Security Alert, December 21, 2005
Java Could Allow Untrusted Applets to Elevate Privileges
Five vulnerabilities in Java could allow untrusted applets to elevate privileges, and the applets could then read and write local files and perform other unauthorized actions. Sun Microsystems published three articles that discuss these problems and recommends that people upgrade to Java 2 Platform, Standard Edition (J2SE) Software Developers Kit (SDK) and Java Runtime Environment (JRE) 1.4.2_09, or J2SE Developers Kit (JDK) and JRE 5.0 Update 4 to protect themselves against these vulnerabilities.
http://list.windowsitpro.com/t?ctl=1C7CD:28C14
http://list.windowsitpro.com/t?ctl=1C7CC:28C14
http://list.windowsitpro.com/t?ctl=1C7CB:28C14
IBM also reported that the same vulnerabilities exist in IBM Java SDK. IBM recommends that people upgrade to IBM SDK 1.4.2 Service Release 3 (SR3) or IBM SDK 1.3.1 SR9.
http://list.windowsitpro.com/t?ctl=1C7CF:28C14
Security Alert, December 14, 2005
Two Microsoft Security Bulletins for December
Microsoft released two security updates for this month. One affects the Windows kernel; the other impacts Internet Explorer (IE). Both present risks primarily to workstations and Terminal Services hosting end-user applications. The kernel update affects Windows 2000 only.
Many organizations will be able to limit their effort to deploying just the IE update to their desktops. For more details, visit
http://list.windowsitpro.com/t?ctl=1C033:28C14
Security Alert, December 12, 2005
Firefox Subject to DoS Attack
Mozilla Firefox is subject to a Denial of Service (DoS) attack that could cause the browser to seem to freeze when starting up. The vulnerability is caused when very long page title strings are written to the history.dat file. The browser will eventually start; startup time will vary depending on the speed of the computer. Mozilla Foundation issued a response that includes information about how to correct the problem when it's encountered. The foundation didn't say whether it would release an interim patch or correct the problem in a future release.
http://list.windowsitpro.com/t?ctl=1BB20:28C14
Security Alert, December 5, 2005
Null Characters Can Mask Login Names in Microsoft SQL Profiler
SQL Profiler, included with Microsoft SQL Server, is commonly used to audit connections to the server. However, login names prefixed with null characters aren't visible to the profiling tool in SQL Server 2000. Microsoft said that the problem is fixed in SQL Server 2005.
The Microsoft article "BUG: Login names that contain leading zero characters are not visible when you use SQL Profiler to audit connections to SQL Server 2000" (at the URL below) explains that the problem also exists when using certain stored procedures to monitor connections. The article also offers workaround information.
http://list.windowsitpro.com/t?ctl=1B002:28C14
Security Alert, December 5, 2005
Cisco IOS HTTP Server Vulnerable to Arbitrary Command Execution and Cross-Site Scripting Attacks
A vulnerability exists in the HTTP server in Cisco products that run Cisco IOS Software versions 11.0 through 12.4. The HTTP server dynamically generates code that could be manipulated to execute commands against the device and might allow cross-site scripting attacks. Cisco published an advisory, "IOS HTTP Server Command Injection Vulnerability," which explains that a working exploit already exists and recommends that administrators disable the HTTP server on affected devices until a patch is available.
http://list.windowsitpro.com/t?ctl=1AFF1:28C14
Security Alert, December 1, 2005
Three New Exploits Threaten Windows Platforms
Three new exploits have been released that target vulnerabilities in Windows Graphics Rendering Engine (GRE) and Microsoft Distributed Transaction Coordinator (MS DTC). Two of the exploits target GRE and one targets MSDTC. The vulnerabilities are considered by Microsoft to be critical and could allow remote intruders to take complete control of affected systems.
On November 8, Microsoft released Security Bulletin MS05-053-- Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424)--and a patch to correct the problem (first URL below). On October 11, Microsoft released Security Bulletin MS05-051-- Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution
(902400) (second URL below). Systems with the corresponding patches installed are protected against the current attacks.
http://list.windowsitpro.com/t?ctl=1ADA7:28C14
http://list.windowsitpro.com/t?ctl=1ADA8:28C14
Security Alert, November 30, 2005
Cisco Security Agents Could Allow Privilege Escalation
A vulnerability in Cisco Security Agent (CSA) could lead to privilege escalation in which an intruder could gain access to full System-level privileges on a Windows workstation or server. Affected platforms are Cisco CSA 4.5.0 and 4.5.1 when running on Windows NT 4.0, Windows 2000, Windows XP, or Windows Server 2003.
