaming to create a standardized install cd or base image. You might be better of (depending on your setup) utilizing a (RIS install for windows xp or WDS for windows 7) with a wsus server for standardized updates.

As I said. Depending on your network setup. For this google is your friend.

----- Original Message -----
From: gremagehan
Sent: 10/11/2009 05:49 PM
To: focus-ms@...
Subject: How to prepare Windows Installation Discs

Hello List,

I'm looking for some Informations about preparing the Windows
Installation CD's (XP Pro).
It should be possible to prepare an installation disc with Windows
including all Service packs.
How to do that? It is possible to prepare installation CD for more than
one machine?
And what about the Windows 7?
We prepare every week up to 20 PC's as a part of our measurement systems.
Therefore it is not our main topic, but I thing it is better to install
OS with all the updates
than make online update with every box.

Thank you for your answers

Have a nice day
Martin
Important information
This email is solely for the use of the addressee and may contain information which is confidential.
Any content within this email including attachments are subject to the terms and conditions of Shaw Stockbroking Limited's (ABN 24 003 221 583)
disclaimer as viewable at: http://www.shawstock.com.au/emaildisclaimer.asp.
If you are not the intended recipient please forward this email to broking@... and delete the original.

RE: How to prepare Windows Installation Discs

2009-11-12T23:58:53Z

You can try Nlite (http://www.nliteos.com/download.html)

Work's great for me!

From http://www.nliteos.com/nlite.html...

"Features

* Service Pack Integration
* Component Removal
* Unattended Setup
* Driver Integration *
* Hotfixes Integration **
* Tweaks
* Services Configuration
* Patches ***
* Bootable ISO creation"

"nLite supports Windows 2000, XP x86/x64 and 2003 x86/x64 in all
languages.
It needs .NET Framework 2.0 in order to run"

-----Mensaje original-----
De: listbounce@... [mailto:listbounce@...]
En nombre de gremagehan@...
Enviado el: dimarts, 10 / novembre / 2009 07:50
Para: focus-ms@...
Asunto: How to prepare Windows Installation Discs

Hello List,

I'm looking for some Informations about preparing the Windows
Installation CD's (XP Pro).
It should be possible to prepare an installation disc with Windows
including all Service packs.
How to do that? It is possible to prepare installation CD for more than
one machine?
And what about the Windows 7?
We prepare every week up to 20 PC's as a part of our measurement
systems.
Therefore it is not our main topic, but I thing it is better to install
OS with all the updates
than make online update with every box.

Thank you for your answers

Have a nice day
Martin

Marc Serra - OiS
mserra@...
<img>
Manxa 1901 S.L.
Ctra. Les Tries 85
17800 Olot (Girona)
Telf: +34 972 27 64 99
www.manxa.es

Avis legal
El contingut d'aquest correu electronic i els seus annexos es estrictament confidencial. En el cas que voste no sigui el destinatari i hagi rebut aquest missatge per error, preguem ho comuniqui al remitent i procedeixi a la seva eliminacio, sense difondre, emmagatzemar o copiar el seu contingut.

Aviso legal
El contenido de este correo electronico y sus anexos es estrictamente confidencial. En el caso de que usted no sea el destinatario y haya recibido este mensaje por error, rogamos lo comunique al remitente y proceda a su eliminacion, sin difundir, almacenar o copiar su contenido.

Important notice
The information contained in this e-mail is strictly confidential and is intended to be viewed and used only by the above-named recipient. If you are not the above-named intended recipient and have received this message by mistake, you are hereby notified that any dissemination, distribution or copying of this communication and its content is strictly prohibited. If you have received this communication by mistake, please re-send it to the sender and delete the original message or any copy of it from your computer system.

How to prepare Windows Installation Discs

2009-11-09T22:49:46Z

Hello List,

I'm looking for some Informations about preparing the Windows
Installation CD's (XP Pro).
It should be possible to prepare an installation disc with Windows
including all Service packs.
How to do that? It is possible to prepare installation CD for more than
one machine?
And what about the Windows 7?
We prepare every week up to 20 PC's as a part of our measurement systems.
Therefore it is not our main topic, but I thing it is better to install
OS with all the updates
than make online update with every box.

Thank you for your answers

Have a nice day
Martin

SecurityFocus Microsoft Newsletter #453

2009-11-03T08:51:39Z

SecurityFocus Microsoft Newsletter #453
----------------------------------------

This issue is sponsored by Entrust

Entrust SSL Certificates - UCC certificates
Secure MS Exchange '07 - up to 10 host names included
Now from only $387/year

http://www.entrust.net/securityfocus-ucc

------------------------------------------------------------------
I. FRONT AND CENTER
1. Time to Squish SQL Injection
2. Lazy Workers May Be Deemed Hackers
II. MICROSOFT VULNERABILITY SUMMARY
1. F-Secure Products PDF Files Scan Evasion Vulnerability
2. McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
3. Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
4. Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation
Vulnerability
5. Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure
Vulnerability
6. Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Squish SQL Injection
by Gunter Ollmann
Heartland Payment Systems and Hannaford Bros. both fell prey to botnets wielding SQL injection
flaws. Corporate IT managers need to place a priority on fixing Web site vulnerabilities, argues
Gunter Ollmann, vice president of research for Damballa.
http://www.securityfocus.com/columnists/505

2. Lazy Workers May Be Deemed Hackers
By Mark Rasch
>From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. F-Secure Products PDF Files Scan Evasion Vulnerability
BugTraq ID: 36876
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36876
Summary:
Multiple F-Secure products are prone to a vulnerability that may allow certain files to bypass the
scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application on a gateway device will fail to detect.

2. McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
BugTraq ID: 36848
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36848
Summary:
Multiple McAfee products are prone to vulnerabilities that may allow certain files to bypass the
scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application on a gateway device will fail to detect.

3. Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
BugTraq ID: 36846
Remote: Yes
Date Published: 2009-10-26
Relevant URL: http://www.securityfocus.com/bid/36846
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate
users.

These issues affect the following:

Wireshark 1.2.2 and earlier
Wireshark 1.0.9 and earlier

4. Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 36836
Remote: No
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36836
Summary:
Multiple Rising products are prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges,
resulting in a complete compromise of the affected computer.

The following Rising products are affected:

Antivirus 2009
Internet Security 2009
Personal Firewall 2009

5. Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
BugTraq ID: 36817
Remote: Yes
Date Published: 2009-10-26
Relevant URL: http://www.securityfocus.com/bid/36817
Summary:
Microsoft SharePoint is prone to a vulnerability that lets attackers access certain files that
contain source code.

An attacker can exploit this vulnerability to retrieve certain files from the vulnerable computer in
the context of the webserver process. Information obtained may aid in further attacks.

SharePoint 2007 is vulnerable; other versions may also be affected.

6. Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
BugTraq ID: 36814
Remote: Yes
Date Published: 2009-10-26
Relevant URL: http://www.securityfocus.com/bid/36814
Summary:
Cherokee Web Server is prone to a remote denial-of-service vulnerability.

An attacker could exploit this issue to crash the affected application, denying service to
legitimate users.

Cherokee Web Server 0.5.4 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Entrust SSL Certificates - UCC certificates
Secure MS Exchange '07 - up to 10 host names included
Now from only $387/year

http://www.entrust.net/securityfocus-ucc

SecurityFocus Microsoft Newsletter #452

2009-09-25T10:32:26Z

SecurityFocus Microsoft Newsletter #452
----------------------------------------

This issue is sponsored by Entrust

Entrust SSL Certificates - UCC certificates
Secure MS Exchange '07 - up to 10 host names included
Now from only $387/year

http://www.entrust.net/securityfocus-ucc

------------------------------------------------------------------
I. FRONT AND CENTER
1.Lazy Workers May Be Deemed Hackers
2.The Scale of Security
II. MICROSOFT VULNERABILITY SUMMARY
1. Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
2. Apple iTunes '.pls' File Buffer Overflow Vulnerability
3. Snort Unified1 Output Remote Denial Of Service Vulnerability
4. HP ProCurve Identity Driven Manager (IDM) Unspecified Privilege Escalation Vulnerability
5. Adobe Shockwave Player ActiveX Control 'PlayerVersion' Property Remote Buffer Overflow
Vulnerability
6. Notepad++ 'C' and 'CPP' File Handling Remote Stack Buffer Overflow Vulnerability
7. Wireshark 1.2.1 Multiple Vulnerabilities
8. BRS WebWeaver 'Scripts' Security Bypass Vulnerability
9. FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
10. Proland Protector Plus Insecure Program File Permissions Local Privilege Escalation
Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.Lazy Workers May Be Deemed Hackers
By Mark Rasch
>From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504

2.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability
BugTraq ID: 36519
Remote: Yes
Date Published: 2009-09-25
Relevant URL: http://www.securityfocus.com/bid/36519
Summary:
Ability Mail Server is prone to a denial-of-service vulnerability because it fails to adequately
handle IMAP requests.

Attackers can exploit this issue to cause the affected application to crash, denying service to
legitimate users.

Versions prior to Ability Mail Server 2.70 are affected.

2. Apple iTunes '.pls' File Buffer Overflow Vulnerability
BugTraq ID: 36478
Remote: Yes
Date Published: 2009-09-22
Relevant URL: http://www.securityfocus.com/bid/36478
Summary:
Apple iTunes is prone to a buffer-overflow vulnerability because the software fails to bounds-check
user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

Versions prior to Apple iTunes 9.0.1 are vulnerable.

3. Snort Unified1 Output Remote Denial Of Service Vulnerability
BugTraq ID: 36473
Remote: Yes
Date Published: 2009-09-21
Relevant URL: http://www.securityfocus.com/bid/36473
Summary:
Snort is affected by a denial-of-service vulnerability because the application fails to properly
process unified1 output.

Attackers can leverage this issue by sending malformed network packets that will produce corrupted
logs and alerts, causing denial-of-service conditions.

Snort 2.8.1 through 2.8.4 are affected.

4. HP ProCurve Identity Driven Manager (IDM) Unspecified Privilege Escalation Vulnerability
BugTraq ID: 36462
Remote: No
Date Published: 2009-09-15
Relevant URL: http://www.securityfocus.com/bid/36462
Summary:
HP ProCurve Identity Driven Manager (IDM) is prone to an unspecified privilege-escalation scripting
vulnerability.

Few technical details are available at this time; we will update this BID as more information emerges.

HP ProCurve Identity Driven Manager (IDM) A.02.03 and A.03.00 running on Microsoft Windows 2003 with
Internet Authentication Service (IAS) or Microsoft Windows 2008 with Network Policy Server (NPS) are
vulnerable.

5. Adobe Shockwave Player ActiveX Control 'PlayerVersion' Property Remote Buffer Overflow Vulnerability
BugTraq ID: 36434
Remote: Yes
Date Published: 2009-09-16
Relevant URL: http://www.securityfocus.com/bid/36434
Summary:
Adobe Shockwave Player ActiveX control is prone to a remote buffer-overflow vulnerability because
the application fails to perform adequate boundary checks on user-supplied data.

Successful exploits allow remote attackers to execute arbitrary code in the context of the
application using the ActiveX control (typically Internet Explorer). Failed exploit attempts likely
result in denial-of-service conditions.

Shockwave Player 11.5.1.601 is vulnerable; other versions may also be affected.

6. Notepad++ 'C' and 'CPP' File Handling Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 36426
Remote: Yes
Date Published: 2009-09-16
Relevant URL: http://www.securityfocus.com/bid/36426
Summary:
Notepad++ is prone to a stack-based buffer-overflow vulnerability because it fails to perform
adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Notepad++ 5.4.5 is vulnerable; other versions may also be affected.

7. Wireshark 1.2.1 Multiple Vulnerabilities
BugTraq ID: 36408
Remote: Yes
Date Published: 2009-09-15
Relevant URL: http://www.securityfocus.com/bid/36408
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate
users.

These issues affect Wireshark 0.99.6 through 1.2.1.

8. BRS WebWeaver 'Scripts' Security Bypass Vulnerability
BugTraq ID: 36399
Remote: Yes
Date Published: 2009-09-15
Relevant URL: http://www.securityfocus.com/bid/36399
Summary:
BRS WebWeaver is prone to a security-bypass vulnerability because it fails to properly validate
user-supplied input.

Attackers can exploit this issue to access scripts or perform actions without proper authorization.

BRS WebWeaver 1.33 is vulnerable; other versions may also be affected.

9. FileCOPA FTP Server 'NOOP' Command Denial Of Service Vulnerability
BugTraq ID: 36397
Remote: Yes
Date Published: 2009-09-15
Relevant URL: http://www.securityfocus.com/bid/36397
Summary:
FileCOPA FTP Server is prone to a denial-of-service vulnerability.

A successful exploit may allow attackers to halt the server process, resulting in a
denial-of-service condition.

FileCOPA FTP Server 5.01 is vulnerable; other versions may also be affected.

10. Proland Protector Plus Insecure Program File Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 36396
Remote: No
Date Published: 2009-09-15
Relevant URL: http://www.securityfocus.com/bid/36396
Summary:
Proland Protector Plus is prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges,
resulting in a complete compromise of the affected computer.

The following versions are affected:

Protector Plus 2009 8.0.E03 for Windows Desktops
Protector Plus 2009 8.0.E03 for Windows Server
Protector Plus Professional 9.1.001

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Entrust SSL Certificates - UCC certificates
Secure MS Exchange '07 - up to 10 host names included
Now from only $387/year

http://www.entrust.net/securityfocus-ucc

RE: Vista Complete PC Backup coolness

2009-09-04T23:50:53Z

The 100MB partition is for Bitlocker. I am surprised that this isn't backed up normally/transparently as part of a backup that includes system state...

Cheers
Ken

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of James D. Stallard
Sent: Thursday, 3 September 2009 6:50 AM
To: 'Thor (Hammer of God)'; focus-ms@...
Subject: RE: Vista Complete PC Backup coolness

Hey Thor

There's no real reason why a VHD backup should not be mountable as a VM, after all, we all do P2V. Indeed, an automated P2V is an excellent way of creating a warm-standby DR environment or a "real" live test bed. Mounting a VHD as a VM would seem to be a common sense feature to me - especially as it also raises the possibility of V2P. MS have missed a trick IMHO.

Also, we have another backup nasty on Windows 7 that also hits Windows Server 2008 R2.

On default installations, both OSs create a 100Mb partition on the boot drive, presumably for recovery (not bothered doing the reading on that yet).
It would seem that taking backups of the system state requires a VSS snapshot to be created for that drive, and the drive is too small for VSS to be happy about doing it. The result, some commercial backup software (my test was BackupExec 12.5 SP2 fully patched) fails. You can do some VSSADMIN jiggery-pokery to move the snapshot to another drive, but that requires a drive letter to be assigned to the 100Mb partition and is a messy solution at best.

