SecurityFocus Microsoft Newsletter #453

SecurityFocus Microsoft Newsletter #453
----------------------------------------

This issue is sponsored by Entrust

Entrust SSL Certificates - UCC certificates
Secure MS Exchange '07 - up to 10 host names included
Now from only $387/year

http://www.entrust.net/securityfocus-ucc


------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Time to Squish SQL Injection
       2. Lazy Workers May Be Deemed Hackers
II.  MICROSOFT VULNERABILITY SUMMARY
       1. F-Secure Products PDF Files Scan Evasion Vulnerability
       2. McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
       3. Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
       4. Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation
Vulnerability
       5. Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure
Vulnerability
       6. Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Time to Squish SQL Injection
by Gunter Ollmann
Heartland Payment Systems and Hannaford Bros. both fell prey to botnets wielding SQL injection
flaws. Corporate IT managers need to place a priority on fixing Web site vulnerabilities, argues
Gunter Ollmann, vice president of research for Damballa.
http://www.securityfocus.com/columnists/505

2. Lazy Workers May Be Deemed Hackers
By Mark Rasch
>From his office job at the Shelby City (Ohio) Wastewater Treatment plant, he was browsing adult Web sites, including one called Adult Friend Finder to meet women. When some of the women asked Wolf for nude pictures, he bought a digital camera, took pictures, and e-mailed them using his work computer.
http://www.securityfocus.com/columnists/504


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. F-Secure Products PDF Files Scan Evasion Vulnerability
BugTraq ID: 36876
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36876
Summary:
Multiple F-Secure products are prone to a vulnerability that may allow certain files to bypass the
scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application on a gateway device will fail to detect.

2. McAfee Products TAR and PDF Files Scan Evasion Vulnerabilities
BugTraq ID: 36848
Remote: Yes
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36848
Summary:
Multiple McAfee products are prone to vulnerabilities that may allow certain files to bypass the
scan engine.

Successful exploits will allow attackers to distribute files containing malicious code that the
antivirus application on a gateway device will fail to detect.

3. Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities
BugTraq ID: 36846
Remote: Yes
Date Published: 2009-10-26
Relevant URL: http://www.securityfocus.com/bid/36846
Summary:
Wireshark is prone to multiple denial-of-service vulnerabilities.

Exploiting these issues may allow attackers to crash the application and deny service to legitimate
users.

These issues affect the following:

Wireshark 1.2.2 and earlier
Wireshark 1.0.9 and earlier

4. Multiple Rising Products Insecure Program File Permissions Local Privilege Escalation Vulnerability
BugTraq ID: 36836
Remote: No
Date Published: 2009-10-27
Relevant URL: http://www.securityfocus.com/bid/36836
Summary:
Multiple Rising products are prone to a local privilege-escalation vulnerability.

A local attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges,
resulting in a complete compromise of the affected computer.

The following Rising products are affected:

Antivirus 2009
Internet Security 2009
Personal Firewall 2009

5. Microsoft SharePoint Team Services Download Feature Source Code Information Disclosure Vulnerability
BugTraq ID: 36817
Remote: Yes
Date Published: 2009-10-26
Relevant URL: http://www.securityfocus.com/bid/36817
Summary:
Microsoft SharePoint is prone to a vulnerability that lets attackers access certain files that
contain source code.

An attacker can exploit this vulnerability to retrieve certain files from the vulnerable computer in
the context of the webserver process. Information obtained may aid in further attacks.

SharePoint 2007 is vulnerable; other versions may also be affected.

6. Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
BugTraq ID: 36814
Remote: Yes
Date Published: 2009-10-26
Relevant URL: http://www.securityfocus.com/bid/36814
Summary:
Cherokee Web Server is prone to a remote denial-of-service vulnerability.

An attacker could exploit this issue to crash the affected application, denying service to
legitimate users.

Cherokee Web Server 0.5.4 is vulnerable; other versions may also be affected.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@... from the
subscribed address. The contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively you can also visit
http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin@... and ask to be manually removed.

V.   SPONSOR INFORMATION
------------------------
This issue is sponsored by Entrust

Entrust SSL Certificates - UCC certificates
Secure MS Exchange '07 - up to 10 host names included
Now from only $387/year

http://www.entrust.net/securityfocus-ucc