ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 42



>
> *****************************
> Widely Deployed Software
> *****************************
>
> (1) CRITICAL: Kodak Image Viewer/Microsoft Windows Image Format
> Vulnerability (MS07-055)
> Affected:
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
>
> Description: The Kodak Image Viewer, an application distributed with
> Microsoft Windows and used for viewing various image formats, contains
> a flaw in its handling of Tagged Image File Format (TIFF)
> images files.
> A specially crafted TIFF file could trigger a memory corruption
> vulnerability. An attacker could exploit this vulnerability to execute
> arbitrary code with the privileges of the current user. A
> malicious web
> site hosting such an image could also exploit this vulnerability. Full
> technical details for this vulnerability are publicly available.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-055.mspx
> BreakingPoint Systems Blog Posting (contains full technical details)
> https://strikecenter.bpointsys.com/articles/2007/10/10/october
> -2007-microsoft-tuesday
> Wikipedia Article on TIFF
> http://en.wikipedia.org/wiki/TIFF
> SecurityFocus BID
> http://www.securityfocus.com/bid/25909
>
> **************************************************************
> *********
>
> (2) CRITICAL: Microsoft Outlook Express and Windows Mail NNTP Handling
> Buffer Overflow (MS07-056)
> Affected:
> Microsoft Outlook Express on Microsoft Windows 2000/XP/Server 2003
> Microsoft Windows Mail on Microsoft Windows Vista
>
> Description: Microsoft Outlook Express and Windows Mail are
> the default
> Network News Transport Protocol (NNTP) clients on Microsoft Windows.
> NNTP, often called "netnews" or just "news" is a protocol for
> accessing
> distributed discussion groups. Microsoft Outlook Express and Windows
> Mail fail to properly handle certain malformed responses from NNTP
> servers. A specially crafted server response could exploit this
> vulnerability to execute arbitrary code with the privileges of the
> current user. The vulnerable applications are configured by default to
> open when a user accesses an NNTP URL (one beginning with "news://";),
> therefore a malicious website could also exploit this vulnerability.
> Full technical details are publicly available for this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-056.mspx
> BreakingPoint Systems Blog Posting (contains full technical details)
> https://strikecenter.bpointsys.com/articles/2007/10/10/october
> -2007-microsoft-tuesday
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=607
> Wikipedia Article on NNTP
> http://en.wikipedia.org/wiki/NNTP
> SecurityFocus BID
> http://www.securityfocus.com/bid/25908
>
> **************************************************************
> *********
>
> (3) CRITICAL: Microsoft Internet Explorer Multiple
> Vulnerabilities (MS07-057)
> Affected:
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
> Microsoft Windows Vista
>
> Description: Microsoft Internet Explorer contains multiple
> vulnerabilities that could lead to remote code execution or user
> interface spoofing. A failure to properly handle queued file downloads
> can lead to a memory corruption vulnerability. A specially crafted web
> page could exploit this vulnerability to execute arbitrary
> code with the
> privileges of the current user. Other vulnerabilities allow a web page
> to persist and continue to interact with the web browser after a user
> has navigated away from that web site.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-057.mspx
> SecurityFocus BIDs
> http://www.securityfocus.com/bid/25916
> http://www.securityfocus.com/bid/25915
>
> **************************************************************
> *********
>
> (4) CRITICAL: Microsoft Word Memory Corruption Vulnerability
> (MS07-060)
> Affected:
> Microsoft Office 2000
> Microsoft Office XP
> Microsoft Office 2004 for Mac
>
> Description: Microsoft Word contains a memory corruption vulnerability
> in the handling of certain malformed documents. A specially crafted
> Microsoft Office document could trigger this vulnerability
> and allow an
> attacker to execute arbitrary code with the privileges of the current
> user. The attack is believed to involve the file format used by the
> Apple Macintosh versions of Microsoft Office, which is not
> opened by all
> versions of the software. Note that versions of Office after
> Office 2000
> do not automatically open documents without first prompting the user.
> This vulnerability is being actively exploited in the wild.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-060.mspx
> SecurityFocus BID
> http://www.securityfocus.com/bid/25906
>
> **************************************************************
> *********
>
> (5) HIGH: Microsoft Windows URI Handling Vulnerability
> Affected:
> Microsoft Windows XP and Server 2003 when using Internet Explorer 7
>
> Description: Microsoft Windows with Internet Explorer 7 fails to
> properly sanitize URIs passed from applications. A specially
> crafted URI
> could exploit this vulnerability to execute arbitrary
> commands with the
> privileges of the current user. The flaw arises from the interaction
> between applications handing URIs to the Windows Shell.
> Several example
> URIs are publicly available for this vulnerability. Some applications
> have been patched so that they validate URIs before passing
> them to the
> Windows Shell, but other applications and the Windows Shell itself are
> still vulnerable.
>
> Status: Microsoft confirmed, no updates available.
>
> References:
> Microsoft Security Advisory
> http://www.microsoft.com/technet/security/advisory/943521.mspx
> Microsoft Security Response Center Blog Posting
> http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-add
> itional-details-and-background-on-security-advisory-943521.aspx
> US-CERT Vulnerability Note
> http://www.kb.cert.org/vuls/id/403150
> SecurityFocus BID
> http://www.securityfocus.com/bid/25945
>
>
> (9) HIGH: Kaspersky Labs Online Virus Scanner ActiveX Control Format