Using DISKPART to setup your own partitions during installation (either OS) does not create the 100Mb partition and so doesn't create the problem.

Kinda wandered of topic a bit, but I hope it's useful

Cheers

James

James D. Stallard MBCS CITP MIoD
Enterprise Architect
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard
Email: james@...
Mobile: +44 (0) 7979 49 8880
Skype: JamesDStallard

Think before you print. Please don't print this email unless you really need to.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On Behalf Of Thor (Hammer of God)
Sent: 28 August 2009 20:49
To: focus-ms@...
Subject: Vista Complete PC Backup coolness

So, before I upgraded to Win7 on my production rig, I took the opportunity to try out the "Full PC Backup" for giggles just in case things went tits up. Aside from the restore not working (it said it had a disk problem) and the fact that you can only restore to a partition the same size as the one you backed up from (it's supposed to be =>, but it didn't work out that way), I did find out some cool things about the Complete backup that you might find interesting...

First off, while you have to be admin to perform a Complete PC Backup, you no longer get the option of requiring a password to "protect" the backup.
That was cool when you were concerned with people with physical access getting to your data. The directory created (based on HOSTNAME of unit backed up) will have local Administrators group Full, and local Backup Operators Full, but all you have to do (obviously) is pop the usb drive into a different machine that you have local admin access to and you immediately get full access. You don't even have to change permissions... I don't consider that a big deal, and is actually easier, since if you are admin on the box, it doesn't matter what drives you put in from an OS permissions standpoint (not EFS, obviously).

The "cool" part is that the Complete PC Backup is actually a .VHD disk file.
Sure, there is catalog information accompanying the backup, but if you need data off of the backup, you can just stick the USB source in a drive somewhere and mount the VHD to access it like a drive letter, again without worrying about file permissions. You can do this in VPC or VMWare, or even easier, use something like WinImage to just mount the thing and grab your data. /mosh

It would have been very cool for MSFT to have built in the functionality of actually BOOTING the vhd in VPC (or VMWare) but alas, that dog does not hunt. While not ideal, it would require substantial driver reloading (and
reactivation) anyway, but it still would be nice to be able to boot into your Complete Backup. Just as well that you can just attach the .vhd directly in VMWare/VPC and go from there though.

That's it.. just thought I'd post up the bits about not expecting any security on your backups, and how you can now just directly mount the vhd backup file to get data without worrying about permissions. I'm sure some with think that is a bad thing, but I've always treated backups like any other "physical access" asset, which is, if I have my hands on it, it's mine anyway (so encrypt, etc).

Have a good one!

T

____________________
Timothy (Thor) Mullen, Ph.D.
thor@...
www.hammerofgod.com

RE: Vista Complete PC Backup coolness

2009-09-02T15:50:14Z

Hey Thor

There's no real reason why a VHD backup should not be mountable as a VM,
after all, we all do P2V. Indeed, an automated P2V is an excellent way of
creating a warm-standby DR environment or a "real" live test bed. Mounting a
VHD as a VM would seem to be a common sense feature to me - especially as it
also raises the possibility of V2P. MS have missed a trick IMHO.

Also, we have another backup nasty on Windows 7 that also hits Windows
Server 2008 R2.

On default installations, both OSs create a 100Mb partition on the boot
drive, presumably for recovery (not bothered doing the reading on that yet).
It would seem that taking backups of the system state requires a VSS
snapshot to be created for that drive, and the drive is too small for VSS to
be happy about doing it. The result, some commercial backup software (my
test was BackupExec 12.5 SP2 fully patched) fails. You can do some VSSADMIN
jiggery-pokery to move the snapshot to another drive, but that requires a
drive letter to be assigned to the 100Mb partition and is a messy solution
at best.

Using DISKPART to setup your own partitions during installation (either OS)
does not create the 100Mb partition and so doesn't create the problem.

Kinda wandered of topic a bit, but I hope it's useful

Cheers

James

James D. Stallard MBCS CITP MIoD
Enterprise Architect
Web: www.leafgrove.com
LinkedIn: www.linkedin.com/in/jamesdstallard
Email: james@...
Mobile: +44 (0) 7979 49 8880
Skype: JamesDStallard

Think before you print. Please don't print this email unless you really need
to.

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of Thor (Hammer of God)
Sent: 28 August 2009 20:49
To: focus-ms@...
Subject: Vista Complete PC Backup coolness

So, before I upgraded to Win7 on my production rig, I took the opportunity
to try out the "Full PC Backup" for giggles just in case things went tits
up. Aside from the restore not working (it said it had a disk problem) and
the fact that you can only restore to a partition the same size as the one
you backed up from (it's supposed to be =>, but it didn't work out that
way), I did find out some cool things about the Complete backup that you
might find interesting...

First off, while you have to be admin to perform a Complete PC Backup, you
no longer get the option of requiring a password to "protect" the backup.
That was cool when you were concerned with people with physical access
getting to your data. The directory created (based on HOSTNAME of unit
backed up) will have local Administrators group Full, and local Backup
Operators Full, but all you have to do (obviously) is pop the usb drive into
a different machine that you have local admin access to and you immediately
get full access. You don't even have to change permissions... I don't
consider that a big deal, and is actually easier, since if you are admin on
the box, it doesn't matter what drives you put in from an OS permissions
standpoint (not EFS, obviously).

The "cool" part is that the Complete PC Backup is actually a .VHD disk file.
Sure, there is catalog information accompanying the backup, but if you need
data off of the backup, you can just stick the USB source in a drive
somewhere and mount the VHD to access it like a drive letter, again without
worrying about file permissions. You can do this in VPC or VMWare, or even
easier, use something like WinImage to just mount the thing and grab your
data. /mosh

It would have been very cool for MSFT to have built in the functionality of
actually BOOTING the vhd in VPC (or VMWare) but alas, that dog does not
hunt. While not ideal, it would require substantial driver reloading (and
reactivation) anyway, but it still would be nice to be able to boot into
your Complete Backup. Just as well that you can just attach the .vhd
directly in VMWare/VPC and go from there though.

That's it.. just thought I'd post up the bits about not expecting any
security on your backups, and how you can now just directly mount the vhd
backup file to get data without worrying about permissions. I'm sure some
with think that is a bad thing, but I've always treated backups like any
other "physical access" asset, which is, if I have my hands on it, it's mine
anyway (so encrypt, etc).

Have a good one!

T

____________________
Timothy (Thor) Mullen, Ph.D.
thor@...
www.hammerofgod.com

Vista Complete PC Backup coolness

2009-08-28T12:49:22Z

So, before I upgraded to Win7 on my production rig, I took the opportunity to try out the "Full PC Backup" for giggles just in case things went tits up. Aside from the restore not working (it said it had a disk problem) and the fact that you can only restore to a partition the same size as the one you backed up from (it's supposed to be =>, but it didn't work out that way), I did find out some cool things about the Complete backup that you might find interesting...

First off, while you have to be admin to perform a Complete PC Backup, you no longer get the option of requiring a password to "protect" the backup. That was cool when you were concerned with people with physical access getting to your data. The directory created (based on HOSTNAME of unit backed up) will have local Administrators group Full, and local Backup Operators Full, but all you have to do (obviously) is pop the usb drive into a different machine that you have local admin access to and you immediately get full access. You don't even have to change permissions... I don't consider that a big deal, and is actually easier, since if you are admin on the box, it doesn't matter what drives you put in from an OS permissions standpoint (not EFS, obviously).

The "cool" part is that the Complete PC Backup is actually a .VHD disk file. Sure, there is catalog information accompanying the backup, but if you need data off of the backup, you can just stick the USB source in a drive somewhere and mount the VHD to access it like a drive letter, again without worrying about file permissions. You can do this in VPC or VMWare, or even easier, use something like WinImage to just mount the thing and grab your data. /mosh

It would have been very cool for MSFT to have built in the functionality of actually BOOTING the vhd in VPC (or VMWare) but alas, that dog does not hunt. While not ideal, it would require substantial driver reloading (and reactivation) anyway, but it still would be nice to be able to boot into your Complete Backup. Just as well that you can just attach the .vhd directly in VMWare/VPC and go from there though.

That's it.. just thought I'd post up the bits about not expecting any security on your backups, and how you can now just directly mount the vhd backup file to get data without worrying about permissions. I'm sure some with think that is a bad thing, but I've always treated backups like any other "physical access" asset, which is, if I have my hands on it, it's mine anyway (so encrypt, etc).

Have a good one!

T

____________________
Timothy (Thor) Mullen, Ph.D.
thor@...
www.hammerofgod.com

Re: How to /password policy on Windows 2003

2009-08-26T15:00:55Z

On Wed, Aug 26, 2009 at 12:47 AM, Kevin <rot_betruger@...> wrote:
> Say you have an expiry of 60 days, and the previous 6 blocked
> through AD, so thats 360 months before the "first"
> password can be used again, right? Nah, change your password
> 7 times through a windows client and they are back to using their
> first password in 5 minutes.

FWIW, that much can be countered using the "Minimum password age"
policy. Even setting it to 1 day (the smallest possible) will usually
do the trick.

-- Ben

RE: How to /password policy on Windows 2003

2009-08-26T10:21:48Z

I've watched all of the replies flash by, I'm not sure any of them answered
the original question. Are you simply looking for directions on where to
configure the settings?

Is this Windows box part of an Active Directory domain, if it is use group
policy. If not, use the local security policy. Start > All Programs >
Administrative Tools > Local Security Policy. The precise path will vary
depend on your version of windows and how you've configured your Start Menu.
Once the tool is open expand Account Policies then click on Password Policy.
You can configure 6 password policies there. The next folder down contains
the 3 account lockout policies.

Or are you looking for advice on what values to assign to these settings? If
this is the case you already got some good advice, I would recommend
Microsoft's own guidance for Windows Server 2003:
http://go.microsoft.com/fwlink/?LinkId=14845, follow the guidelines for the
Enterprise Client (EC) scenario. Of course, I'm biased, I wrote most of that
doc :P

A note on OU-specific password policies: that is a new feature in Windows
Server 2008, I don't think the version of the clients matter, only the
domain controllers:
http://technet.microsoft.com/en-us/library/cc770394(WS.10).aspx.

Regards,

Kurt Dillard

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of pent 5971
Sent: Friday, August 21, 2009 9:14 AM
To: focus-ms@...
Subject: Re: How to /password policy on Windows 2003

Any ideas/best practices?

Regards

2009/8/20, pent 5971 <pent5971@...>:
> Hi,
> I have an important Windows 2003 box which we are using only a admin
> account actively. I also need to set a password policy (i have some
> requirements) on this box and dont loose the admin account acces. How
> can i do this password policy?
>
> Regards
>

Re: How to /password policy on Windows 2003

2009-08-25T21:47:45Z

All good points, however how this policy is enforced is problematic.
See there are only so many policy's you can place on a 2k3 domain.
Complex or not, must have 3 of the 4, upper lower, special, number and
it can't be the username.
Minimum Length, no less than X char long
Expiry, expires in X days
Previous Number, cannot be previous X number of passwords used

At my work we actually bought a piece of software called Hitachi ID
Password Manager, (formerly MTek P-Synch), we bought it for the
self-help password reset portion so users quit calling the helpdesk.
Once this is in place and the pushpass agent is installed on all domain
controllers it can control what passwords are accepted by the domain
controllers.
This has one drawback (other than money), this applies to ALL domain
passwords, much like the standard windows 2k3 password policy.
The upside is you have nearly unlimited control over what kind of
passwords are accepted on your domain, dictionary words, it'll block em,
username reversed, it'll block it. got some sneaky sysadmins using
server names as passwords, use a regular expression to block certain
password patterns, i.e. think they are using server names as passwords
(srv_MyServ1) use a regex to block anything with .srv. in it. Another
thing that I thought was helpful was that you can set a password age.
Say you have an expiry of 60 days, and the previous 6 blocked through
AD, so thats 360 months before the "first" password can be used again,
right? Nah, change your password 7 times through a windows client and
they are back to using their first password in 5 minutes. With the
password age you can say, 360 months, and they literally are blocked
from ever using that password again for 360 months.
The pushpass service checks against the hitachi server and will block
you if the password does not meet the set criteria.

I'm in no way advocating buying this software, it's just what we use and
what I have experience with, and to show you that there are products out
there (if anyone knows of an opensource product that does this, lemme
us) that can extend the bland password policies that are available in a
2k3 domain.

I'm not entirely positive, but I have "heard" that with a 2k8 domain and
vista/7 clients, you can set password policy at the OU level, with
anything prior, if it's set it cannot be overwritten by a sub policy or
by blocking the GPO applying the policy, it's a policy set at the domain
controller level, so if they get it, they abide by it, not the clients
attached to them.

And the thing with management, about being higher than director, thats
where the policy should be enforced from, not come from. It needs to
come from the security team who then send it up the line to be approved.
Management 1 step above a sysadmin or security analyst managers position
is not going to have any idea what it means to have a password policy
with X criteria, let alone director or above.
Also, with the "All passwords need to be complex (INSERT definition..)",
that's great to have on paper, but there is no way to enforce it unless
you rounded up every employee and asked them for their password, and
that won't happen. With Microsoft and 2k3 you get complex, yes or no, it
can't be defined, see above.

