ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 

  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá














     áòèé÷ :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FW: @RISK: The Consensus Security Vulnerability Alert Vol. 6 No. 51



*****************************
Widely Deployed Software
*****************************

(1) CRITICAL: Microsoft DirectX Multiple Vulnerabilities (MS07-064)
Affected:
Microsoft DirectX versions 10.0 and prior

Description: Microsoft DirectX is Microsoft's multimedia framework for
its Windows operating system. DirectX is the subsystem responsible for
decoding and playing back most streaming media formats on Windows. It
contains a flaw in its handling of several media file formats, including
Synchronized Accessible Media Interchange (SAMI), Audio Video Interleave
(AVI), and WAV audio files. A specially crafted file of one of these
types could trigger a buffer overflow vulnerability in the DirectX
subsytem, allowing an attacker to execute arbitrary code with the
privileges of the current user. Note that the vulnerable file formats
are opened without first prompting the user in the default configuration
of many applications. Some technical details are publicly available for
these vulnerabilities.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=632
Wikipedia Articles on the Vulnerable File Formats
http://en.wikipedia.org/wiki/SAMI
http://en.wikipedia.org/wiki/AVI
http://en.wikipedia.org/wiki/WAV
SecurityFocus BIDs
http://www.securityfocus.com/bid/26789
http://www.securityfocus.com/bid/26804

*************************************************************

(2) CRITICAL: Microsoft Windows Media ASF Parsing Vulnerability (MS07-068)
Affected:
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows 2000 Server

Description: The Advanced Systems Format (ASF) file format is a digital
media container file format developed by Microsoft. The component used
by Microsoft Windows (called variously the Windows Media Format Runtime
and Windows Media Services) contains a flaw in its parsing of ASF files.
A specially crafted ASF file could trigger this vulnerability and allow
an attacker to execute arbitrary code with the privileges of the current
user. In the default configuration of most applications, ASF content is
played automatically upon receipt. Any application that uses the
vulnerable component is itself likely vulnerable. Known vulnerable
applications include Windows Media Player. Some technical details for
this vulnerability are publicly available.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/Bulletin/MS07-068.mspx
Wikipedia Article on the Advanced Systems Format File Format
http://en.wikipedia.org/wiki/Advanced_Systems_Format
SecurityFocus BID
ttp://www.securityfocus.com/bid/26776

*************************************************************

(3) CRITICAL: Microsoft Internet Explorer Multiple Vulnerabilities (MS07-069)
Affected:
Microsoft Internet Explorer versions 7 and prior

Description: Microsoft Internet Explorer contains multiple
vulnerabilities in its handling of web content. A specially crafted
script running on a web page could trigger one of these vulnerabilities
and allow an attacker to execute arbitrary code with the privileges of
the current user. No user interaction other than visiting a malicious
page would be necessary to exploit these vulnerabilities. Some technical
details for these vulnerabilities are publicly available.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Zero Day Initiative Advisories
http://zerodayinitiative.com/advisories/ZDI-07-075.html
http://zerodayinitiative.com/advisories/ZDI-07-074.html
http://zerodayinitiative.com/advisories/ZDI-07-073.html
iDefense Security Advisory
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631
SecurityFocus BIDs
http://www.securityfocus.com/bid/26816
http://www.securityfocus.com/bid/26817
http://www.securityfocus.com/bid/26427
http://www.securityfocus.com/bid/26506

*************************************************************

(4) HIGH: Microsoft Windows Message Queueing Service Buffer Overflow (MS07-065)
Affected:
Microsoft Windows 2000 Server
Microsoft Windows 2000
Microsoft Windows XP

Description: The Microsoft Windows Message Queueing Service (MSMQ)
provides Microsoft Windows systems with a reliable, potentially
asynchronous, messaging service. This service exports a Remote Procedure
Call (RPC) interface, allowing remote systems to access the service on
a server system. A flaw in the handling of certain calls to this RPC
service leads to a buffer overflow vulnerability. A specially crafted
call to this service could trigger this buffer overflow and allow an
attacker to execute arbitrary code with the privileges of the vulnerable
service. On Microsoft Windows 2000 Professional and Windows XP systems,
an attacker would require valid authentication credentials to exploit
this vulnerability. The vulnerable subsystem is not installed or enabled
by default, but is often deployed. A proof-of-concept for this
vulnerability is publicly available.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-065.mspx
Zero Day Initiative Advisory
http://zerodayinitiative.com/advisories/ZDI-07-076.html
Proof-of-Concept
http://downloads.securityfocus.com/vulnerabilities/exploits/ms07_065_msmq.rb
Wikipedia Article on Microsoft Message Queueing
http://en.wikipedia.org/wiki/Microsoft_Message_Queuing
SecurityFocus BID
http://www.securityfocus.com/bid/26797