Cisco released the security advisory "Cisco Security Agent Vulnerable to Privilege Escalation" (Advisory ID: cisco-sa-20051129-
csa) and patches to correct the problem.
http://list.windowsitpro.com/t?ctl=1ACC5:28C14
Security Alert, November 22, 2005
IE Vulnerable to Remote Command Execution
Microsoft Internet Explorer (IE) is vulnerable to a memory corruption error when processing malformed HTML pages containing specially crafted calls to JavaScript "window()" objects and "onload"
events. The vulnerability could allow remote intruders to execute arbitrary commands in the security context of the currently logged-on user. Microsoft said that the vulnerability affects IE 5.x and 6.0 running on Windows Server 2003 Service Pack 1 (SP1), Windows XP SP2, Windows 2000 Server SP4, Windows Me, and Windows 98. For more information, read Microsoft Security Advisory 911302, "Vulnerability in the way Internet Explorer Handles onLoad Events Could Allow Remote Code Execution," at the URL below
http://list.windowsitpro.com/t?ctl=1A34A:28C14
Security Alert, November 18, 2005
Windows XP SP1 and Windows 2000 SP4 Vulnerable to DoS Attack
A new exploit might take advantage of problems in RPC on Windows XP Service Pack 1 (SP1) and Windows 2000 SP4 systems. A successful attack might lead to a Denial of Service (DoS) condition. The vulnerability can be exploited by sending specially crafted Universal Plug and Play (UPnP) requests. A memory allocation error occurs when such requests are processed by remote procedure calls (RPCs). Microsoft Security Advisory (911052), "Memory Allocation Denial of Service Via RPC," published November 16, says that the company is aware of the potential for exploitation and includes information about possible workarounds and defensive measures. Microsoft also said that it's investigating the problem and might eventually release a security update. Microsoft said that systems using XP SP2 and Windows Server 2003 aren't affected by this vulnerability. You can read further details in the advisory at the URL below. http://list.windowsitpro.com/t?ctl=19F29:28C14
Security Alert, November 16, 2005
ISAKMP Vulnerable to DoS and Execution of Arbitrary Code
Internet Security Association and Key Management Protocol (ISAKMP) contains a vulnerability that might lead to Denial of Service (DoS) attacks or the execution of arbitrary code. The vulnerability can be exploited by sending malformed Internet Key Exchange (IKE) packets. IKE is commonly used in IPsec solutions. Affected products include
software- and hardware-based solutions produced by Juniper Networks, Cisco Systems, SecGo Solutions, Stonesoft, Nortel, Sun Microsystems, and possibly other vendors. Microsoft reported that none if its products are vulnerable to this problem. If your network uses IKE or IPsec, check with your vendor to determine your vulnerability status.
Security Alert, November 16, 2005
RealOne Player and RealPlayer Might Run Arbitrary Code
A vulnerability in RealOne Player and RealPlayer can allow a remote intruder to run arbitrary code in the context of the currently logged on user. The vulnerability is due to incorrect parsing of images that are part of skins designed for the multimedia players. Critical vulnerabilities were also discovered in RealPlayer Enterprise.
RealNetworks released patches and updates to correct all the reported problems. You can download these at the URL below:
http://list.windowsitpro.com/t?ctl=19AF1:28C14
Security Alert, November 8, 2005
Macromedia Flash Subject to Arbitrary Code Execution
A vulnerability in Macromedia Flash Player can allow a remote intruder to run arbitrary code in the context of the currently logged- on user. The vulnerability affects Flash Player 7.0.19.0 and earlier versions. For more details about the vulnerability, go to the first URL below. Macromedia has released an updated version of Flash Player that corrects this problem. To obtain the update and get Macromedia's perspective on this vulnerability, go to the second URL below.
http://list.windowsitpro.com/t?ctl=18C59:28C14
http://list.windowsitpro.com/t?ctl=18C57:28C14
Security Alert, November 4, 2005
OpenVPN Subject to DoS and Remote Code Execution Attacks
OpenVPN, a popular SSL VPN solution, contains vulnerabilities that might allow an intruder to launch Denial of Service attacks or execute arbitrary commands on an affected remote system. The problems affect OpenVPN 2.0.3 and previous versions. OpenVPN Solutions released OpenVPN
2.0.5 on November 2, which corrects these problems as well as other non-security-related issues.
Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list!
This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=18883:28C14
Security Alert, November 2, 2005
IE Subject to DoS Attack
Microsoft Internet Explorer (IE) is subject to Denial of Service
(DoS) attacks when the browser encounters malformed HTML markup tags along with certain Cascading Style Sheet (CSS) alignment parameters.
The problem, reported today, is known to affect IE on Windows NT, Windows 2000, Windows XP, and Windows Server 2003 with the most recent service packs. At the time of this writing, no patch or workaround is available for the problem.
Thank you for subscribing to Security UPDATE. Please tell your friends about this newsletter and alert list!
This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=183D5:28C14
Security Alert, October 18, 2005
Firefox Vulnerable to Denial of Service Attacks
The Mozilla Firefox Web browser is vulnerable to Denial of Service
(DoS) attacks, which can occur because of malformed HTML tags or specific coding of IFRAME tags. The first DoS condition occurs when a "link" tag for a stylesheet contains an undefined path. The second DoS condition, which affects both Firefox and Thunderbird, occurs when "strong" tags and "sourcetext" tags are mismatched. The third DoS condition occurs when an IFRAME tag contains an excessively large width parameter.
The problems affect Firefox 1.0.7 and earlier versions and possibly Mozilla and Netscape because both of those browsers share some of the same source code as Firefox. Mozilla Foundation reported that the IFRAME vulnerability is fixed in Firefox 1.5 Beta 2 (at the URL below); the status of fixes for the other vulnerabilities is unknown. The status of a fix for Thunderbird is also unknown at this time.
http://list.windowsitpro.com/t?ctl=16C18:28C14
Security Alert, October 11, 2005
Symantec Antivirus Scan Engine Might Run Arbitrary Code
iDEFENSE reported a vulnerability in Symantec Antivirus Scan Engine.
The engine lets third-party applications interface with Symantec's content-scanning technologies. The vulnerability exists in the Web- based administrative interface, which doesn't properly validate input provided through HTTP requests. If an intruder gains access to the administrative interface's TCP port (8004), he or she might be able to launch arbitrary code and gain privileged access to the system.
The problem affects Symantec Antivirus Scan Engine 4.0 for:
Microsoft ISA Server 2000, NetApp Filer, NetApp NetCache, Bluecoat, and Clearswift. The problem also affects Symantec Antivirus Scan Engine 4.3
for: Microsoft ISA Server 2000, Microsoft SharePoint, Messaging, Network Attached Storage, Caching, and Bluecoat. Symantec said that Symantec Antivirus Scan Engine 4.1 isn't affected.
Symantec has released an update to correct the problem. The update is available through the company's Platinum Support Site or its FileConnect Web site. The company also recommends that administrators not expose the administrative port to external networks, such as the Internet. Alternatively, you can disable the interface by setting the administrative interface port number to zero. If the interface must remain enabled, then access to that port should be restricted in some way, such as using a secure network segment. You can also control access to the port via firewall rules.
http://list.windowsitpro.com/t?ctl=160D2:28C14
http://list.windowsitpro.com/t?ctl=160D0:28C14
Security Alert, October 5, 2005
SquirrelMail Address Add Plug-In Vulnerable to Cross-Site Scripting
SquirrelMail is a popular cross-platform Web-based email interface.
A plug-in for SquirrelMail, Address Add, is vulnerable to cross-site scripting attacks. A successful attack might allow an intruder to obtain a person's cookie and session information.
The plug-in's developer, Jimmy Conner, has released Address Add 2.1, which corrects this problem. Administrators who use the plug-in should upgrade to this version. If an upgrade isn't possible, ensure that users have Javascript disabled in their browsers or that the Address Add plug-in is disabled.
http://list.windowsitpro.com/t?ctl=155B4:28C14
Security Alert, October 4, 2005
ZoneAlarm Firewall Can Be Bypassed Using DDE-IPC
Zone Labs' ZoneAlarm firewall can be bypassed by using Dynamic Data Exchange (DDE) and interprocess communications (IPC). A malicious program could gain access beyond the firewall through IPC-DDE and a trusted program that's allowed access through the firewall.