Rivest, Philippe wrote:

> Well first off, I would sadly say it depends a lot on your company and how
> they view security, which requirements you have (legals and business).
>
> Let's say you have a financial server (the 2k3 box) that will transfer
> customers information for credit, maybe PCI needs to be applied. You need to
> know this kind of things first.
>
> Also, maybe this server has a higher security requirement than another (you
> don’t specify). So if you're normal password policy states 6 char long for a
> password, maybe you would want to go at 8-10 for this one if its more
> critical.
>
>
> I would also make sure your local admins cant bypass the policy, maybe push
> it thru AD if you have it and they don’t have AD access? Putting it locally
> and giving them local admin is not serious enough for a critical server. So
> I would say in "Domain Policy" under admin tools in windows.
>
> Password policy should come from the top (management, higher than Director)
> and be applied to everyone and everything. It should be clear and short. 1
> page max for a password policy should be more than enough.
> -All passwords should be at least 8 character long
> -All passwords should expire after 45days
> -All passwords need to be complex (INSERT definition..)
> ...
> Have the policy signed (*approved*) by upper management and than applied to
> the 2k3 box.
>
> Side note, the sentence with "loose" I didn’t understand it too much. But I
> would also suggest limiting local admin access to a very few IT employees.
> If they don’t need it don’t give it, all this has to be approved (as we all
> know).
>
> Hope I was on your topic, if not sorry :)
>
>
> Philippe Rivest - CEH, Network+, Server+, A+
> TransForce Inc.
> Internal auditor - Information security
> Verificateur interne - Securite de l'information
>
> 8585 Trans-Canada Highway, Suite 300
> Saint-Laurent (Quebec) H4S 1Z6
> Tel.: 514-331-4417
> Fax: 514-856-7541
>
> http://www.transforce.ca/
>
>
> -----Message d'origine-----
> De : listbounce@... [mailto:listbounce@...] De
> la part de pent 5971
> Envoyé : 21 août 2009 08:14
> À : focus-ms@...
> Objet : Re: How to /password policy on Windows 2003
>
> Any ideas/best practices?
>
> Regards
>
> 2009/8/20, pent 5971 <pent5971@...>:
>
>> Hi,
>> I have an important Windows 2003 box which we are using only a admin
>> account actively. I also need to set a password policy (i have some
>> requirements) on this box and dont loose the admin account acces. How
>> can i do this password policy?
>>
>> Regards
>>
>>

Re: How to /password policy on Windows 2003

2009-08-25T12:03:29Z

hi,
This can be useful:

>
> General Recommendations for Account Lockout and Password Policy
> Settings
>
> In addition to the specific account lockout and password policy
> settings in the previous tables, there are some other configuration
> changes that may help you achieve the level of security that you want.
> These include:
>
> * When you enable account lockout, set the *ForceUnlockLogon*
> registry value to 1. This setting requires that Windows
> re-authenticates the user with a domain controller when that
> user unlocks a computer. This helps to ensure that a user cannot
> use a previously-cached password to unlock their computer after
> the account is locked out.
> * False lockouts can occur if you set the *LockoutThreshold*
> registry value to a value that is lower than the default value
> of 10. This is because users and programs can retry bad
> passwords frequently enough to lock out the user account. This
> adds to administrative costs.
> * After you unlock an account that is locked out, verify that the
> *LockoutDuration* value is set. You should do this because the
> value may have changed during the account unlock process.
> * Carefully consider setting the *LockoutDuration* registry value
> to 0. When you apply this setting, you may incur additional
> administrative labor by requiring administrators to manually
> unlock a locked out user account. Although this does increase
> security, the increased labor drawback may outweigh the security
> benefit.
> * Define account lockout and password policies once in every
> domain. Ensure that these policies are defined only in the
> default domain policy. This helps to avoid conflicting and
> unexpected policy settings.
> * Unlock an account from a computer that is in the same Active
> Directory site as the account. By unlocking the account in the
> local site, urgent replication occurs in that site which
> triggers immediate replication of the change. Because of this,
> the user account should be able to regain access to resources
> faster than waiting for replication to occur. Note that the
> AcctInfo.dll tool helps to identify an appropriate domain
> controller and unlock the account. For more information about
> AcctInfo.dll, see the "Account Lockout Tools" section in this
> document.
>

check this [1]. (see "Recommended Password Policy Settings")

[1] http://technet.microsoft.com/en-us/library/cc737614(WS.10).aspx

Best regards!

pent 5971 escribió:

> Any ideas/best practices?
>
> Regards
>
> 2009/8/20, pent 5971 <pent5971@...>:
>
>> Hi,
>> I have an important Windows 2003 box which we are using only a admin
>> account actively. I also need to set a password policy (i have some
>> requirements) on this box and dont loose the admin account acces. How
>> can i do this password policy?
>>
>> Regards
>>
>>
>
>

Re: How to /password policy on Windows 2003

2009-08-25T12:01:08Z

Hi,

you should checkout the free benchmarks on the website of the Center
of Information Security (http://www.cisecurity.org/). If not your
silver bullet,
at least they are a good start.

Cheers,

Wim

On 21 Aug 2009, at 14:14, pent 5971 wrote:

> Any ideas/best practices?
>
> Regards
>
> 2009/8/20, pent 5971 <pent5971@...>:
>> Hi,
>> I have an important Windows 2003 box which we are using only a admin
>> account actively. I also need to set a password policy (i have some
>> requirements) on this box and dont loose the admin account acces. How
>> can i do this password policy?
>>
>> Regards
>>

RE: How to /password policy on Windows 2003

2009-08-25T10:50:57Z

Well first off, I would sadly say it depends a lot on your company and how
they view security, which requirements you have (legals and business).

Let's say you have a financial server (the 2k3 box) that will transfer
customers information for credit, maybe PCI needs to be applied. You need to
know this kind of things first.

Also, maybe this server has a higher security requirement than another (you
dont specify). So if you're normal password policy states 6 char long for a
password, maybe you would want to go at 8-10 for this one if its more
critical.

I would also make sure your local admins cant bypass the policy, maybe push
it thru AD if you have it and they dont have AD access? Putting it locally
and giving them local admin is not serious enough for a critical server. So
I would say in "Domain Policy" under admin tools in windows.

Password policy should come from the top (management, higher than Director)
and be applied to everyone and everything. It should be clear and short. 1
page max for a password policy should be more than enough.
-All passwords should be at least 8 character long
-All passwords should expire after 45days
-All passwords need to be complex (INSERT definition..)
...
Have the policy signed (*approved*) by upper management and than applied to
the 2k3 box.

Side note, the sentence with "loose" I didnt understand it too much. But I
would also suggest limiting local admin access to a very few IT employees.
If they dont need it dont give it, all this has to be approved (as we all
know).

Hope I was on your topic, if not sorry :)

Philippe Rivest - CEH, Network+, Server+, A+
TransForce Inc.
Internal auditor - Information security
Verificateur interne - Securite de l'information

8585 Trans-Canada Highway, Suite 300
Saint-Laurent (Quebec) H4S 1Z6
Tel.: 514-331-4417
Fax: 514-856-7541

http://www.transforce.ca/

-----Message d'origine-----
De : listbounce@... [mailto:listbounce@...] De
la part de pent 5971
Envoyé : 21 août 2009 08:14
À : focus-ms@...
Objet : Re: How to /password policy on Windows 2003

Any ideas/best practices?

Regards

2009/8/20, pent 5971 <pent5971@...>:
> Hi,
> I have an important Windows 2003 box which we are using only a admin
> account actively. I also need to set a password policy (i have some
> requirements) on this box and dont loose the admin account acces. How
> can i do this password policy?
>
> Regards
>

smime.p7s (2K) Download Attachment

RE: How to /password policy on Windows 2003

2009-08-25T10:44:18Z

Hey,

It depends on what Industry Compliance you are following, each Industry has
it's own set of compliance standards, i.e. PCI, HIPAA, etc... Review your
current policies and guidelines to determine what are the "BEST PRACTICES"
for your company.

Thanks in advance,

-----Original Message-----
From: listbounce@... [mailto:listbounce@...] On
Behalf Of pent 5971
Sent: Friday, August 21, 2009 8:14 AM
To: focus-ms@...
Subject: Re: How to /password policy on Windows 2003

Any ideas/best practices?

Regards

2009/8/20, pent 5971 <pent5971@...>:
> Hi,
> I have an important Windows 2003 box which we are using only a admin
> account actively. I also need to set a password policy (i have some
> requirements) on this box and dont loose the admin account acces. How
> can i do this password policy?
>
> Regards
>

smime.p7s (7K) Download Attachment

SecurityFocus Microsoft Newsletter #451

2009-08-24T10:19:33Z

SecurityFocus Microsoft Newsletter #451
----------------------------------------

This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and
harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet
Protect here: https://www.immunet.com/user/new

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution
Vulnerability
5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution
Vulnerability
6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
7. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
8. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
9. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
10. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
11. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
12. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
14. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation
Vulnerability
15. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
BugTraq ID: 36029
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36029
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability.

This issue may affect the Embedded OpenType font engine.

Remote attackers can exploit this issue to cause affected computers to crash with a Blue Screen
crash event. Remote code execution may also be possible, but this currently has not been been
confirmed.

2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
BugTraq ID: 35993
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35993
Summary:
Microsoft Windows is prone to an authentication-bypass vulnerability that exists in the Telnet protocol.

An attacker can exploit this issue to gain unauthorized access to the affected computer with the
privileges of the victim user. Successfully exploiting this issue may compromise the affected computer.

3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
BugTraq ID: 35992
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35992
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
BugTraq ID: 35991
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35991
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted Web page.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
BugTraq ID: 35990
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35990
Summary:
Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
BugTraq ID: 35985
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35985
Summary:
Microsoft ASP.NET is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the application pool on the affected webserver to become
unresponsive, denying service to legitimate users.

NOTE: This issue only affects ASP.NET on webservers running IIS 7 in integrated mode.

7. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
BugTraq ID: 35982
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35982
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by
other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user
running an application built against the affected library. Failed exploit attempts will result in a
denial-of-service condition.

8. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
BugTraq ID: 35981
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35981
Summary:
The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

9. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35980
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35980
Summary:
The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability
because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

10. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35973
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35973
Summary:
Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow
vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious Web page.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

11. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
BugTraq ID: 35972
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35972
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending specially crafted Remote Procedure Call (RPC) messages
to a vulnerable computer.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level
privileges, completely compromising affected computers. Failed exploit attempts will result in a
denial-of-service condition.

12. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35971
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35971
Summary:
Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability
when processing certain parameters returned by a malicious RDP (Remote Desktop Protocol) server.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute
arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely
cause denial-of-service conditions.

13. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
BugTraq ID: 35970
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35970
Summary:
Microsoft Windows is prone to a remote integer-overflow vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

14. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
BugTraq ID: 35969
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35969
Summary:
The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because
it fails to adequately handle user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploits will cause a denial of service.

15. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 35967
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35967
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Immunet

Are you running Anti-Virus from Symantec, AVG or Mcafee? Make it significantly more effective and
harness the security of thousands of others with 'Collective Immunity'. See the beta for Immunet
Protect here: https://www.immunet.com/user/new

SecurityFocus Microsoft Newsletter #450

2009-08-24T10:19:17Z

SecurityFocus Microsoft Newsletter #450
----------------------------------------

This issue is sponsored by SC World Congress

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October
13-14 in New York City. The Congress features a comprehensive, two-day program presented in four
tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo
showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality
content, innovative formats and sessions, global perspectives and ROI, this is the one event you
can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution
Vulnerability
5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution
Vulnerability
6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
7. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
8. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
9. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
10. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
11. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
12. Microsoft August 2009 Advance Notification Multiple Vulnerabilities
13. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
14. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
15. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
16. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
17. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation
Vulnerability
18. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
19. UltraPlayer Malformed '.usk' Playlist File Buffer Overflow Vulnerability
20. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
21. Microsoft Internet Explorer 8 Denial of Service Vulnerability
22. BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Windows Embedded OpenType Font Engine Unspecified Denial of Service Vulnerability
BugTraq ID: 36029
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/36029
Summary:
Microsoft Windows is prone to a remote denial-of-service vulnerability.

This issue may affect the Embedded OpenType font engine.

Remote attackers can exploit this issue to cause affected computers to crash with a Blue Screen
crash event. Remote code execution may also be possible, but this currently has not been been
confirmed.

2. Microsoft Windows Telnet NTLM Credential Reflection Authentication Bypass Vulnerability
BugTraq ID: 35993
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35993
Summary:
Microsoft Windows is prone to an authentication-bypass vulnerability that exists in the Telnet protocol.

An attacker can exploit this issue to gain unauthorized access to the affected computer with the
privileges of the victim user. Successfully exploiting this issue may compromise the affected computer.

3. Microsoft Office Web Components ActiveX Control Buffer Overflow Code Execution Vulnerability
BugTraq ID: 35992
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35992
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

4. Microsoft OWC ActiveX Control 'BorderAround()' Heap Corruption Remote Code Execution Vulnerability
BugTraq ID: 35991
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35991
Summary:
Microsoft Office Web Components ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

5. Microsoft Office Web Components ActiveX Control Memory Allocation Code Execution Vulnerability
BugTraq ID: 35990
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35990
Summary:
Microsoft Office Web Components OWC10 ActiveX control is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

6. Microsoft ASP.NET Request Scheduling Denial Of Service Vulnerability
BugTraq ID: 35985
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35985
Summary:
Microsoft ASP.NET is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to cause the application pool on the affected webserver to become
unresponsive, denying service to legitimate users.

NOTE: This issue only affects ASP.NET on webservers running IIS 7 in integrated mode.

7. Subversion Binary Delta Processing Multiple Integer Overflow Vulnerabilities
BugTraq ID: 35983
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35983
Summary:
Subversion is prone to multiple integer-overflow vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of Subversion clients
and servers. Successful exploits will compromise the affected application and possibly the computer.
Failed attacks will cause denial-of-service conditions.

The issues affect the following:
Subversion clients and servers versions 1.5.6 and prior.
Subversion clients and servers versions 1.6.0 through 1.6.3.

8. Microsoft Active Template Library Object Type Mismatch Remote Code Execution Vulnerability
BugTraq ID: 35982
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35982
Summary:
The Microsoft Active Template Library is prone to a remote code-execution vulnerability.

This issue affects a private version of the ATL used internally by Microsoft; components written by
other vendors are unlikely to be affected.

Remote attackers can exploit this issue to execute arbitrary code with the privileges of the user
running an application built against the affected library. Failed exploit attempts will result in a
denial-of-service condition.

9. Microsoft Windows WINS Server Network Buffer Length Integer Overflow Vulnerability
BugTraq ID: 35981
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35981
Summary:
The Microsoft Windows WINS Server is prone to a remote integer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

10. Microsoft Windows WINS Server Network Packet Remote Heap Buffer Overflow Vulnerability
BugTraq ID: 35980
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35980
Summary:
The Microsoft Windows WINS Server is prone to a remote heap-based buffer-overflow vulnerability
because the application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will completely compromise affected computers. Failed exploit
attempts will result in a denial-of-service condition.

11. Sun OpenSSO Enterprise XML Document Processing Unspecified Memory Corruption Vulnerability
BugTraq ID: 35977
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35977
Summary:
Sun OpenSSO Enterprise (formerly Sun Java System Access Manager and Sun Java System Identity Server)
is prone to a memory-corruption vulnerability because it fails to properly handle specially crafted
XML documents.

Very few details are available regarding this issue. We will update this BID as more information
emerges.

An attacker can exploit this issue to execute arbitrary code within the context of the vulnerable
application. Failed exploit attempts will result in a denial-of-service condition.

12. Microsoft August 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35974
Remote: Yes
Date Published: 2009-08-06
Relevant URL: http://www.securityfocus.com/bid/35974
Summary:
Microsoft has released advance notification that on August 11, 2009 the vendor will be releasing 9
security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
Outlook Express
Media Player
.NET
Client for Mac
Office
Visual Studio
ISA Server
BizTalk Server

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

Individual records will be created to document these issues when the bulletins are released.

13. Microsoft Remote Desktop Connection ActiveX Control Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35973
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35973
Summary:
Microsoft Remote Desktop Connection ActiveX control is prone to a remote heap-based buffer-overflow
vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

14. Microsoft Windows Workstation Service Double Free Remote Code Execution Vulnerability
BugTraq ID: 35972
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35972
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending specially-crafted Remote Procedure Call (RPC) messages
to a vulnerable computer.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level
privileges, completely compromising affected computers. Failed exploit attempts will result in a
denial-of-service condition.

