BugTraq for NT Systems

Memet Anwar | 1 Sep 2003 06:23

hfnetFU is gone, now it is MbsaFU

Hi list,

In order to honor the _kind_ request from Mark <at> Shavlik.com, I've change
hfnetFU name to MbsaFU. The mirror at NTBugtraq.com had also been removed
accordingly by Russ.

Interested people can nowget the tool in .zip format from
http://sourceforge.net/projects/mbsafu/; source code included.

Further announcement regarding this tool will go to the sourceforge.net page
instead of this list.

Regards,

Memet Anwar
(not speaking for aig-lippo.com)

DISCLAIMER: The information in this email (and any attachments hereto) is
confidential and may be protected by legal privileges and work product
immunities. If you are not the intended recipient, you must not use or
disseminate the information. Receipt by anyone other than the intended
recipient is not a waiver of any attorney-client or work product privilege.
If you have received this email in error, please immediately notify me by
"Reply" command and permanently delete the original and any copies or
printouts thereof. Although this email and any attachments are believed to
be free of any virus or other defect that might affect any computer system
into which it is received and opened, it is the responsibility of the
recipient to ensure that it is virus free and no responsibility is accepted
by AIG LIPPO and American International Group, Inc. or its subsidiaries or
affiliates either jointly or severally, for any loss or damage arising in

(Continue reading)

Paul Robertson | 2 Sep 2003 16:03

Re: AV/Spam Alert response messages

On Fri, 22 Aug 2003, Nick FitzGerald wrote:

> I know that word scares the beejezus out of most of them, but it's time
> for AV vendors of Email and other gateway scanning products to simply
> _remove_ "send warning to sender" options from their products.  We have

I can see where attachment blocking information is sometimes important,
and as AV gateways move to be content gateways, simple removal won't
always work (though I can't for the life of me figure out why anyone would
want their product to prove it knows the virus, knows it spoofs, and still
send a warning to the sender.)

The simplest solution is to switch from notifying based on return_path to
notifying based on forward_path.  The recipient would know they didn't get
an intended attachment, and admins would be given more oppertunities to
disable the "feature" due to local management pressure.  So, rather than
harming a 3rd party with local policy restriction notification, it'd be
all first-party.  Heck, they could even sell the feature as notifying
local management of their AV gateway's protective features!

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts <at> patriot.net      which may have no basis whatsoever in fact."
probertson <at> trusecure.com Director of Risk Assessment TruSecure Corporation

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough

(Continue reading)

Michael D. Barwise, BSc, IEng, MIIE, MBCS | 2 Sep 2003 19:50

Re: AV/Spam Alert response messages

Date sent:              Tue, 2 Sep 2003 10:03:04 -0400
Subject:                Re: AV/Spam Alert response messages
> On Fri, 22 Aug 2003, Nick FitzGerald wrote:
>
> > I know that word scares the beejezus out of most of them, but it's time
> > for AV vendors of Email and other gateway scanning products to simply
> > _remove_ "send warning to sender" options from their products.

Half the gateway notifications I recieved about Sobig.f included the
entire worm as an attachment. As these notifications are sent to an
arbitrary recipient via the spoofed From: field in the malicious
message, it would seem that the gateway scanners have contributed to
the spread of the beast. Anyone else notice this?

Michael D. Barwise, BSc, IEng, MIIE, MBCS
Computer Security Awareness
tel +44 (0)1442 266534
http://www.ComputerSecurityAwareness.com

Addressing the Human Equation in Information Security

-----------------------------------------------------
For your greater security, we send e-mail attachments
as separate messages. Please check your mailbox.
-----------------------------------------------------

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Whatever Happened to Octopus?

LEGATO RepliStor, formerly known as Octopus, delivers breakthrough

(Continue reading)

Russ | 3 Sep 2003 19:20

Picon

Alert: Microsoft Security Bulletin - MS03-036

http://www.microsoft.com/technet/security/bulletin/MS03-036.asp

Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers who are using Microsoft® Office, Microsoft FrontPage®,
Microsoft Publisher, or Microsoft Works Suite

Impact of vulnerability: Run code of attacker's choice

Maximum Severity Rating:  Important

Recommendation: Customers who use any of the affected products that are listed below should apply the
security patch at their earliest opportunity

End User Bulletin:
An end user version of this bulletin is available at: 

http://www.microsoft.com/security/security_bulletins/ms03-036.asp. 

Affected Software: 
- Microsoft Office 97 
- Microsoft Office 2000
- Microsoft Office XP 
- Microsoft Word 98 (J)
- Microsoft FrontPage 2000
- Microsoft FrontPage 2002

(Continue reading)

Russ | 3 Sep 2003 19:20

Picon

Alert: Microsoft Security Bulletin - MS03-035

http://www.microsoft.com/technet/security/bulletin/MS03-035.asp

Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers who are using Microsoft® Word

Impact of vulnerability: Run macros without warning

Maximum Severity Rating: Important

Recommendation: Customers who are using affected versions of Microsoft Word should apply the security
patch immediately.