Zone Labs reports that only free versions of ZoneAlarm firewall are affected because they lack Advanced Program Control, which is found in ZoneAlarm Pro, ZoneAlarm AntiVirus, ZoneAlarm Wireless Security, and ZoneAlarm Security Suite. People should ensure that Advanced Program Control is enabled in those products to defend against these types of attacks. ZoneAlarm users, including users of the free version, should also ensure that they have the latest version of the products installed.
http://list.windowsitpro.com/t?ctl=15346:28C14
Security Alert, September 21, 2005
Cross-Site Scripting Flaw in Opera Mail Client
Two flaws exist in the mail client component of the Opera Web browser that could be combined to launch an attack on an affected system. The first flaw is that email message file attachments are opened without warning the user of any possible dangers. The second flaw is that file attachment names can be spoofed, which lets intruders attach HTML content but make the content appear to be something else, such as an image file. By combing the two flaws, intruders could inject JavaScript code that could expose local content on an affected system.
Opera Software released an updated version, Opera 8.50, which corrects these problems. The updated version also corrects vulnerabilities with drag-and-drop functionality, cookie handling, and caching of Web pages delivered via Secure Sockets Layer (SSL) connections.
http://list.windowsitpro.com/t?ctl=1423E:28C14
Security Alert, September 21, 2005
Unchecked Buffers in VERITAS Storage Exec
Buffer overflow vulnerabilities were discovered in multiple DCOM server components that are part of VERITAS Storage Exec and StorageCentral. The components could be exploited through calls to associated ActiveX controls if a user launched malicious HTML code.
Such code could arrive via email or be stored in a file or on a Web server. A successful exploit might lead to a system crash or allow access to the local system. Symantec released hotfixes for Storage Exec and StorageCentral to correct the problems.
http://list.windowsitpro.com/t?ctl=1434D:28C14
Security Alert, August 25, 2005
Flaw in IIS Might Expose Application Code
Inge Henriksen reported a flaw in Microsoft IIS that might lead to the exposure of application code that runs on the server. An attacker could enter a fully qualified URL at a Telnet client to connect to the Web server's listening port, and IIS might consider the connection as coming from the local host instead of a remote client. For complete details about this vulnerability read the article on our Web site.
http://list.windowsitpro.com/t?ctl=11DA6:28C14
New Worms Target Unpatched Plug and Play Service
At least seven new worms have been unleashed that affect Windows systems that don't have the MS05-039 patch installed. Microsoft released the patch last week to correct problems with the Plug and Play service. The vulnerability affects Windows 2000, Windows XP, and Windows Server 2003.
The worm variants, called Zotob and RBOT, currently exploit Windows 2000 platforms and infiltrate systems to install a backdoor, an FTP server, and connect to an IRC server where infected systems can then be detected and remote controlled. The worms also modify the system's HOST file to block access to numerous security vendor Web sites, such as those that produce antivirus software. The worm also tries to block access to sites that belong to Microsoft (including the Windows Update site), as well as Amazon, eBay, Paypal, and Moneybookers.
The Plug and Play vulnerability doesn't affect Windows NT, Windows ME, or Windows 9x. However, because the worms' executables can run on those versions of Windows, the systems could be used to spread the worm if the executables somehow make it onto those platforms.
On August 11, Microsoft released an advisory about the new worms. On August 14 the company posted a Web page with Zotob information that helps people understand how to detect the worm on their systems. The company's Antivirus Encyclopedia details steps on how to remove the worms. For links to the Microsoft's information visit this article on our Web site.
http://list.windowsitpro.com/t?ctl=1122E:28C14
Security Alert, August 15, 2005
Denial of Service in Windows Kerberos, PKINIT, and RDP
Kerberos, PKINIT, and Remote Desktop Protocol on Windows are vulnerable to Denial of Service (DoS) attacks. The Kerberos subsystem contains flaws that could let an intruder cause a DoS attack. The flaw is due to the way domain controllers (DCs) process Kerberos messages.
The related PKINIT protocol contains a design flaw that could allow information disclosure and spoofing, which could let an intruder intercept communication between a client and server.