15. Microsoft Remote Desktop Connection Client Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35971
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35971
Summary:
Microsoft Remote Desktop Connection client is prone to a heap-based buffer-overflow vulnerability
when processing certain parameters returned by a malicious RDP (Remote Desktop Protocol) server.

Successfully exploiting this issue would allow an attacker to corrupt heap memory and execute
arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely
cause denial-of-service conditions.

16. Microsoft Windows Malformed AVI File Parsing Remote Integer Overflow Vulnerability
BugTraq ID: 35970
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35970
Summary:
Microsoft Windows is prone to a remote integer-overflow vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

17. Microsoft Message Queuing Service NULL Pointer Dereference Local Privilege Escalation Vulnerability
BugTraq ID: 35969
Remote: No
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35969
Summary:
The Microsoft Message Queuing service is prone to a local privilege-escalation vulnerability because
it fails to adequately handle user-supplied input.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploits will cause a denial of service.

18. Microsoft Windows Malformed AVI File Header Parsing Remote Code Execution Vulnerability
BugTraq ID: 35967
Remote: Yes
Date Published: 2009-08-11
Relevant URL: http://www.securityfocus.com/bid/35967
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability.

This issue arises when an affected Windows component handles a malicious Audio Video Interleave
(AVI) file.

An attacker can exploit this issue to execute arbitrary code with the privileges of the affected
user. Failed exploit attempts will result in a denial-of-service condition.

NOTE: The affected Windows operating system component is independent of Windows Media Player
therefore this issue does not specifically affect Windows Media Player.

19. UltraPlayer Malformed '.usk' Playlist File Buffer Overflow Vulnerability
BugTraq ID: 35956
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35956
Summary:
UltraPlayer is prone to a buffer-overflow vulnerability because the application fails to
bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit
attempts will result in a denial-of-service condition.

UltraPlayer 2.112 is vulnerable; other versions may also be affected.

20. Sun JRE/JDK Java Web Start ActiveX Control ATL Remote Code Execution Vulnerability
BugTraq ID: 35945
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35945
Summary:
Java Web Start ActiveX Control included in Sun JRE and JDK is prone to a remote code-execution
vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting victim to view a malicious
webpage. If successful, the attacker can run arbitrary code with the privileges of the user running
the affected application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue is caused by the vulnerabilities described in Microsoft security advisory 973883 and is
related to the following BIDs:
35828 Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability
35830 Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability
35832 Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

This issue affects the following:

JDK and JRE 6 Update 14 and prior
JDK and JRE 5.0 Update 19 and prior

NOTE: This issue was previously covered in BID 35922 (Sun Java SE Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

21. Microsoft Internet Explorer 8 Denial of Service Vulnerability
BugTraq ID: 35941
Remote: Yes
Date Published: 2009-08-05
Relevant URL: http://www.securityfocus.com/bid/35941
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in
denial-of-service conditions. Due to the nature of this issue attackers may be able to corrupt
process memory and execute arbitrary code, but this has not been confirmed.

The issue affects Internet Explorer 8; other versions may also be vulnerable.

22. BlazeVideo BlazeDVD Professional '.PLF' File Remote Buffer Overflow Vulnerability
BugTraq ID: 35918
Remote: Yes
Date Published: 2009-08-03
Relevant URL: http://www.securityfocus.com/bid/35918
Summary:
BlazeDVD Professional is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the application
or trigger a denial-of-service condition.

BlazeDVD Professional 5.1 and Blaze Video HDTV Player 6.0 are vulnerable; other versions may also be
affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by SC World Congress

Make plans now to attend the second annual SC World Congress - Enterprise Data Security, October
13-14 in New York City. The Congress features a comprehensive, two-day program presented in four
tracks-including the unique Editors Choice sessions-and the industry's largest fall product expo
showcasing IT security solutions from the leading vendors and hot start-ups. Emphasizing quality
content, innovative formats and sessions, global perspectives and ROI, this is the one event you
can't afford to miss. Register by August 31 for big savings. www.scworldcongress.com

Re: How to /password policy on Windows 2003

2009-08-21T05:14:15Z

Any ideas/best practices?

Regards

2009/8/20, pent 5971 <pent5971@...>:
> Hi,
> I have an important Windows 2003 box which we are using only a admin
> account actively. I also need to set a password policy (i have some
> requirements) on this box and dont loose the admin account acces. How
> can i do this password policy?
>
> Regards
>

SecurityFocus Microsoft Newsletter #449

2009-07-23T10:27:37Z

SecurityFocus Microsoft Newsletter #449
----------------------------------------

This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

Learn more at https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter

------------------------------------------------------------------
I. FRONT AND CENTER
1.The Scale of Security
2.Hacker-Tool Law Still Does Little
II. MICROSOFT VULNERABILITY SUMMARY
1. World in Conflict Typecheck Remote Denial of Service Vulnerability
2. Wireshark 1.2.0 Multiple Vulnerabilities
3. Google Chrome Privilege Escalation Weakness
4. MightSOFT Audio Editor Pro MP3 File Unspecified Memory Corruption Vulnerability
5. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
6. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
7. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
8. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution
Vulnerability
9. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
11. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
12. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
13. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution
Vulnerability
14. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
15. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Forcing Password Changes for Non-Interacitve Logons
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1.The Scale of Security
By Adam O'Donnell
Human beings do not naturally understand scale. While we speak of financial transactions in the
hundreds of billions of dollars as being something as routine as brushing our teeth, we question the
value of programs that cost in the single-digit millions and quibble with friends over dollars.
Similarly, there are many problems in our industry that, when explained to an outsider, sound like
they should have been solved decades ago. It is only when we relate the number of systems that need
to be considered in the repair that we truly communicate the difficulty of the problem.
http://www.securityfocus.com/columnists/503

2. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. World in Conflict Typecheck Remote Denial of Service Vulnerability
BugTraq ID: 35751
Remote: Yes
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35751
Summary:
World in Conflict is prone to a remote denial-of-service vulnerability because the application fails
to handle exceptional conditions.

An attacker could exploit this issue to crash the affected application, denying service to
legitimate users.

This issue affects World in Conflict 1.0.1.1 and prior versions.

2. Wireshark 1.2.0 Multiple Vulnerabilities
BugTraq ID: 35748
Remote: Yes
Date Published: 2009-07-20
Relevant URL: http://www.securityfocus.com/bid/35748
Summary:
Wireshark is prone to multiple vulnerabilities, including a buffer-overflow issue and
denial-of-service issues.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate
users. Attackers may be able to leverage some of these vulnerabilities to execute arbitrary code,
but this has not been confirmed.

These issues affect Wireshark 0.9.2 through 1.2.0.

3. Google Chrome Privilege Escalation Weakness
BugTraq ID: 35723
Remote: Yes
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35723
Summary:
Google Chrome is prone to a weakness that may allow attackers to escalate privileges after carrying
out a successful code-execution attack against a renderer (tab) process.

This issue affects versions prior to Chrome 2.0.172.37.

4. MightSOFT Audio Editor Pro MP3 File Unspecified Memory Corruption Vulnerability
BugTraq ID: 35719
Remote: Yes
Date Published: 2009-07-16
Relevant URL: http://www.securityfocus.com/bid/35719
Summary:
MightSOFT Audio Editor Pro is prone to an unspecified memory-corruption vulnerability.

An attacker can exploit this issue by tricking a victim into opening a malicious MP3 file to execute
arbitrary code and to cause denial-of-service conditions.

Audio Editor Pro 2.91 is vulnerable; other versions may also be affected.

5. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35667
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35667
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails
to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

6. Mozilla Firefox 3.5 'TraceMonkey' Component Remote Code Execution Vulnerability
BugTraq ID: 35660
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35660
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user
running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A
crash was observed in Firefox 3.5 on Windows XP SP3.

UPDATE (July 15, 2009): Remote code execution is also possible in Firefox 3.5 running on Apple Mac OS X.

7. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 35652
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35652
Summary:
LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform
adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary malicious code in the context of a user
running an application that uses the affected library. Failed exploit attempts will likely crash the
application.

LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected.

8. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability
BugTraq ID: 35642
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35642
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the
OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs:

0002E541-0000-0000-C000-000000000046
0002E559-0000-0000-C000-000000000046

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

9. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
BugTraq ID: 35631
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35631
Summary:
Microsoft ISA Server is prone to an authentication-bypass vulnerability.

An attacker with knowledge of a valid account name can exploit this issue to bypass authentication
and gain access to arbitrary resources within the context of the selected account.

10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
BugTraq ID: 35616
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35616
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

11. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
BugTraq ID: 35601
Remote: No
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35601
Summary:
Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by
an error in decoding privileged instructions.

Note that this issue affects only systems that do not use hardware-assisted virtualization.

Successful exploits may allow local attackers to elevate privileges within a guest operating system.

12. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
BugTraq ID: 35600
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35600
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

13. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
BugTraq ID: 35599
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35599
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

14. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
BugTraq ID: 35187
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35187
Summary:
Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails
to properly bounds-check user-supplied input before copying it into an insufficiently sized memory
buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

15. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
BugTraq ID: 35186
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35186
Summary:
Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the
software fails to properly bounds-check user-supplied input before copying it into an insufficiently
sized memory buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Forcing Password Changes for Non-Interacitve Logons
http://www.securityfocus.com/archive/88/505115

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by IronKey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey? S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

Always-On AES 256-bit Hardware Encryption
FIPS 140-2 Level 3 Validated
Hardened Case?Waterproof Beyond MIL-STD-810F
Remote Management Software

Research for the IronKey architecture was funded in part by the U.S. Department of Homeland
Security. In addition, IronKey maintains a trusted supply chain: all research and development is
performed in the USA, and all boards are built and all drives are assembled in secure facilities in
the USA.

IronKey Basic S200 drives will also be available in high-capacity 16GB models.

https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter

RE: Forcing Password Changes for Non-Interacitve Logons

2009-07-21T03:44:27Z

Hi,

Sure - see

http://www.nuffield.ox.ac.uk/users/holmes/reportpasswordchange.zip

There are three files, the .vbs, which you will need to edit to suit your environment, a text file which is the text that will be included in the email sent to the user, and a .bat file which just calls the script - this batch file should be run as a scheduled task in the context of a user with read access to AD.

I have edited out much of the config for security reasons, you will need to have a look at the .vbs and change settings where appropriate - ie your domain, the password expiry no of days etc - it's all pretty straightforward.

You will need to create a secure password reset page, we use a .NET control to achieve this. Note the page will need to run in the context of a user with *write* access to AD.

There are other scripts out there that do this, just Google 'password expiry script' or similar.

Regards,

Mark

-----Original Message-----
From: Kosala Atapattu [mailto:kosala.atapattu@...]
Sent: 21 July 2009 04:48
To: Mark Holmes
Cc: GrowlieGirl@...; focus-ms@...
Subject: Re: Forcing Password Changes for Non-Interacitve Logons

Care to share the script :).

Kosala

On Tue, Jul 21, 2009 at 1:55 AM, Mark
Holmes<mark.holmes@...> wrote:

> Hi,
>
> We have a similar issue at my place - not all users are joined to the
> domain, so don't do an interactive logon. I use a vb script which
> runs nightly and checks AD for users whose password is due to expire,
> it sends email reminders 14 7 3 and 2 days before expiry via email
> (pulls the users address from AD). They then go to a secure page on
> our intranet to change their password.
>
> Cheers,
>
> Mark
>
>
> On 20 Jul 2009, at 23:32, "GrowlieGirl@..."
> <GrowlieGirl@...> wrote:
>
>> I have googled and googled but cannot find the answer to this one,
>> hoping you can help.
>> We have ADS password policy enforced whereby the user has to change
>> their password every 60 days. If they have not changed their
>> password after this time their account is locked. Unfortunately the
>> users with non-interactive accounts do not get the notification to
>> change their password nor can they get to the change password
>> facility that the interactive logon users can use. Is there any way
>> to notify the users and have them carry out a password change?
>
> On 20 Jul 2009, at 23:32, "GrowlieGirl@..."
> <GrowlieGirl@...> wrote:
>
>> I have googled and googled but cannot find the answer to this one,
>> hoping you can help.
>> We have ADS password policy enforced whereby the user has to change
>> their password every 60 days. If they have not changed their
>> password after this time their account is locked. Unfortunately the
>> users with non-interactive accounts do not get the notification to
>> change their password nor can they get to the change password
>> facility that the interactive logon users can use. Is there any way
>> to notify the users and have them carry out a password change?
>>
>

--
Kosala
--------------------------------------------
Disclaimer: Views expressed in this mail are my personal views and
they would not reflect views of the employer.
--------------------------------------------
blog.kosala.net
www.linux.lk/~kosala/
www.kosala.net

Re: Forcing Password Changes for Non-Interacitve Logons

2009-07-20T20:48:27Z

Care to share the script :).

Kosala

On Tue, Jul 21, 2009 at 1:55 AM, Mark
Holmes<mark.holmes@...> wrote:

Re: Forcing Password Changes for Non-Interacitve Logons

2009-07-20T16:06:24Z

On Wed, Jul 15, 2009 at 21:23, <GrowlieGirl@...> wrote:
> I have googled and googled but cannot find the answer to this one, hoping you can help.
> We have ADS password policy enforced whereby the user has to change their password
> every 60 days. If they have not changed their password after this time their account is locked.
> Unfortunately the users with non-interactive accounts do not get the notification to change
> their password nor can they get to the change password facility that the interactive logon
> users can use. Is there any way to notify the users and have them carry out a password
> change?

Not directly as far as I'm aware, but there are a ton of free tools in
the world that will allow you to filter your user base according to
the age of their password - check, for instance, joeware.net, and
google for netpwage.exe, among many others.

Wrap that up in a script with one of my favorite tools - blat.exe - to
send each person an email for several days before it expires, and
Bob's yer uncle.

There are probably commercial tools as well, but I don't know that
space well at all.

Kurt

Re: Forcing Password Changes for Non-Interacitve Logons

2009-07-20T15:55:04Z

Hi,

We have a similar issue at my place - not all users are joined to the
domain, so don't do an interactive logon. I use a vb script which
runs nightly and checks AD for users whose password is due to expire,
it sends email reminders 14 7 3 and 2 days before expiry via email
(pulls the users address from AD). They then go to a secure page on
our intranet to change their password.

Cheers,

Mark

On 20 Jul 2009, at 23:32, "GrowlieGirl@..."
<GrowlieGirl@...> wrote:

> I have googled and googled but cannot find the answer to this one,
> hoping you can help.
> We have ADS password policy enforced whereby the user has to change
> their password every 60 days. If they have not changed their
> password after this time their account is locked. Unfortunately the
> users with non-interactive accounts do not get the notification to
> change their password nor can they get to the change password
> facility that the interactive logon users can use. Is there any way
> to notify the users and have them carry out a password change?