End User Bulletin:
An end user version of this bulletin is available at: 

http://www.microsoft.com/security/security_bulletins/ms03-035.asp. 

Affected Software: 
- Microsoft Word 97</li> 
- Microsoft Word 98 (J)</li> 
- Microsoft Word 2000</li> 
- Microsoft Word 2002</li> 
- Microsoft Works Suite 2001</li>
- Microsoft Works Suite 2002</li>
- Microsoft Works Suite 2003</li>

(Continue reading)

Russ | 3 Sep 2003 19:20

Picon

Alert: Microsoft Security Bulletin - MS03-034

http://www.microsoft.com/technet/security/bulletin/MS03-034.asp

Flaw in NetBIOS Could Lead to Information Disclosure (824105)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers using Microsoft® Windows®

Impact of vulnerability: Information disclosure

Maximum Severity Rating: Low

Recommendation: Users should evaluate whether to apply the security patch to affected systems.

End User Bulletin:
An end user version of this bulletin is available at: 

http://www.microsoft.com/security/security_bulletins/ms03-034.asp. 

Affected Software: 
- Microsoft Windows NT 4.0® Server
- Microsoft Windows NT 4.0, Terminal Server Edition
- Microsoft Windows 2000
- Microsoft Windows XP 
- Microsoft Windows Server(tm) 2003
Not Affected Software:
- Microsoft Windows Millennium EditionAn End User version of the bulletin is available at:
http://www.microsoft.com/security/security_bulletins/ms03-034.asp.

(Continue reading)

Russ | 3 Sep 2003 19:20

Picon

Alert: Microsoft Security Bulletin - MS03-038

http://www.microsoft.com/technet/security/bulletin/MS03-038.asp

Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104)

Originally posted:  September 3, 2003

Summary

Who should read this bulletin: Customers who use Microsoft® Access or who use the downloadable Microsoft
Access Snapshot Viewer

Impact of vulnerability: Allow an attacker to execute code of their choice

Maximum Severity Rating: Moderate

Recommendation: Customers who use Microsoft Access or who use the downloadable Microsoft Access
Snapshot Viewer should install the security patch at their earliest opportunity.

End User Bulletin:
An end user version of this bulletin is available at: 

http://www.microsoft.com/security/security_bulletins/ms03-038.asp. 

Affected Software: 
- Microsoft Access 97
- Microsoft Access 2000
- Microsoft Access 2002

Technical description:

(Continue reading)

Russ | 3 Sep 2003 19:20

Picon

Alert: Microsoft Security Bulletin - MS03-037

http://www.microsoft.com/technet/security/bulletin/MS03-037.asp

Flaw in Visual Basic for Applications Could Allow Arbitrary Code execution (822715)

Originally posted: September 03, 2003

Summary

Who should read this bulletin: Customers using Microsoft ® Office applications or applications that use
Microsoft Visual Basic® for Applications.

Impact of vulnerability: Allow attacker to execute arbitrary code.

Maximum Severity Rating: Critical

Recommendation: Customers using Microsoft ® Office applications or Microsoft Visual Basic for
Applications should apply the patch at the earliest available opportunity.

End User Bulletin:
An end user version of this bulletin is available at: 

http://www.microsoft.com/security/security_bulletins/ms03-037.asp. 

Affected Software: 
- Microsoft Visual Basic for Applications SDK 5.0
- Microsoft Visual Basic for Applications SDK 6.0
- Microsoft Visual Basic for Applications SDK 6.2
- Microsoft Visual Basic for Applications SDK 6.3Products which Include the Affected Software: 
- Microsoft Access 97
- Microsoft Access 2000

(Continue reading)

Knight, Jim | 3 Sep 2003 20:40

Re: Patching MS03-026 on Windows XP SP1

This may have been posted here before but I wanted to make sure since
the MS03-026 patch has been updated about 4-6 times since it original
release.  And yes SUS/Windows Update has posted NEW versions of this
file.

We have encountered a problem on some of our Windows XP clients.  The
MS03-026 is not being installed correctly, the log file shows multiple
errors and the uninstall is not being added to Add/Remove programs,
although the registry key shows the patch as installed.  I have opened
up a ticket with MS and am awaiting a reply.  This install has been done
several ways (SUS, Scripted and Manual Install) with the same results.