RDP contains a flaw that could allow an intruder to launch a DoS attack against an affected system. Such an attack might cause the server to stop responding and to automatically reboot.
Microsoft released Security Bulletin MS05-042, "Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing (899587)," and an associated patch to correct the problem with the Kerberos service.
Microsoft released Security Bulletin MS05-041, "Vulnerability in Remote Desktop Protocol Could Allow Denial of Service (899591)," and an associated patch to correct the problem with RDP.
http://list.windowsitpro.com/t?ctl=10C8D:28C14
Security Alert, August 12, 2005
Remote Code Execution Possible in Windows Print Spooler, Telephony Service, and Plug and Play Subsystem
The Windows Print Spooler contains an unchecked buffer that might allow a remote intruder to take complete control of an affected system.
A flaw in the way the Windows Telephony service processes data and performs validation could allow a remote intruder to take complete control of an affected system. And the Windows Plug and Play subsystem contains an unchecked buffer that might allow a remote intruder to take complete control of an affected system.
Microsoft released Security Bulletin MS05-043, "Vulnerability in Print Spooler Service Could Allow Remote Code Execution (896423)," and an associated patch to correct the problem with the Print Spooler service; Bulletin MS05-040, "Vulnerability in Telephony Service Could Allow Remote Code Execution (893756)," and an associated patch to correct the problem with Telephony service; and Security Bulletin MS05- 039, "Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588)", and an associated patch to correct the problem with the Plug and Play subsystem.
http://list.windowsitpro.com/t?ctl=10C22:28C14
Security Alert, August 11, 2005
Multiple Vulnerabilities in IE
Due to a flaw in the way Microsoft Internet Explorer (IE) processes JPEG images, an intruder could launch remote code that might allow him or her to take complete control of the system.
A cross-domain vulnerability with Web Folders could allow a remote intruder to perform a variety of actions, including creating new user accounts, installing programs, or manipulating system data, which might allow the intruder to take complete control of the system.
Because of the way IE tries to instantiate COM objects, memory corruption might occur, which could let an intruder take control of the system.
Microsoft released Security Bulletin MS05-038, "Cumulative Security Update for Internet Explorer (896727)," and a cumulative update for IE.
The update contains all patches released since Microsoft Security Bulletin MS04-004 (February 2, 2004).
http://list.windowsitpro.com/t?ctl=109AB:28C14
Security Alert, July 18, 2005
Remote Code Execution in JView Profiler
The JView Profiler contains a flaw that might allow a remote intruder to take control of an affected system. Microsoft released a security bulletin, "Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)," and associated patch to correct the problem.
The patch sets a "kill bit" to prevent the object from being loaded via Microsoft Internet Explorer (IE)
http://list.windowsitpro.com/t?ctl=E9A5:28C14
Security Alert, July 15, 2005
Remote Code Execution in Microsoft Word
Lord Yup discovered that the font-parsing process in Word contains a flaw that could allow an intruder to take complete control of an affected system. Microsoft released a security bulletin, "Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)," and an associated patch to correct the problem.
http://list.windowsitpro.com/t?ctl=E895:28C14
Security Alert, July 15, 2005
Remote Code Execution in Microsoft Color Management Module
Shih-hao Weng discovered that the Microsoft Color Management Module contains a flaw in the way it processes International Color Code (ICC) profile format tags. The flaw could let an intruder take control of an affected system. Microsoft released the security bulletin "Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)" and an associated patch to correct the problem.
http://list.windowsitpro.com/t?ctl=E83D:28C14
Security Alert, June 21, 2005
Information Disclosure Vulnerability in Telnet Client
Gael Delalleau and iDEFENSE reported that Microsoft Telnet client contains an information disclosure vulnerability that could let an intruder read session variables of users connected to a Telnet server.
Microsoft released a security bulletin, Vulnerability in Telnet Client Could Allow Information Disclosure (896428), and an associated patch to correct the problem.
http://list.windowsitpro.com/t?ctl=CA5F:28C14
Security Alert, June 16, 2005
Two Problems in ISA Server 2000
Steve Orrin of Watchfire and Han Valk reported two problems in Microsoft ISA Server 2000 Service Pack 2 (SP2). ISA Server doesn't properly process malformed HTTP requests, which could let an intruder poison the cache, bypass content restrictions, access unauthorized content, or redirect other ISA Server users to various content.