On 20 Jul 2009, at 23:32, "GrowlieGirl@..."
<GrowlieGirl@...> wrote:

> I have googled and googled but cannot find the answer to this one,
> hoping you can help.
> We have ADS password policy enforced whereby the user has to change
> their password every 60 days. If they have not changed their
> password after this time their account is locked. Unfortunately the
> users with non-interactive accounts do not get the notification to
> change their password nor can they get to the change password
> facility that the interactive logon users can use. Is there any way
> to notify the users and have them carry out a password change?
>

Forcing Password Changes for Non-Interacitve Logons

2009-07-15T21:23:55Z

I have googled and googled but cannot find the answer to this one, hoping you can help.
We have ADS password policy enforced whereby the user has to change their password every 60 days. If they have not changed their password after this time their account is locked. Unfortunately the users with non-interactive accounts do not get the notification to change their password nor can they get to the change password facility that the interactive logon users can use. Is there any way to notify the users and have them carry out a password change?

SecurityFocus Microsoft Newsletter #448

2009-07-15T07:59:50Z

SecurityFocus Microsoft Newsletter #448
----------------------------------------

This issue is sponsored by Ironkey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey. S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

Learn more at https://www.ironkey.com/S200_Launch

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
2. Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability
3. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
4. Wyse Device Manager Unspecified Remote Buffer Overflow Vulnerability
5. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution
Vulnerability
6. Pirch IRC Client Remote Buffer Overflow Vulnerability
7. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
8. Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability
9. Microsoft July 2009 Advance Notification Multiple Vulnerabilities
10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
11. Bugzilla Bug Status Modification Security Bypass Vulnerability
12. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
13. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
14. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution
Vulnerability
15. Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption
Vulnerability
16. Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability
17. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
18. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Icarus '.icp' File Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35667
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35667
Summary:
Icarus is prone to a remote stack-based buffer-overflow vulnerability because the application fails
to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Icarus 2.0 is vulnerable; other versions may also be affected.

2. Mozilla Firefox 3.5 'Tracemonkey' Component Remote Code Execution Vulnerability
BugTraq ID: 35660
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35660
Summary:
Mozilla Firefox is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user
running the affected application. Failed attempts will likely result in denial-of-service conditions.

The issue affects Firefox 3.5; other versions may also be vulnerable.

NOTE: Remote code execution was confirmed in Firefox 3.5 running on Microsoft Windows XP SP2. A
crash was observed in Firefox 3.5 on Windows XP SP3.

3. LibTIFF Multiple Remote Integer Overflow Vulnerabilities
BugTraq ID: 35652
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35652
Summary:
LibTIFF is prone to multiple remote integer-overflow vulnerabilities because it fails to perform
adequate boundary checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary malicious code in the context of a user
running an application that uses the affected library. Failed exploit attempts will likely crash the
application.

LibTIFF 3.8.2, 3.9, and 4.0 are vulnerable; other versions may also be affected.

4. Wyse Device Manager Unspecified Remote Buffer Overflow Vulnerability
BugTraq ID: 35649
Remote: Yes
Date Published: 2009-07-10
Relevant URL: http://www.securityfocus.com/bid/35649
Summary:
Wyse Device Manager is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

5. Microsoft Office Web Components ActiveX Control 'msDataSourceObject' Code Execution Vulnerability
BugTraq ID: 35642
Remote: Yes
Date Published: 2009-07-13
Relevant URL: http://www.securityfocus.com/bid/35642
Summary:
Microsoft Office Web Components is prone to a remote code-execution vulnerability that affects the
OWC Spreadsheet ActiveX control. The control is identified by the following CLSIDs:

0002E541-0000-0000-C000-000000000046
0002E559-0000-0000-C000-000000000046

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted site.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

6. Pirch IRC Client Remote Buffer Overflow Vulnerability
BugTraq ID: 35639
Remote: Yes
Date Published: 2009-07-12
Relevant URL: http://www.securityfocus.com/bid/35639
Summary:
Pirch IRC is prone to a remote buffer-overflow vulnerability because it fails to bounds-check
user-supplied data before copying it into an insufficiently sized buffer.

An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious
IRC server. Successful attacks will allow arbitrary code to run within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

Pirch IRC 98 is vulnerable; other versions may also be affected.

NOTE: The vulnerability may be related to the issue described in BID 5079. We will update the BID
when more information emerges.

7. Microsoft ISA Server Radius OTP Authentication Bypass Vulnerability
BugTraq ID: 35631
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35631
Summary:
Microsoft ISA Server is prone to an authentication-bypass vulnerability.

An attacker with knowledge of a valid account name can exploit this issue to bypass authentication
and gain access to arbitrary resources within the context of the selected account.

8. Microsoft Internet Explorer 'AddFavorite' Method Denial of Service Vulnerability
BugTraq ID: 35620
Remote: Yes
Date Published: 2009-07-09
Relevant URL: http://www.securityfocus.com/bid/35620
Summary:
Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability.

Successful exploits can allow attackers to crash the affected browser, resulting in
denial-of-service conditions. Reports indicate that this issue may be used to corrupt process memory
and be leveraged to execute code, but this has not been confirmed.

Internet Explorer 7 and 8 are known to be vulnerable; other versions may be affected as well.

9. Microsoft July 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35617
Remote: Yes
Date Published: 2009-07-09
Relevant URL: http://www.securityfocus.com/bid/35617
Summary:
Microsoft has released advance notification that on July 14, 2009 the vendor will be releasing six
security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
DirectX
Virtual PC
Virtual Server
ISA Server
Publisher

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

We will create individual records to better document these issues when the bulletins are released.

10. Microsoft DirectX DirectShow Length Record Remote Code Execution Vulnerability
BugTraq ID: 35616
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35616
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

11. Bugzilla Bug Status Modification Security Bypass Vulnerability
BugTraq ID: 35604
Remote: Yes
Date Published: 2009-07-08
Relevant URL: http://www.securityfocus.com/bid/35604
Summary:
Bugzilla is prone to a security-bypass vulnerability.

Successful exploits will allow authenticated attackers to modify the status of bug reports, which
may aid in further attacks.

The following are vulnerable:

Bugzilla 3.1.1 through 3.2.3
Bugzilla 3.3.1 through 3.3.4

12. Microsoft Virtual PC and Virtual Server Privilege Escalation Vulnerability
BugTraq ID: 35601
Remote: No
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35601
Summary:
Microsoft Virtual PC and Virtual Server are prone to a privilege-escalation vulnerability caused by
an error in decoding privileged instructions.

Note that this issue affects only systems that do not use hardware-assisted virtualization.

Successful exploits may allow local attackers to elevate privileges within a guest operating system.

13. Microsoft DirectX DirectShow Pointer Validation Remote Code Execution Vulnerability
BugTraq ID: 35600
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35600
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability that resides in the DirectShow
component.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user
running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

14. Microsoft Publisher Object Handler Data Pointer Dereference Remote Code Execution Vulnerability
BugTraq ID: 35599
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35599
Summary:
Microsoft Publisher is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Publisher file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

15. Microsoft Windows 'msvidctl.dll' ActiveX Control Unspecified Remote Memory Corruption Vulnerability
BugTraq ID: 35585
Remote: Yes
Date Published: 2009-07-06
Relevant URL: http://www.securityfocus.com/bid/35585
Summary:
Microsoft Windows is prone to a remote memory-corruption vulnerability that affects the Video
Control ActiveX control.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected.

16. Microsoft Windows 'MPEG2TuneRequest' ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 35558
Remote: Yes
Date Published: 2009-07-06
Relevant URL: http://www.securityfocus.com/bid/35558
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the TV Tuner library.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context
of the currently logged-in user.

Windows XP SP3 and Windows Server 2003 are vulnerable; other versions may also be affected.

17. Microsoft Windows Embedded OpenType Font Engine Integer Overflow Vulnerability
BugTraq ID: 35187
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35187
Summary:
Microsoft Windows is prone to a remotely exploitable integer-overflow vulnerability because it fails
to properly bounds-check user-supplied input before copying it into an insufficiently sized memory
buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

18. Microsoft Windows Embedded OpenType Font Engine Heap Overflow Vulnerability
BugTraq ID: 35186
Remote: Yes
Date Published: 2009-07-14
Relevant URL: http://www.securityfocus.com/bid/35186
Summary:
Microsoft Windows is prone to a remotely exploitable heap-overflow vulnerability because the
software fails to properly bounds-check user-supplied input before copying it into an insufficiently
sized memory buffer.

Remote attackers can exploit this issue to execute arbitrary machine code in the context of the
vulnerable software on the targeted user's computer.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Ironkey

INTRODUCING THE WORLD'S ONLY FIPS 140-2 LEVEL 3 VALIDATED USB FLASH DRIVE

Designed to meet the needs of military, government and demanding enterprise users, the IronKey. S200
series USB flash drives have passed the stringent Security Level 3 tests for the FIPS 140-2
standard. A rugged, tamper-resistant and tamper-evident enclosure protects the critical components,
while strong AES 256-bit hardware encryption and active malware defenses safeguard even the most
sensitive data. Enterprise-class central management capabilities also make it easy to enforce
security policies on fleets of drives and even remotely destroy drives in the field.

. Always-On AES 256-bit Hardware Encryption

. FIPS 140-2 Level 3 Validated

. Hardened Case.Waterproof Beyond MIL-STD-810F

. Remote Management Software

Research for the IronKey architecture was funded in part by the U.S. Department of Homeland
Security. In addition, IronKey maintains a trusted supply chain: all research and development is
performed in the USA, and all boards are built and all drives are assembled in secure facilities in
the USA.

IronKey Basic S200 drives will also be available in high-capacity 16GB models.

https://www.ironkey.com/S200_Launch?ik_c=s200_launch&ik_s=security_focus&ik_t=newsletter

BH Training

2009-06-26T11:57:51Z

The SF list has been pretty quiet, so I’m hoping this important security training offering will go through (seeing as how Black Hat is a proud sponsor of SF ;)

It’s that time of year again --- BH Vegas is coming up on us pretty quickly, and I’m really excited about this year’s edition of Microsoft Ninjitsu: Black Belt Edition.

Get the skinny here:
http://www.blackhat.com/html/bh-usa-09/train-bh-usa-09-tm-ms-bbe.html

One of the common misconceptions I hear regarding this curriculum is that it’s the “same old Microsoft training.” That couldn’t be farther from the truth. Each year the training curriculum undergoes deep review to add new technologies and update other technologies in order to deliver the most up-to-date information available. This year is certainly no exception –we’re even bringing in content on Win7, TMG, SSTP, etc.. . If your job requires you to administer, secure, or evaluate Microsoft technologies, then I highly recommend that you at least look over this class. In fact, this is the only 3rd party class at BH to have engineering personnel on-hand sanctioned by MSFT. And as usual, you can expect heckling from the likes of Litchfield, Dr. Shinder, Paget, and others as they try to throw me off balance during the training ☺

Direct inquires welcome for those with serious questions in regard to specific content.

Thanks for your time and the opportunity to interrupt your day ;)

t

____________________
Dr. Timothy (Thor) Mullen, Ph.D.
thor@...
www.hammerofgod.com

SecurityFocus Microsoft Newsletter #447

2009-06-26T10:44:12Z

SecurityFocus Microsoft Newsletter #447
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510135;37701660;s

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
2. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service
Vulnerability
3. Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
4. Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass Vulnerability
5. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
6. Apple Safari 'parent/top' Cross Domain Scripting Vulnerability
7. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
8. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
9. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Motorola Timbuktu Pro 'PlughNTCommand' Named Pipe Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35496
Remote: Yes
Date Published: 2009-06-25
Relevant URL: http://www.securityfocus.com/bid/35496
Summary:
Motorola Timbuktu Pro for Windows is prone to a remote stack-based buffer-overflow vulnerability
because it fails to properly bounds-check user-supplied data before copying it into an
insufficiently sized memory buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges. Failed
exploit attempts will result in denial-of-service conditions.

Versions prior to Timbuktu Pro 8.6.7 for Windows are vulnerable.

2. Apple Safari 'file://' Protocol Handler Information Disclosure and Denial of Service Vulnerability
BugTraq ID: 35482
Remote: Yes
Date Published: 2009-06-23
Relevant URL: http://www.securityfocus.com/bid/35482
Summary:
Apple Safari is prone to an information-disclosure and denial-of-service vulnerability because it
fails to properly sanitize user-supplied input.

An attacker can exploit this issue to access local files. On Microsoft Windows platforms, the
attacker may launch rogue instances of Windows Explorer, which may affect the computer's overall
stability, leading to a denial-of-service.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft
Windows XP and Vista.

3. Adobe Shockwave Player Director File Parsing Remote Code Execution Vulnerability
BugTraq ID: 35469
Remote: Yes
Date Published: 2009-06-23
Relevant URL: http://www.securityfocus.com/bid/35469
Summary:
Adobe Shockwave Player is prone to a remote code-execution vulnerability caused by a
memory-dereferencing error while parsing Adobe Director files.

Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in
user. Failed exploit attempts may cause a denial-of-service condition.

Versions prior to Shockwave Player 11.5.0.600 for Microsoft Windows are vulnerable.

4. Microsoft Internet Explorer HTML Attribute JavaScript URI Security Bypass Vulnerability
BugTraq ID: 35455
Remote: Yes
Date Published: 2009-06-22
Relevant URL: http://www.securityfocus.com/bid/35455
Summary:
Microsoft Internet Explorer is prone to a security-bypass vulnerability because it fails to properly
enforce restrictions on script behavior.

An attacker may exploit this issue to bypass restrictions on the execution of JavaScript code. This
may aid in further attacks.

5. LibTIFF 'LZWDecodeCompat()' Remote Buffer Underflow Vulnerability
BugTraq ID: 35451
Remote: Yes
Date Published: 2009-06-21
Relevant URL: http://www.securityfocus.com/bid/35451
Summary:
LibTIFF is prone to a remote buffer-underflow vulnerability because it fails to perform adequate
boundary checks on user-supplied data.

An attacker can exploit this issue to execute arbitrary malicious code in the context of a user
running an application that uses the affected library. Failed exploit attempts will likely crash the
application.

LibTIFF 3.8.2 is vulnerable; other versions may be affected as well.

6. Apple Safari 'parent/top' Cross Domain Scripting Vulnerability
BugTraq ID: 35441
Remote: Yes
Date Published: 2009-06-19
Relevant URL: http://www.securityfocus.com/bid/35441
Summary:
Apple Safari is prone to a cross-domain scripting vulnerability.

A remote attacker can exploit this vulnerability to bypass the same-origin policy and obtain
potentially sensitive information or launch spoofing attacks against other sites. Other attacks are
also possible.

7. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 35432
Remote: No
Date Published: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35432
Summary:
DESlock+ is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may
facilitate a complete compromise of the affected computer.

DESlock+ 4.0.2 is vulnerable; other versions may also be affected.

8. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
BugTraq ID: 35411
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35411
Summary:
Multiple browsers are prone to a vulnerability that may allow attackers to spoof arbitrary HTTPS sites.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTPS
site. Successful exploits will lead to a false sensitive security since the victim is visiting a
site that is assumed to be legitimate.

9. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
BugTraq ID: 35410
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35410
Summary:
ClamAV is prone to multiple vulnerabilities because it fails to properly restrict certain files
after scanning them.

A successful attack may allow malicious users to bypass security restrictions placed on certain
files. Exploits may aid in further attacks.

Versions prior to ClamAv 0.95.2 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510135;37701660;s

SecurityFocus Microsoft Newsletter #446

2009-06-19T08:06:44Z

SecurityFocus Microsoft Newsletter #446
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510129;37701658;c

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
2. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
3. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
4. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
5. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
6. TorrentTrader Classic Multiple Remote Vulnerabilities
7. Multiple Kaspersky Products PDF File Scan Evasion Vulnerability
8. SugarCRM Email Attachment Arbitrary File Upload Vulnerability
9. Multiple Symantec Products RAR/TAR/ZIP File Scan Evasion Vulnerability
10. Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
11. Apple Safari for Windows Reset Password Information Disclosure Vulnerability
12. Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
13. Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability
14. Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure
Vulnerability
15. Apple Safari CFNetwork Script Injection Weakness
16. Apple Safari Windows Installer Local Privilege Escalation Vulnerability
17. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
18. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
19. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
20. Kerio MailServer WebMail Cross Site Scripting Vulnerability
21. RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
22. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
23. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
24. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
25. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
26. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
27. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
28. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
29. Microsoft Excel Record Object Remote Code Execution Vulnerability
30. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
31. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
32. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
33. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution
Vulnerability
34. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
35. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution
Vulnerability
36. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
37. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution
Vulnerability
38. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution
Vulnerability
39. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution
Vulnerability
40. Microsoft Windows Search Script Injection Vulnerability
41. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
42. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
43. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
44. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
45. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
46. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow
Vulnerability
47. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
48. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution
Vulnerability
49. Microsoft Word Record Parsing Buffer Overflow Vulnerability
50. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
51. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SecurityFocus Microsoft Newsletter #445
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. DESlock+ 'dlpcrypt.sys' Local Privilege Escalation Vulnerability
BugTraq ID: 35432
Remote: No
Date Published: 2009-06-18
Relevant URL: http://www.securityfocus.com/bid/35432
Summary:
DESlock+ is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may
facilitate a complete compromise of the affected computer.

DESlock+ 4.0.2 is vulnerable; other versions may also be affected.

2. Apple iPhone and iPod touch Prior to Version 3.0 Multiple Vulnerabilities
BugTraq ID: 35414
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35414
Summary:
Apple iPhone and iPod touch are prone to multiple vulnerabilities.

Successfully exploiting these issues may allow attackers to bypass security restrictions, obtain
sensitive information, or cause denial-of-service conditions.

These issues affect the following:

iPhone OS 1.0 through 2.2.1
iPhone OS for iPod touch 1.1 through 2.2.1

3. Multiple Browsers Cached Certificate HTTP Site Spoofing Vulnerability
BugTraq ID: 35411
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35411
Summary:
Multiple browsers are prone to a vulnerability that may allow attackers to spoof arbitrary HTTPS sites.

Attackers may exploit this vulnerability via a malicious webpage to spoof the origin of an HTTPS
site. Successful exploits will lead to a false sensitive security since the victim is visiting a
site that is assumed to be legitimate.

4. ClamAV Prior to 0.95.2 Multiple Scanner Bypass Vulnerabilities
BugTraq ID: 35410
Remote: Yes
Date Published: 2009-06-17
Relevant URL: http://www.securityfocus.com/bid/35410
Summary:
ClamAV is prone to multiple vulnerabilities because it fails to properly restrict certain files
after scanning them.

A successful attack may allow malicious users to bypass security restrictions placed on certain
files. Exploits may aid in further attacks.

Versions prior to ClamAv 0.95.2 are vulnerable.

5. Multiple Browser Malicious Proxy HTTPS Man In The Middle Vulnerability
BugTraq ID: 35380
Remote: Yes
Date Published: 2009-06-11
Relevant URL: http://www.securityfocus.com/bid/35380
Summary:
Multiple web browsers are prone to a man-in-the-middle vulnerability.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially
allowing the attacker to steal cookie-based authentication credentials or to control how sites are
rendered to the user. Other attacks are also possible.

NOTE: This issue was previously covered in BID 35326 (Mozilla Firefox/Thunderbird/SeaMonkey MFSA
2009-24 through -32 Multiple Remote Vulnerabilities), but has been assigned its own record to better
document it.

UPDATE (June 17, 2009): This BID had been updated to reflect that the issue affects multiple
browsers, not just Mozilla products.

6. TorrentTrader Classic Multiple Remote Vulnerabilities
BugTraq ID: 35369
Remote: Yes
Date Published: 2009-06-15
Relevant URL: http://www.securityfocus.com/bid/35369
Summary:
TorrentTrader Classic is prone to multiple vulnerabilities:

- An insufficient entropy weakness
- Multiple information-disclosure vulnerabilities
- Multiple SQL-injection vulnerabilities
- Multiple HTML-injection vulnerabilities
- Multiple cross-site-scripting vulnerabilities
- A local-file-include vulnerability

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,
compromise the application, obtain sensitive information, access or modify data, or exploit latent
vulnerabilities in the underlying database.

TorrentTrader Classic 1.09 is vulnerable; other versions may also be affected.

7. Multiple Kaspersky Products PDF File Scan Evasion Vulnerability
BugTraq ID: 35365
Remote: Yes
Date Published: 2009-06-13
Relevant URL: http://www.securityfocus.com/bid/35365
Summary:
Multiple Kaspersky products are prone to a vulnerability that may allow certain PDF files to bypass
the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application will fail to detect.

8. SugarCRM Email Attachment Arbitrary File Upload Vulnerability
BugTraq ID: 35361
Remote: Yes
Date Published: 2009-06-13
Relevant URL: http://www.securityfocus.com/bid/35361
Summary:
SugarCRM is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs
because the application fails to adequately validate user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of
the webserver process. This may facilitate unauthorized access or privilege escalation; other
attacks are also possible.

The issue affects SugarCRM 5.2.0e; prior versions may also be vulnerable.

9. Multiple Symantec Products RAR/TAR/ZIP File Scan Evasion Vulnerability
BugTraq ID: 35354
Remote: Yes
Date Published: 2009-06-12
Relevant URL: http://www.securityfocus.com/bid/35354
Summary:
Multiple Symantec products are prone to a vulnerability that may allow certain compressed archives
to bypass the scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application will fail to detect.

The following products are affected:

Symantec Mail Security for Domino
Symantec Mail Security for Microsoft Exchange
Symantec Mail Security for SMTP
Symantec Brightmail Gateway
Symantec AntiVirus for Network Attached Storage
Symantec AntiVirus for Caching
Symantec AntiVirus for Messaging
Symantec Protection for SharePoint Servers
Symantec Protection Suite
Symantec Scan Engine
Symantec Client Security
Symantec Endpoint Protection
Symantec AntiVirus Corporate Edition
Norton Internet Security
Norton 360
Norton AntiVirus
Norton Systemworks

10. Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
BugTraq ID: 35353
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35353
Summary:
Safari is prone to a security-bypass vulnerability because it fails to properly verify X.509
extended validation (EV) certificates.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by
impersonating trusted webservers. This will aid in further attacks.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

11. Apple Safari for Windows Reset Password Information Disclosure Vulnerability
BugTraq ID: 35352
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35352
Summary:
Apple Safari is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

12. Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
BugTraq ID: 35351
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35351
Summary:
Apple Safari is prone to a remote code-execution vulnerability.

Successful exploits may allow an attacker to execute arbitrary code in the context of the user
running the affected application or to obtain sensitive information.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

13. Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability
BugTraq ID: 35347
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35347
Summary:
Apple Safari is prone to an information-disclosure vulnerability.

A local attacker can exploit this issue to access other users' files as they are downloaded.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.5.6 and on Microsoft
Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

14. Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
BugTraq ID: 35346
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35346
Summary:
Apple Safari is prone to a local information-disclosure vulnerability.

A local attacker can exploit this issue to obtain sensitive information that may aid in further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

15. Apple Safari CFNetwork Script Injection Weakness
BugTraq ID: 35344
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35344
Summary:
Apple Safari is prone to a weakness that may allow attackers to run arbitrary script code.

Attackers may exploit this issue through social engineering or through exploiting other latent
vulnerabilities to execute arbitrary script code in the context of the victim.

This issue affects versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7 and on
Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

16. Apple Safari Windows Installer Local Privilege Escalation Vulnerability
BugTraq ID: 35339
Remote: No
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35339
Summary:
Apple Safari is prone to a local privilege-escalation vulnerability.

A local attacker may be able to exploit this issue to gain elevated privileges, which may aid in
further attacks.

This issue affects versions prior to Safari 4.0 running on Microsoft Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

17. Microsoft Windows Media Player ScriptCommand Multiple Information Disclosure Vulnerabilities
BugTraq ID: 35335
Remote: Yes
Date Published: 2009-06-12
Relevant URL: http://www.securityfocus.com/bid/35335
Summary:
Microsoft Windows Media Player is prone to multiple information-disclosure vulnerabilities because
it fails to properly restrict access to certain functionality when handling media files.

An attacker can exploit these vulnerabilities to obtain information that may aid in further attacks.

18. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
BugTraq ID: 35308
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35308
Summary:
Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to
adequately handle TrueType fonts.

An attacker can exploit this issue to execute arbitrary code in the context of the application.
Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to Safari 4.0 running on Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

19. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35275
Remote: Yes
Date Published: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35275
Summary:
Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Freelance file.

Successful exploits can allow the attacker to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

20. Kerio MailServer WebMail Cross Site Scripting Vulnerability
BugTraq ID: 35264
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35264
Summary:
Kerio MailServer WebMail is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.

Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are vulnerable.

21. RETIRED: Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
BugTraq ID: 35260
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35260
Summary:
Safari is prone to multiple security vulnerabilities that have been addressed in Apple security
advisory APPLE-SA-2009-06-08-1. These issues affect versions prior to Safari 4.0 running on Apple
Mac OS X 10.4.11 and 10.5.7, Windows XP, and Windows Vista.

NOTE: This BID is being retired because the following individual records have been created to
better document issues previously mentioned in this BID:

35321 WebKit XML External Entity Information Disclosure Vulnerability
35320 WebKit HTML 5 Standard Method Cross Site Scripting Vulnerability
35325 WebKit JavaScript DOM User After Free Remote Code Execution Vulnerability
35322 WebKit 'Canvas' HTML Element Image Capture Remote Information Disclosure Vulnerability
35319 WebKit 'document.implementation' Cross Domain Scripting Vulnerability
35271 WebKit DOM Event Handler Remote Memory Corruption Vulnerability
35317 WebKit Subframe Click Jacking Vulnerability
35318 WebKit CSS 'Attr' Function Remote Code Execution Vulnerability
35315 WebKit JavaScript 'onload()' Event Cross Domain Scripting Vulnerability
35310 WebKit 'Attr' DOM Objects Remote Code Execution Vulnerability
35311 WebKit JavaScript Exception Handling Remote Code Execution Vulnerability
35283 WebKit XSLT Redirects Remote Information Disclosure Vulnerability
35284 WebKit 'Document()' Function Remote Information Disclosure Vulnerability
35309 WebKit JavaScript Garbage Collector Memory Corruption Vulnerability
35270 WebKit 'XMLHttpRequest' HTTP Response Splitting Vulnerability
35272 WebKit Drag Event Remote Information Disclosure Vulnerability
35308 Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
33276 Multiple Browser JavaScript Engine 'Math.Random()' Cross Domain Information Disclosure
Vulnerability
35352 Apple Safari for Windows Reset Password Information Disclosure Vulnerability
35346 Apple Safari for Windows Private Browsing Cookie Data Local Information Disclosure Vulnerability
35353 Safari X.509 Extended Validation Certificate Revocation Security Bypass Vulnerability
35350 WebKit Java Applet Remote Code Execution Vulnerability
35340 WebKit Custom Cursor and Adjusting CSS3 Hotspot Properties Browser UI Element Spoofing
Vulnerability
35348 WebKit Web Inspector Cross Site Scripting Vulnerability
35349 WebKit Web Inspector Page Privilege Cross Domain Scripting Vulnerability
35351 Apple Safari 'open-help-anchor' URI Handler Remote Code Execution Vulnerability
35334 WebKit SVG Animation Elements User After Free Remote Code Execution Vulnerability
35333 WebKit File Enumeration Information Disclosure Vulnerability
35327 WebKit 'Location' and 'History' Objects Cross Site Scripting Vulnerability
35332 WebKit 'about:blank' Security Bypass Vulnerability
35330 WebKit JavaScript Prototypes Cross Site Scripting Vulnerability
35331 WebKit 'Canvas' SVG Image Capture Remote Information Disclosure Vulnerability
35328 WebKit Frame Transition Cross Domain Scripting Vulnerability
35339 Apple Safari Windows Installer Local Privilege Escalation Vulnerability
35344 Apple Safari CFNetwork Script Injection Weakness
35347 Apple Safari CFNetwork Downloaded Files Information Disclosure Vulnerability

22. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
BugTraq ID: 35255
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35255
Summary:
Microsoft Windows is prone to a weakness that affects the Windows DNS client and arises because of a
design error in the DNS devolution process.

The attacker could set up a malicious site and carry out attacks against victims who are
inadvertently directed to the malicious site. These attacks could include disclosure of the private
IP address, disclosure of authentication credentials, modification of client proxy settings,
phishing, redirection to other malicious sites, enticing vulnerable users to download malware, and more.

23. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 35248
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35248
Summary:
eBay Enhanced Picture Services ActiveX control is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

24. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35246
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35246
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel
('.xls') file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

25. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
BugTraq ID: 35245
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35245
Summary:
Microsoft Excel is prone to an integer-overflow vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

26. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
BugTraq ID: 35244
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35244
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

27. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
BugTraq ID: 35243
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35243
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

28. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
BugTraq ID: 35242
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35242
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

29. Microsoft Excel Record Object Remote Code Execution Vulnerability
BugTraq ID: 35241
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35241
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

30. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35240
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35240
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

31. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35238
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35238
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

32. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
BugTraq ID: 35235
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35235
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

33. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability
BugTraq ID: 35234
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35234
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

34. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
BugTraq ID: 35232
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35232
Summary:
Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability
because it fails to properly enforce access restrictions on certain requests to a site that requires
authentication.