I checked the file versions and they are correct based on the KB article
shown:

Date         Time   Version            Size    File name
   -------------------------------------------------------------------
   05-Jul-2003  19:14  5.1.2600.115    1,092,096  Ole32.dll    pre-SP1
   05-Jul-2003  19:14  5.1.2600.109      439,296  Rpcrt4.dll   pre-SP1
   05-Jul-2003  19:14  5.1.2600.115      203,264  Rpcss.dll    pre-SP1
   05-Jul-2003  19:12  5.1.2600.1243   1,120,256  Ole32.dll    with SP1
   05-Jul-2003  19:12  5.1.2600.1230     504,320  Rpcrt4.dll   with SP1
   05-Jul-2003  19:12  5.1.2600.1243     202,752  Rpcss.dll    with SP1

However the patch is still not showing up in Add/Remove (it used to show
up and should show up there).  As well I noticed that the following
directories LastKnownGood and LastKnownGood\DLLCache still have old
versions of the file in them (even after a reboot)  this scares me
because if someone does a LastKnownGood Recovery the patched files are
effectively overwritten.  Also there are no copies of these files in

(Continue reading)

Marc Maiffret | 3 Sep 2003 21:21

EEYE: Microsoft WordPerfect Document Converter Buffer Overflow

Microsoft WordPerfect Document Converter Buffer Overflow

Release Date:
September 3, 2003

Reported Date:
May 6, 2003

Severity:
Medium (Code Execution with User Interaction)

Systems Affected:
Microsoft Office 97, 2000, XP
Microsoft Word 98 (J)
Microsoft FrontPage 2000, 2002
Microsoft Publisher 2000, 2002
Microsoft Works Suite 2001, 2002, 2003

Description:

The Microsoft Word "WordPerfect" document converter included in Microsoft
Word has a buffer overflow bug. If the WordPerfect document converter is
installed (by default it is in Office 2000) and a malicious .doc file is
opened, there exists the ability for an attacker to execute arbitrary code.

This buffer overflow bug can also happen within Internet Explorer, because
Microsoft Word is executed automatically as a helper-application when a .doc
file is received.

This buffer overflow overwrites the return address in the stack area. We

(Continue reading)

Group

gmane.comp.security.ntbugtraq.

Advertisement

Project Web Page

BugTraq for NT Systems

Search Archive

Page

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 15

Articles in period: 149

September 2003

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Update: [TZO-15-2009] Aladdin eSafe generic bypass - Forced release (7 May 2009)
Addendum: [TZO-17-2009]Trendmicro multiple bypass/evasions (29 Apr 2009)
[TZO-17-2009]Trendmicro multiple bypass/evasions (29 Apr 2009)
[TZO-16-2009] Nod32 CAB bypass/evasion (29 Apr 2009)
[TZO-15-2009] Aladdin eSafe generic bypass - Forced release (27 Apr 2009)
[TZO-13-2009] Avira Antivir generic CAB evasion / bypass (27 Apr 2009)
[TZO-12-2009] SUN / Oracle JVM Remote code execution (22 Apr 2009)
Addendum :[TZO-09-2009] Avast bypass / evasion (Limited details) (20 Apr 2009)
[TZO-11-2009] Fortinet bypass / evasion (Limited details) (17 Apr 2009)
[TZO-09-2009] NOD32 (Eset) bypass / evasion (Limited details) (17 Apr 2009)
[TZO-08-2009] Bitdefender generic bypass/evasion (17 Apr 2009)
[TZO-09-2009] Avast bypass / evasion (Limited details) (17 Apr 2009)
[TZO-07-2009] F-PROT ZIP Method evasion (2 Apr 2009)
[TZO-06-2009] IBM Proventia - Generic bypass (Limited disclosure - see (2 Apr 2009)
[TZO-05-2009] Clamav 0.94 and below - Evasion /bypass (2 Apr 2009)
ACROS Security: HTML Injection in BEA (Oracle) WebLogic Server Console (27 Jan 2009)
[TZO-2009-2] Avira Antivir - Priviledge escalation (15 Jan 2009)
Errata: [TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Poi (15 Jan 2009)
[TZO-2009-1] Avira Antivir - RAR - Division by Zero & Null Pointer Der (14 Jan 2009)
Critical Vulnerability in SNMPc (30 Apr 2008)
ACROS Security: HTML Injection in BEA WebLogic Server Console (ASPR #2 (11 Mar 2008)

Archives

1	May 2009
14	April 2009
4	January 2009
1	April 2008
2	March 2008
2	September 2007
1	August 2007
1	May 2007
1	March 2007
1	December 2006
7	October 2006
4	September 2006
2	August 2006
3	July 2006
2	June 2006
23	May 2006
4	April 2006
4	March 2006
15	February 2006
20	January 2006
15	December 2005
8	November 2005
16	October 2005
1	September 2005
18	August 2005
10	July 2005
30	June 2005
26	May 2005
61	April 2005
26	March 2005
71	February 2005
88	January 2005
74	December 2004
32	November 2004
138	October 2004
105	September 2004
125	August 2004
76	July 2004
102	June 2004
43	May 2004
46	April 2004
56	March 2004
42	February 2004
84	January 2004
84	December 2003
95	November 2003
170	October 2003
135	September 2003
125	August 2003
74	July 2003
58	June 2003
71	May 2003
46	April 2003
64	March 2003
79	February 2003
62	January 2003
38	December 2002
28	November 2002
59	October 2002
34	September 2002
68	August 2002
12	July 2002
1	May 2002
1	April 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template