Also, the process used by ISA Server to validate NetBIOS contains a vulnerability that could allow an intruder to gain access with elevated privileges and to connect to services using the NetBIOS protocol.
Microsoft released a security bulletin, Cumulative Security Update for ISA Server 2000 (899753), and an associated patch to correct these problems.
http://list.windowsitpro.com/t?ctl=C49B:28C14
Security Alert, May 17, 2005
Web View Might Allow Remote Code Execution
An intruder could cause the remote execution of code by creating a malicious file that contains certain HTML characters. A successful exploit could allow an intruder to take complete control over an affected system. The problem exists because of the way Windows Explorer processes HTML characters in certain document fields. Microsoft released the security bulletin MS05-024 "Vulnerability in Web View Could Allow Remote Code Execution (894320)" and an associated patch. In lieu of the patch, workarounds can be used to limit risk. Users can disable Web View on a per-system basis or across an enterprise by using Group Policy and can block access to ports 139 and 445.
http://list.windowsitpro.com/t?ctl=A08D:28C14
Security Alert, May 13, 2005
Mozilla Browsers Could Allow Execution of Arbitrary Code
The Mozilla Suite and Firefox browsers might allow the execution of arbitrary code if JavaScript is enabled in the browser. An attacker could inject JavaScript into a Web site by causing the browser to navigate to a previous JavaScript URL. Or, an attacker could use the browser's installation confirmation dialog to execute code by using a JavaScript URL as a package icon. Mozilla Foundation is aware of the problems and has made changes to its Mozilla Update Web service to help mitigate risks. The Foundation said it's "aggressively working to provide a more comprehensive solution to these potential vulnerabilities and will provide that solution in a forthcoming security update. Users can further protect themselves today by temporarily disabling JavaScript."
http://list.windowsitpro.com/t?ctl=9D6C:28C14
Security Alert, April 1, 2005
Symantec Norton AntiVirus AutoProtect Subject to DoS Attack
The Norton AntiVirus AutoProtect feature (with or without
SmartScan enabled) could cause a system to crash when scanning files
with specific modifications. Symantec has released patches for the
affected products. You can obtain the patches via the products'
LiveUpdate feature
http://list.windowsitpro.com/t?ctl=696A:28C14
Security Alert, March 21, 2005
GDI Library Could Be Used to Cause DoS Attack
The graphics device interface (GDI) library lacks validity checking, and this oversight could allow a specially crafted Enhanced MetaFile
(EMF) to cause a Denial of Service (DoS) condition by crashing an affected application.
http://list.windowsitpro.com/t?ctl=59E6:28C14
Security Alert, March 11, 2005
Denial of Service Attack in Windows Server 2003 and Windows XP
Dejan Levaja discovered that a Denial of Service (DoS) condition can
be caused by sending a specially crafted packet to the system. After
the packet is received, the system will become unresponsive for several
seconds. Some testers report that a DoS condition exists for as much as
half a minute or more. Testers also report that the system reaches 100
percent CPU utilization during the DoS condition. The discoverer said
he contacted Microsoft on February 25, 2005, to report the condition.
No response from Microsoft was available at the time of this writing
and it's unknown whether other versions of Windows are affected by the
problem.
Security Alert, March 10, 2005
Multiple Vulnerabilities in CA License Package
eEye Digital Security discovered several vulnerabilities in Computer
Associates License Manager that could lead to arbitrary code execution.
Computer Associates released an advisory and a patch to correct the
problems.
http://list.windowsitpro.com/t?ctl=4C7A:28C14
Security Alert, February 16, 2005
DHTML Editing Component ActiveX Control Could Allow Remote Code Execution
A vulnerability exists in the Dynamic HTML (DHTML) Editing Component ActiveX control that could allow an intruder to discover private information or execute code on a user's system. A successful exploit could allow the intruder to take complete control of a user's system. Microsoft has released Security Bulletin MS05- 013, "Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)" and a patch to correct the problem.
http://list.windowsitpro.com/t?ctl=2402:28C14
Cumulative Security Update for IE
Microsoft has released a cumulative update for Microsoft Internet Explorer (IE). The update also includes new patches for vulnerabilities related to improper handling of drag-and-drop events, improper handling of URLs, improper handling of Dynamic HTML (DHTML) methods, and improper handling of content from across more than one domain. All of the problems could allow a remote intruder to take complete control of a user's system.