> String Vulnerability
> Affected:
> Kaspersky Labs Online Virus Scanner ActiveX Control
>
> Description: The Kaspersky Labs Online Virus Scanner is a web-based
> antivirus solution. This application installs  an ActiveX control upon
> use, and this ActiveX control contains a format string
> vulnerability. A
> malicious web page that instantiates this control could trigger this
> vulnerability and execute arbitrary code with the privileges of the
> current user. Some technical details are publicly available for this
> vulnerability.
>
> Status: Vendor confirmed, updates available. Users can mitigate the
> impact of this vulnerability by disabling the control via Microsoft's
> "kill bit" mechanism for CLSID "0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75".
> Note that disabling this control will prevent legitimate application
> usage as well.
>
> References:
> Kaspersky Labs Advisory
> http://www.kaspersky.com/news?id=207575572
> iDefense Security Advisory
> http://labs.idefense.com/intelligence/vulnerabilities/display.
> php?id=606
> Microsoft Knowledge Base Article (details the "kill bit" mechanism)
> http://support.microsoft.com/kb/240797
> Wikipedia Article on Format String Vulnerabilities
> http://en.wikipedia.org/wiki/Format_string_attack
> SecurityFocus BID
> http://www.securityfocus.com/bid/26004
>
> **************************************************************
> *********
>
> (11) MODERATE: Asterisk IMAP Voicemail Buffer Overflow
> Affected:
> Asterisk versions prior to 1.4.13
>
> Description: Asterisk is a popular open source Voice over IP (VoIP)
> solution. Asterisk can utilize IMAP (Internet Message Access Protocol;
> a popular email retrieval and management protocol) to handle
> voice mail
> messages. A specially crafted email message, if treated as a voicemail
> by Asterisk, could trigger a buffer overflow in Asterisk, and allow an
> attacker to execute arbitrary code with the privileges of the
> vulnerable
> process. Technical details for this vulnerability are available in the
> vendor advisory, and can also be obtained by source code analysis. An
> additional buffer overflow vulnerability is also addressed in this
> security advisory, but would require write access to the application's
> configuration files to exploit.
>
> Status: Vendor confirmed, updates available.
>
> References:
> Asterisk Security Advisory
> http://downloads.digium.com/pub/security/AST-2007-022.pdf
> Vendor Home Page
> http://www.asterisk.org
> SecurityFocus BID
> http://www.securityfocus.com/bid/26005
>
> **************************************************************
> *********
>
> (12) LOW: Microsoft Windows RPC Denial-of-Service (MS07-058)
> Affected:
> Microsoft Windows 2000
> Microsoft Windows XP
> Microsoft Windows Server 2003
> Microsoft Windows Vista
>
> Description: The Microsoft Windows Remote Procedure Call
> (RPC) subsystem
> contains a denial-of-service condition. When a client attempts to
> authenticate with the subsystem and sends a specially crafted NTLMSSP
> (NT LAN Manager Security Support Provider) authentication request, the
> client could cause the vulnerable system to restart. An attacker would
> not need authentication to exploit this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> References:
> Microsoft Security Bulletin
> http://www.microsoft.com/technet/security/bulletin/ms07-058.mspx
> Zero Day Initiative Security Advisory
> http://zerodayinitiative.com/advisories/ZDI-07-055.html
> Wikipedia Article on NTLMSSP
> http://en.wikipedia.org/wiki/NTLMSSP
> SecurityFocus BID
> http://www.securityfocus.com/bid/25974
>
> ****************************************************
>
> Part II: Weekly Comprehensive List of Newly Discovered Vulnerabilities
> Week 41, 2007
>
>
> 07.42.100 CVE: Not Available
> Platform: Network Device
> Title: 3Com OfficeConnect Wireless Cable/DSL Router Unauthorized
> Remote Administration
> Description: The 3Com OfficeConnect Wireless Cable/DSL Router is
> a networking device identified by product number 3CRWER100-75. The
> device is exposed to an issue that can result in unauthorized remote
> administration. This issue occurs when the device is configured with
> remote management disabled.
> Ref: http://www.securityfocus.com/archive/1/481977
> ______________________________________________________________________
>
> 07.42.101 CVE: Not Available
> Platform: Network Device
> Title: Cisco IOS Multiple Unspecified Stack Overflow Vulnerabilities
> Description: Cisco IOS is exposed to multiple unspecified stack
> overflow issues that may allow an attacker to execute arbitrary code.
> All Cisco IOS 12.x and IOS XR versions are affected. Please refer
> to the link below for further details.
> Ref: http://www.irmplc.com/index.php/153-Embedded-Systems-Security
> ______________________________________________________________________
>
>
> 07.42.103 CVE: Not Available
> Platform: Network Device
> Title: Cisco IOS LPD Remote Buffer Overflow
> Description: Cisco IOS (Internetwork Operating System) is the
> operating system used on Cisco devices. IOS includes LPD (Line Printer
> Daemon) support, so that Cisco devices may provide network printing
> services. The LPD service is not enabled by default. The application
> is exposed to a remote buffer overflow issue in its LPD service
> because it fails to perform adequate boundary checks on user-supplied
> data. Cisco IOS versions prior to 12.2(18)SXF11, 12.4(16a) and
> 12.4(2)T6 are affected.
> Ref: http://www.cisco.com/warp/public/707/cisco-sr-20071010-lpd.shtml
> ______________________________________________________________________
>
> (c) 2007.  All rights reserved.  The information contained in this
> newsletter, including any external links, is provided "AS IS," with no
> express or implied warranty, for informational purposes only.  In some
> cases, copyright for material in this newsletter may be held
> by a party
> other than Qualys (as indicated herein) and permission to use such
> material must be requested from the copyright owner.
>



 




Copyright © Lexa Software, 1996-2009.