An attacker can exploit this issue to gain unauthorized access to protected resources, which may
lead to other attacks.

This issue affects IIS 5.0.

35. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 35226
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35226
Summary:
Microsoft Active Directory is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the application.
Successful exploits will completely compromise the affected computer. Failed attacks will cause
denial-of-service conditions.

36. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
BugTraq ID: 35225
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35225
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

37. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35224
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35224
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

38. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35223
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35223
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

39. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35222
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35222
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

40. Microsoft Windows Search Script Injection Vulnerability
BugTraq ID: 35220
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35220
Summary:
Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately
sanitize user-supplied input when previewing search results.

Successful exploits will cause malicious script code to run in the local context, allowing attackers
to steal potentially sensitive information or perform other attacks.

The issue affects Windows Search installed on all supported editions of Windows XP and Windows
Server 2003. Note that Windows Vista and Windows Server 2008 are not affected.

41. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
BugTraq ID: 35219
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35219
Summary:
Microsoft Windows RPC Marshalling Engine is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending a specially crafted RPC request to an affected computer.

Successfully exploiting this issue will allow the attacker to execute arbitrary code with full
system rights, completely compromising affected computers. Failed exploit attempts will likely
result in a denial-of-service condition.

42. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 35218
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35218
Summary:
Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

43. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35215
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35215
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

44. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
BugTraq ID: 35209
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35209
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler
service.

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges, which can result in the complete compromise of affected computers.

45. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
BugTraq ID: 35208
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35208
Summary:
Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects
the Print Spooler service.

Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in
further attacks.

46. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35206
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35206
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the
Windows Print Spooler.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level
privileges. Failed exploit attempts will likely cause denial-of-service conditions.

47. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
BugTraq ID: 35200
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35200
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because
the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another
domain or security zone. This may allow the attacker to obtain sensitive information or may aid in
further attacks.

48. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35198
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35198
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

49. Microsoft Word Record Parsing Buffer Overflow Vulnerability
BugTraq ID: 35190
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35190
Summary:
Microsoft Word is prone to a buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

50. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35188
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35188
Summary:
Microsoft Word is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

51. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
BugTraq ID: 35184
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35184
Summary:
Microsoft Office Works for Windows document converters are prone to a remote code-execution
vulnerability because the application fails to properly handle specially crafted files.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successful exploits would allow the attacker to execute arbitrary code in the context of the
currently logged-in user.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SecurityFocus Microsoft Newsletter #445
http://www.securityfocus.com/archive/88/504256

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites' security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510129;37701658;c

SecurityFocus Microsoft Newsletter #445

2009-06-12T08:03:26Z

SecurityFocus Microsoft Newsletter #445
----------------------------------------

This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510119;37701656;z

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1. Hacker-Tool Law Still Does Little
2. A Botnet by Any Other Name
II. MICROSOFT VULNERABILITY SUMMARY
1. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
2. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
3. Kerio MailServer WebMail Cross Site Scripting Vulnerability
4. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
5. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
6. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
7. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
8. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
9. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
10. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
11. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
12. Microsoft Excel Record Object Remote Code Execution Vulnerability
13. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
14. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
15. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
16. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
17. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution
Vulnerability
18. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
19. Online Armor Personal Firewall IOCTL Request Local Privilege Escalation Vulnerability
20. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution
Vulnerability
21. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
22. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution
Vulnerability
23. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution
Vulnerability
24. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution
Vulnerability
25. Microsoft Windows Search Script Injection Vulnerability
26. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
27. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
28. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
29. Microsoft June 2009 Advance Notification Multiple Vulnerabilities
30. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
31. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
32. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow
Vulnerability
33. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
34. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution
Vulnerability
35. Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability
36. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
37. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
38. Apple QuickTime PSD Image Buffer Overflow Vulnerability
39. Apple QuickTime Clipping Region (CRGN) Atom Types Heap Overflow Vulnerability
40. Apple QuickTime Image Description Atom Sign Extension Vulnerability
41. Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability
42. Apple QuickTime PICT Image Heap Overflow Vulnerability
43. Apple QuickTime MS ADPCM Audio File Heap Buffer Overflow Vulnerability
44. Apple QuickTime User Atom Data Size Uninitialized Memory Access Remote Code Execution
Vulnerability
45. Apple QuickTime FLC Compression File Heap Overflow Vulnerability
46. Apple QuickTime Sorenson 3 Video File Remote Memory Corruption Vulnerability
47. Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability
48. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Hacker-Tool Law Still Does Little
By Mark Rasch
On August 10, 2007, a new section of the German Penal code went into effect. The statute, intended
to implement certain provisions of the Council of Europe Treaty on Cybercrime, could be interpreted
to make the creation or distribution of computer security software a criminal offense.
http://www.securityfocus.com/columnists/502

2. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Apple Safari CoreGraphics TrueType Font Handling Remote Code Execution Vulnerability
BugTraq ID: 35308
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35308
Summary:
Apple Safari CoreGraphics is prone to a remote code-execution vulnerability because it fails to
adequately handle TrueType fonts.

An attacker can exploit this issue to execute arbitrary code in the context of the application.
Failed exploit attempts will result in a denial-of-service condition.

This issue affects versions prior to Safari 4.0 running on Windows XP and Vista.

NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security
Vulnerabilities), but has been assigned its own record to better document it.

2. Microsoft PowerPoint Freelance Layout Parsing Heap Based Buffer Overflow Vulnerability
BugTraq ID: 35275
Remote: Yes
Date Published: 2009-06-10
Relevant URL: http://www.securityfocus.com/bid/35275
Summary:
Microsoft PowerPoint is prone to a heap-based buffer-overflow vulnerability.

An attacker can exploit this issue by enticing a victim to open a malicious Freelance file.

Successful exploits can allow the attacker to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely cause denial-of-service conditions.

3. Kerio MailServer WebMail Cross Site Scripting Vulnerability
BugTraq ID: 35264
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35264
Summary:
Kerio MailServer WebMail is prone to a cross-site scripting vulnerability because it fails to
properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an
unsuspecting user in the context of the affected site. This may allow the attacker to steal
cookie-based authentication credentials and to launch other attacks.

Kerio MailServer versions 6.6.0, 6.6.1, 6.6.2, and 6.7.0 are vulnerable.

4. Apple Safari Prior to 4.0 Multiple Security Vulnerabilities
BugTraq ID: 35260
Remote: Yes
Date Published: 2009-06-08
Relevant URL: http://www.securityfocus.com/bid/35260
Summary:
Apple Safari is prone to multiple security vulnerabilities.

Attackers may exploit these issues to execute arbitrary code, launch cross-site scripting attacks,
elevate privileges, or obtain sensitive information. Other attacks are also possible.

These issues affect versions prior to Safari 4.0 running on Apple Mac OS X 10.4.11 and 10.5.7,
Microsoft Windows XP, and Windows Vista.

5. Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness
BugTraq ID: 35255
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35255
Summary:
Microsoft Windows is prone to a weakness that affects the Windows DNS client and arises because of a
design error in the DNS devolution process.

The attacker could set up a malicious site and carry out attacks against victims who are
inadvertently directed to the malicious site. These attacks could include disclosure of the private
IP address, disclosure of authentication credentials, modification of client proxy settings,
phishing, redirection to other malicious sites, enticing vulnerable users to download malware, and more.

6. eBay Enhanced Picture Services ActiveX Control Remote Code Execution Vulnerability
BugTraq ID: 35248
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35248
Summary:
eBay Enhanced Picture Services ActiveX control is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successfully exploiting this issue will allow attackers to execute arbitrary code within the context
of the affected application that uses the ActiveX control (typically Internet Explorer). Failed
exploit attempts will result in a denial-of-service condition.

7. Microsoft Excel QSIR Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35246
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35246
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel
('.xls') file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

8. Microsoft Excel Malformed Shared String Table Record Integer Overflow Vulnerability
BugTraq ID: 35245
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35245
Summary:
Microsoft Excel is prone to an integer-overflow vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

9. Microsoft Excel Field Sanitization Remote Code Execution Vulnerability
BugTraq ID: 35244
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35244
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

10. Microsoft Excel String Copy Stack Overflow Remote Code Execution Vulnerability
BugTraq ID: 35243
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35243
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

11. Microsoft Excel Array Indexing Remote Code Execution Vulnerability
BugTraq ID: 35242
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35242
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

12. Microsoft Excel Record Object Remote Code Execution Vulnerability
BugTraq ID: 35241
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35241
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

13. Microsoft Windows Argument Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35240
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35240
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

14. XM Easy Personal FTP Server Multiple Command Remote Buffer Overflow Vulnerabilities
BugTraq ID: 35239
Remote: Yes
Date Published: 2009-06-05
Relevant URL: http://www.securityfocus.com/bid/35239
Summary:
XM Easy Personal FTP Server is prone to multiple remote buffer-overflow vulnerabilities because the
application fails to sufficiently sanitize user-supplied arguments to multiple FTP commands.

An attacker can exploit these issues to execute arbitrary code in the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

XM Easy Personal FTP Server 5.7.0 is vulnerable; other versions may also be affected.

15. Microsoft Windows Pointer Validation Local Privilege Escalation Vulnerability
BugTraq ID: 35238
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35238
Summary:
Microsoft Windows is prone to a local privilege-escalation vulnerability that occurs in the Windows
kernel.

An attacker can exploit this issue to execute arbitrary code with kernel-level privileges.
Successful exploits will result in the complete compromise of affected computers.

16. Microsoft Internet Explorer Malformed Row Property Remote Code Execution Vulnerability
BugTraq ID: 35235
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35235
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

17. Microsoft Internet Explorer 'onreadystatechange' Corrupt Memory Remote Code Execution Vulnerability
BugTraq ID: 35234
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35234
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

18. Microsoft IIS 5.0 WebDAV Authentication Bypass Vulnerability
BugTraq ID: 35232
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35232
Summary:
Microsoft Internet Information Services (IIS) is prone to an authentication-bypass vulnerability
because it fails to properly enforce access restrictions on certain requests to a site that requires
authentication.

An attacker can exploit this issue to gain unauthorized access to protected resources, which may
lead to other attacks.

This issue affects IIS 5.0.

19. Online Armor Personal Firewall IOCTL Request Local Privilege Escalation Vulnerability
BugTraq ID: 35227
Remote: No
Date Published: 2009-06-04
Relevant URL: http://www.securityfocus.com/bid/35227
Summary:
Online Armor Personal Firewall is prone to a local privilege-escalation vulnerability.

An attacker may exploit this issue to execute arbitrary code with elevated privileges, which may
facilitate a complete compromise of the affected computer.

Online Armor Personal Firewall 3.5.0.12 and prior versions are affected. Online Armor Personal
Firewall AV+ is also vulnerable.

20. Microsoft Active Directory Encoded LDAP String Memory Corruption Remote Code Execution Vulnerability
BugTraq ID: 35226
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35226
Summary:
Microsoft Active Directory is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the application.
Successful exploits will completely compromise the affected computer. Failed attacks will cause
denial-of-service conditions.

21. Microsoft Active Directory Memory Leak Denial Of Service Vulnerability
BugTraq ID: 35225
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35225
Summary:
Microsoft Active Directory is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to crash the server, denying access to legitimate users.

22. Microsoft Internet Explorer Event Handler Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35224
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35224
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

23. Microsoft Internet Explorer 'setCapture()' Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35223
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35223
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

24. Microsoft Internet Explorer XMLHttpRequest Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35222
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35222
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
browser. Successful exploits will compromise the browser and possibly the computer. Failed attacks
may cause denial-of-service conditions.

25. Microsoft Windows Search Script Injection Vulnerability
BugTraq ID: 35220
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35220
Summary:
Microsoft Windows Search is prone to a script-injection vulnerability because it fails to adequately
sanitize user-supplied input when previewing search results.

Successful exploits will cause malicious script code to run in the local context, allowing attackers
to steal potentially sensitive information or perform other attacks.

The issue affects Windows Search installed on all supported editions of Windows XP and Windows
Server 2003. Note that Windows Vista and Windows Server 2008 are not affected.

26. Microsoft RPC Marshalling Engine Remote Code Execution Vulnerability
BugTraq ID: 35219
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35219
Summary:
Microsoft Windows RPC Marshalling Engine is prone to a remote code-execution vulnerability.

An attacker can exploit this issue by sending a specially crafted RPC request to an affected computer.

Successfully exploiting this issue will allow the attacker to execute arbitrary code with full
system rights, completely compromising affected computers. Failed exploit attempts will likely
result in a denial-of-service condition.

27. Microsoft Visual Studio 'MSCOMM32.OCX' ActiveX Control Heap Buffer Overflow Vulnerability
BugTraq ID: 35218
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35218
Summary:
Microsoft Visual Studio is prone to a remote heap-based buffer-overflow vulnerability.

Attackers may exploit this issue by enticing an unsuspecting victim to view a malicious webpage.

Successful exploits will allow attackers to execute arbitrary code within the context of the
affected application that uses the ActiveX control (typically Internet Explorer). Failed exploit
attempts will result in a denial-of-service condition.

28. Microsoft Excel Record Pointer Corruption Remote Code Execution Vulnerability
BugTraq ID: 35215
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35215
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user
running the application.

29. Microsoft June 2009 Advance Notification Multiple Vulnerabilities
BugTraq ID: 35213
Remote: Yes
Date Published: 2009-06-04
Relevant URL: http://www.securityfocus.com/bid/35213
Summary:
Microsoft has released advance notification that on June 9, 2009 the vendor will be releasing 10
security bulletins covering multiple issues. The highest severity rating for these issues is 'Critical'.

These issues affect the following:

Windows
Internet Explorer
Word
Excel
Office

Successfully exploiting these issues may allow remote or local attackers to compromise affected
computers.

We will create individual records to better document these issues when the bulletins are released.

30. Microsoft Windows Print Spooler Remote Code Execution Vulnerability
BugTraq ID: 35209
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35209
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability that affects the Print Spooler
service.

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level
privileges, which can result in the complete compromise of affected computers.

31. Microsoft Windows Print Spooler Local Information Disclosure Vulnerability
BugTraq ID: 35208
Remote: No
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35208
Summary:
Microsoft Windows Messenger is prone to a local information-disclosure vulnerability that affects
the Print Spooler service.

Successfully exploiting this issue allows attackers to obtain sensitive information that may aid in
further attacks.

32. Microsoft Windows Print Spooler 'EnumeratePrintShares()' Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35206
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35206
Summary:
Microsoft Windows is prone to a remote stack-based buffer-overflow vulnerability that affects the
Windows Print Spooler.

Exploiting this vulnerability allows attackers to execute arbitrary code with system-level
privileges. Failed exploit attempts will likely cause denial-of-service conditions.