(7) HIGH: Trend Micro Multiple Products Uuencoded Data Handling Vulnerability
Affected:
Trend Micro Antivirus 2008
Trend Micro Internet Security 2008
Trend Micro Internet Security Pro 2008

Description: Multiple Trend Micro products do not properly handle
malformed uuencoded documents. Uuencoding is an encoding format used to
encode binary data as text, allowing its transmission in text-only
environments. A specially crafted document or message that has been
uuencoded or contains uuencoded data could trigger a vulnerability in
various Trend Micro products. Exploiting these vulnerabilities would
allow an attacker to execute arbitrary code with the privileges of the
vulnerable process. Note that it is possible to exploit these
vulnerabilities by having a malicious document or message scanned by the
software; therefore, no user interaction is required to trigger this
vulnerability.

Status: Vendor confirmed, updates available.

References:
Trend Micro Security Advisory
http://esupport.trendmicro.com/support/viewxml.do?ContentID=1036464
Wikipedia Article on the Uuencode Format
http://en.wikipedia.org/wiki/Uuencode
SecurityFocus BID
http://www.securityfocus.com/bid/26818

*************************************************************

(8) HIGH: Apple QuickTime Multiple Vulnerabilities
Affected:
Apple QuickTime versions prior to 7.3.1

Description: Apple QuickTime is Apple's streaming media framework for
Apple Mac OS X and Microsoft Windows. QuickTime contains multiple
vulnerabilities in the parsing of several file formats. A specially
crafted QuickTime Link (QTL) file or Flash file could trigger one of
these vulnerabilities and allow an attacker to execute arbitrary code
with the privileges of the current user. QuickTime files are generally
opened without first prompting the user in the default configuration of
most applications. Additionally, a flaw in the handling of Real Time
Streaming Protocol (RTSP) responses could trigger a buffer overflow
vulnerability, allowing an attacker to execute arbitrary code with the
privileges of the current user. Both QuickTime for Microsoft Windows and
Apple Mac OS X are reportedly vulnerable. Some of these vulnerabilities
may be related to issues discussed in previous editions of @RISK.

Status: Apple confirmed, updates available.

References:
Apple Security Advisory
http://docs.info.apple.com/article.html?artnum=307176
Previous Editions of @RISK
http://www.sans.org/newsletters/risk/display.php?v=6&i=48#widely1
QuickTime Home Page
http://www.apple.com/quicktime
SecurityFocus BID
http://www.securityfocus.com/bid/26866
http://www.securityfocus.com/bid/26868



(10) MODERATE: Microsoft Windows SMBv2 Signature Validation Vulnerability 
(MS07-063)
Affected:
Microsoft Windows Vista
Microsoft Windows Server 2008

Description: The Server Message Block (SMB) protocol is the default
resource sharing protocol used by Microsoft Windows. SMBv2 is the second
major version of this protocol, and provides users the ability to
cryptographically sign sessions. Microsoft Windows does not properly
implement the signature process. An attacker who could modify SMB
traffic in transit could recompute the cryptographic signature of a
packet after modifying it, allowing arbitrary modification of the SMB
session without loss of perceived trust. Such an attacker would be able
to do anything the legitimate user of the SMB session could do. This
attack vector is an example of an exploitable Man-in-the-Middle attack.

Status: Microsoft confirmed, updates available.

References:
Microsoft Security Bulletin
http://www.microsoft.com/technet/security/bulletin/ms07-063.mspx
Wikipedia Article on SMB
http://en.wikipedia.org/wiki/Server_Message_Block
Wikipedia Article on Man-in-the-Middle Attacks
http://en.wikipedia.org/wiki/Man-in-the-middle_attack
SecurityFocus BID
http://www.securityfocus.com/bid/26777


(c) 2007.  All rights reserved.  The information contained in this
newsletter, including any external links, is provided "AS IS," with no
express or implied warranty, for informational purposes only.  In some
cases, copyright for material in this newsletter may be held by a
party other than Qualys (as indicated herein) and permission to use
such material must be requested from the copyright owner.



 




Copyright © Lexa Software, 1996-2009.