Microsoft has released Security Bulletin MS05-014, "Cumulative Security Update for Internet Explorer (867282)" which explains the update and its caveats in more detail.
http://list.windowsitpro.com/t?ctl=2401:28C14
Hyperlink Object Library Could Allow Remote Code Execution
An unchecked buffer exists in the Hyperlink Object Library which could allow an intruder to construct a hyperlink that, when clicked by a user, could allow the intruder to take complete control of a user's system. Microsoft has released Security Bulletin MS05- 015, "Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)" and an associated patch.
http://list.windowsitpro.com/t?ctl=2400:28C14
ASP.NET Path Validation Vulnerability
A vulnerability exists in ASP.NET that could allow an attacker to gain unauthorized access to an ASP.NET-based Web site. Microsoft has released Security Bulletin MS05-004, "ASP.NET Path Validation Vulnerability (887219)" and a patch to correct the problem.
http://list.windowsitpro.com/t?ctl=23FF:28C14
Security Alert, January 24, 2005
Cisco IOS Vulnerable to Denial of Service
Cisco devices running Internetwork Operating System (IOS) that have been configured for Telephony Service, CallManager Express (CME), or Survivable Remote Site Telephony (SRST) contain a vulnerability that might cause the device to reload. Therefore, the vulnerability could be used for Denial of Service (DoS) attacks. Cisco has released an advisory that contains specific IOS upgrade information.
http://list.windowsitpro.com/t?ctl=F4:28C14
Security Alert, January 10, 2005
Multiple Vulnerabilities in IBM DB2
NGSSoftware discovered multiple vulnerabilities in IBM DB2. The vulnerabilities include numerous buffer overflows, the ability to read and write files on a remote system, Denial of Service (DoS) attacks, and weak permissions on shared memory. IBM has issued patches to correct these problems. You can obtain the patches by downloading the latest "FixPak" for DB2 8.1 or DB2 7.x. For complete details read the article on our Web site.
http://www.windowsitpro.com/article/articleid/45056
Security Alert, June 17, 2005
Microsoft Agent Could Allow Spoofing
Michael Krax reported that Microsoft Agent contains a vulnerability that could allow an intruder to spoof content so that false content appears to be trusted content. Microsoft released a security bulletin, Vulnerability in Microsoft Agent Could Allow Spoofing (890046), and an associated patch to correct the problem.
http://list.windowsitpro.com/t?ctl=C667:28C14
Security Alert, April 28, 2005
Two Vulnerabilities in Citrix Program Neighborhood Agent
The Citrix Program Neighborhood Agent contains an unchecked buffer that could allow an intruder to run arbitrary code on an affected system. The code would run in the same security context as the user who is currently logged on to the system. The problem exists due to the way the agent software builds the filenames of associated icons. A second vulnerability could allow an intruder to create arbitrary shortcuts in a user's startup folder. Citrix Systems released updated versions of its client packages along with an article, "Vulnerabilities in Program Neighborhood Agent could allow arbitrary code execution," that describes the problem.
http://list.windowsitpro.com/t?ctl=8C08:28C14
Security Alert, April 12, 2005
Outlook and OWA Subject to From Field Spoofing
iDEFENSE reported that due to the way Microsoft Office Outlook and Outlook Web Access (OWA) parse From header fields, it's possible to change the field so that the email message appears to come from a different address. iDEFENSE reports that Microsoft said it might implement a fix in a future service pack but that a security bulletin won't be released for this issue.
http://list.windowsitpro.com/t?ctl=7392:28C14
Security Alert, February 3, 2005
Cisco IP/VC Devices Have Known Default SNMP Community Strings
Cisco reported that some of its IP/VC devices contain hard-coded SNMP community strings, which could be used to gain access to the products' SNMP management and monitoring interface. Cisco has released an advisory that states that no patch is available for the problem. The company suggests that administrators disable SNMP on affected devices. In cases for which that's not possible, administrators should block SNMP traffic to and from the affected devices. More details and suggestions are available in the advisory.
http://list.windowsitpro.com/t?ctl=F04:28C14