33. Microsoft Internet Explorer Cached Content Cross Domain Information Disclosure Vulnerability
BugTraq ID: 35200
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35200
Summary:
Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because
the application fails to properly enforce the same-origin policy.

An attacker can exploit this issue to access local files or content from a browser window in another
domain or security zone. This may allow the attacker to obtain sensitive information or may aid in
further attacks.

34. Microsoft Internet Explorer (CVE-2009-1141) Uninitialized Memory Remote Code Execution Vulnerability
BugTraq ID: 35198
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35198
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the
application. Successful exploits will compromise the application and possibly the computer. Failed
attacks may cause denial-of-service conditions.

35. Microsoft Word Record Parsing (CVE-2009-0565) Remote Code Execution Vulnerability
BugTraq ID: 35190
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35190
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

36. Microsoft Word Record Parsing Length Field Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35188
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35188
Summary:
Microsoft Word is prone to a stack-based buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently
logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

37. Microsoft Office Works for Windows Document Converters Remote Code Execution Vulnerability
BugTraq ID: 35184
Remote: Yes
Date Published: 2009-06-09
Relevant URL: http://www.securityfocus.com/bid/35184
Summary:
Microsoft Office Works for Windows document converters are prone to a remote code-execution
vulnerability because the application fails to properly handle specially crafted files.

An attacker could exploit this issue by enticing a victim to open a malicious '.wps' file.

Successful exploits would allow the attacker to execute arbitrary code in the context of the
currently logged-in user.

38. Apple QuickTime PSD Image Buffer Overflow Vulnerability
BugTraq ID: 35168
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35168
Summary:
Apple QuickTime is prone to a buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted image.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

39. Apple QuickTime Clipping Region (CRGN) Atom Types Heap Overflow Vulnerability
BugTraq ID: 35167
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35167
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista and Windows XP SP3.

40. Apple QuickTime Image Description Atom Sign Extension Vulnerability
BugTraq ID: 35166
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35166
Summary:
Apple QuickTime is prone to a vulnerability that occurs because the bit width of a number is
increased without changing its sign in certain image description atoms.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted Apple video file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

41. Apple QuickTime JP2 Image Handling Heap Buffer Overflow Vulnerability
BugTraq ID: 35165
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35165
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

42. Apple QuickTime PICT Image Heap Overflow Vulnerability
BugTraq ID: 35164
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35164
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

43. Apple QuickTime MS ADPCM Audio File Heap Buffer Overflow Vulnerability
BugTraq ID: 35163
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35163
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially AVI
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

44. Apple QuickTime User Atom Data Size Uninitialized Memory Access Remote Code Execution Vulnerability
BugTraq ID: 35162
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35162
Summary:
Apple QuickTime is prone to a remote code-execution vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

45. Apple QuickTime FLC Compression File Heap Overflow Vulnerability
BugTraq ID: 35161
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35161
Summary:
Apple QuickTime is prone to a heap-based buffer-overflow vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

46. Apple QuickTime Sorenson 3 Video File Remote Memory Corruption Vulnerability
BugTraq ID: 35159
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35159
Summary:
Apple QuickTime is prone to a memory-corruption vulnerability.

A remote attacker can exploit this issue by enticing an unsuspecting user to open a specially
crafted file.

Successful exploits will allow the attacker to execute arbitrary code in the context of the user
running the application. Failed exploit attempts likely result in denial-of-service conditions.

This issue affects Apple QuickTime running on Microsoft Windows Vista, Windows XP SP3, and Mac OS X.

47. Apple iTunes Multiple URI Handler Stack Buffer Overflow Vulnerability
BugTraq ID: 35157
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35157
Summary:
Apple iTunes is prone to a stack-based buffer-overflow vulnerability because it fails to perform
adequate boundary checks before copying user-supplied data to an insufficiently sized buffer.

Attackers can leverage this issue to execute arbitrary code with the privileges of the user running
the affected application. Failed attacks will likely cause denial-of-service conditions.

48. SafeNet SoftRemote IKE Service Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 35154
Remote: Yes
Date Published: 2009-06-01
Relevant URL: http://www.securityfocus.com/bid/35154
Summary:
SafeNet SoftRemote is prone to a remote stack-based buffer-overflow vulnerability because it fails
to properly bounds-check user-supplied data before copying it into an insufficiently sized memory
buffer.

An attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.
Failed exploit attempts will result in a denial-of-service condition.

Versions prior to SoftRemote 10.8.6 are vulnerable.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by VeriSign

VeriSign EV SSL Certificates for your sites. security turn the address bar in high security browsers
green which helps your customers know they are safe on your site.

http://ad.doubleclick.net/clk;215510119;37701656;z

SecurityFocus Microsoft Newsletter #444

2009-05-29T08:07:04Z

SecurityFocus Microsoft Newsletter #444
----------------------------------------

This issue is sponsored by Thawte

SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online
identity assurance processes for SSL certificate issuance. Find out how the EV standard increases
the visibility of authentication status through the use of a green address bar in the latest high
security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f214c470a

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest
for our community. We are proud to offer content from Matasano at this time and will be adding more
in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.A Botnet by Any Other Name
2.Projecting Borders into Cyberspace
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
2. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
3. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
4. ImageMagick TIFF File Integer Overflow Vulnerability
5. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability
6. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation
Vulnerabilities
7. SonicWALL Global Security Client Local Privilege Escalation Vulnerability
8. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
9. Soulseek Distributed File Search Buffer Overflow Vulnerability
10. Wireshark PCNFSD Dissector Denial of Service Vulnerability
11. Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability
12. Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability
13. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
14. CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
15. Mereo Malformed URI Remote Denial Of Service Vulnerability
16. httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities
III. MICROSOFT FOCUS LIST SUMMARY
1. New Tech Tip: Configuring Windows 7 for a limited user
2. AD Password complexity - passwords too long?
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. A Botnet by Any Other Name
By Gubter Ollmann
The news has been awash the last few weeks with fears over globe-spanning botnets and their criminal
intent: Conficker managed to hog the limelight for well over a month, and then came Finjan's
disclosure of a previously unknown - and currently unnamed - botnet consisting of some 1.9 million
malicious agents.
http://www.securityfocus.com/columnists/501

2.Projecting Borders into Cyberspace
By Jeffrey Carr
Two recent stories of significant cyber attacks come close to blaming the Chinese for the intrusions
but stop short.
http://www.securityfocus.com/columnists/500

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft DirectX DirectShow QuickTime Video Remote Code Execution Vulnerability
BugTraq ID: 35139
Remote: Yes
Date Published: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35139
Summary:
Microsoft DirectX is prone to a remote code-execution vulnerability because the DirectShow component
fails to properly handle QuickTime media files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context
of the user running the application that uses DirectX. Failed exploit attempts will result in a
denial-of-service condition.

2. Citrix Password Manager Secondary Credentials Local Information Disclosure Vulnerability
BugTraq ID: 35133
Remote: No
Date Published: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35133
Summary:
Citrix Password Manager is prone to a local information-disclosure vulnerability.

Exploiting this issue may allow a local attacker to obtain sensitive information that may aid in
further attacks.

Versions prior to Password Manager 4.6 SP1 are vulnerable.

3. Simple Machines Forum 'image/bmp' MIME Type HTML Injection Vulnerability
BugTraq ID: 35130
Remote: Yes
Date Published: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35130
Summary:
Simple Machines Forum (SMF) is prone to an HTML-injection vulnerability because the application
fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially
allowing the attacker to steal cookie-based authentication credentials or to control how the site is
rendered to the user. Other attacks are also possible.

NOTE: This issue was originally documented as a cross-site scripting vulnerability. After further
analysis, the BID has been rewritten as an HTML-injection issue.

4. ImageMagick TIFF File Integer Overflow Vulnerability
BugTraq ID: 35111
Remote: Yes
Date Published: 2009-05-27
Relevant URL: http://www.securityfocus.com/bid/35111
Summary:
ImageMagick is prone to an integer-overflow vulnerability because it fails to properly bounds-check
user-supplied input. The vulnerability occurs when handling malformed TIFF files.

Successfully exploiting this issue allows attackers to execute arbitrary code with the privileges of
a user running the application. Failed exploit attempts will result in a denial-of-service condition.

ImageMagick 6.5.2-8 is vulnerable; other versions may be affected as well.

5. Ston3D S3DPlayer Web and StandAlone 'system.openURL()' Remote Command Injection Vulnerability
BugTraq ID: 35105
Remote: Yes
Date Published: 2009-05-28
Relevant URL: http://www.securityfocus.com/bid/35105
Summary:
S3DPlayer Web and StandAlone are prone to a remote command-injection vulnerability because they fail
to adequately sanitize user-supplied input data.

Attackers can exploit this issue to execute arbitrary commands, within the context of the affected
application.

6. Multiple ArcaBit ArcaVir Products Multiple IOCTL Request Local Privilege Escalation Vulnerabilities
BugTraq ID: 35100
Remote: No
Date Published: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35100
Summary:
Multiple ArcaBit ArcaVir products are prone to multiple local privilege-escalation vulnerabilities
that affect the 'ps_drv.sys' driver.

An attacker can exploit these issues to execute arbitrary code with elevated privileges,
facilitating a complete compromise of the affected computer.

The following applications are vulnerable:

ArcaVir 2009 Antivirus Protection
ArcaVir 2009 Internet Security
ArcaVir 2009 System Protection
ArcaVir 2009 Home Protection

7. SonicWALL Global Security Client Local Privilege Escalation Vulnerability
BugTraq ID: 35094
Remote: No
Date Published: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35094
Summary:
SonicWALL Global Security Client is prone to a local privilege-escalation vulnerability because the
application fails to perform adequate boundary checks on user-supplied data.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges.
Successfully exploiting this issue will result in the complete compromise of affected computers.

Global Security Client 1.0.0.15 is vulnerable; other versions may also be affected.

8. SonicWALL Global VPN Client 'RampartSvc' Local Privilege Escalation Vulnerability
BugTraq ID: 35092
Remote: No
Date Published: 2009-05-26
Relevant URL: http://www.securityfocus.com/bid/35092
Summary:
SonicWALL Global VPN Client is prone to a local privilege-escalation vulnerability.

Successfully exploiting this issue allows local users to execute arbitrary code with LocalSystem
privileges, facilitating the complete compromise of affected computers.

Global VPN Client 4.0.0.835 is vulnerable; other versions may also be affected.

9. Soulseek Distributed File Search Buffer Overflow Vulnerability
BugTraq ID: 35091
Remote: Yes
Date Published: 2009-05-25
Relevant URL: http://www.securityfocus.com/bid/35091
Summary:
Soulseek is prone to a stack-based buffer-overflow vulnerability because the application fails to
perform adequate boundary checks on user-supplied data.

Attackers can exploit this issue to execute arbitrary code within the context of the affected
application. Failed exploit attempt will result in a denial-of-service condition.

Soulseek 156 and 157 NS are vulnerable; other versions may also be affected.

10. Wireshark PCNFSD Dissector Denial of Service Vulnerability
BugTraq ID: 35081
Remote: Yes
Date Published: 2009-05-21
Relevant URL: http://www.securityfocus.com/bid/35081
Summary:
Wireshark is prone to a denial-of-service vulnerability.

Exploiting this issue may allow attackers to cause the application to crash.

This issue affects Wireshark 0.8.20 through 1.0.7.

11. Novell GroupWise Internet Agent SMTP Request Processing Buffer Overflow Vulnerability
BugTraq ID: 35065
Remote: Yes
Date Published: 2009-05-21
Relevant URL: http://www.securityfocus.com/bid/35065
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a
denial-of-service condition.

12. Novell GroupWise Internet Agent Email Address Processing Buffer Overflow Vulnerability
BugTraq ID: 35064
Remote: Yes
Date Published: 2009-05-21
Relevant URL: http://www.securityfocus.com/bid/35064
Summary:
Novell GroupWise Internet Agent is prone to a remote buffer-overflow vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected
application, possibly with root or SYSTEM-level privileges. Failed exploit attempts will result in a
denial-of-service condition.

13. Nullsoft Winamp 'gen_ff.dll' Buffer Overflow Vulnerability
BugTraq ID: 35052
Remote: Yes
Date Published: 2009-05-20
Relevant URL: http://www.securityfocus.com/bid/35052
Summary:
Nullsoft Winamp is prone to a buffer-overflow vulnerability because the application fails to perform
adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application.
Failed attacks will cause denial-of-service conditions.

Winamp 5.55 and prior versions are vulnerable.

14. CiscoWorks Common Services TFTP Server Directory Traversal Vulnerability
BugTraq ID: 35040
Remote: Yes
Date Published: 2009-05-20
Relevant URL: http://www.securityfocus.com/bid/35040
Summary:
CiscoWorks Common Services TFTP Server is prone to a directory-traversal vulnerability because it
fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to upload and download arbitrary files outside of the
TFTP server root directory. This may result in a denial-of-service condition or lead to a complete
compromise of the affected computer.

This issue is tracked by Cisco Bug ID CSCsx07107.

CiscoWorks Common Services 3.0.x, 3.1.x, and 3.2.x running on Microsoft Windows are vulnerable.

15. Mereo Malformed URI Remote Denial Of Service Vulnerability
BugTraq ID: 35014
Remote: Yes
Date Published: 2009-05-18
Relevant URL: http://www.securityfocus.com/bid/35014
Summary:
Mereo is prone to a denial-of-service vulnerability because it fails to adequately sanitize
user-supplied input.

Attackers can exploit this issue to crash the affected application, denying service to legitimate
users.

Mereo 1.8.0 is vulnerable; other versions may also be affected.

16. httpdx Multiple Commands Remote Buffer Overflow Vulnerabilities
BugTraq ID: 35006
Remote: Yes
Date Published: 2009-05-18
Relevant URL: http://www.securityfocus.com/bid/35006
Summary:
The 'httpdx' program is prone to multiple remote buffer-overflow vulnerabilities because the
application fails to perform adequate boundary-checks on user-supplied data.

An attacker can exploit these issues to execute arbitrary code within the context of the affected
application. Failed exploit attempts will result in a denial-of-service condition.

These issues affect httpdx 0.5b; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. New Tech Tip: Configuring Windows 7 for a limited user
http://www.securityfocus.com/archive/88/503884

2. AD Password complexity - passwords too long?
http://www.securityfocus.com/archive/88/503573

IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Thawte

SExtended Validation SSL Certificates: Inspire Trust, Improve Confidence and Increase Sales

Extended Validation SSL delivers the acknowledged industry standard for the highest level of online
identity assurance processes for SSL certificate issuance. Find out how the EV standard increases
the visibility of authentication status through the use of a green address bar in the latest high
security web browsers.

http://www.dinclinx.com/Redirect.aspx?36;5004;25;1371;0;3;946;54442f0f214c470a